Help Removing Worm:MSIL/Necast.D

[KBtoy22]

Hello,

 

New to the forum and goona need some help with the experts here 

 

My computer flagged me recently (by Windows Action Center) to remove this worm in my laptop... Tried to scan it NIS 2013 and Malwarebytes PRO and both didn't find/remove anything... I ran combofix, adwcleaner, Roguekiller and Junk Removal Tool and still the warning shows up (after every other scan and reboot)

 

Posting here the log from combofix, adwcleaner, RogueKiller for reference... Any help would be appreciated!

 

PS - Computer is a Sony VAIO w/ Windows 7 Ultimate 64bit...

 

ComboFix 13-12-13.01 - Jojo 12/13/2013  10:04:35.1.2 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6111.3800 [GMT -5:00]

Running from: c:\users\Jojo\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

.

.

(((((((((((((((((((((((((   Files Created from 2013-11-13 to 2013-12-13  )))))))))))))))))))))))))))))))

.

.

2013-12-13 15:12 . 2013-12-13 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-13 13:39 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-12-13 13:39 . 2013-12-13 13:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-12-13 12:25 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-12-13 12:25 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-13 12:25 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2013-12-13 12:25 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL

2013-12-13 12:25 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll

2013-12-13 04:08 . 2013-12-13 04:10 -------- d-----w- c:\windows\system32\drivers\NISx64\1501000.012

2013-12-13 02:28 . 2013-12-13 02:28 -------- d-----w- c:\users\Jojo\AppData\Roaming\Garmin

2013-12-13 02:26 . 2013-12-13 02:26 -------- d-----w- c:\users\Jojo\AppData\Local\Garmin

2013-12-13 02:25 . 2013-12-13 02:25 -------- d-----w- c:\windows\SysWow64\Garmin

2013-12-13 02:25 . 2013-12-13 02:25 -------- d-----w- c:\programdata\Garmin

2013-12-13 02:25 . 2013-12-13 02:25 -------- d-----w- c:\program files (x86)\Garmin

2013-12-13 02:25 . 2013-12-13 02:25 -------- d-----w- c:\programdata\Package Cache

2013-12-02 02:36 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-12-02 02:32 . 2013-12-02 02:32 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-12-02 02:32 . 2013-12-02 02:32 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-12-02 00:34 . 2013-12-02 00:34 -------- d-----w- c:\program files (x86)\GUM9424.tmp

2013-12-02 00:34 . 2013-12-02 00:34 50053120 ----a-w- c:\program files (x86)\GUT9425.tmp

2013-12-02 00:29 . 2013-12-02 00:29 -------- d-----w- c:\program files\Google

2013-12-02 00:29 . 2013-12-13 04:01 -------- d-----w- c:\users\Jojo\AppData\Local\Google

2013-12-02 00:29 . 2013-12-02 00:30 -------- d-----w- c:\program files (x86)\Google

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-13 04:09 . 2012-05-01 01:59 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2013-12-13 02:57 . 2012-05-04 02:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-13 02:57 . 2012-05-04 02:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-17 18:17 . 2012-05-02 02:07 82896128 ----a-w- c:\windows\system32\MRT.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AML"="c:\program files (x86)\Sony\VAIO Launcher\AML.exe" [2008-09-09 1097728]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]

"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-11-06 01:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]

R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Sony\VAIO Media plus\SOHCImp.exe;c:\program files (x86)\Sony\VAIO Media plus\SOHCImp.exe [x]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Sony\VAIO Media plus\SOHDms.exe;c:\program files (x86)\Sony\VAIO Media plus\SOHDms.exe [x]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Sony\VAIO Media plus\SOHDs.exe;c:\program files (x86)\Sony\VAIO Media plus\SOHDs.exe [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 Synth3dVsc;Synth3dVsc; [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub; [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]

R3 VGPU;VGPU; [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]

S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131212.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131212.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]

S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]

S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]

S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe;c:\windows\RtkAudioService.exe [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ERASERUTILREBOOTDRV

*Deregistered* - EraserUtilDrv11312

*Deregistered* - EraserUtilRebootDrv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-13 01:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 02:57]

.

2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02 00:28]

.

2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02 00:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-07-18 152576]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-03 7938080]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-03 1833504]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.14.21.1

FF - ProfilePath - c:\users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\0qjpdr4k.default\

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""

"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"

"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]

@Denied: (C D) (Everyone)

"ccSvcHst_UserSession2_3624"="{FC71DDDD-D874-4C2D-8761-FD8EF264D434}"

"ccSvcHst_UserSession2_3520"="{BE97BA07-4FB7-46DF-B9AE-BEF2E4C7D8F9}"

"ccSvcHst_UserSession_3180"="{7AB67CB6-83E6-4C68-AA48-26FC2B9FB14A}"

"ccSvcHst_UserSession_2820"="{14F15A75-3786-47EE-84D1-2EC51F726D88}"

"ccSvcHst_UserSession_4008"="{C5A9527D-3D05-4A01-9D13-17E5DC15A598}"

"ccSvcHst_NIS"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"ccGenericEvent_Global_EM"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"ccGenericEvent_Global_LM"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"ccGenericLog_Manager"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"SymRedirSvcRequestChannel"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"SNDServiceRequestChannel"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"SNDLocationChannel"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"NortonNetServiceIPC"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"NetMapServiceIPC"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"g_coVistaProxyChannel"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"ipcChannel_ShastaServer"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"ncw_performance_IPC"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"_NCWSvcComm_NortonCommunityWatchConfiguration"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"_ProcessDetection_"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"_isDataPrComm_"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"_AvProdSvcComm_"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"AVModule_ExclusionManager_{C6198C0B-693E-4CE5-BDED-C1C7ABE5E22C}"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"isError_Service_IPC"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"BashIPCChannel"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"_IDataStoreMgr_"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"_ISPOCClient_"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"CommListener"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"_IEventServiceMgr_"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"MClientTask.{15F2F1FF-F37B-4673-BCAA-FEB6EB7FB72A}"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"{FEC3E60C-6AB6-4C7F-B7BA-22794EE4EF0F}"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"_HSPlayerCommand_"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"IPS_COMMAND_CHANNEL"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"FWAlert"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"{A1B48937-0778-4e7c-885B-271F65B485D2}"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"{D9D79767-CD29-487E-9729-730A5CA33689}"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"_ReputationSvcComm_ReputationPublisher"="{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"

"ccSvcHst_UserSession_2228"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"{0D147FE7-1045-46ED-8F96-06DDA32C157B}.MClientTaskNoficiation"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}_1"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"AvProdSession_01"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"AvProdSession_Options_01"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"AvProdSession_MessageCenter_01"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"AvProdSession_Scanless_01"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"AvProdSession_IPUA_01"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"AvProdSession_CanIRun_01"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"clt::AlertChannel2_01"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"CO_PS_{55DBA8A2-CF13-4600-8FC8-C7B989ABF841}_1"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"g_coUserCommandChannel_S-1-5-21-1715172851-1028551222-3286276936-1003"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"TRUSTCHANNEL"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"SDKCHANNEL1"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"ToasterNotify\\SessionID_1"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{0BF4CAEF-D818-42F4-B766-C09AB222512E}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]

@Denied: (C D) (Everyone)

"{16003FB0-7AE2-4D16-A9F0-0A26DDC4F426}"=""

"{FC71DDDD-D874-4C2D-8761-FD8EF264D434}"=""

"{23FEEE54-A5C1-413A-8078-9A56C215C9E3}"=""

"{F7649537-F843-4664-9497-07EAB5D3AEDD}"=""

"{E21604BD-8D3D-4360-A42D-7A9A930BED30}"=""

"{DB66FCA5-F2CA-4CA8-95C7-561CB27E1AE6}"=""

"{FF7CC329-9058-429F-AF08-4DEC7729A587}"=""

"{267DB9A0-B77F-472B-8C5B-73EAEE8FA710}"=""

"{1E1B4192-F334-4994-9DE8-2515B1EDD83F}"=""

"{44A72EE3-34D6-4C8D-A953-E17CDC22CFD9}"=""

"{688BB7BB-6952-49B1-8C38-7E511736F627}"=""

"{21DBD220-3A76-4235-B686-9CABAC16D5DC}"=""

"{DB4FDE3B-F522-493E-935D-DF8634D26EDE}"=""

"{C0A4F313-6BA2-44C0-BBB4-208C0063A90C}"=""

"{654DF428-4A02-43D1-89F4-F91A634EAA21}"=""

"{CB5E0CB8-AB5D-4459-A8FC-3847357403E0}"=""

"{A550FCB3-5417-4613-AA6C-D208E8E5F26F}"=""

"{3B6F4549-4269-4AD7-ADD5-228878C5FA58}"=""

"{3D41A409-406F-406F-9E87-2108AAAE5CA1}"=""

"{D10BC32E-0986-49A3-84C3-3F791DA94056}"=""

"{DBEFDB5F-AC6D-424D-92E9-10AEC1478CB1}"=""

"{886DE8CC-7C36-4B6F-8C75-67F3941C231B}"=""

"{6924E934-DEF3-4F11-92AD-0F2C2109A8B5}"=""

"{F4EA310F-DC46-447D-8F8C-5AC85008E8AE}"=""

"{9C978A97-8AFD-4264-9E46-B518C6E5E4CB}"=""

"{5FB13C9D-0AC4-4F12-8657-EEE243AE89E5}"=""

"{D5A25590-C7CA-4ECE-879D-67BC475F696E}"=""

"{DA5CE413-AAB7-41D1-B54F-8982949A3C58}"=""

"{C6175E4E-F28C-4377-9452-6718D35D04A5}"=""

"{A58CD237-29C8-4973-83E5-61FCD3B3FFCB}"=""

"{C10C8599-ACF0-4C99-81EF-FB3D4F773F7A}"=""

"{B0553399-EEA0-4EC1-82FF-E27A316D37A4}"=""

"{AB4D84C5-4ED9-418F-8DAA-1F045BFF61D6}"=""

"{00E9A3A2-0A43-425E-A304-6591CB5AF87D}"=""

"{D90AB0FF-A8A8-43C5-929B-A1197C7F8E5B}"=""

"{ABEFF323-D0FB-438F-B991-CC088F07D73D}"=""

"{8B147D78-E038-4EC8-8D05-C19DEEF91F98}"=""

"{172605D1-0444-4DB3-984E-178704EED4A3}"=""

"{D7692ED8-F812-4DD0-9D10-227FF1B2CF2B}"=""

"{336E5DBD-A476-431A-9E16-C58A3540660C}"=""

"{5DF77CF4-62D7-4587-AC26-2526232FFB51}"=""

"{12B50545-B2D0-4DBD-9AA8-B6A72DE3C504}"=""

"{0BABD9AC-028A-4A9B-A722-6D21D1ABCAA0}"=""

"{5D2A4D0B-C343-4CE8-B279-9B16DB4B45E8}"=""

"{53E39DC1-C720-4293-8334-44CC3FC13E66}"=""

"{D9143444-AAEF-44D0-8A2C-8C9EB0060553}"=""

"{04C6F73A-A5EF-4532-AB8C-4FE7ECC46E33}"=""

"{1D34804C-154C-493F-838B-3D0A00875BB8}"=""

"{FCF7861A-240A-4155-A943-EB984218970B}"=""

"{3723418B-23D7-4921-AFA0-6A2F8B136AA4}"=""

"{B374560B-7640-44E3-AE49-D2EFAD77EB48}"=""

"{A6BDF038-18FE-4B1C-B00E-B96BED2FEBE9}"=""

"{4EED79A2-E6E7-435E-93EB-E57EB1CCBA39}"=""

"{782683E7-3E6A-4FD7-929F-B485D8B8B433}"=""

"{99C6BC0B-977B-4906-A6F5-347738FA0EB8}"=""

"{A9E4A921-F803-4E3D-8529-107FDE288700}"=""

"{A898822F-CFE0-4E37-BA78-8988976BD254}"=""

"{F326E9D7-C989-4F48-8EAB-7328B1BECABF}"=""

"{C6F92C56-6FA5-403D-AC8C-AE0600761A98}"=""

"{3EF7AFF7-5FD8-4291-9C0C-B30A8F82FC86}"=""

"{67B35B64-EC65-49BE-8659-ED60596E3E3D}"=""

"{562C85A1-DBC4-4C45-A086-20FCEBC78E7E}"=""

"{92CB23D1-3B81-4005-81B2-A6C2A3E226BC}"=""

"{322AB1CF-FB7C-45AE-AA6F-A5C774545C0A}"=""

"{A8BC8FA9-BF9D-4C94-9C74-806635E36D54}"=""

"{FC48C8AD-B589-46EE-A4BA-F7834CAD0117}"=""

"{218C4832-0E4A-4000-A984-558FFC4B85AD}"=""

"{9A7F30D1-2253-4168-A445-BC54F7C5145A}"=""

"{B4D9AA24-59B9-4493-9702-3D7F9209649B}"=""

"{69DE53FE-8EC3-46B8-8A4A-A5043DD78443}"=""

"{2EFAE09D-CF08-44AE-B6F0-70E930D63F51}"=""

"{EB06BCA5-423E-466C-9706-D9F17FE72ECB}"=""

"{54DA6385-18E3-4221-9F8D-AE9A2E0A29A4}"=""

"{3E60F344-267B-4103-ABED-B3ECEC6A93BE}"=""

"{D49A00CA-04CA-4D36-8C40-9BB531449DFE}"=""

"{237A780A-238D-4AC0-854B-A3241958DDC9}"=""

"{CF8C935A-D3C4-4328-BF5E-E6EFECF13873}"=""

"{01972209-E0DC-4165-A380-7708517645AC}"=""

"{31261275-CA16-4D6C-BDDC-DFEA0E927089}"=""

"{E85633BB-4359-47B2-B896-1483393236B9}"=""

"{6A9D03CE-71F5-495E-BAD4-E3CDD2D46F06}"=""

"{3C182B14-0C8F-4122-BED7-79F38F45B647}"=""

"{CB25E83E-5BCF-4AD7-96C7-5D2B6CB7204C}"=""

"{99283256-6EC9-46A0-83D5-669A7D9868A9}"=""

"{A7CEFC78-4E59-407B-9CC3-1AADAEF5AB8A}"=""

"{08F16033-67EC-4AB4-9634-5D9DC5BE5433}"=""

"{C331D671-2AEA-4D2B-B40C-2E5277BD8028}"=""

"{02447076-F73C-44D2-9B79-2CDB963538D7}"=""

"{F6F66467-F2C1-4C93-90C3-64BCB21D948A}"=""

"{4509DC58-3133-4193-A450-1CCB947D7094}"=""

"{E3238BDB-6134-4AEF-9D64-C2CA128C4F96}"=""

"{251DBCB0-BEDB-4EF3-BEF3-2ED2D4F39940}"=""

"{E0E8434F-09EE-45B9-ADD8-59DE16570071}"=""

"{CDC3D693-019A-4A94-B21E-D3F186DFAB21}"=""

"{6B0D8D66-0D3C-4C00-9554-C1D8C3794A67}"=""

"{3C310A27-7D5B-4513-BA75-0399F3792A7F}"=""

"{7226A735-6A1E-4A9C-91D4-76CE5477B338}"=""

"{76E61DD0-B18A-45C0-A0F3-00B9A3859ED8}"=""

"{80E64912-CC76-4D6E-9F44-6AD14C2DBD94}"=""

"{4AD4CA43-63DA-4BDF-A2CF-ECFAC507D734}"=""

"{4F47ED13-432B-490C-BE1B-C592FAA10606}"=""

"{4804CAEE-80A2-4C0A-970E-4E76A2F52AF8}"=""

"{093F1047-AB5C-452B-B970-4FF25BAA57F6}"=""

"{86FC18E5-51FC-4AE0-ABBA-F7DC1549A385}"=""

"{6F7A04C1-F252-4D58-893C-164883E96C60}"=""

"{BE97BA07-4FB7-46DF-B9AE-BEF2E4C7D8F9}"=""

"{C3F4A8E0-58A0-4EB9-8122-41DF5ECC3A22}"=""

"{BFC92B84-41EB-4CF5-9DCB-B91AEADF6DB0}"=""

"{D39EC3D5-BBFC-4656-B16E-A34251C7E4F1}"=""

"{3BBAACF4-6493-4E98-9AFC-772E8C993569}"=""

"{1D84DA49-46EF-4F3C-A35D-35CAD688612F}"=""

"{2BAD0671-2EB5-4062-92CD-0E5F019BF891}"=""

"{FB60291E-536C-433B-B299-892EF2BAB691}"=""

"{D423B3F2-DB1B-46C5-8ACD-6221AE831EC0}"=""

"{FC4A7828-7845-41BC-B696-9E3908C2FF21}"=""

"{B80C3C79-C8F1-48E4-ABC3-D2D9DCDCB20D}"=""

"{A6AC0525-A974-4919-9694-5B2450608711}"=""

"{68F44D5A-5D10-4E9D-86A6-DCC30526A531}"=""

"{99C66D54-44D1-4378-AFD9-4A41D9C0F9CD}"=""

"{BD8C0EF0-4A10-4159-9097-C1A134C1A604}"=""

"{A8D54278-7CD0-4A2F-A44E-F2B6B4070E23}"=""

"{40F08BAD-4FFA-484A-8BB0-8E97F7CD59F6}"=""

"{946A79F0-DE70-4DA7-A36C-B1B1AC649293}"=""

"{DA79E394-4DFE-4D62-B722-E0052F454AA6}"=""

"{40633396-0003-42F0-9132-763CE003546A}"=""

"{CF1F33A5-8501-46D4-8DB8-6BC32213A117}"=""

"{DCF29532-2051-42A3-8D6D-38599BC940EB}"=""

"{2BEDD438-4472-454D-B30F-EA25377C9ECF}"=""

"{2C01301A-33CD-413F-A00C-CC81B17A8A7E}"=""

"{BEFA5993-A035-437B-B9BA-8265A9882746}"=""

"{42556D0F-2664-4A92-B829-CFD587A55498}"=""

"{8C64DAF6-2810-459A-A346-5583639E6ACF}"=""

"{8F3C5860-008F-4FD0-B922-D8A49B4F0678}"=""

"{E1872800-D6DA-430B-9587-16D78FC46D97}"=""

"{087C9391-F21B-4571-8ED3-3BA18CD4976C}"=""

"{872161D9-47E2-41CD-A685-7DA451FDF8D1}"=""

"{84F439F4-D791-4443-B446-6F6FC67FC04A}"=""

"{0B010F73-B93A-40EB-9A54-3D6EF3196555}"=""

"{DF14A861-D712-439D-BC62-8CAA13030FD0}"=""

"{B678EAAB-D1AE-424F-93E4-0909D3D54DA2}"=""

"{C8859B8C-AADB-43AC-ADA2-03EA6016AF54}"=""

"{4692DEB6-3EDA-49E7-9A57-3E499F324540}"=""

"{399AA711-77A5-4231-8E77-F33964ECBB3C}"=""

"{753E22CB-86B1-48FE-B6A0-F6BBE9292A20}"=""

"{D7895667-0FD1-4980-879D-7350494655AC}"=""

"{F1E70D0D-B2CA-47C9-B553-5B66ED761485}"=""

"{F08D409E-6C03-4024-AEE9-DA0F0924469E}"=""

"{674F614D-3F81-4345-A98E-05809F091451}"=""

"{AD697DD3-BD4F-48E9-AFBF-E601F6474BB2}"=""

"{79A125F4-90CF-4BC9-97E4-717C6F7103EA}"=""

"{B03F0B39-F869-4171-9517-173DFF4904B7}"=""

"{F2894433-926A-4A00-882F-6F0617589A52}"=""

"{B61E1F5B-9080-4B32-8A11-FB8F33BFB272}"=""

"{CFD734C8-F951-4C5D-9021-1E0D10D1C19D}"=""

"{C2EC3FFC-B836-43A1-8C12-42B21A49F26C}"=""

"{A013DAFE-E223-4DCB-AD6E-04F9F5F0679B}"=""

"{33464572-8E96-4203-97B7-70D72A3676F6}"=""

"{B816696D-3AAE-43CF-A7F3-7BA97264857F}"=""

"{53BE963C-95C1-485C-8181-F48D83231B52}"=""

"{439D911E-0D82-4ED4-B39F-63EBC5609F6D}"=""

"{0D29E550-72D8-49CE-A3DB-728087C7AC11}"=""

"{679F0455-2955-423C-9D80-D1806F5C610E}"=""

"{C4260B1E-72D6-4456-B817-DBE3497677FC}"=""

"{CA6B9182-D747-4095-BDDF-30C3789E3FD2}"=""

"{AB3088B5-C4F9-43E0-8692-37F5E3F0081A}"=""

"{6B62E40B-24DF-4D8B-91C9-BABA3C70C3E5}"=""

"{304EFD90-3D34-4F2E-B9D4-7875BD85FDC5}"=""

"{B005B521-EFEB-4BDE-A809-7C4E09B63804}"=""

"{088D0590-AD0E-4715-8E8D-4BFB4A303F73}"=""

"{E6311873-9052-4DB1-85D4-C2FB8C960F91}"=""

"{7F2FF6DC-9D7C-465E-9BBD-2F1AB35D79BD}"=""

"{1D987707-22B5-4CF7-96B7-A98F330CE8E1}"=""

"{5ADA7600-EFFD-4706-B6BE-9DBF9C3AE1C7}"=""

"{86683F7E-8AE8-4E2E-B0B5-2E11FD4C7AF6}"=""

"{9AF83CF2-51B4-44A2-B86D-6E0AA0761EC3}"=""

"{28F31D2E-BD9A-48C6-B1C5-7BB03AFAD9C5}"=""

"{E3434952-4E22-4CC5-BB3C-0C8088B6E3B0}"=""

"{94E39337-57AC-44F0-A933-DFEFD029711B}"=""

"{5EE6EBD6-CBF0-487F-932C-BE2E635CC4D9}"=""

"{D4CE4F41-BD75-44E4-A6ED-3C69D91C988B}"=""

"{7F1D9247-97C6-48B6-8F7C-5BA2CC93EA74}"=""

"{BF86ED8A-1350-40FC-BBA3-B328A4989FB7}"=""

"{B8ACD922-3BE4-437D-B009-5BDFC37379E5}"=""

"{EBEE92E3-9273-49CF-9D5D-B67380802425}"=""

"{9773AA6D-3F93-4BDC-8D37-BC5B8B3E67F5}"=""

"{7901085A-0FA6-45FD-AB52-4FB9ACC47DF6}"=""

"{C09A5664-6BA1-47AD-967A-20674683FDA9}"=""

"{65B9D3D0-6140-43E7-9E8E-55717476E3D1}"=""

"{BDA2446F-7C6C-401C-9E1B-B20D456B1F2A}"=""

"{1B8D579D-588C-4FEE-B756-26D8B89911D7}"=""

"{7A10C5D9-6DF8-4E14-9D23-BB7BBA7AED4E}"=""

"{2C34FB20-FF91-4972-AC6F-189EE93B4D98}"=""

"{007AE724-6C1B-49A7-B8D6-9CD5D5204F54}"=""

"{B65278E8-A6C7-4397-BBAE-A52105DA05C8}"=""

"{57659008-7809-4D0C-B356-157CD68A90B8}"=""

"{56E0BB0C-6C0F-42F8-B6E2-9593B52A6387}"=""

"{7AD8E567-44F1-48FA-9D5C-F0041E3B62EB}"=""

"{39BC0F77-D3E9-4BC8-92A0-C3BE0544D0C7}"=""

"{1A42FB61-C107-4C26-B0AB-3223F88D136A}"=""

"{92FF3224-C06B-42B4-91D9-68964AADDE85}"=""

"{ADE673F8-4DB8-4528-B03F-0F78EC6CB0AF}"=""

"{44B8C394-F9FB-4BCC-AC1A-AE996081FCB4}"=""

"{893960D2-B82A-47B3-A63F-D7C1C4F73131}"=""

"{602CFC42-ABC5-423E-8E00-AE4C3E56308B}"=""

"{5A555C8A-40F6-4871-AA03-BCC8F8A1AF1F}"=""

"{79CE9958-AA14-4A4D-AB2B-F02D902AD591}"=""

"{1906A297-752C-4C82-B592-1759378C8D31}"=""

"{0AECE623-BC80-49E0-BCD4-ACC4655E0BF9}"=""

"{79DC93FD-5E72-4921-B52B-F9F09890DA66}"=""

"{80234341-73B0-4827-9B71-CC42393130CE}"=""

"{17D3FE95-4BCB-4E34-A747-9046207A5A3A}"=""

"{CFF117FB-3E14-4363-A787-FD691E76A22A}"=""

"{3DEA6BA4-12AB-4F8D-89BC-528486F66277}"=""

"{7F1B3EF1-4DF0-4FF6-A853-9D5F9EA0ED3B}"=""

"{461BB9BF-E571-4CF9-BCE1-C0FFA90028A9}"=""

"{1297D887-54D0-4F6D-BB9C-656C0B447B7D}"=""

"{E0B1860A-10CC-4F94-ADB8-37107C055D64}"=""

"{9B5FCF24-1A28-4BA3-A78E-D800FACD66E1}"=""

"{B69A85A1-1CC5-4F78-8BF1-33061B78D490}"=""

"{6154B20A-1D72-4DB3-8F3C-EB19AD5A75EC}"=""

"{B9BC4AFC-8CF6-440B-B755-B76DD65DEDA4}"=""

"{A282B4DD-2358-4840-8A92-1427ACB6812E}"=""

"{33230E76-EC44-42A6-8B87-27CF758CB3A2}"=""

"{EDBA69C0-50A6-4E1D-AA12-49051060BA46}"=""

"{47B79627-5836-4F6C-A7AC-81287D3FB3BC}"=""

"{0AE6B523-04CA-43B6-9BD8-3D020B3F18D8}"=""

"{44D14CDD-D66A-43E7-829A-57895731316D}"=""

"{869B2060-C2EA-4078-9C11-44215F0D2138}"=""

"{398FDCF7-529F-4930-BA1D-CD5EF3A02A36}"=""

"{7133A43D-5829-40D0-B5DB-232C68819732}"=""

"{FCA6EBAE-D4D0-4216-817E-1B1A10866386}"=""

"{7BD33AC1-B4A7-462A-9D57-810BC75DC872}"=""

"{495F34C9-35AA-4C7B-9E0C-C3785A34AD55}"=""

"{D9F2C9E5-F017-40E7-8AD1-287381F18E29}"=""

"{AFA3E6F5-5F99-49F2-ABC9-5C0FFE060810}"=""

"{859C2BB6-67A1-421D-9D41-A1ED165A8920}"=""

"{57F3FFA6-44F1-42E8-83D3-4C4BE7DAFFEE}"=""

"{77B22AF5-652C-4212-8B51-4AFC34C3F3D3}"=""

"{2636422F-4876-442A-BCB9-61328B3B8A92}"=""

"{FB94F02D-706C-43F8-9BFA-736B31B6DAA1}"=""

"{7AB67CB6-83E6-4C68-AA48-26FC2B9FB14A}"=""

"{CA9D7F48-9FF3-45B2-8C5E-A57835ECD290}"=""

"{F36A04D7-C805-4B54-8CF7-B5B60034CB3F}"=""

"{4FB74CE3-3738-42BC-A39D-4ABC87FD5854}"=""

"{D4977E53-6E06-4121-A368-1FC1A49F303B}"=""

"{0DE057A5-7935-4F61-AE12-19A1A9C49118}"=""

"{7E8D32DF-E035-4E5A-A28D-77E5D87BE5CF}"=""

"{26B64A75-225D-4EE8-87C2-771B62D4F0B9}"=""

"{556C5409-41D2-493B-9FDD-A7E21294A393}"=""

"{D0B6FA93-7B7D-4E1C-8F23-7E97C1F4EF57}"=""

"{00F4EE4E-87F8-402F-98F3-94EE3835E9CE}"=""

"{EAA5C746-537E-4C15-A4E8-2249ED53453A}"=""

"{E6655841-9C19-42EE-80F9-93CF71677D4C}"=""

"{A9E5F9BE-845C-4818-9986-49BDCDA93EA5}"=""

"{E3F4C3ED-2E28-4C5A-9B79-3B8D8C51FC24}"=""

"{08239AD9-C925-4C4D-90E8-5F7D0C6AB794}"=""

"{0071962A-882D-4CDE-B290-6CE8F3612FC2}"=""

"{14F15A75-3786-47EE-84D1-2EC51F726D88}"=""

"{58D48819-518F-4128-9E09-E31BE542DF03}"=""

"{42CA64E8-80B2-42CC-AEF9-4522505760A1}"=""

"{D97D8F1E-6162-4B3C-9C5D-E10F328345B0}"=""

"{E35C5EF2-C61B-4CEF-8FFC-CEEC627AA47A}"=""

"{97B89CEC-84E9-4431-83B5-85790731A956}"=""

"{03CD4FE1-CD1A-41FF-B1CB-9009D4C52927}"=""

"{0970D411-C5BB-43C1-8098-761D47C224B6}"=""

"{C1A20AB9-1F05-48B3-BF3E-8875E6FAEB19}"=""

"{027EED19-55C8-4F61-A97C-7B34729A0430}"=""

"{DD7B68DB-0793-4437-BE9A-620F5C9FF475}"=""

"{C5A9527D-3D05-4A01-9D13-17E5DC15A598}"=""

"{F23844A0-4D8B-4F5A-A60D-136DD00E5057}"=""

"{BF12A7C8-2285-475E-9DE5-DE41FB566991}"=""

"{15778513-4498-4F43-BC5D-DA0F4A7F84DF}"=""

"{0A0E4DEE-B32C-456C-B8A5-AADA5C0ECFD6}"=""

"{CEA235F9-DE67-49AF-A1D5-73E3BBD2F6E1}"=""

"{4158F2A4-9DC4-4BEA-BF1B-70FEBF8525C3}"=""

"{E024059D-A079-419F-8965-E5DD1950C3B8}"=""

"{4CD0F7E0-6D47-46FB-B893-494E7F5FCC56}"=""

"{A916131C-4130-4A50-8D90-BC2400B94A37}"=""

"{D7AEFA8E-46FE-44B1-81F7-3149DADCB426}"=""

"{6BCC41EB-B422-466E-8B8F-5BCA43C90F71}"=""

"{6C0F484F-BF32-46DD-9A26-4DE3A402F114}"=""

"{6204E9CC-5EE8-438D-9815-23B22EC34CF1}"=""

"{A1FDCF8F-CBB7-449F-B7DA-057C21E9193C}"=""

"{C99BCA72-1337-4B1B-9224-3C2B6BD3E29C}"=""

"{24CED60F-29C0-40C6-8270-91C028174E66}"=""

"{A38480D5-2428-4536-9E46-8D0368FD9072}"=""

"{20064FA6-E95B-434D-BE72-39CDCBD137AA}"=""

"{3BBB8C10-9845-4568-B9AF-BD448E156928}"=""

"{B647D9F5-3DBF-4816-91EF-2746DF62D631}"=""

"{E026B110-F7C5-4CB1-A010-7F76E7EA8537}"=""

"{58E389D8-7168-41D3-A524-E121B2693471}"=""

"{C59270C3-722E-4C69-AA27-29A6CC2DE310}"=""

"{D624D3A9-7083-4389-9C13-544BD25CB8A5}"=""

"{FD313E9E-F95E-40B3-B859-413B525FA9CF}"=""

"{88392302-9CC4-4304-962D-FD23600B3E75}"=""

"{8F2CA534-9CFB-4840-ABFA-FF0CCB9E36FB}"=""

"{5DD08977-5579-418C-B806-D605B4AE0C71}"=""

"{C01EC2E5-609E-4877-A266-8C2EB4975F34}"=""

"{0F03E9A4-5E74-4C6C-B71D-B818300F96D8}"=""

"{EDB4B43C-4A0F-4EEA-9D6A-95A2C8CF8E5F}"=""

"{827299CA-5D8F-4C96-B1F5-E457B6351F47}"=""

"{8C723446-ED03-45E1-9756-1D88D302132A}"=""

"{9BEA30FB-33C0-47D8-9983-DB860F43A03E}"=""

"{9324FCE9-5EA8-4CA9-A179-F4770D5953B6}"=""

"{0BF4CAEF-D818-42F4-B766-C09AB222512E}"=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-12-13  10:14:37

ComboFix-quarantined-files.txt  2013-12-13 15:14

.

Pre-Run: 206,233,321,472 bytes free

Post-Run: 206,077,300,736 bytes free

.

- - End Of File - - 8F4433C512BF60E084BF677E7573B9D2

A36C5E4F47E84449FF07ED3517B43A31

 

 

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

 

# AdwCleaner v3.015 - Report created 15/12/2013 at 10:17:20

# Updated 10/12/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Jojo - JOJO-PC

# Running from : C:\Users\Jojo\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\0qjpdr4k.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

File Deleted : C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\0qjpdr4k.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v25.0.1 (en-US)

 

[ File : C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\0qjpdr4k.default\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1977 octets] - [15/12/2013 10:15:46]

AdwCleaner[s0].txt - [1922 octets] - [15/12/2013 10:17:20]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1982 octets] ##########

 

 

# AdwCleaner v3.015 - Report created 15/12/2013 at 10:15:46

# Updated 10/12/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Jojo - JOJO-PC

# Running from : C:\Users\Jojo\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\0qjpdr4k.default\user.js

Folder Found : C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\0qjpdr4k.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v25.0.1 (en-US)

 

[ File : C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\0qjpdr4k.default\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Jojo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1837 octets] - [15/12/2013 10:15:46]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1897 octets] ##########

 

 

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

 

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Jojo [Admin rights]

Mode : Remove -- Date : 12/15/2013 10:28:05

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] RTKAUDIOSERVICE.EXE -- C:\Windows\RtkAudioService.exe [-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

::1             localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS723232L9SA60 +++++

--- User ---

[MBR] f116f6ccbe1e7ace87f2dc6fc4c7550f

[bSP] 9544985f2d52f9a6419f4667ec1cb1ee : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11649 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 23859200 | Size: 293594 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_D_12152013_102805.txt >>

RKreport[0]_S_12152013_102718.txt

 

 

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Ultimate x64

Ran by Jojo on Sun 12/15/2013 at 10:38:00.59

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Jojo\AppData\Roaming\mozilla\firefox\profiles\0qjpdr4k.default\minidumps [21 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 12/15/2013 at 10:44:59.30

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

[AdvancedSetup]

For future reference one should not run tools like Combofix on their own as there is a potential for data loss if an old or invalid version of the program was run.

 

Since you've run most of the tools from other posts you've seen without being requested that too can potentially be harmful as none of them backup your data before doing some potentially dangerous tasks.

 

So what issues are you still having or seeing?

 

 

Thanks

[KBtoy22]

Thanks for the heads up, will definitely keep that in mind in the future... Haven't really installed a lot of program from this computer since it's my 2nd laptop and serve as my backup unit for work...

 

Anyway, I'm still getting the warning message from Action Center (flag icon in the taskbar) to "Remove the Worm:MSIL/Necast.D"...

[AdvancedSetup]

Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

[KBtoy22]

Below is ESET's log, after reboot, the warning message still shows up... Also went ahead and ran Microsoft Safety Scanner and found nothing...

 

 

C:\Users\Jojo\AppData\Local\Adobe\AIH.599bb64a817c4183372491674253b856db56f4d7\GTB.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined

[AdvancedSetup]

What application is detecting this?

[KBtoy22]

It's Windows' Action Center...

[AdvancedSetup]

Well the Action Center alone has no smarts to know so some program is passing that along to the Windows Action Center.

 

I'm 99% sure it's Norton that is passing that along.

 

Please open Norton antivirus and check your quarantine and see if you can empty the quarantine.  Then check or verify that you have the latest updates from Norton and reboot your computer.  Then do a Full System scan using Norton and let me know if it finds anything or not.

[KBtoy22]

Gotcha...

 

Went to NIS Quarantine, cleared the list, ran a full system scan and found nothing...

[AdvancedSetup]

So on reboot is the action center still showing that?  Can you clear that error and then reboot and see if it comes back?

[KBtoy22]

Pleaase see attached screenshot... there were 19 times occurrence about the issue so if I just archive the message, it will just come back?

[AdvancedSetup]

Okay let's try another antivirus scanner. Please fully disable Norton and MBAM and run this av scan.

• Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
• NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
• Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
• Shutdown your antivirus to avoid any conflicts while scanning.
• Once the scans have completed please re-enable your antivirus.
• If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
• If needed you can also temporarily disable it from starting with Windows
• Temporarily turn off any other security add-ons or applications you may also have.
• Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
• If it does not have a Digital Signature then do not run it.
• Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
• You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
• Click on the Yes button to start the installer.
• Click OK to scan your computer in the Enhanced Protection Mode
• Click on the check box to agree to participate in their software improvement program.
• Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
• Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
• Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
• Then click on the Start scanning button.
• If a threat is found you can click on the Action column in the program.
• Your options will be Cure or Ignore
• If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
• Then click on the Neutralize button.
• Once completed click on the green Open Report link. It will open the report in NOTEPAD
• Save the report to your desktop. The report will be called Cureit.log
• Close Dr.Web Cureit!
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
• After reboot, attach the log Cureit.log you saved previously in your next reply.
• Re-Enable your antivirus and other security programs when all done.

[KBtoy22]

Nothing found... Having issue copy/pasting the log so I'm attaching .txt file...

 

cureit.log

[AdvancedSetup]

This is an interesting one as there is very little information about it even from Microsoft.
 
MSIL/Netcast
 
Let me have you run the following and let's see if something loading may be causing this.
 
Create an Autoruns Log:

• Please download Sysinternals Autoruns from here.
• Save Autoruns.exe to your desktop and double-click it to run it.
• Once it starts, please press the Esc key on your keyboard.
• Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
• Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
• When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
• Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
• Attach the Autoruns.zip folder you just created to your next reply

[KBtoy22]

Please see attached...

AutoRuns.zip

[AdvancedSetup]

I need to run some errands. 

 

I'll review this later tonight, but if I've not replied to you within the next 8 hours please send me a PM reminder as your post will no longer show as new for me now.

 

Thanks

[AdvancedSetup]

Actually I see you have a topic open already over on the Bleepingcomputer site.  So as not to confuse helpers and waste resources (there are a limited amount of trained helpers to assist hundreds of users) I'll go ahead and close your topic here.

 

They should be able to get you fixed up over on the Bleeping site.

 

http://www.bleepingcomputer.com/forums/t/517354/wormmsilnecastd-removal/

 

Thank you