Jump to content

Rainbow1112

Honorary Members
  • Posts

    85
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

3,933 profile views
  1. No help needed for now. issue is due to malwarebytes and kaspersky protection issues.
  2. can confirm disabling ransomware protection work. No need to delay malwarebytes from startup.
  3. So this is what was causing problems to my PC.. i had to reinstall my PC. it and the issue keep coming back. Chrome/Thunderbird/Spotfiy all doesnt work.. Using Kaspersky free and malwarebytes premium. in the meantime i have disable malwabrebytes on startup till issue is resolve.
  4. I'm having issue running spotify /thunderbird and chrome. this 3 app constantly crash/hang when i open it. I have tried reformatting the computer but the issue came back. booting in safe mode with networking. i manage to get spotify and Thunderbird running unlike during normal boot where it will instantly hang. I have test my ram using mdsched.exe and there is no issue SysnativeFileCollectionApp.zip
  5. Issue is resolved. No more redirect after running AdwCleaner and deleting the infected shortcut
  6. I have reset IE but it still redirect to the site when I open the browser.
  7. I have already remove the shortcut path from IE yet when i open IE it still redirect to LAUNCHPAGE.ORG
  8. Computer look good nw. i monitor for 2 days and the files are not appearing.
  9. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Mar 01 20:39:36 2016 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: Applications\java.exe Found and removed: Applications\javaw.exe Found and removed: JavaPlugin.FamilyVersionSupport Found and removed: SOFTWARE\Classes\JavaPlugin Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\.jar Found and removed: SOFTWARE\Classes\.jnlp Found and removed: SOFTWARE\Classes\jarfile Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Classes\JNLPFile Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics ------------------------------------ Finished reporting. I do not have firefox install so i am not sure why it have error cleaning the firefox files..
  10. I don't really remember if I set this or not. i google the address and it was used by okayfreedom vpn which i use sometimes.
  11. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.3 (02.09.2016) Operating System: Windows 10 Pro x64 Ran by WoShiProDevils (Administrator) on Sat 27/02/2016 at 16:17:50.22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 17 Successfully deleted: C:\ProgramData\iobit\driver booster (Folder) Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File) Successfully deleted: C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) Successfully deleted: C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) Successfully deleted: C:\Users\WoShiProDevils\Appdata\LocalLow\.acestream (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Roaming\.acestream (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Roaming\acestream (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Roaming\acewebextension (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Roaming\iobit\driver booster (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (WoShiProDevils) (Task) Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder) Successfully deleted: C:\WINDOWS\prefetch\DRIVER_BOOSTER_SETUP.TMP-3D18250B.pf (File) Successfully deleted: C:\WINDOWS\prefetch\DRIVER_BOOSTER_SETUP.TMP-AB0FD22F.pf (File) Successfully deleted: C:\WINDOWS\prefetch\DRIVERBOOSTER.EXE-D5205666.pf (File) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AceWebException (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 27/02/2016 at 16:18:53.09 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.036 - Logfile created 27/02/2016 at 16:24:28 # Updated 22/02/2016 by Xplode # Database : 2016-02-24.1 [server] # Operating system : Windows 10 Pro (x64) # Username : WoShiProDevils - OWNER # Running from : C:\Users\WoShiProDevils\Downloads\Programs\AdwCleaner.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\_acestream_cache_ [-] Folder Deleted : C:\Hola [-] Folder Deleted : C:\Program Files\Hola [x] Folder Not Deleted : C:\Program Files (x86)\Applian Technologies [x] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies [-] Folder Deleted : C:\Users\WoShiProDevils\AppData\Local\Hola [-] Folder Deleted : C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjngckebbndpdeeakdgohmcdnecidcjk [-] Folder Deleted : C:\Users\WoShiProDevils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media ***** [ Files ] ***** [-] File Deleted : C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjngckebbndpdeeakdgohmcdnecidcjk_0.localstorage [-] File Deleted : C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjngckebbndpdeeakdgohmcdnecidcjk_0.localstorage-journal [-] File Deleted : C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjngckebbndpdeeakdgohmcdnecidcjk ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\Classes\Applications\ace_player.exe [-] Key Deleted : HKCU\Software\Classes\MIME\Database\Content Type\application/x-acestream-plugin [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive [-] Key Deleted : HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.0.12 [-] Key Deleted : HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17} [-] Key Deleted : HKCU\Software\AceStream [-] Key Deleted : HKCU\Software\Hola [-] Key Deleted : HKCU\Software\PRODUCTSETUP [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream [-] Key Deleted : [x64] HKLM\SOFTWARE\Hola [-] Key Deleted : HKU\.DEFAULT\Software\Hola [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com [-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com [-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AceUpdater] [-] Key Deleted : HKCU\Software\Classes\.acelive [-] Key Deleted : HKCU\Software\Classes\.acemedia [-] Key Deleted : HKCU\Software\Classes\.acestream [-] Key Deleted : HKCU\Software\Classes\.tslive [-] Key Deleted : HKCU\Software\Classes\acestream [-] Key Deleted : HKCU\Software\Classes\AceStream.file ***** [ Web browsers ] ***** [-] [C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hjngckebbndpdeeakdgohmcdnecidcjk ************************* :: "Tracing" keys removed :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [4234 bytes] - [27/02/2016 16:24:28] C:\AdwCleaner\AdwCleaner[s1].txt - [4068 bytes] - [27/02/2016 16:20:36] C:\AdwCleaner\AdwCleaner[s2].txt - [4141 bytes] - [27/02/2016 16:23:09] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4453 bytes] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27/2/2016 Scan Time: 4:26 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.02.26.07 Rootkit Database: v2016.02.17.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: WoShiProDevils Scan Type: Threat Scan Result: Completed Objects Scanned: 368580 Time Elapsed: 4 min, 48 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-02-2016 Ran by WoShiProDevils (administrator) on OWNER (27-02-2016 16:31:48) Running from C:\Users\WoShiProDevils\Downloads\Programs Loaded Profiles: WoShiProDevils (Available Profiles: WoShiProDevils) Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe (Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe (MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Secure Backup\mbsbscan.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8522496 2015-12-26] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-05-08] () HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-04-03] (Intel Corporation) HKLM-x32\...\Run: [super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI) HKLM-x32\...\Run: [sOSUAUI] => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [sMessaging] => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-10-06] (Juniper Networks, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-17] (Dropbox, Inc.) HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation) HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\Run: [360cloud] => C:\Program Files (x86)\360\360WangPan\360WangPan.exe [14508144 2015-04-10] (360.cn) HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\Run: [spotify Web Helper] => C:\Users\WoShiProDevils\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-02-21] (Spotify Ltd) HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\Run: [spotify] => C:\Users\WoShiProDevils\AppData\Roaming\Spotify\Spotify.exe [6743664 2016-02-21] (Spotify Ltd) HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [1403392 2016-02-12] (Tonec Inc.) HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\RunOnce: [uninstall C:\Users\WoShiProDevils\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\WoShiProDevils\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\RunOnce: [uninstall C:\Users\WoShiProDevils\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\WoShiProDevils\AppData\Local\Microsoft\OneDrive\17.3.6281.1202" AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-06-10] (Jaksta Technologies Pty Ltd) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => No File ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => No File ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => No File ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-20] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-20] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-20] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-810425901-1927846891-3043253424-1001] => hxxp://127.0.0.1:8445/okf.pac Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3b10ddc4-7b68-4cfb-bec8-a741abf30044}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{3e9b6031-7218-4a02-9c33-d9e30c2e0c13}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e8f1ebc2-52e2-4bcc-a6cb-bf452f446492}: [NameServer] 152.226.108.26,152.226.108.27 ManualProxies: 0http://127.0.0.1:8445/okf.pac Internet Explorer: ================== BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-20] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-26] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-20] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-26] (Oracle Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-20] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-20] (Microsoft Corporation) Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-17] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-810425901-1927846891-3043253424-1001: @hola.org/vlc,version=1.7.49 -> C:\Users\WoShiProDevils\AppData\Local\Hola\firefox\app\vlc [No File] FF Plugin HKU\S-1-5-21-810425901-1927846891-3043253424-1001: @spoon.net/Spoon Plugin 3.33 -> C:\Users\WoShiProDevils\AppData\Local\Spoon\3.33.8.488\npMozillaSpoonPlugin.dll [No File] FF HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\WoShiProDevils\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found FF HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\WoShiProDevils\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\WoShiProDevils\AppData\Roaming\IDM\idmmzcc5 [2015-12-22] [not signed] FF HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adblock Plus) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04] CHR Extension: (Gom VPN - Bypass and unblock) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2016-02-16] CHR Extension: (Enable right click) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2015-12-07] CHR Extension: (ShopBack Cashback Button) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjngckebbndpdeeakdgohmcdnecidcjk [2016-02-27] CHR Extension: (Norton Identity Safe) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-17] CHR Extension: (Ace Stream Web Extension) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2015-12-27] CHR Extension: (IDM Integration Module) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-02-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24] CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url> CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] CHR HKU\S-1-5-21-810425901-1927846891-3043253424-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-10] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-10] (Dropbox, Inc.) R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-05-08] () R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [4333712 2015-05-12] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation) S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [58280 2015-12-07] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177288 2015-05-29] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI) R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation) R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [345632 2015-07-08] (Steganos Software GmbH) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-07] (Electronic Arts) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 sagentservice; C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2032344 2015-05-14] (VMware, Inc.) R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware) S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed] S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [530648 2015-05-26] (VMware, Inc.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.) R1 appliand; C:\Windows\system32\DRIVERS\appliand.sys [30304 2013-02-06] (Applian Technologies Inc.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems) S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [145624 2015-08-04] (AhnLab, Inc.) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-26] (REALiX) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] () R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] () R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-08-20] (Juniper Networks) S4 jnprTdi_807_50111; C:\Windows\system32\Drivers\jnprTdi_807_50111.sys [108344 2014-10-06] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\Windows\System32\drivers\jnprvamgr.sys [45352 2014-08-20] (Juniper Networks, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-27] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2016-01-22] (Realtek ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-01-24] (Synaptics Incorporated) S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-12-23] (Anchorfree Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-27 16:23 - 2016-02-27 16:23 - 00000000 ____D C:\Program Files (x86)\ESET 2016-02-27 16:20 - 2016-02-27 16:24 - 00000000 ____D C:\AdwCleaner 2016-02-27 16:18 - 2016-02-27 16:18 - 00002415 _____ C:\Users\WoShiProDevils\Desktop\JRT.txt 2016-02-27 16:14 - 2016-02-27 16:14 - 00000000 ___HD C:\OneDriveTemp 2016-02-27 10:05 - 2016-02-27 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2016-02-27 10:05 - 2016-02-27 10:05 - 00000000 ____D C:\Program Files (x86)\ERUNT 2016-02-25 21:56 - 2016-02-25 21:56 - 06837784 _____ (Piriform Ltd) C:\Users\WoShiProDevils\Downloads\ccsetup515.exe 2016-02-25 21:56 - 2016-02-25 21:56 - 06837784 _____ (Piriform Ltd) C:\Users\WoShiProDevils\Downloads\ccsetup515 (1).exe 2016-02-21 19:19 - 2016-02-21 19:23 - 00000485 _____ C:\Users\WoShiProDevils\Desktop\Dual Port Charger Type C + Quick Charge 3.0.txt 2016-02-21 17:49 - 2016-02-27 16:31 - 00000000 ____D C:\FRST 2016-02-20 10:46 - 2016-02-20 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-02-14 14:55 - 2016-02-14 14:55 - 00000000 ____D C:\Program Files (x86)\AMWE 2016-02-11 22:26 - 2016-01-28 17:20 - 00209056 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys 2016-02-10 22:29 - 2016-01-22 10:52 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll 2016-02-10 16:29 - 2016-01-29 14:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-02-10 16:29 - 2016-01-29 14:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-02-10 16:29 - 2016-01-27 14:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-02-10 16:29 - 2016-01-27 14:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-02-10 16:29 - 2016-01-27 14:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-02-10 16:29 - 2016-01-27 14:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-02-10 16:29 - 2016-01-27 14:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-02-10 16:29 - 2016-01-27 13:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-02-10 16:29 - 2016-01-27 13:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-02-10 16:29 - 2016-01-27 13:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-02-10 16:29 - 2016-01-27 13:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-02-10 16:29 - 2016-01-27 13:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-02-10 16:29 - 2016-01-27 13:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-02-10 16:29 - 2016-01-27 13:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe 2016-02-10 16:29 - 2016-01-27 13:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-02-10 16:29 - 2016-01-27 13:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-02-10 16:29 - 2016-01-27 13:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-02-10 16:29 - 2016-01-27 13:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-02-10 16:29 - 2016-01-27 13:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-02-10 16:29 - 2016-01-27 13:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-02-10 16:29 - 2016-01-27 13:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2016-02-10 16:29 - 2016-01-27 13:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-02-10 16:29 - 2016-01-27 13:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-02-10 16:29 - 2016-01-27 13:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-02-10 16:29 - 2016-01-27 13:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-02-10 16:29 - 2016-01-27 13:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll 2016-02-10 16:29 - 2016-01-27 13:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-02-10 16:29 - 2016-01-27 13:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-02-10 16:29 - 2016-01-27 13:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-02-10 16:29 - 2016-01-27 13:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-02-10 16:29 - 2016-01-27 13:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-02-10 16:29 - 2016-01-27 13:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-02-10 16:29 - 2016-01-27 13:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll 2016-02-10 16:29 - 2016-01-27 13:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll 2016-02-10 16:29 - 2016-01-27 13:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-02-10 16:29 - 2016-01-27 13:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-02-10 16:29 - 2016-01-27 13:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-02-10 16:29 - 2016-01-27 13:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-02-10 16:29 - 2016-01-27 13:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-02-10 16:29 - 2016-01-27 13:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-02-10 16:29 - 2016-01-27 13:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2016-02-10 16:29 - 2016-01-27 13:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-02-10 16:29 - 2016-01-27 13:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-02-10 16:29 - 2016-01-27 12:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll 2016-02-10 16:29 - 2016-01-27 12:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-02-10 16:29 - 2016-01-27 12:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-02-10 16:29 - 2016-01-27 12:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-02-10 16:29 - 2016-01-27 12:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-02-10 16:29 - 2016-01-27 12:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-02-10 16:29 - 2016-01-27 12:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-02-10 16:29 - 2016-01-27 12:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-02-10 16:29 - 2016-01-27 12:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-02-10 16:29 - 2016-01-27 12:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-02-10 16:29 - 2016-01-27 12:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-02-10 16:29 - 2016-01-27 12:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-02-10 16:29 - 2016-01-27 12:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll 2016-02-10 16:29 - 2016-01-27 12:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-02-10 16:29 - 2016-01-27 12:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-02-10 16:29 - 2016-01-27 12:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-02-10 16:29 - 2016-01-27 12:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-02-10 16:29 - 2016-01-27 12:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-02-10 16:29 - 2016-01-27 12:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-02-10 16:29 - 2016-01-27 12:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-02-10 16:29 - 2016-01-27 12:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-02-10 16:29 - 2016-01-27 12:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll 2016-02-07 15:19 - 2016-02-07 15:19 - 00003022 _____ C:\WINDOWS\System32\Tasks\klcp_update 2016-02-07 15:19 - 2016-02-07 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2016-02-07 15:19 - 2016-02-07 15:19 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2016-02-02 22:43 - 2016-01-23 09:01 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2016-02-02 22:43 - 2016-01-23 09:01 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2016-02-02 22:43 - 2016-01-23 08:47 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-02-02 22:42 - 2016-01-23 11:31 - 42983992 _____ C:\WINDOWS\system32\nvcompiler.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 37615040 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 31115712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 24941112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 21202488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 20741880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 17632544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 17224664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 17174032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 17116616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 02543160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 02187712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436175.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436175.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00745408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00541184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00445912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2016-02-02 22:38 - 2015-12-18 14:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2016-02-02 22:38 - 2015-12-18 14:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2016-01-31 12:03 - 2016-01-31 12:03 - 00000000 ____D C:\KVRT_Data 2016-01-30 20:28 - 2016-01-30 20:28 - 00000000 ____D C:\NPE 2016-01-30 20:27 - 2016-01-30 20:36 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\NPE 2016-01-28 19:38 - 2016-01-16 14:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-01-28 19:38 - 2016-01-16 14:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-01-28 19:38 - 2016-01-16 14:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-01-28 19:38 - 2016-01-16 14:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-01-28 19:38 - 2016-01-16 14:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-01-28 19:38 - 2016-01-16 14:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2016-01-28 19:38 - 2016-01-16 14:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-01-28 19:38 - 2016-01-16 14:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-01-28 19:38 - 2016-01-16 14:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2016-01-28 19:38 - 2016-01-16 14:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2016-01-28 19:38 - 2016-01-16 14:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-01-28 19:38 - 2016-01-16 14:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-01-28 19:38 - 2016-01-16 14:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-01-28 19:38 - 2016-01-16 14:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-01-28 19:38 - 2016-01-16 14:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-01-28 19:38 - 2016-01-16 14:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2016-01-28 19:38 - 2016-01-16 13:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-01-28 19:38 - 2016-01-16 13:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-01-28 19:38 - 2016-01-16 13:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-01-28 19:38 - 2016-01-16 13:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll 2016-01-28 19:38 - 2016-01-16 13:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll 2016-01-28 19:38 - 2016-01-16 13:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll 2016-01-28 19:38 - 2016-01-16 13:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-01-28 19:38 - 2016-01-16 13:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll 2016-01-28 19:38 - 2016-01-16 13:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-01-28 19:38 - 2016-01-16 13:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll 2016-01-28 19:38 - 2016-01-16 13:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe 2016-01-28 19:38 - 2016-01-16 13:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe 2016-01-28 19:38 - 2016-01-16 13:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2016-01-28 19:38 - 2016-01-16 13:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-01-28 19:38 - 2016-01-16 13:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-01-28 19:38 - 2016-01-16 13:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll 2016-01-28 19:38 - 2016-01-16 13:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll 2016-01-28 19:38 - 2016-01-16 13:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-01-28 19:38 - 2016-01-16 13:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-01-28 19:38 - 2016-01-16 13:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-01-28 19:38 - 2016-01-16 13:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll 2016-01-28 19:38 - 2016-01-16 13:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-01-28 19:38 - 2016-01-16 13:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2016-01-28 19:38 - 2016-01-16 13:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-01-28 19:38 - 2016-01-16 13:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll 2016-01-28 19:38 - 2016-01-16 13:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll 2016-01-28 19:38 - 2016-01-16 13:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-01-28 19:38 - 2016-01-16 13:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-01-28 19:38 - 2016-01-16 13:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll 2016-01-28 19:38 - 2016-01-16 13:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2016-01-28 19:38 - 2016-01-16 13:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2016-01-28 19:38 - 2016-01-16 13:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2016-01-28 19:38 - 2016-01-16 13:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-01-28 19:38 - 2016-01-16 13:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll 2016-01-28 19:38 - 2016-01-16 13:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2016-01-28 19:38 - 2016-01-16 13:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2016-01-28 19:38 - 2016-01-16 13:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-01-28 19:38 - 2016-01-16 13:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2016-01-28 19:38 - 2016-01-16 13:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe 2016-01-28 19:38 - 2016-01-16 13:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-01-28 19:38 - 2016-01-16 13:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2016-01-28 19:38 - 2016-01-16 13:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-01-28 19:38 - 2016-01-16 13:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-01-28 19:38 - 2016-01-16 13:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe 2016-01-28 19:38 - 2016-01-16 13:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-01-28 19:38 - 2016-01-16 13:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-01-28 19:38 - 2016-01-16 13:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-01-28 19:38 - 2016-01-16 13:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll 2016-01-28 19:38 - 2016-01-16 13:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll 2016-01-28 19:38 - 2016-01-16 13:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-01-28 19:38 - 2016-01-16 13:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll 2016-01-28 19:38 - 2016-01-16 13:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-01-28 19:38 - 2016-01-16 13:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-01-28 19:38 - 2016-01-16 13:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2016-01-28 19:38 - 2016-01-16 13:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll 2016-01-28 19:38 - 2016-01-16 13:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-01-28 19:38 - 2016-01-16 13:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2016-01-28 19:38 - 2016-01-16 13:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-01-28 19:38 - 2016-01-16 13:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll 2016-01-28 19:38 - 2016-01-16 13:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-01-28 19:38 - 2016-01-16 13:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2016-01-28 19:38 - 2016-01-16 13:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-01-28 19:38 - 2016-01-16 13:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll 2016-01-28 19:38 - 2016-01-16 13:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-01-28 19:38 - 2016-01-16 13:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2016-01-28 19:38 - 2016-01-16 13:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-01-28 19:38 - 2016-01-16 13:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-01-28 19:38 - 2016-01-16 13:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-01-28 19:38 - 2016-01-16 13:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-01-28 19:38 - 2016-01-16 13:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-01-28 19:38 - 2016-01-16 13:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-01-28 19:38 - 2016-01-16 13:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-01-28 19:38 - 2016-01-16 13:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-01-28 19:38 - 2016-01-16 13:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2016-01-28 19:38 - 2016-01-16 13:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-01-28 19:38 - 2016-01-16 13:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-01-28 19:38 - 2016-01-16 13:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll 2016-01-28 19:38 - 2016-01-16 13:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-01-28 19:38 - 2016-01-16 13:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2016-01-28 19:38 - 2016-01-16 13:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-01-28 19:38 - 2016-01-16 13:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-01-28 19:38 - 2016-01-16 13:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2016-01-28 19:38 - 2016-01-16 13:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-01-28 19:38 - 2016-01-16 13:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-01-28 19:38 - 2016-01-16 13:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-01-28 19:38 - 2016-01-16 13:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2016-01-28 17:36 - 2016-01-28 17:36 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-27 16:31 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF 2016-02-27 16:31 - 2015-07-29 23:34 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-02-27 16:30 - 2015-03-12 18:53 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-27 16:25 - 2015-11-13 19:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-27 16:25 - 2015-11-13 19:26 - 00000000 ____D C:\ProgramData\NVIDIA 2016-02-27 16:25 - 2015-08-10 20:38 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-02-27 16:25 - 2015-03-12 18:53 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-27 16:25 - 2015-03-09 10:38 - 00000490 _____ C:\WINDOWS\Tasks\Online Backup Update Notifier.job 2016-02-27 16:25 - 2014-12-17 19:40 - 00000000 ___RD C:\Users\WoShiProDevils\Dropbox 2016-02-27 16:25 - 2014-12-17 19:39 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\Dropbox 2016-02-27 16:25 - 2014-12-17 13:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-02-27 16:25 - 2014-12-17 12:51 - 00000000 __RDO C:\Users\WoShiProDevils\OneDrive 2016-02-27 16:24 - 2015-10-30 14:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-02-27 16:24 - 2014-12-19 10:37 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\CrashDumps 2016-02-27 16:23 - 2014-12-17 14:04 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4A8CD187-9DFA-4CF9-BE96-81E02A08EE53} 2016-02-27 16:18 - 2015-12-26 15:24 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\IObit 2016-02-27 16:18 - 2015-12-26 15:24 - 00000000 ____D C:\ProgramData\IObit 2016-02-27 16:18 - 2015-12-26 15:24 - 00000000 ____D C:\Program Files (x86)\IObit 2016-02-27 16:16 - 2014-12-17 13:34 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\IDM 2016-02-27 16:15 - 2014-12-17 14:03 - 00000000 ____D C:\Program Files (x86)\Steam 2016-02-27 12:01 - 2014-12-17 13:34 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\DMCache 2016-02-27 11:43 - 2015-08-10 20:38 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-02-27 11:10 - 2016-01-15 18:30 - 00000000 ____D C:\Users\WoShiProDevils\Desktop\Idol Pic 2016-02-27 10:45 - 2014-12-17 13:34 - 00000000 ____D C:\Users\WoShiProDevils\Downloads\Video 2016-02-27 10:08 - 2014-12-17 12:48 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\VirtualStore 2016-02-26 21:56 - 2015-09-03 17:07 - 00000000 ____D C:\Users\WoShiProDevils\.oracle_jre_usage 2016-02-26 21:56 - 2015-01-06 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2016-02-26 21:56 - 2014-12-17 13:51 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2016-02-26 21:56 - 2014-12-17 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-26 21:56 - 2014-12-17 13:51 - 00000000 ____D C:\Program Files\Java 2016-02-26 18:07 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-26 18:07 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-25 07:51 - 2014-12-17 13:34 - 00000000 ____D C:\Users\WoShiProDevils\Downloads\Compressed 2016-02-23 21:31 - 2015-08-25 20:01 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\Spotify 2016-02-23 21:17 - 2015-08-25 20:01 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\Spotify 2016-02-23 21:04 - 2014-12-17 13:34 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2016-02-23 19:20 - 2014-12-17 14:23 - 00002421 _____ C:\Users\WoShiProDevils\Desktop\New Text Document.txt 2016-02-23 17:03 - 2014-12-17 14:26 - 00000000 ____D C:\Users\WoShiProDevils\Desktop\Shirlene folder=) 2016-02-22 18:50 - 2014-12-17 14:23 - 00000000 ___RD C:\Users\WoShiProDevils\Desktop\Mass Order 2016-02-21 19:19 - 2015-07-07 07:49 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\VMware 2016-02-21 15:27 - 2016-01-24 13:37 - 00000000 ____D C:\Users\WoShiProDevils\Desktop\EMK 2016-02-20 11:30 - 2015-03-12 18:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-20 11:01 - 2015-10-30 15:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-02-20 11:01 - 2014-12-17 14:30 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-02-20 10:46 - 2015-08-10 20:38 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-02-20 00:35 - 2015-11-03 21:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-02-14 22:46 - 2014-12-17 13:57 - 00000000 ____D C:\ProgramData\Origin 2016-02-14 14:55 - 2015-07-04 12:42 - 00000904 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMWE.lnk 2016-02-14 14:55 - 2015-07-04 12:42 - 00000892 _____ C:\Users\Public\Desktop\AMWE.lnk 2016-02-13 13:57 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\rescache 2016-02-11 23:05 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-10 22:29 - 2014-12-17 12:52 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-02-10 21:51 - 2014-12-17 12:48 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-02-10 21:49 - 2015-10-30 17:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-10 18:07 - 2014-12-17 14:46 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-10 18:04 - 2014-12-17 14:46 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-08 12:16 - 2015-11-11 19:05 - 00004122 _____ C:\Users\WoShiProDevils\Desktop\Pocket MapleStory Build.txt 2016-02-07 20:13 - 2014-12-17 13:57 - 00000000 ____D C:\Program Files (x86)\Origin 2016-02-06 12:34 - 2015-09-26 10:13 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LG Bridge.Lnk 2016-02-06 12:34 - 2015-06-26 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Bridge 2016-02-05 20:34 - 2015-07-29 23:32 - 00002425 _____ C:\Users\WoShiProDevils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-04 22:45 - 2015-12-18 18:45 - 00000000 ____D C:\Users\WoShiProDevils\Desktop\G4 Backup 2016-02-04 13:32 - 2014-12-17 12:48 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\Packages 2016-02-04 03:01 - 2015-10-30 15:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-02-04 03:01 - 2015-10-30 15:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-02 22:57 - 2015-11-13 19:27 - 00000000 ____D C:\Users\WoShiProDevils 2016-02-02 22:44 - 2015-11-13 19:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-02-02 22:44 - 2014-12-17 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-02-02 22:43 - 2015-11-13 19:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-02-02 22:39 - 2014-12-17 12:58 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\NVIDIA 2016-02-02 19:25 - 2015-03-12 18:53 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-02 19:25 - 2014-12-17 12:55 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-01 18:28 - 2015-12-26 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3 2016-01-30 20:27 - 2014-12-17 13:37 - 00000000 ____D C:\ProgramData\Norton 2016-01-30 20:22 - 2014-12-17 13:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-01-30 20:21 - 2015-12-04 07:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security 2016-01-30 20:02 - 2015-10-28 15:57 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\vlc 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-01-28 21:58 - 2015-12-04 19:18 - 00000000 ____D C:\WINDOWS\Minidump 2016-01-28 21:58 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\ModemLogs ==================== Files in the root of some directories ======= 2015-03-07 16:01 - 2015-03-07 16:01 - 0000695 _____ () C:\Users\WoShiProDevils\AppData\Local\recently-used.xbel Some files in TEMP: ==================== C:\Users\WoShiProDevils\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-17 19:57 ==================== End of FRST.txt ============================ I could not run the eset online scanner. it download the database and gave error cant download database file due to proxy.
  12. RKill log Rkill 2.8.3 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2016 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 02/27/2016 10:06:58 AM in x64 mode.Windows Version: Windows 10 Pro Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * fcvsc [Missing Service] * HdAudAddService [Missing Service] * HyperVideo [Missing Service] * netvsc [Missing Service] * wfpcapture [Missing Service] * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [incorrect ImagePath] * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [incorrect ImagePath] * swenum => \SystemRoot\System32\drivers\swenum.sys [incorrect ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost #[iPv6] 0.0.0.0 fr.a2dfp.net 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 atlas.aamedia.ro 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 www2.a-counter.kiev.ua 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 20 out of 13674 HOSTS entries shown. Please review HOSTS file for further entries. Program finished at: 02/27/2016 10:07:07 AMExecution time: 0 hours(s), 0 minute(s), and 9 seconds(s) Malwarebytes Log Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 27/2/2016Scan Time: 10:09 AMLogfile: Administrator: Yes Version: 2.2.0.1024Malware Database: v2016.02.26.07Rootkit Database: v2016.02.17.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 10CPU: x64File System: NTFSUser: WoShiProDevils Scan Type: Threat ScanResult: CompletedObjects Scanned: 369299Time Elapsed: 4 min, 58 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 1PUP.Optional.AceWebExtension, HKU\S-1-5-21-810425901-1927846891-3043253424-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AceWebException, C:\Users\WoShiProDevils\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe, , [92bd4a1bd1c866d0ae64786652b19070] Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  13. FRST.txtAddition.txt Random files are being generated on my desktop. check the property and those files are 0kb and i cant delete/locate them on my desktop. i am not sure if i am infected by virus so just checking to be sure.
  14. # AdwCleaner v2.005 - Logfile created 10/19/2012 at 00:24:11 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Owner - WINDOWSVISTA # Boot Mode : Normal # Running from : C:\Users\Owner\Downloads\Programs\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files\searchresults1 Folder Found : C:\Program Files\Trymedia Folder Found : C:\Users\Owner\AppData\LocalLow\searchresults1 Folder Found : C:\Users\Owner\AppData\Roaming\Babylon Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l72udwo9.default\searchresults1 ***** [Registry] ***** Key Found : HKCU\Software\APN DTX Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B} Key Found : HKCU\Software\searchresults1 Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\StartSearch Key Found : HKLM\SOFTWARE\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383} Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94366E2C-9923-431C-B0D6-747447DD0F2B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchresults1 Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94366E2C-9923-431C-B0D6-747447DD0F2B}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A9T&apn_uid=7418299174944100&p2=^A9T^YYYYYY^YY^US -\\ Mozilla Firefox v [unable to get version] Profile name : default File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l72udwo9.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [4156 octets] - [19/10/2012 00:24:11] ########## EOF - C:\AdwCleaner[R1].txt - [4216 octets] ##########
  15. ComboFix 12-10-18.02 - Owner 10/18/2012 19:13:29.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.756 [GMT 8:00] Running from: C:\Users\Owner\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Cloud Antivirus Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Windows\system32\tmp6EF8.tmp C:\Windows\system32\tmp6F57.tmp C:\Windows\system32\tmp7F91.tmp C:\Windows\system32\tmpB20D.tmp C:\Windows\system32\tmpB22D.tmp C:\Windows\system32\tmpF702.tmp ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_nvsvc ((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 ))))))))))))))))))))))))))))))) 2012-10-18 11:26:56 . 2012-10-18 11:30:06 -------- d-----w- C:\Users\Owner\AppData\Local\temp 2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- dc----w- C:\Users\UpdatusUser\AppData\Local\temp 2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- dc----w- C:\Users\Public\AppData\Local\temp 2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- d-----w- C:\Users\UpdatusUser.WindowsVista\AppData\Local\temp 2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- d-----w- C:\Users\Administrator\AppData\Local\temp 2012-10-18 10:50:05 . 2011-03-10 10:04:57 46280 ----a-w- C:\Windows\system32\drivers\PSKMAD.sys 2012-10-17 12:49:24 . 2012-09-24 15:16:36 93672 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll 2012-10-16 16:27:04 . 2012-10-16 16:27:04 -------- d-----w- C:\ProgramData\DriverGenius 2012-10-16 15:55:48 . 2012-10-16 15:55:56 -------- dc----w- C:\Program Files\searchresults1 2012-10-14 05:07:00 . 2012-10-14 05:07:00 107888 ----a-w- C:\Windows\system32\CmdLineExt.dll 2012-10-14 04:52:11 . 2012-10-14 04:52:11 -------- d-----w- C:\Windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP 2012-10-14 04:51:59 . 2012-10-14 04:51:59 -------- dc----w- C:\Program Files\Common Files\Wise Installation Wizard 2012-10-13 01:12:53 . 2012-10-13 01:12:53 -------- dc----w- C:\Program Files\Common Files\Java 2012-10-10 09:39:17 . 2012-10-10 10:13:33 172544 ----a-w- C:\Windows\system32\wintrust.dll 2012-10-10 09:39:09 . 2012-10-10 10:13:15 2048 ----a-w- C:\Windows\system32\tzres.dll 2012-10-10 09:36:33 . 2012-09-27 18:07:26 99192 ----a-w- C:\Windows\system32\drivers\idmwfp.sys 2012-10-01 14:23:52 . 2012-10-01 14:23:52 -------- d-----w- C:\Users\Owner\AppData\Local\FLT 2012-10-01 14:00:11 . 2012-10-06 01:22:24 -------- dc----w- C:\Program Files\F1 2012 2012-09-26 09:35:38 . 2012-09-26 11:31:11 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe 2012-09-25 00:40:15 . 2012-09-25 00:40:15 -------- d-----w- C:\Windows\CheckSur 2012-09-24 14:46:50 . 2012-08-30 15:57:37 3487434 ----a-w- C:\Windows\system32\nvcoproc.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-10-17 13:50:49 . 2009-06-23 18:32:42 139128 -c--a-w- C:\Windows\system32\drivers\PnkBstrK.sys 2012-10-17 13:50:40 . 2009-06-29 15:27:19 215128 -c--a-w- C:\Windows\system32\PnkBstrB.xtr 2012-10-17 13:50:40 . 2009-06-23 18:32:27 215128 ----a-w- C:\Windows\system32\PnkBstrB.exe 2012-10-15 11:02:45 . 2009-06-23 18:32:27 215128 ----a-w- C:\Windows\system32\PnkBstrB.ex0 2012-10-13 01:11:56 . 2012-02-04 09:23:50 821736 -c--a-w- C:\Windows\system32\npdeployJava1.dll 2012-10-13 01:11:56 . 2010-04-24 04:29:35 746984 -c--a-w- C:\Windows\system32\deployJava1.dll 2012-10-10 23:35:32 . 2008-05-09 11:40:08 975248 -c--a-w- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent.exe 2012-10-09 16:22:14 . 2012-04-19 13:43:33 73656 -c--a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 16:22:14 . 2012-04-19 13:43:33 696760 -c--a-w- C:\Windows\system32\FlashPlayerApp.exe 2012-09-12 17:17:46 . 2012-09-12 12:48:17 712048 ----a-w- C:\Windows\system32\drivers\ndis.sys 2012-09-12 17:17:46 . 2012-09-12 12:48:17 33280 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys 2012-09-12 17:17:38 . 2012-09-12 12:48:13 240496 ----a-w- C:\Windows\system32\drivers\netio.sys 2012-09-12 17:17:38 . 2012-09-12 12:48:13 187760 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 17:17:38 . 2012-09-12 12:48:13 1292144 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-09-12 17:11:27 . 2012-09-12 12:48:11 490496 ----a-w- C:\Windows\system32\d3d10level9.dll 2012-09-07 09:04:46 . 2009-03-06 02:15:55 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-06 11:52:23 . 2011-04-10 16:00:43 142496 -c--a-w- C:\Windows\system32\drivers\SYMEVENT.SYS 2012-08-30 19:13:00 . 2012-01-02 03:34:20 12465512 ----a-w- C:\Windows\system32\nvwgf2um.dll 2012-08-30 19:13:00 . 2012-01-02 03:34:19 1009512 ----a-w- C:\Windows\system32\nvdispco32.dll 2012-08-30 19:13:00 . 2012-01-02 03:34:18 2422120 ----a-w- C:\Windows\system32\nvapi.dll 2012-08-30 19:13:00 . 2012-01-02 03:34:18 15291752 ----a-w- C:\Windows\system32\nvd3dum.dll 2012-08-30 15:57:55 . 2012-06-29 15:51:27 645992 ----a-w- C:\Windows\system32\nvvsvc.exe 2012-08-30 15:57:54 . 2012-06-29 15:51:27 62312 ----a-w- C:\Windows\system32\nvshext.dll 2012-08-30 15:57:54 . 2012-06-29 15:51:27 108392 ----a-w- C:\Windows\system32\nvmctray.dll 2012-08-30 15:57:32 . 2012-06-29 15:51:27 3963240 ----a-w- C:\Windows\system32\nvcpl.dll 2012-08-30 15:57:27 . 2012-06-29 15:51:27 2836840 ----a-w- C:\Windows\system32\nvsvc.dll 2012-08-30 02:40:14 . 2012-08-30 02:40:14 429416 ----a-w- C:\Windows\system32\nvStreaming.exe 2012-08-25 03:00:42 . 2012-08-25 03:00:30 514560 ----a-w- C:\Windows\system32\qdvd.dll 2012-08-15 11:40:56 . 2012-08-15 11:03:23 400896 ----a-w- C:\Windows\system32\srcore.dll 2012-08-15 11:40:40 . 2012-08-15 11:03:19 2345984 ----a-w- C:\Windows\system32\win32k.sys 2012-08-15 11:40:06 . 2012-08-15 11:03:16 492032 ----a-w- C:\Windows\system32\win32spl.dll 2012-08-15 11:40:06 . 2012-08-15 11:03:15 317440 ----a-w- C:\Windows\system32\spoolsv.exe 2012-08-15 11:39:00 . 2012-08-15 11:03:03 41984 ----a-w- C:\Windows\system32\browcli.dll 2012-08-15 11:39:00 . 2012-08-15 11:03:03 102912 ----a-w- C:\Windows\system32\browser.dll 2012-08-15 11:38:17 . 2012-08-15 11:03:00 769024 ----a-w- C:\Windows\system32\localspl.dll 2012-08-11 01:26:42 . 2012-09-06 11:51:02 585888 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\srtsp.sys 2012-08-08 05:18:19 . 2012-09-06 11:51:02 926880 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\SymEFA.sys 2012-08-07 18:42:43 . 2012-09-06 11:51:01 134304 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\ccSetx86.sys 2012-07-28 03:25:32 . 2012-09-06 11:51:02 368288 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\SymDS.sys 2012-07-28 03:05:21 . 2012-09-06 11:51:01 175264 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\Ironx86.sys 2012-07-27 19:09:02 . 2012-07-27 19:09:02 57792 ----a-w- C:\Windows\system32\sirenacm.dll 2012-07-27 18:54:00 . 2012-07-27 18:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR 2012-07-26 11:08:06 . 2012-07-26 11:08:06 862664 ----a-w- C:\Windows\system32\msvcr110.dll 2012-07-26 11:08:06 . 2012-07-26 11:08:06 534480 ----a-w- C:\Windows\system32\msvcp110.dll 2012-07-26 11:08:06 . 2012-07-26 11:08:06 251864 ----a-w- C:\Windows\system32\vccorlib110.dll 2012-07-26 11:08:06 . 2012-07-26 11:08:06 153536 ----a-w- C:\Windows\system32\atl110.dll 2012-07-26 11:08:06 . 2012-07-26 11:08:06 115656 ----a-w- C:\Windows\system32\vcomp110.dll 2012-07-23 01:34:24 . 2012-09-06 11:51:02 338592 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\symnets.sys 2012-10-18 10:59:23 . 2012-10-18 10:59:12 261616 -c--a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94366e2c-9923-431c-b0d6-747447dd0f2b}] 2012-03-22 07:24:14 87008 -c--a-w- C:\Program Files\searchresults1\searchresultsDx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2012-03-15 21:02:40 86696 -c--a-w- C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 21:02:40 86696] "{94366e2c-9923-431c-b0d6-747447dd0f2b}"= "C:\Program Files\searchresults1\searchresultsDx.dll" [2012-03-22 07:24:14 87008] [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] [HKEY_CLASSES_ROOT\clsid\{94366e2c-9923-431c-b0d6-747447dd0f2b}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-10-17 13:36:48 220632 -c--a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-10-17 13:36:48 220632 -c--a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-10-17 13:36:48 220632 -c--a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12:20 94208 -c--a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12:20 94208 -c--a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12:20 94208 -c--a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49:16 22376 -c--a-w- C:\Program Files\Internet Download Manager\IDMShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2012-10-13 01:14:20 3536320] "SkyDrive"="C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-10-17 13:36:44 238552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-27 09:07:48 10967656] "Panda Security URL Filtering"="C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 02:51:36 217256] "PSUAMain"="C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-12 23:15:56 37152] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "<NO NAME>"= 0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk] backup=C:\Windows\pss\OfficeSAS.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Connect.lnk] backup=C:\Windows\pss\OpenVPN Connect.lnk.CommonStartup backupExtension=.CommonStartup path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Grid Service HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Immunet Protect [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2010-12-05 20:56:42 390728 -c--a-w- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51:26 919008 -c--a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-27 20:51:36 35768 -c--a-w- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 06:54:26 91520 -c--a-w- C:\Program Files\Microsoft Office\Office14\BCSSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-09-07 09:04:44 766536 -c--a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2010-05-10 06:12:28 439568 -c--a-w- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2012-07-27 19:09:02 4272064 -c--a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2012-01-20 13:03:48 719672 -c--a-w- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-07-27 02:37:50 180224 -c--a-w- C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2012-03-27 09:07:48 10967656 ----a-w- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2012-08-04 10:40:23 1353080 -c--a-w- C:\Program Files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 01:04:54 252848 -c--a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2010-12-05 20:55:24 5542168 -c--a-w- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] 2011-06-30 10:11:16 2648184 -c--a-w- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2009-07-14 01:14:24 660480 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2009-07-14 01:14:47 65024 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [x] R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl.sys [x] R3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des [x] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys [x] R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360\1401010.002\SYMDS.SYS [x] S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360\1401010.002\SYMEFA.SYS [x] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys [x] S1 BHDrvx86;BHDrvx86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [x] S1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360\1401010.002\ccSetx86.sys [x] S1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121016.001\IDSvix86.sys [x] S1 NNSALPC;NNSALPC;C:\Windows\system32\DRIVERS\NNSAlpc.sys [x] S1 NNSHTTP;NNSHTTP;C:\Windows\system32\DRIVERS\NNSHttp.sys [x] S1 NNSIDS;NNSIDS;C:\Windows\system32\DRIVERS\NNSIds.sys [x] S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\system32\DRIVERS\NNSNAHSL.sys [x] S1 NNSPICC;NNSPICC;C:\Windows\system32\DRIVERS\NNSPicc.sys [x] S1 NNSPIHSW;NNSPIHSW;C:\Windows\system32\DRIVERS\NNSPihsw.sys [x] S1 NNSPOP3;NNSPOP3;C:\Windows\system32\DRIVERS\NNSPop3.sys [x] S1 NNSPROT;NNSPROT;C:\Windows\system32\DRIVERS\NNSProt.sys [x] S1 NNSPRV;NNSPRV;C:\Windows\system32\DRIVERS\NNSPrv.sys [x] S1 NNSSMTP;NNSSMTP;C:\Windows\system32\DRIVERS\NNSSmtp.sys [x] S1 NNSSTRM;NNSSTRM;C:\Windows\system32\DRIVERS\NNSStrm.sys [x] S1 NNSTLSC;NNSTLSC;C:\Windows\system32\DRIVERS\NNSTlsc.sys [x] S1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys [x] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360\1401010.002\Ironx86.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360\1401010.002\SYMNETS.SYS [x] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [x] S2 dgdersvc;Device Error Recovery Service;C:\Windows\system32\dgdersvc.exe [x] S2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [x] S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys [x] S2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [x] S2 N360;Norton 360;C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x] S2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys [x] S2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys [x] S2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys [x] S2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys [x] S2 PSUAService;Panda Product Service;C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys [x] S3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [x] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [x] S3 PSKMAD;PSKMAD;C:\Windows\system32\DRIVERS\PSKMAD.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - WS2IFSL Contents of the 'Scheduled Tasks' folder 2012-10-18 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:43:33 . 2012-10-09 16:22:20] ------- Supplementary Scan ------- uStart Page = hxxp://www.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A9T&apn_uid=7418299174944100&p2=^A9T^YYYYYY^YY^US mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = proxy.singnet.com.sg IE: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l72udwo9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com.sg/ FF - prefs.js: network.proxy.http - proxy.singnet.com.sg FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2009-06-26 03:22; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - - - - ORPHANS REMOVED - - - - WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) MSConfigStartUp-DivXUpdate - C:\Program Files\DivX\DivX Update\DivXUpdate.exe MSConfigStartUp-SSDMonitor - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe MSConfigStartUp-Windows Mobile Device Center - C:\Windows\WindowsMobile\wmdc.exe AddRemove-uTorrent - C:\Program Files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe\" /s \"N360\" /m \"C:\Program Files\Norton 360\Engine\20.1.1.2\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="C:\Windows\system32\GameMon.des -service" --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11] "AdvancedGeneration"=dword:00000000 "AutomaticallyUpdateCheck"=dword:00000001 "ClubSearchFeatureNum"=dword:00000000 "CompareFeatureNum"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "Currency"=dword:00000056 "ExportFeatureNum"=dword:00000000 "FilterByClubFeatureNum"=dword:00000000 "FMPath"="" "GameDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011\\games" "GenieReportFeatureNum"=dword:00000000 "GraphStep"=dword:00000000 "HighlightedAttributes"=dword:00000000 "HighQualityGUI"=dword:00000001 "HintsFeatureNum"=dword:00000000 "HistoryDir"="C:\\FM Genie Scout 11\\History Points" "HistoryFeatureNum"=dword:00000000 "LangDB"="C:\\FM Genie Scout 11\\lang_db.dat" "Language"="English" "LanguageDBFeatureNum"=dword:00000004 "LastSaveGame"="" "LastUpdateCheck"=dword:0000a049 "LoadLangDB"=dword:00000001 "MinCondition"=dword:00000050 "PlayerSearchFeatureNum"=dword:00000004 "ProxyHost"="" "ProxyPort"="" "SaveDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011\\" "ScreenshotFeatureNum"=dword:00000000 "ScreenshotsDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011" "ShortlistDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011\\shortlists" "ShortlistFeatureNum"=dword:00000000 "ShowHistory"=dword:00000001 "SkinName"="PSV Eindhoven" "StaffSearchFeatureNum"=dword:00000000 "TopFormationFeatureNum"=dword:00000000 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "TranslateStaffSkills"=dword:00000001 "UniqueID"="D5-E080-E52F" "UseAuthentication"=dword:00000000 "UseProxy"=dword:00000000 "UserName"="" "UserPassword"="" "Version"=dword:00000081 "VersionOf"=dword:00000000 [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11g] "PicturesNumber"=dword:00057cfc [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12] "AdClicksNum"=dword:00000008 "AdImpressionsNum"=dword:00000019 "AdvancedGeneration"=dword:00000000 "AutomaticallyUpdateCheck"=dword:00000001 "ClubSearchFeatureNum"=dword:00000000 "CompareFeatureNum"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "Currency"=dword:00000056 "ExportFeatureNum"=dword:00000000 "FilterByClubFeatureNum"=dword:00000000 "FMPath"="" "GameDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012\\games" "GameLoadedCounter"=dword:00000008 "GenieReportFeatureNum"=dword:00000001 "GraphStep"=dword:00000000 "HighlightedAttributes"=dword:00000000 "HighQualityGUI"=dword:00000001 "HintsFeatureNum"=dword:00000000 "HistoryDir"="C:\\FM Genie Scout 12\\History Points" "HistoryFeatureNum"=dword:00000000 "LangDB"="C:\\FM Genie Scout 12\\lang_db.dat" "Language"="English" "LanguageDBFeatureNum"=dword:00000007 "LastSaveGame"="" "LastUpdateCheck"=dword:0000a0a6 "LoadLangDB"=dword:00000001 "MinCondition"=dword:00000050 "PlayerSearchFeatureNum"=dword:00000007 "ProxyHost"="" "ProxyPort"="" "SaveDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012\\" "ScreenshotFeatureNum"=dword:00000000 "ScreenshotsDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012" "ShortlistDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists" "ShortlistFeatureNum"=dword:00000000 "ShowDonateNotification"=dword:00000000 "ShowGuidNotification"=dword:00000000 "ShowHistory"=dword:00000001 "SkinName"="Steklo Black" "StaffSearchFeatureNum"=dword:00000001 "TopFormationFeatureNum"=dword:00000000 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "TranslateStaffSkills"=dword:00000001 "UniqueID"="D5-E080-E52F" "UseAuthentication"=dword:00000000 "UseProxy"=dword:00000000 "UserName"="" "UserPassword"="" "Version"=dword:000000ce "VersionOf"=dword:0000007b "VersionOf201"=dword:0000007b [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. a v ý µ#\OpenWithList] "a"="vlc.exe" "b"="a" [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC] @Denied: (C D) (Everyone) [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints] @Denied: (C D) (Everyone) "{FFAA6780-253F-4641-9BF3-A6F8AF5E2618}"="" "{ED9C13BB-8994-43A4-8156-E445828694DF}"="" "{0F7A789B-9208-4BD3-8BCC-3D8A6DB74D22}"="" "{16A1A044-CB51-4EB0-A436-4B549D0B17BE}"="" "{63DCF0B0-88C1-4016-9BCF-731A6358B534}"="" [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c1,34,ba,64,9f,02,b4,21,a6,ac,2e,45,1b,3e,3c,9e,92,7f,3b,98,ee,93,18, f7,2b,f0,b7,1b,97,bd,fd,dc,e1,7f,34,a0,d7,16,e5,5f,cb,76,ef,4e,4f,2c,63,68,\ "??"=hex:14,af,65,1f,0d,e2,ba,9a,6e,8b,98,b4,45,d2,99,6f [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\SecuROM\License information*] "datasecu"=hex:21,46,6d,46,73,8a,24,e3,7d,8d,f8,ed,71,7f,f8,74,a7,10,91,61,d6, 92,c8,a1,ae,15,21,65,62,cc,7e,fe,e8,db,88,a2,08,48,f7,b3,55,92,ce,10,7f,e4,\ "rkeysecu"=hex:3a,14,c3,31,e8,71,be,4e,a7,2c,de,39,47,6b,04,5d [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):4b,e5,68,99,7f,3e,05,dd,2c,e8,ce,0f,71,7e,e6,c5,c6,0e,f5,cc,01, 68,7f,9c,39,2d,fc,81,b9,65,d3,72,ad,0a,c5,9e,d7,a4,13,43,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):0f,b5,2b,28,fc,f7,ef,46,91,dc,5b,fb,89,97,10,a7,03,6f,85,eb,0c, 0d,83,d3,a4,ee,1e,b1,c1,81,36,22,69,37,db,5d,5f,ff,79,e7,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{a80886ee-b41e-4272-bb4a-0d197a6623ac}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000cb "Therad"=dword:00000009 [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{fc37c768-0325-4302-b32c-94983fc2a1c5}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000010b "Therad"=dword:00000011 "SpecVersion"=dword:000000f8 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. a v ý µ#\OpenWithList] "a"="vlc.exe" "b"="a" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels] @Denied: (C D) (Everyone) "ccSvcHst_UserSession2_3380"="{DA0DA856-9357-4DC7-86CE-A5511F639CD0}" "ccSvcHst_UserSession2_2272"="{DB2E59E0-6BBB-48CD-8067-990C9C2DF254}" "ccSvcHst_UserSession2_2480"="{B6F412D8-6778-4405-9554-0A09A6FB628D}" "ccSvcHst_UserSession2_2144"="{E8ABC747-0636-4678-8E17-7BC795A679C6}" "ccSvcHst_UserSession2_2900"="{2955BE94-DC4B-480B-8C95-0D2BC4903C4E}" "ccSvcHst_UserSession2_2868"="{0F6FBDDF-6117-47D7-875B-4E6DF25330BD}" "ccSvcHst_UserSession2_2204"="{9C7619D1-585F-4A27-AD54-0017FB1FF9CC}" "ccSvcHst_UserSession2_2148"="{8F2D0A29-08B7-4346-A09B-862404AB49D3}" "ccSvcHst_UserSession2_2364"="{5B1D3006-B8B5-470B-8035-E4CB269BBC37}" "ccSvcHst_UserSession2_2236"="{4E10BB9D-17EA-4FBE-B6A8-6140404BE303}" "ccSvcHst_UserSession2_2252"="{28C43FD4-EDD7-4497-A9FA-FA9A923ED22E}" "ccSvcHst_UserSession2_2748"="{ABE48364-A9E7-42A3-9ADF-98CFC216B6C6}" "ccSvcHst_UserSession2_2360"="{9BAE9353-4FB1-4174-8F4A-96BD1257392A}" "ccSvcHst_UserSession2_2548"="{75CFEB85-2439-46D2-B548-9D72ED70FAFA}" "ccSvcHst_UserSession2_3456"="{017B2608-E045-415B-B00B-8CE426556451}" "ccSvcHst_UserSession2_2860"="{8EB78505-34A8-4600-9BB6-2DFAD564D582}" "ccSvcHst_UserSession2_2440"="{448563A4-6680-4340-ABE2-BEB8F03E30C6}" "ccSvcHst_UserSession2_3024"="{92EED0C7-8103-4623-BB83-B41313C97FCE}" "ccSvcHst_UserSession2_2916"="{171E41EC-996E-4A9D-B7F5-5A7E310FFF52}" "ccSvcHst_UserSession2_3056"="{AA760A3F-D559-4C51-81F0-F8C3C85A50A4}" "ccSvcHst_UserSession_4636"="{8166E094-F7B7-4BD4-9995-5F6F1BF559BC}" "ccSvcHst_UserSession2_3448"="{DCF07928-554F-4AC7-AC08-DC35875B17E2}" "ccSvcHst_UserSession2_3376"="{9DD318C0-E230-4D96-9F5E-C243B7860F45}" "ccSvcHst_UserSession2_3044"="{246750F3-A765-491B-AC03-087174FEBC3F}" "ccSvcHst_UserSession2_3240"="{6038F2F9-D9EC-42AA-9AFA-FD5BF7D2925C}" "ccSvcHst_UserSession2_2408"="{AB961CC0-724C-4EAE-B883-29C5386A7591}" "ccSvcHst_UserSession2_3204"="{AE81D214-7BD6-404E-BA76-E337A846F8B9}" "ccSvcHst_UserSession2_2588"="{24F95B08-0CEE-4DC3-8CEB-58AC859EBA90}" "ccSvcHst_UserSession2_3208"="{8B430A53-B15B-49E9-AF9A-4811A5FFE97A}" "ccSvcHst_UserSession2_3796"="{D7E76C7A-D498-44CE-AD64-8D14F157616F}" "ccSvcHst_UserSession2_3148"="{D1800BB5-83D6-4231-9C0B-28AA0911E0C1}" "ccSvcHst_UserSession2_3300"="{EDB8EEA1-EE24-4978-A030-FA9ED1CB8DEB}" "ccSvcHst_UserSession2_3256"="{7E6D9F59-1CDE-4AC4-B4B5-1DD6068B6947}" "ccSvcHst_UserSession2_3284"="{2F79591D-61E9-42A2-8E3D-CF1411882D15}" "ccSvcHst_UserSession2_3196"="{732655BE-AB7B-4428-BC86-44FF1E480BA2}" "ccSvcHst_UserSession2_2452"="{B97375D4-628C-4FF2-BDE4-31FF920D1734}" "ccSvcHst_UserSession2_3188"="{F97B0212-11D9-4719-9752-1C7B666CD3E8}" "ccSvcHst_UserSession2_4036"="{D12D049D-5DC4-40F6-8FD5-C7C75F07557B}" "ccSvcHst_UserSession2_2400"="{E658E558-F23F-485C-8205-F3B081879DA3}" "ccSvcHst_UserSession2_2808"="{4D9CCDAC-11FD-462A-A8CB-ECF5E0BB1B58}" "ccSvcHst_UserSession2_2368"="{476935D6-C5C0-48C1-A38B-DEA7BC529042}" "ccSvcHst_UserSession2_3392"="{936A2861-F43C-4F45-ABE0-E6E2999F7C1F}" "ccSvcHst_UserSession2_3232"="{0CA3A02C-F207-470B-9E57-B494F4AFCCB6}" "ccSvcHst_UserSession2_2456"="{78B95B78-461D-4F81-9FCB-21FD3DBDD43D}" "ccSvcHst_UserSession2_3224"="{B63D54A6-0E14-470F-B41C-049A960A8231}" "ccSvcHst_UserSession2_3216"="{35E8BB01-25F1-438F-B9D8-86E0C8E37416}" "ccSvcHst_UserSession2_3012"="{C42EC6FC-59B3-4BB7-A876-6CFFBFE38628}" "ccSvcHst_UserSession2_3396"="{29662DE1-BB4A-4EB4-9738-6A428BF42DCD}" "ccSvcHst_UserSession2_3192"="{2F77367F-3F63-495C-BAF3-D4272488AF65}" "ccSvcHst_UserSession2_3340"="{331B7769-4794-48E0-9AE6-1004933D767F}" "ccSvcHst_UserSession2_3212"="{812C39CB-C9F9-48FE-AE25-0D9BB71F3D72}" "ccSvcHst_UserSession2_3124"="{9A37B8C1-BE1A-4616-9246-DA8AB278DD10}" "ccSvcHst_UserSession2_3440"="{B9C69DC9-B34D-4B86-A326-5B3B8CD9E041}" "ccSvcHst_UserSession2_3308"="{44FF4F6D-92DE-4582-BC48-A24B35391A6D}" "ccSvcHst_UserSession2_3708"="{CD53B415-1FB9-4CD8-B208-CA018E9A90E4}" "ccSvcHst_UserSession2_1076"="{04CE2F69-52D6-4797-900B-0DF09BD023F3}" "ccSvcHst_UserSession2_3304"="{FEE955E4-2F92-4E14-84D5-4C11C49E96C1}" "ccSvcHst_UserSession2_3248"="{51BA88BC-6A76-4B03-A1D8-86DF189BA427}" "ccSvcHst_UserSession2_3548"="{E4CD576A-F796-4C65-8278-16DB3C69EDCB}" "ccSvcHst_UserSession2_3272"="{0DC26155-3CAA-4F7E-9298-4D577217A48E}" "ccSvcHst_UserSession2_3092"="{F820F8C6-7456-4ADC-B024-A752C6B2FB2B}" "nasa_ipc_server"="{E6CDB83B-9ADF-4398-BF0C-F44BAF013815}" "ccSvcHst_UserSession2_3436"="{A02B1062-B069-4C01-81BD-86589B2F4B2B}" "g_coVistaProxyChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "Tuneup_Context_Switch_Channel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccSvcHst_UserSession2_3444"="{3D6D87E2-AD89-45B5-AFD6-D31862BEC714}" "ccSvcHst_N360"="{B55D9405-915A-402F-AE41-7A54934B902D}" "DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccSvcHst_UserSession2_3948"="{36EE3F03-981B-43C4-8795-F5B2B895CFB2}" "{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "ccGenericEvent_Global_EM"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccGenericEvent_Global_LM"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccGenericLog_Manager"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ipcChannel_ShastaServer"="{B55D9405-915A-402F-AE41-7A54934B902D}" "{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_buSvcComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "SNDServiceRequestChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "SymRedirSvcRequestChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "SNDLocationChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "NortonNetServiceIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "NetMapServiceIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ncw_performance_IPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_NCWSvcComm_NortonCommunityWatchConfiguration"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_isDataPrComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_ProcessDetection_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_AvProdSvcComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "isError_Service_IPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "BashIPCChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_ISPOCClient_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_IDataStoreMgr_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_buVssComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_HSPlayerCommand_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "IPS_COMMAND_CHANNEL"="{B55D9405-915A-402F-AE41-7A54934B902D}" "{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "FWAlert"="{B55D9405-915A-402F-AE41-7A54934B902D}" "AvProdSession_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AvProdSession_Options_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AvProdSession_MessageCenter_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AvProdSession_Scanless_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "_buUIComm_S-1-5-21-3429488616-1519292121-1956305698-1000"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AvProdSession_IPUA_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AvProdSession_CanIRun_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "clt::AlertChannel2_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "{D9D79767-CD29-487E-9729-730A5CA33689}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "CO_PS_{55DBA8A2-CF13-4600-8FC8-C7B989ABF841}_1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "g_coUserCommandChannel_S-1-5-21-3429488616-1519292121-1956305698-1000"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "TRUSTCHANNEL"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "SDKCHANNEL1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AVModule_ExclusionManager_{C6198C0B-693E-4CE5-BDED-C1C7ABE5E22C}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "{A1B48937-0778-4e7c-885B-271F65B485D2}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ToasterNotify\\SessionID_1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "_ReputationSvcComm_ReputationPublisher"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ncw_reputation_scan_server_IPC"="{601B9D26-ED1E-47AC-B352-35B7046571F1}" "ccSvcHst_UserSession2_2760"="{402B87AC-BAC1-4C75-B855-91E355024A89}" [HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints] @Denied: (C D) (Everyone) "{7E708133-F733-4226-BD5D-8F0DC279139B}"="" "{DA0DA856-9357-4DC7-86CE-A5511F639CD0}"="" "{8A3E23DC-89A4-4B83-B216-97EB12BBEDFC}"="" "{B4074B16-1D4A-43E0-BEBA-7F573F98B3BB}"="" "{4842A3C6-4909-43D1-9D8C-FA4A10223BC3}"="" "{C43B4199-673A-4380-BCB5-2037C232A4F6}"="" "{382624D7-878E-4340-9F13-0A68F112AF8E}"="" "{86E02384-AB42-45BE-A837-40B7F176129E}"="" "{E1F66B9B-7506-4AF3-8C8A-0D8F63AA7506}"="" "{87E85A4E-0DC7-4F79-A5F3-29AAAA847F73}"="" "{2D70DD10-8232-431F-AE62-5485D204D76F}"="" "{8E9F7467-08C4-4E49-8652-E16A2CA448C9}"="" "{FA2DF399-7A71-4BB1-B674-E6B38B7FAD5E}"="" "{D9AA54D7-A7AC-4EF8-81F7-7625F8A499E2}"="" "{21250460-ACD2-4241-9F86-09CF32980F40}"="" "{E25F7460-FE01-4A5C-ADD0-854388614FE0}"="" "{2A2273FF-40D1-4284-B227-89D0BAB99A73}"="" "{E4286E75-0D07-45FF-A7FD-03882DC9F9D2}"="" "{715EE43B-D14F-44A5-B078-949B3A99105F}"="" "{15B4CBA7-3497-4714-9997-74C70A1883B9}"="" "{4B433E1E-7C8A-48C5-91CC-8980F163FD9D}"="" "{42D8A33F-1FCD-4685-A3D4-581545EA2380}"="" "{1815ED29-FA1B-4E37-B47F-48F4A27B1069}"="" "{23C74058-20A6-4A7C-8654-4ECE7561F0D4}"="" "{E975BC04-83EF-4B62-9710-A81FDB1FE19D}"="" "{5BC2028F-48C6-40CE-BA6B-8FDDC76A2608}"="" "{9867EC9E-CCC5-4CB1-B63E-9CF8F37A8AA9}"="" "{0F6BC09A-1DC7-4A43-8B3C-8EB8CD414929}"="" "{1E3450B4-72C5-4443-9A1B-BE6D130536C4}"="" "{0FEB4ABF-27E8-46D2-837F-666FC00568EB}"="" "{524F5C26-D554-41AB-8A54-4752E40AE69F}"="" "{09ED0574-520B-45DC-87E1-B54E91B65109}"="" "{DB2E59E0-6BBB-48CD-8067-990C9C2DF254}"="" "{13D9A36D-DE95-4795-986A-D30A371A63C4}"="" "{09595FAE-BBE3-4068-BFB9-B2EAEA28F01C}"="" "{C5862FF3-B98D-4EBA-A6B8-9A8F4E5CE4FA}"="" "{B8A500DD-032E-4255-AF95-F9688753E3FD}"="" "{DE945FA1-6947-412E-ADC7-59848DD95E02}"="" "{0AA6E30B-A4C6-4EB2-9F3D-7AA116ED3302}"="" "{FCF68C65-CEEF-433A-8A5A-C13DDE29F2A6}"="" "{59E3122C-340E-47D1-A3C2-00475CBD3D7F}"="" "{F96B032D-E0E4-4094-86B3-43F29E82201B}"="" "{B6F412D8-6778-4405-9554-0A09A6FB628D}"="" "{D2C6C7BC-D4CD-40F3-98DA-53547B02E174}"="" "{34AFAD79-7C6A-4F38-9F2A-7199B79470B8}"="" "{631674E8-1B27-452A-A7E3-DE1593DCF3D7}"="" "{4DC90014-FD18-4B6E-AAE5-FAADD13957A1}"="" "{5F80C429-689B-4836-B11C-658730927D6F}"="" "{3BFE0423-1AF3-48FA-9E2D-498E5CD29913}"="" "{02822A2D-2F49-4B3D-9402-4F005F0F1C6E}"="" "{BE5420C6-266D-4BF6-88BB-20FC4676A840}"="" "{062ADEEB-256F-4704-A6E9-3DF3A7A4E468}"="" "{E8ABC747-0636-4678-8E17-7BC795A679C6}"="" "{1A4BC342-CEAA-4080-8C5A-8BE2C554A0BC}"="" "{6CA625FD-595F-4A69-9F92-F69AA9E9673E}"="" "{93E459E6-1081-4A2E-A098-37AD30522099}"="" "{B8B7D877-F236-4B61-85B7-B610A54D5891}"="" "{473C22CD-D671-460A-80EC-0464CB27D044}"="" "{3DF8A305-E049-426B-A614-01499E4B771B}"="" "{7A868217-C31B-44FE-B189-1D5857B8170F}"="" "{BB5F3F29-858C-4EB8-BA8E-CCBCE1DD61DC}"="" "{7D0A60EF-7EE3-4ACC-811F-82C7FB8CD98F}"="" "{4381D4EA-CA06-4CE3-9523-6E564352D1BB}"="" "{4D2E2D09-FDF9-4C2E-A0D9-42FCF56B776D}"="" "{BB056BD9-B688-4078-804E-FEC40152037A}"="" "{4880A03F-19A4-44B2-A12D-A948B9EAC22C}"="" "{1AEDD993-7A3C-43CB-B30B-176B5BFA31F0}"="" "{9B17B898-1AF9-4DA9-BA67-1F5550E9AC03}"="" "{D88E3458-4F5B-4B22-B5F1-D29D2942C8C1}"="" "{8991BEEC-7F84-4B24-B811-D1B754700250}"="" "{505DC54D-05DF-4BCB-8953-129A685AA622}"="" "{4E9C8945-DDE1-495D-B13F-CC350A257CB7}"="" "{2955BE94-DC4B-480B-8C95-0D2BC4903C4E}"="" "{40B54D1D-A840-4271-9DA4-87984E536761}"="" "{0F6FBDDF-6117-47D7-875B-4E6DF25330BD}"="" "{6B75193C-C42E-44E9-93E1-6DF8FBA9E483}"="" "{6525DD9E-9531-4629-894E-13D720FE89D0}"="" "{4DBEB134-F92B-43B2-B4B9-9150517B1481}"="" "{B89330BF-833C-405E-B73C-9E611CD265F3}"="" "{DED12D7F-9860-4DAF-95DB-865E8CAE2D3D}"="" "{D1AA07F6-AC19-4464-9361-89F8A023F68D}"="" "{6F6C4DA6-14F0-4584-B066-CCEE878D2B51}"="" "{7CB9956C-18F7-4F15-A1C7-7496893E64B5}"="" "{5AFFDBDB-3A03-415E-A274-01C83D246F55}"="" "{974231C8-02AC-40E6-85C5-CBA3F1C85DD5}"="" "{7A9DEF9E-15D5-4D0D-8E19-0A4298B83241}"="" "{9C7619D1-585F-4A27-AD54-0017FB1FF9CC}"="" "{99AAD83E-392D-4248-9FD0-DAFA87EF1CF4}"="" "{FB7C3EC6-93E5-40F7-A7A3-15D3A2A9C336}"="" "{A9AD1FC7-7917-486C-8D51-0920BA33AEC4}"="" "{53CDA2FA-0D4E-4BBF-820C-438ADD2E5725}"="" "{5B7ABED5-94A9-4068-BDCB-3979E483C505}"="" "{AB185598-092C-4E87-B109-7D6D265CC9B8}"="" "{24ABDC57-F3F3-4158-9131-BA6B812D2503}"="" "{EF1DB7CA-4871-4C84-AA74-54E0B7DC1AEE}"="" "{E339485D-7AE9-4DC4-A6CC-309EA6CE22D5}"="" "{DB003574-733C-4F3E-BFF1-781FB1F75872}"="" "{80B16FE6-DF80-427B-BC6E-1E6B3FC11D3E}"="" "{30083351-0B33-4529-A100-A6E975A956BD}"="" "{4EEA4315-B229-45AB-A487-3AC2BF5FE946}"="" "{AF3731B4-EFF3-42E0-95A2-DCB2CDB40B08}"="" "{08F3E32D-CABE-4FA8-A6C3-A2DA8A32AA4D}"="" "{357F52C6-CF6E-48F7-9E82-05A39A840FAC}"="" "{0C7E9700-384D-4562-AED7-FFB9E6FAE975}"="" "{CC325648-BF8E-46B6-8B17-DBB79F272327}"="" "{E5EA881A-6E93-4EAD-B326-4765CA07A717}"="" "{2F839636-A3DB-4804-A2D2-33E5535A2069}"="" "{9013E870-77B9-48DA-8A5D-F0B55E742364}"="" "{93FDD883-912C-49B3-A935-06E63951656F}"="" "{5082A36C-8399-464E-A0C3-08E118AB0BE9}"="" "{04C4061E-FBE7-426A-9F2A-9C2A61A48D52}"="" "{3771DE4C-AF6F-4401-842F-9AFA033720B8}"="" "{8F2D0A29-08B7-4346-A09B-862404AB49D3}"="" "{4C59B293-3E45-40FA-863D-7488F8CA39B7}"="" "{023C6980-5D8B-4566-9877-A4288C807A26}"="" "{21223973-EC26-4989-87E7-AD2C5244F426}"="" "{82EF08F4-8710-421C-AC03-C8ABEA0E7B67}"="" "{6AC158FB-4BBE-4892-9170-F97E773D6122}"="" "{286CBB2F-141E-443F-8DAF-87C6B20C056A}"="" "{82F5C57F-1F4D-4C6A-A910-0AE7BE74ECB4}"="" "{1F8B79DC-8AFE-43F6-8BE5-2E35B4F62BA6}"="" "{603530C4-F8DA-413B-BCA7-7DFD0CC8D829}"="" "{E4353A79-9B70-44F8-A067-22111CDBBAC7}"="" "{1A43456E-AD60-45F5-A872-25DE2CCC7721}"="" "{77C8AF0F-10BA-41A9-B327-86F6EBC6DD80}"="" "{827814BC-7792-46C5-8DF0-69677659F1DC}"="" "{FA9D19B2-A277-49AB-8CFB-473F45727E43}"="" "{12B04FA4-962D-4AA9-AB17-5B205CDC54C3}"="" "{D8FD8A14-FBEB-4F9E-A4ED-B96030FF8FF9}"="" "{B17DC375-FDC6-4B8B-B0AC-DC472A4621B3}"="" "{5560D5D7-5174-415F-B5F7-24B6E9C07613}"="" "{14DF53F3-0508-4F20-BBBB-C523F249D6E4}"="" "{AA55B99C-66BA-476E-9233-507CB46C626D}"="" "{7B9782AA-FD39-467B-A46A-AFD758D46DCD}"="" "{B52F5962-258A-4CB7-9561-AF6A4F950984}"="" "{4B01D6F4-C686-40EE-AF6C-9AFCFF317A4C}"="" "{FA949F73-6DC0-4089-BB90-BBC7D6F41A9F}"="" "{1700BCD6-13FC-4D24-B646-745E629732A8}"="" "{F1EDE2A5-B95A-4B92-8B17-796EE36C5ED8}"="" "{9A75B3ED-8F9D-46AF-BB4F-E3D1A4020282}"="" "{8800EDF1-8E82-41C5-B6D8-EA0B250085D7}"="" "{EAD22610-9BFE-42A4-BEF4-394806778E05}"="" "{8A812AC3-3471-42DC-9F79-7472B57BE9ED}"="" "{3BC1E507-ABD3-45EE-A0D2-F6CB251F7496}"="" "{9C78A161-6917-48F4-B8B1-50FBA51D03D6}"="" "{DE902B11-D59D-4A86-8826-D60B7F6F8B31}"="" "{404072B9-17EC-4783-AB5C-665BEEEA61BB}"="" "{0675CC15-7A19-47C0-88BC-02CE1381D633}"="" "{33A26696-5255-48EB-AA12-695949B79699}"="" "{D9304987-9927-401E-8208-F2C38468528F}"="" "{A0E825C1-601D-4F1D-A4FF-400176CB698C}"="" "{C2A8D85D-127C-48F5-B843-7E74D2531A7A}"="" "{5ED71AE5-94C7-4F0C-A961-79B453BF954A}"="" "{2ECCF776-5E63-4DCB-8B26-7289FF88F0EA}"="" "{92A98F4C-6FDB-4453-8A76-C6FE9C96D7F4}"="" "{38E2CF7C-E29E-46FE-8495-9E55F1C9F444}"="" "{80289955-062F-4AF7-AB1D-077E03E6F8FE}"="" "{B52FF19D-2C31-4764-87D8-FA538CB968E9}"="" "{ABDB725C-814C-4A44-B263-1B441C8B9B6C}"="" "{C26E437D-29C1-44F6-A2BE-10A29F24B59F}"="" "{9158B774-2E8D-4DE6-8E86-6B7635D854A1}"="" "{54EE03BA-6559-4CFF-9CE8-7FBAAFD18ABA}"="" "{7853EB82-D833-4A29-B83E-83ED2558D990}"="" "{CBAA0A04-6527-4055-88C8-A11F9E1BD33D}"="" "{5C90C959-8DFF-450F-896F-73DB560F9837}"="" "{8762929C-E51B-424F-9351-26713A1BB922}"="" "{73CD2B56-84D5-446C-98C0-CE5ACAA4C19C}"="" "{DA01D9BB-09EA-496A-A80A-0898BA4C3E8F}"="" "{26A0033B-4582-4BAC-AB3F-F3A05E173DDE}"="" "{22BED23D-8704-4BB7-ADC7-402BEBF47E00}"="" "{5B1D3006-B8B5-470B-8035-E4CB269BBC37}"="" "{EE028568-30D1-4A78-81E8-D0D4C664BED6}"="" "{FBBEE0AC-1595-4CC5-80B2-65D605DF3A2D}"="" "{BA7D8A9A-E83A-4021-8A50-2E8550645F2A}"="" "{39D08A57-17E5-4B83-9168-123820D55776}"="" "{3FE4FE93-49F0-4DBB-BFE1-C1D1D324A0A0}"="" "{4E10BB9D-17EA-4FBE-B6A8-6140404BE303}"="" "{CE55CD06-F042-44C4-8AA4-F0A5F007964A}"="" "{E95134B3-846A-46B2-BFFF-52DB75AFFBDF}"="" "{47EC32C2-B499-4C8C-9E3F-2DB655BB5921}"="" "{E33190BE-40ED-4C9E-895A-D57C275AE4B3}"="" "{8101DF2D-3CAE-4F97-88F1-0C3FAA2CC59B}"="" "{BC1A4057-97F1-4270-AC09-F2AB8CA92EE6}"="" "{99E1FDD6-9050-4FB0-9564-2373CEC1632D}"="" "{6475CB87-6476-4980-ACA1-D71E91CE69C2}"="" "{003822A7-06E6-497C-9340-BDF249730287}"="" "{5F83D008-51AE-4936-AE5B-F1BF7BA1BE32}"="" "{F14DDEDB-8EE6-4C7B-ADC0-CAB21D5A97C5}"="" "{BC91757A-B4C1-4EF3-991B-AFC32BD94437}"="" "{2A0D347F-7190-48BD-AFFA-0FAE963C4174}"="" "{B7A64C1B-1468-49E3-BC66-CA0BCAE6EA92}"="" "{87AA3A46-6C17-4D83-8137-7052F30148F6}"="" "{E21630A3-3D9E-4DA2-835D-2B335546981F}"="" "{2EF35C04-D211-44BF-B380-70D2988D3091}"="" "{334ECE4E-1FEE-4EB0-A7F2-AADCA50369E7}"="" "{C9FC1005-3D3A-419B-984B-982DBBC52E6B}"="" "{E4174957-866D-4654-85A9-1CFF3FBB6FAC}"="" "{1C90900C-E03D-49DF-81DA-E370DD16DF1F}"="" "{BFAB2F1F-0D7F-4B07-B038-5C5DA9790C06}"="" "{D1A6DAFB-81E0-410A-87AD-C4A042D9097C}"="" "{4FBC98C3-4AFA-4AC7-BA5E-B5FDADAF8B26}"="" "{B85F2C11-3334-4DEA-94C3-46C2D70D3739}"="" "{0A4E0093-2E0F-44CB-837B-8E2D498C1D3E}"="" "{6CA56438-48F5-4CAA-A2E8-A6287432911A}"="" "{868F0D08-AB05-4EC0-8BC3-DE5F230E5E9A}"="" "{28C43FD4-EDD7-4497-A9FA-FA9A923ED22E}"="" "{2EC623E3-FCC4-4102-9F5E-06C49281DE10}"="" "{ABE48364-A9E7-42A3-9ADF-98CFC216B6C6}"="" "{5AADDFF3-E090-4730-A14B-8E0CAE8DA24B}"="" "{579FD489-1347-4CBD-8AB7-DB0444F3AA23}"="" "{891FFD51-4574-4B77-A29F-25D320D1DE40}"="" "{8B51AC12-3645-4BFA-A553-2366BBD8BDCE}"="" "{9BAE9353-4FB1-4174-8F4A-96BD1257392A}"="" "{6A20D3BD-C96C-457E-B949-ACB6C4BA648C}"="" "{049663E0-2047-4AA4-AA3A-DA60BC4D6897}"="" "{F76E0335-6913-4F18-8E51-1CF54AFFFCEF}"="" "{60EBC192-9328-426A-95C6-BC02D8288697}"="" "{2B5544B9-481F-4355-84B1-C58BD878A322}"="" "{8A9396F4-9FDB-404D-BC63-BAB293DCCAF9}"="" "{2660AA0A-952C-45C1-B527-990897ADA65D}"="" "{BBCAD07C-BA7D-4FE4-A329-F446F071E954}"="" "{EF92BCAB-5EC3-4944-BA22-2AAC6EF81C47}"="" "{392D0EA0-90E2-48E7-9741-2BBCE6D1CAFC}"="" "{08D838FE-6EB7-45DA-B341-1B2D1551891B}"="" "{70675216-5B4D-4FA9-8F7B-00CA7AF8C430}"="" "{0EFA0E01-F14C-4E19-82DF-440BC818F00A}"="" "{75CFEB85-2439-46D2-B548-9D72ED70FAFA}"="" "{261ADBE6-DFA9-4986-8F38-E79A661BCEB7}"="" "{0770BE67-F83F-4757-ABE7-D98A18172C24}"="" "{DEDABA50-C31F-4481-B981-A4FAE7EBB562}"="" "{B503899C-D8E1-47C8-BFFB-291D29A2CA4C}"="" "{B34F4297-F069-4469-98F0-D1B87B8E765C}"="" "{3CE45D5B-9360-4324-93E3-A45F62B599D6}"="" "{099DD2D0-D8EC-444A-8B61-98DBA16611AD}"="" "{AF5945F0-0DFE-439A-ACB7-B05695643778}"="" "{143F81AE-A87C-48F3-83E5-B5A61F3A1FCC}"="" "{A95BD5F2-F35A-4F2E-91D0-72E1A17C18EC}"="" "{1F5F63E4-6627-469B-9AF6-5B5E79A0B671}"="" "{49BFED85-67EC-4008-9F8E-A49AD044D5AC}"="" "{6228BE61-7390-43AA-A961-50B1769FF0B7}"="" "{8830749E-7F0A-4CB3-B755-25671F5454FC}"="" "{FBDDEEB5-9EB3-4DC3-A489-791BC469A5B0}"="" "{EBF260D7-6D21-418F-ABED-B0B51DA7EC0F}"="" "{1FFF6127-460A-40A4-AC24-D6B4AB97F45F}"="" "{7566C084-3BEA-4A06-94F3-2203274BC738}"="" "{0E88807F-54E4-4DFE-A5B7-FBFD5D8143DF}"="" "{A29749BD-A729-41DF-B090-AA7F6B025632}"="" "{B0DA9558-C054-456B-B48D-15764BA7CF45}"="" "{A343FD2F-8A87-42CB-8C7A-783226F661B9}"="" "{3679DF33-6331-4A96-9E49-8CA2C42E524B}"="" "{D7DEEF75-FB18-4B68-931D-7100D58FDD26}"="" "{14816D69-6ABF-4806-BBD5-7F5BEF7279D6}"="" "{9E5E4209-F309-4E23-B09C-3D1FB310D2D1}"="" "{297DF63F-A5BE-440B-B4D8-4DC2B810027B}"="" "{B313106D-E9BA-4E5F-A8FA-9A45A436A573}"="" "{64D63D2F-F438-4483-A132-83E1C02C9D5C}"="" "{FE510F03-965C-4F2A-8694-CB6ECFD3AE15}"="" "{D989E848-1A01-4A6D-872B-8767FEAC8B14}"="" "{FF8D27BD-8A0B-4B12-B9FD-266E27DD704D}"="" "{3E79C0FA-009E-409F-B54A-ECE3C859EEF1}"="" "{58B965B1-CDEF-47D0-8E7F-296CCD0E5422}"="" "{BD2E9988-BFFD-4A4E-9B2B-3EA60E930DA9}"="" "{017B2608-E045-415B-B00B-8CE426556451}"="" "{18702866-A687-45FF-8FE8-69E36064C2F1}"="" "{B3DD701D-FA6F-4709-8237-6C64FDC50C5D}"="" "{51490D6B-ACE7-4EE9-84D7-5E3ED57D2E85}"="" "{58604ACF-115A-413A-B71B-27B7268937FA}"="" "{8FC0B30D-A4BC-4679-A90E-D9ADB79ADE49}"="" "{E98BB672-B020-42F1-9361-852DDD0996D9}"="" "{82F44D9E-C896-401A-9096-461F36B46605}"="" "{6ED61253-A0A7-420E-A1B5-C6871A1D3211}"="" "{55029DA5-CC45-4219-9416-6C8964981A99}"="" "{6368404F-12B8-448E-9109-AC212AFF845F}"="" "{8515F0DB-E9BE-44A6-A09C-ABDBDCB22627}"="" "{24E99E0F-03FA-42CD-99FB-BA6178D5BA5B}"="" "{9D05AB00-B0E3-4B28-AF35-8ADE40B21099}"="" "{8EB78505-34A8-4600-9BB6-2DFAD564D582}"="" "{2967A14E-72B0-4231-9435-88D307143880}"="" "{80C31F68-51FF-47D9-8128-E3E3A51D2715}"="" "{47370E08-1CF3-4F69-88F3-C6F5A11E395E}"="" "{448563A4-6680-4340-ABE2-BEB8F03E30C6}"="" "{28550DB9-A44E-4B11-A250-4D89A950163D}"="" "{AD60681B-A61E-4BBC-9D36-D5E5A88C8194}"="" "{FBB64870-049B-4B04-9779-6B0520C13781}"="" "{5BE5FE7A-0C8E-4EFF-B283-456F17E2BF05}"="" "{2314019A-D45B-4FB4-9421-7E4C3B154D7A}"="" "{BD10039B-5E58-4E4B-A64F-7F2B3880EF17}"="" "{57075F69-63C5-49AE-8FE8-74E4A30480A2}"="" "{6B5B4605-7056-4F6C-8053-52BB3D31A112}"="" "{B20DB7B8-481A-42DA-935F-09057E1EA7B3}"="" "{E4E7803B-80BC-47D2-8301-36B52DD37A60}"="" "{7C7B0AF6-2794-494B-9E2D-40A7E34BCA18}"="" "{E39F59EF-09FE-4057-8A33-99427B529BCF}"="" "{7D1B90E8-A456-41BA-AC89-C04DB4A0B042}"="" "{C3FE236F-8B01-4840-9015-4E246E069B51}"="" "{CA3D9A46-6D01-4073-88ED-AA1AE038CE98}"="" "{3B167CF2-D958-47E3-AFDE-30CF54405B90}"="" "{E4FBDC3F-A287-4083-8A15-46D1F276C0CD}"="" "{25EBACAD-5E8E-458C-A972-6ED315B0E745}"="" "{A277C50F-6618-4258-919D-BA19A1FC7299}"="" "{6F62C302-1C72-49D9-B20A-68718822565A}"="" "{911F465E-89FE-4B7D-82A7-979085FA4D07}"="" "{022C4C8D-5556-41AD-84FC-7D12AB2B9013}"="" "{F4709B08-1AB6-4DCF-AAAB-73F2AFD98821}"="" "{82A8B83E-96A4-4E4D-8BCE-1D6F02B9EE3C}"="" "{92EED0C7-8103-4623-BB83-B41313C97FCE}"="" "{4A0E762D-CAF2-4774-B311-EA7BC8924D8D}"="" "{171E41EC-996E-4A9D-B7F5-5A7E310FFF52}"="" "{777319BD-0092-4C9D-8B84-BD5CB3770C47}"="" "{64EA5579-25B3-47B0-8FD3-A42F04158950}"="" "{56AB9FCF-856B-4FCA-8927-EC7101518922}"="" "{355257F3-5D06-4130-B645-D1CDA1A78D68}"="" "{0A6CBA65-C362-4FBB-B4F6-3C9A6EFEB8F7}"="" "{4FA703E0-B8DE-4165-AF3B-6B44F03B660E}"="" "{20875D91-ACA6-401B-9ADB-31149ABEA46D}"="" "{F6E1E2D4-B2D2-44A0-8B9A-6A4926F9DA9A}"="" "{B31928BB-CC50-4289-BAE4-BC38B92E37FA}"="" "{870A33DA-EE44-49D0-9DE1-B5A52377CE1F}"="" "{02653E90-B80B-4CD1-84EE-7D8E84DB3B1D}"="" "{2B6A82D3-4557-48D8-8040-0FC350A16E45}"="" "{F0B31D5A-75BD-4307-B364-6EE2B8571DD4}"="" "{E4CD8FC6-9778-42A0-BB89-C903B0712501}"="" "{C3AFD8A2-4F22-49AB-8469-3CA63D0B807E}"="" "{232C2213-4702-4A1B-936A-8D9D06B79DF5}"="" "{DBDD8DDA-9391-452D-A61A-7E856A14B823}"="" "{843019A1-83DB-4A67-8A65-CAD2DE814096}"="" "{5F0E784B-8A52-4BAB-9D74-A073B493DC9F}"="" "{8630DD0F-46B9-45FD-8C6D-9A2B38B84909}"="" "{C940C6E6-1ACA-4230-BFBD-E273FB25844A}"="" "{AAE4139D-BFF4-4786-9B7C-39F23DD89260}"="" "{D898B11B-5018-478C-8B59-764D138B6C2B}"="" "{49B5DD93-C2AB-4926-AE34-01E7EF735B15}"="" "{1C7CECCE-A11B-49B8-AAE1-CB64664EB0CB}"="" "{6AC220A8-06E2-4ABE-82E7-19DE247ED351}"="" "{C2950EA9-DB73-4926-B4A3-61FBBAED79CD}"="" "{97BFAAA0-D76B-41C9-93A0-8823BA75A9B0}"="" "{DE104FDF-8A22-4A4C-9203-12F85D639357}"="" "{BA404511-6B18-4C4E-9F27-072C41743DC3}"="" "{DA057171-FDC8-49F6-80DC-7874B9625D6D}"="" "{975E4D1D-273D-4D0C-9D20-66400CD8BFE3}"="" "{CAC10309-29C9-40F0-A63F-B421BD0F574C}"="" "{54FE52C0-369F-4BDF-ABDA-A0FEDEEF5B58}"="" "{0BDF17DC-0709-40CE-9283-BB9A715ECF9C}"="" "{B377CF70-33AF-49A3-8A5B-12D2AD84165E}"="" "{36E4EA45-A317-468C-B71E-0EA639A6D5A8}"="" "{C28E03B0-9DE3-4598-8557-071B59E2E19B}"="" "{E1E827E5-CDFC-45C4-8C9C-EC8978D04EF5}"="" "{DFF9B39A-C115-4FA5-99F9-D606AFD545B8}"="" "{AA760A3F-D559-4C51-81F0-F8C3C85A50A4}"="" "{25F62D6F-4DB4-4F74-BC3C-0078BA481C5D}"="" "{D356BBBC-AB73-4B6D-91DF-5A3F193B7AD6}"="" "{721C29B0-96C9-4684-9985-A0B8C92B23DB}"="" "{C455F5AD-2443-4480-AAFC-34F93ED0BBAF}"="" "{F666095E-8D83-4B84-9259-F5BFB1D6B64F}"="" "{6B48EAC2-CBE2-4AFB-9716-B3BCEB4B1DE9}"="" "{7AD8BF9E-5936-4130-BB94-B119DE978CC7}"="" "{2544623A-F060-4A6D-8E75-27F01B731DC1}"="" "{30BAD576-00DE-4ABB-B4A0-D6C2B6640C2E}"="" "{BD28CA8C-7E7C-4A78-8A17-3474F8C9820E}"="" "{64353876-6D73-4CEC-9C71-379DEEE7DDBC}"="" "{8166E094-F7B7-4BD4-9995-5F6F1BF559BC}"="" "{D21652C3-AB12-4790-BC4E-C6BC939EADEA}"="" "{AE635587-E6C2-4E2C-A2C3-7C55356561D5}"="" "{9881AC8E-EED2-4EB8-A4F0-A572770341A5}"="" "{8B562F8B-5E73-4F8F-AE8A-C1D420F33A92}"="" "{86A07D0D-B518-452E-B6B1-CCEEC47CDD6F}"="" "{77342782-1BD7-401E-A502-BC968A7FEEC5}"="" "{D3BD15CD-BE7D-4C9A-B9E8-E0941FE5DCC4}"="" "{DCF07928-554F-4AC7-AC08-DC35875B17E2}"="" "{71AC201C-C8C8-4616-881B-A1508775AC24}"="" "{6420A077-68D4-469F-92C8-6696D211CF2B}"="" "{543BD4FB-E3C3-489D-8D0C-A902C1F8C758}"="" "{9DD318C0-E230-4D96-9F5E-C243B7860F45}"="" "{7A883053-8748-496D-837F-B6BB125F8CAB}"="" "{246750F3-A765-491B-AC03-087174FEBC3F}"="" "{2BBECB07-D25C-45BA-A429-524CA4B35375}"="" "{D94B986C-E1C3-4F70-B7EF-906F8DA25D2C}"="" "{AFAC74DA-9746-4539-A5A4-254976CB8C39}"="" "{AB961CC0-724C-4EAE-B883-29C5386A7591}"="" "{34DDDAB3-765E-463E-AA8E-C6C706AE5ECB}"="" "{45D32A6E-7E72-4257-99DA-914BBC3AEC03}"="" "{90C527CF-5E22-40C4-AA35-8725543FA1FD}"="" "{F68E6A59-6681-46B7-BBA1-CF031BBA97F9}"="" "{1555F750-009D-45CB-A654-4026CB95A76A}"="" "{05F83C8C-E149-438B-8C87-C9869620A4A2}"="" "{163D7F22-224F-41E8-AFFA-FFD067390C5B}"="" "{AE81D214-7BD6-404E-BA76-E337A846F8B9}"="" "{324C20A9-B864-493E-88DF-5A2DAB43C289}"="" "{24F95B08-0CEE-4DC3-8CEB-58AC859EBA90}"="" "{637C34C4-3C0F-4354-AF99-4A5AD7D143D7}"="" "{5B46C989-B019-4E88-B95F-7D681950359D}"="" "{5DE62013-33D7-4A9A-BB7D-E99153AD0FC3}"="" "{8B430A53-B15B-49E9-AF9A-4811A5FFE97A}"="" "{304D6B50-55B2-4FD2-A138-54C71B2A5C1A}"="" "{D7E76C7A-D498-44CE-AD64-8D14F157616F}"="" "{E6AA9A6C-80CA-4FCB-B3EC-CFF2378C51F5}"="" "{C07C34F4-5A62-4208-8DBE-3CA5C4E3AFC3}"="" "{6F7C5D2B-23A2-478E-8FFF-1878017D9D46}"="" "{72CECF30-3182-43EA-A4A2-D42DA2A14831}"="" "{05295F6A-2F6B-4656-9E26-4DDBA3514143}"="" "{3E466E11-7BF4-403A-806D-5DFA1C5E0BF4}"="" "{EC20A1DE-7AEB-45BA-81A6-14D70934718F}"="" "{8F0BA37F-8DFB-4553-9E93-6996045EEC5F}"="" "{B8AFF97D-8F7C-4022-8431-D33B76BA5A59}"="" "{101B7284-8732-437F-86AD-5D0FCEB82CAB}"="" "{D05F04E6-1556-4D12-AF60-7209D76C56C9}"="" "{786227F6-C147-4541-A12C-382644BA3933}"="" "{2C02D742-F8EE-45A8-A081-F0B0D2143AE8}"="" "{70BB30B9-485A-4F86-A12E-D69F44176DAD}"="" "{EC41741D-2BBC-4256-9464-275418A59767}"="" "{EDB8EEA1-EE24-4978-A030-FA9ED1CB8DEB}"="" "{213F5807-32E2-4424-9860-1A8C43E93CC6}"="" "{CD637544-7F74-43E8-8C78-27E7574A5115}"="" "{8AED5DB5-3217-40C0-9EF4-891EF7AB3790}"="" "{84AC9C49-97E5-4F0D-B32B-7C113C96A399}"="" "{775BAFFE-6D10-4299-A1E9-2570C699C19A}"="" "{0C199277-4368-4C9B-BEDA-738CA931B9F1}"="" "{5CF6798A-03A1-4B86-9830-4847527BCCE8}"="" "{5ED675B6-F3D2-4890-9416-F872B529FF28}"="" "{D1EE2162-4F87-4022-A162-EAD69429378F}"="" "{20E60C63-5806-4748-BD91-90E0268FF794}"="" "{BECE34DB-4C86-4BDF-A4D1-2BCD6B70C363}"="" "{368017BC-9BCE-49A5-9635-5D327389A454}"="" "{460244BF-DC92-45B0-97BB-D6D6E35F1B78}"="" "{2F79591D-61E9-42A2-8E3D-CF1411882D15}"="" "{8CB04152-1BF6-4E2D-8441-A0F60990744A}"="" "{641658DA-4BA2-429B-8F41-27D7E9904A23}"="" "{6E31582B-DBEC-499B-98D5-91BCC85EFD7B}"="" "{C54B5FDF-B464-4921-BD72-47A7BAD32707}"="" "{42DD6D87-EF84-4F5F-8714-833F2CF7864A}"="" "{00E79B6A-F239-469B-BF11-6BFCF975E046}"="" "{6D5CC850-226C-4EA1-9EAC-92D73D928B87}"="" "{E323BFE9-FAAE-487C-88A1-F89D0CEF3BA4}"="" "{6ABB3F4E-1D10-4825-8089-7FEF8D0DFD92}"="" "{732655BE-AB7B-4428-BC86-44FF1E480BA2}"="" "{9DBE4C0F-FDD5-4A35-812F-1DABFCC29808}"="" "{C5B71504-9D86-489E-AB1D-24CC92B65148}"="" "{B3FF4078-2433-418B-B6E1-42916BC81F9C}"="" "{0906B890-FAC9-43F0-A5D2-2342A31D292F}"="" "{CE155F72-777E-41F1-A204-9CC408F4AE6B}"="" "{E8079623-FF86-4362-B8BD-C7CF7C75782D}"="" "{85C9F047-B8FB-42D8-939B-9D0278A70C2E}"="" "{B97375D4-628C-4FF2-BDE4-31FF920D1734}"="" "{F052EB5F-E4DC-4E3D-8250-E5D1EC8F1A9B}"="" "{33A07717-6AD7-49A0-90F3-646A3EB5FA5D}"="" "{645258BA-5FA2-4432-92F1-3FF8487509A8}"="" "{1890E15B-523D-426C-86C3-160005FCFF9F}"="" "{1E1F1066-4936-4D84-8119-370ED79400A7}"="" "{DB1EDCFA-C5BE-4767-89E3-01E78AC2A8E7}"="" "{1058F11D-215A-4F8A-8FE8-E79E0EEB935F}"="" "{535EB099-4655-4F39-B70C-E367043911D5}"="" "{BB5BB8CE-91E6-4534-81F0-1D6EC398577F}"="" "{43BCCE1C-44FE-4157-B88E-39D5B21C0847}"="" "{9598E7B3-24E4-438D-A4A4-5C53E287D7B5}"="" "{87ABC0A5-E44D-4E8B-8B6F-F56FD0B8B777}"="" "{48A46381-5CDC-4613-88C7-E5360C685CE8}"="" "{D12D049D-5DC4-40F6-8FD5-C7C75F07557B}"="" "{575D4F04-C7EA-4525-9BE0-7811A03C328C}"="" "{E6C26026-20F9-4ED9-BEA3-EFE10000D698}"="" "{EC22B78A-1027-4624-8842-5CB3142F783D}"="" "{E658E558-F23F-485C-8205-F3B081879DA3}"="" "{F3EB74B4-D963-43DD-ADC8-D27C739C885D}"="" "{4D9CCDAC-11FD-462A-A8CB-ECF5E0BB1B58}"="" "{9274AE36-AEBD-464A-B350-58BE3D999ADD}"="" "{C2B631C5-FE3B-477E-B601-B475E6B8845C}"="" "{BCA9A665-72E1-44CC-AAE2-EAE2B179A3C1}"="" "{CFD141C8-3E36-4A42-B165-6CBC036C5EAC}"="" "{35091830-3879-40A3-A1F1-3E5F6E96B9DB}"="" "{476935D6-C5C0-48C1-A38B-DEA7BC529042}"="" "{083F073D-1E37-4711-AE3F-6D4882B1CD9E}"="" "{D1800BB5-83D6-4231-9C0B-28AA0911E0C1}"="" "{B78C6E9A-606F-4650-A9C3-E30D12F8515C}"="" "{936A2861-F43C-4F45-ABE0-E6E2999F7C1F}"="" "{B3C0C051-09E0-4C09-B53B-B994F11F973C}"="" "{31D1323D-9D76-4CF5-A215-F18D145DC788}"="" "{81287D43-6531-4DFF-814F-0EDA8389392E}"="" "{0CA3A02C-F207-470B-9E57-B494F4AFCCB6}"="" "{E90F038C-6930-4C8A-810C-0B7EAE6838EF}"="" "{F6FF6CD8-14EE-4CF9-9CCB-EB236838C8E8}"="" "{5F23EFC0-AC63-48E3-BF2F-256215CED20D}"="" "{12E5615B-BD90-48CF-A2AF-0DDC0F3E9A8D}"="" "{505AE454-4DA1-4BB9-BCD8-69FBDDF99E7B}"="" "{78B95B78-461D-4F81-9FCB-21FD3DBDD43D}"="" "{692C3CDE-40A7-47B8-824C-B3B108B43E4A}"="" "{B63D54A6-0E14-470F-B41C-049A960A8231}"="" "{0A5B3698-F497-4903-9FF2-46E985E562BA}"="" "{4B843075-2F73-42FB-A274-B2C8EF1CE529}"="" "{A35ACE96-029F-41B7-9B72-754931445214}"="" "{37D9557C-EBEA-47BE-A922-08778627C28B}"="" "{6448381B-EABB-4447-8FDE-4A853CCC14EF}"="" "{19F26C85-CE43-47CE-A816-4EC787E5B47B}"="" "{B8D9AF10-7F8A-4858-AFD7-CEDABFCC421C}"="" "{35E8BB01-25F1-438F-B9D8-86E0C8E37416}"="" "{D76B6438-D9C3-49EC-B188-667F8C5555BB}"="" "{C42EC6FC-59B3-4BB7-A876-6CFFBFE38628}"="" "{55BF233D-8EC0-4F10-86E4-4DCC0FF42F7E}"="" "{F97B0212-11D9-4719-9752-1C7B666CD3E8}"="" "{6AE0F00C-318C-4C07-A31F-C0CFF67696FD}"="" "{29662DE1-BB4A-4EB4-9738-6A428BF42DCD}"="" "{5FF83BB1-E69D-4043-A90B-885E3F96EC0C}"="" "{E4C1C864-9B03-4015-8C45-FF5543917322}"="" "{1B56E599-47AE-4A22-85C3-C1F12B02EF11}"="" "{6038F2F9-D9EC-42AA-9AFA-FD5BF7D2925C}"="" "{5E309780-B48E-4F46-9D48-17E471FADFDA}"="" "{F59BD678-D298-4BB0-902B-5E0C93F9C0ED}"="" "{83CAE9D4-5462-4F83-8092-AE25DD19FC8A}"="" "{2F77367F-3F63-495C-BAF3-D4272488AF65}"="" "{28C8A6D3-D5D0-46B4-A7B3-2F298FBC2AB2}"="" "{B51AD2E1-0A7A-4009-8CC9-22F1A8B61E35}"="" "{FF322C02-8800-4DA9-B24E-074BA02AF16A}"="" "{B20AFD07-7134-46E6-A8BC-854E3D5519CE}"="" "{E253097A-7A0E-443C-BD86-30146E06B133}"="" "{331B7769-4794-48E0-9AE6-1004933D767F}"="" "{2AC3FE5F-D522-4E1C-8226-439F530C5B9D}"="" "{7E6D9F59-1CDE-4AC4-B4B5-1DD6068B6947}"="" "{AA9DBD00-638C-41D3-8911-D6C91BACE1DE}"="" "{812C39CB-C9F9-48FE-AE25-0D9BB71F3D72}"="" "{6C57E3E6-C81F-422A-8CB9-16A324493227}"="" "{9A37B8C1-BE1A-4616-9246-DA8AB278DD10}"="" "{90F8CB03-5CCD-42D8-9E8B-0B074D249450}"="" "{730255D0-A343-40D5-A924-3101533C6E01}"="" "{8FAAFF1E-C9E2-4874-A0B0-A4084C02D05D}"="" "{EAC729C0-4A3F-4BB0-8B8A-1557B076C245}"="" "{1C076348-8A8D-4E7C-8292-B4EC23B7C231}"="" "{B9C69DC9-B34D-4B86-A326-5B3B8CD9E041}"="" "{5B98F681-F149-442D-ADC7-B753A04C1B4E}"="" "{44FF4F6D-92DE-4582-BC48-A24B35391A6D}"="" "{5E80CD3A-0FB3-4A3E-9FD8-06EF7CFF8DFF}"="" "{C1DD1AA5-04F4-494E-BB0B-DE4ACF362B54}"="" "{76BF029B-DE0C-46CA-969E-75C59561C739}"="" "{CD53B415-1FB9-4CD8-B208-CA018E9A90E4}"="" "{CADA05EC-5EFE-4152-AC1D-B726FD2A86AD}"="" "{249CE653-1BD3-49D6-8F2F-02C9F177E589}"="" "{46CF6650-88A9-46F6-92A4-82C3A752293F}"="" "{6A8BF2E2-B4B9-4F70-9446-D59583CA9680}"="" "{610B5B50-45C2-4579-B385-ED30E90D5E04}"="" "{106947A1-5F8B-4616-B0AD-FF00F3B993F7}"="" "{79F4DF41-906A-475F-8C13-D01735AC79C8}"="" "{8F4B073C-D73A-4BEF-9D06-6313AC8996CB}"="" "{0A92776D-2BC0-4D99-8A2E-FF305D3BCCBB}"="" "{04CE2F69-52D6-4797-900B-0DF09BD023F3}"="" "{945E1510-97A1-405D-BE04-EB3B79A87979}"="" "{71C02B14-C3F2-4FA6-BD26-F0CB7A71CE8E}"="" "{ED96A3EB-D656-4A2B-AC79-A983CED22469}"="" "{DE07AEA0-99ED-440A-A48D-D5490D53E633}"="" "{4E89AF34-2B57-4F69-ADE5-86C1A59C2BC6}"="" "{01EC7054-AC94-4316-BEEA-32F93F0C4408}"="" "{2E2B0F8D-C315-432D-80B1-CDF14262EA9D}"="" "{AF7488AA-0A62-4BB2-8B99-B8F787876F94}"="" "{75C023DE-70EA-438C-B207-DF738969A77C}"="" "{B3FFB5CD-E82B-4C72-AE02-3EBCD54C8960}"="" "{05DBADF6-38B3-42C0-B0CB-8A98BC903ACA}"="" "{FEE955E4-2F92-4E14-84D5-4C11C49E96C1}"="" "{7C1413CA-9757-44AA-B8E7-E9B87FE70862}"="" "{AE561E5C-EF99-41AC-9331-0E8DC74B5038}"="" "{0CAD8DDC-3DC4-4258-842C-F3DFF5695076}"="" "{51BA88BC-6A76-4B03-A1D8-86DF189BA427}"="" "{7D9D78BE-9F49-481B-BE74-6527BDE754AB}"="" "{A018763D-2430-4378-B713-094BB4126138}"="" "{3631ECB2-DCC4-4DB4-BF92-392203A83BF5}"="" "{E4887741-FFDD-4915-AF31-0CAEF9F8A34E}"="" "{5D8F0D47-8285-4001-B0C7-40EE4B35BF70}"="" "{E4CD576A-F796-4C65-8278-16DB3C69EDCB}"="" "{CB4D5CCD-1C56-4410-82B1-B6F056D620B2}"="" "{0DC26155-3CAA-4F7E-9298-4D577217A48E}"="" "{D350F2E5-4EA8-4320-8E9E-2CCAA2EA1BA7}"="" "{1176402F-D92F-45F0-952B-76829AF49DF0}"="" "{A2B295E9-736B-40AB-B280-589BC8F549BB}"="" "{F820F8C6-7456-4ADC-B024-A752C6B2FB2B}"="" "{51E53C97-EF04-4351-B621-6B949206FDF2}"="" "{17FA03B0-542C-4C8A-8AF2-4AF973E27FCD}"="" "{E6CDB83B-9ADF-4398-BF0C-F44BAF013815}"="" "{5F497825-9BA5-4D7A-B38C-F7FEAF2175A5}"="" "{EF3AA6BC-418B-4865-A23D-F207EEDA49B9}"="" "{55C2583F-25FA-4496-9207-45877857EB2B}"="" "{A02B1062-B069-4C01-81BD-86589B2F4B2B}"="" "{0E3A1245-7BBA-4183-A65F-84E61EE2A3D0}"="" "{B03D6A69-FD9E-4F65-A8AA-F1C48B8F6140}"="" "{37248B4F-0F6B-4012-A7B0-83566E3DEA01}"="" "{3D6D87E2-AD89-45B5-AFD6-D31862BEC714}"="" "{AAFA949E-3515-4D61-8430-F7CF5B91A3AC}"="" "{21A878A1-8B54-428E-B455-6D7653ED4A19}"="" "{077D0B02-54B1-4F65-9CE3-C72A01CF3A5A}"="" "{364000BE-B7FB-4DA1-B87A-CEC5C394E52F}"="" "{601B9D26-ED1E-47AC-B352-35B7046571F1}"="" "{36EE3F03-981B-43C4-8795-F5B2B895CFB2}"="" "{B55D9405-915A-402F-AE41-7A54934B902D}"="" "{402B87AC-BAC1-4C75-B855-91E355024A89}"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(5436) C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll ------------------------ Other Running Processes ------------------------ C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\conhost.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe ************************************************************************** Completion time: 2012-10-18 19:36:31 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-18 11:36:30 Pre-Run: 328,132,829,184 bytes free Post-Run: 327,921,541,120 bytes free - - End Of File - - 26FCF616E587C2AB93E5B293A48A568E
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.