Rainbow1112

Honorary Members
  • Content count

    78
  • Joined

  • Last visited

About Rainbow1112

  • Rank
    Regular Member

Contact Methods

  • ICQ
    0
  1. Computer look good nw. i monitor for 2 days and the files are not appearing.
  2. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Mar 01 20:39:36 2016 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: Applications\java.exe Found and removed: Applications\javaw.exe Found and removed: JavaPlugin.FamilyVersionSupport Found and removed: SOFTWARE\Classes\JavaPlugin Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\.jar Found and removed: SOFTWARE\Classes\.jnlp Found and removed: SOFTWARE\Classes\jarfile Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Classes\JNLPFile Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics ------------------------------------ Finished reporting. I do not have firefox install so i am not sure why it have error cleaning the firefox files..
  3. I don't really remember if I set this or not. i google the address and it was used by okayfreedom vpn which i use sometimes.
  4. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.3 (02.09.2016) Operating System: Windows 10 Pro x64 Ran by WoShiProDevils (Administrator) on Sat 27/02/2016 at 16:17:50.22 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 17 Successfully deleted: C:\ProgramData\iobit\driver booster (Folder) Successfully deleted: C:\ProgramData\productdata (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File) Successfully deleted: C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) Successfully deleted: C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File) Successfully deleted: C:\Users\WoShiProDevils\Appdata\LocalLow\.acestream (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Roaming\.acestream (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Roaming\acestream (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Roaming\acewebextension (Folder) Successfully deleted: C:\Users\WoShiProDevils\AppData\Roaming\iobit\driver booster (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (WoShiProDevils) (Task) Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder) Successfully deleted: C:\WINDOWS\prefetch\DRIVER_BOOSTER_SETUP.TMP-3D18250B.pf (File) Successfully deleted: C:\WINDOWS\prefetch\DRIVER_BOOSTER_SETUP.TMP-AB0FD22F.pf (File) Successfully deleted: C:\WINDOWS\prefetch\DRIVERBOOSTER.EXE-D5205666.pf (File) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AceWebException (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 27/02/2016 at 16:18:53.09 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.036 - Logfile created 27/02/2016 at 16:24:28 # Updated 22/02/2016 by Xplode # Database : 2016-02-24.1 [server] # Operating system : Windows 10 Pro (x64) # Username : WoShiProDevils - OWNER # Running from : C:\Users\WoShiProDevils\Downloads\Programs\AdwCleaner.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\_acestream_cache_ [-] Folder Deleted : C:\Hola [-] Folder Deleted : C:\Program Files\Hola [x] Folder Not Deleted : C:\Program Files (x86)\Applian Technologies [x] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies [-] Folder Deleted : C:\Users\WoShiProDevils\AppData\Local\Hola [-] Folder Deleted : C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjngckebbndpdeeakdgohmcdnecidcjk [-] Folder Deleted : C:\Users\WoShiProDevils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media ***** [ Files ] ***** [-] File Deleted : C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjngckebbndpdeeakdgohmcdnecidcjk_0.localstorage [-] File Deleted : C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hjngckebbndpdeeakdgohmcdnecidcjk_0.localstorage-journal [-] File Deleted : C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hjngckebbndpdeeakdgohmcdnecidcjk ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\Classes\Applications\ace_player.exe [-] Key Deleted : HKCU\Software\Classes\MIME\Database\Content Type\application/x-acestream-plugin [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive [-] Key Deleted : HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.0.12 [-] Key Deleted : HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17} [-] Key Deleted : HKCU\Software\AceStream [-] Key Deleted : HKCU\Software\Hola [-] Key Deleted : HKCU\Software\PRODUCTSETUP [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream [-] Key Deleted : [x64] HKLM\SOFTWARE\Hola [-] Key Deleted : HKU\.DEFAULT\Software\Hola [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com [-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com [-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com [-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AceUpdater] [-] Key Deleted : HKCU\Software\Classes\.acelive [-] Key Deleted : HKCU\Software\Classes\.acemedia [-] Key Deleted : HKCU\Software\Classes\.acestream [-] Key Deleted : HKCU\Software\Classes\.tslive [-] Key Deleted : HKCU\Software\Classes\acestream [-] Key Deleted : HKCU\Software\Classes\AceStream.file ***** [ Web browsers ] ***** [-] [C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : hjngckebbndpdeeakdgohmcdnecidcjk ************************* :: "Tracing" keys removed :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [4234 bytes] - [27/02/2016 16:24:28] C:\AdwCleaner\AdwCleaner[s1].txt - [4068 bytes] - [27/02/2016 16:20:36] C:\AdwCleaner\AdwCleaner[s2].txt - [4141 bytes] - [27/02/2016 16:23:09] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4453 bytes] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27/2/2016 Scan Time: 4:26 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.02.26.07 Rootkit Database: v2016.02.17.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: WoShiProDevils Scan Type: Threat Scan Result: Completed Objects Scanned: 368580 Time Elapsed: 4 min, 48 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-02-2016 Ran by WoShiProDevils (administrator) on OWNER (27-02-2016 16:31:48) Running from C:\Users\WoShiProDevils\Downloads\Programs Loaded Profiles: WoShiProDevils (Available Profiles: WoShiProDevils) Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SUpdateNotifier.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe (Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe (MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Secure Backup\mbsbscan.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8522496 2015-12-26] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-05-08] () HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-04-03] (Intel Corporation) HKLM-x32\...\Run: [super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI) HKLM-x32\...\Run: [sOSUAUI] => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [sMessaging] => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-10-06] (Juniper Networks, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-17] (Dropbox, Inc.) HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation) HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\Run: [360cloud] => C:\Program Files (x86)\360\360WangPan\360WangPan.exe [14508144 2015-04-10] (360.cn) HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\Run: [spotify Web Helper] => C:\Users\WoShiProDevils\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-02-21] (Spotify Ltd) HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\Run: [spotify] => C:\Users\WoShiProDevils\AppData\Roaming\Spotify\Spotify.exe [6743664 2016-02-21] (Spotify Ltd) HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [1403392 2016-02-12] (Tonec Inc.) HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\RunOnce: [uninstall C:\Users\WoShiProDevils\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\WoShiProDevils\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\RunOnce: [uninstall C:\Users\WoShiProDevils\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\WoShiProDevils\AppData\Local\Microsoft\OneDrive\17.3.6281.1202" AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-06-10] (Jaksta Technologies Pty Ltd) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => No File ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => No File ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => No File ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-20] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-20] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-20] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-810425901-1927846891-3043253424-1001] => hxxp://127.0.0.1:8445/okf.pac Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3b10ddc4-7b68-4cfb-bec8-a741abf30044}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{3e9b6031-7218-4a02-9c33-d9e30c2e0c13}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e8f1ebc2-52e2-4bcc-a6cb-bf452f446492}: [NameServer] 152.226.108.26,152.226.108.27 ManualProxies: 0http://127.0.0.1:8445/okf.pac Internet Explorer: ================== BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-20] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-26] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-20] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-26] (Oracle Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-20] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-20] (Microsoft Corporation) Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) FireFox: ======== FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-26] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-17] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-810425901-1927846891-3043253424-1001: @hola.org/vlc,version=1.7.49 -> C:\Users\WoShiProDevils\AppData\Local\Hola\firefox\app\vlc [No File] FF Plugin HKU\S-1-5-21-810425901-1927846891-3043253424-1001: @spoon.net/Spoon Plugin 3.33 -> C:\Users\WoShiProDevils\AppData\Local\Spoon\3.33.8.488\npMozillaSpoonPlugin.dll [No File] FF HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\WoShiProDevils\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found FF HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\WoShiProDevils\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\WoShiProDevils\AppData\Roaming\IDM\idmmzcc5 [2015-12-22] [not signed] FF HKU\S-1-5-21-810425901-1927846891-3043253424-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adblock Plus) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04] CHR Extension: (Gom VPN - Bypass and unblock) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2016-02-16] CHR Extension: (Enable right click) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2015-12-07] CHR Extension: (ShopBack Cashback Button) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjngckebbndpdeeakdgohmcdnecidcjk [2016-02-27] CHR Extension: (Norton Identity Safe) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-17] CHR Extension: (Ace Stream Web Extension) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2015-12-27] CHR Extension: (IDM Integration Module) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-02-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\WoShiProDevils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24] CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url> CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] CHR HKU\S-1-5-21-810425901-1927846891-3043253424-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url> CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-02-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-10] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-10] (Dropbox, Inc.) R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-05-08] () R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [4333712 2015-05-12] () R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation) S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [58280 2015-12-07] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177288 2015-05-29] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI) R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation) R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [345632 2015-07-08] (Steganos Software GmbH) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-07] (Electronic Arts) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 sagentservice; C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2032344 2015-05-14] (VMware, Inc.) R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware) S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed] S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [530648 2015-05-26] (VMware, Inc.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.) S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.) R1 appliand; C:\Windows\system32\DRIVERS\appliand.sys [30304 2013-02-06] (Applian Technologies Inc.) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems) S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [145624 2015-08-04] (AhnLab, Inc.) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-26] (REALiX) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] () R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] () R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-08-20] (Juniper Networks) S4 jnprTdi_807_50111; C:\Windows\system32\Drivers\jnprTdi_807_50111.sys [108344 2014-10-06] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\Windows\System32\drivers\jnprvamgr.sys [45352 2014-08-20] (Juniper Networks, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-27] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2016-01-22] (Realtek ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-01-24] (Synaptics Incorporated) S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-12-23] (Anchorfree Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-27 16:23 - 2016-02-27 16:23 - 00000000 ____D C:\Program Files (x86)\ESET 2016-02-27 16:20 - 2016-02-27 16:24 - 00000000 ____D C:\AdwCleaner 2016-02-27 16:18 - 2016-02-27 16:18 - 00002415 _____ C:\Users\WoShiProDevils\Desktop\JRT.txt 2016-02-27 16:14 - 2016-02-27 16:14 - 00000000 ___HD C:\OneDriveTemp 2016-02-27 10:05 - 2016-02-27 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2016-02-27 10:05 - 2016-02-27 10:05 - 00000000 ____D C:\Program Files (x86)\ERUNT 2016-02-25 21:56 - 2016-02-25 21:56 - 06837784 _____ (Piriform Ltd) C:\Users\WoShiProDevils\Downloads\ccsetup515.exe 2016-02-25 21:56 - 2016-02-25 21:56 - 06837784 _____ (Piriform Ltd) C:\Users\WoShiProDevils\Downloads\ccsetup515 (1).exe 2016-02-21 19:19 - 2016-02-21 19:23 - 00000485 _____ C:\Users\WoShiProDevils\Desktop\Dual Port Charger Type C + Quick Charge 3.0.txt 2016-02-21 17:49 - 2016-02-27 16:31 - 00000000 ____D C:\FRST 2016-02-20 10:46 - 2016-02-20 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-02-14 14:55 - 2016-02-14 14:55 - 00000000 ____D C:\Program Files (x86)\AMWE 2016-02-11 22:26 - 2016-01-28 17:20 - 00209056 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys 2016-02-10 22:29 - 2016-01-22 10:52 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll 2016-02-10 16:29 - 2016-01-29 14:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-02-10 16:29 - 2016-01-29 14:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-02-10 16:29 - 2016-01-27 14:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-02-10 16:29 - 2016-01-27 14:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-02-10 16:29 - 2016-01-27 14:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-02-10 16:29 - 2016-01-27 14:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-02-10 16:29 - 2016-01-27 14:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-02-10 16:29 - 2016-01-27 13:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-02-10 16:29 - 2016-01-27 13:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-02-10 16:29 - 2016-01-27 13:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-02-10 16:29 - 2016-01-27 13:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-02-10 16:29 - 2016-01-27 13:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-02-10 16:29 - 2016-01-27 13:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-02-10 16:29 - 2016-01-27 13:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe 2016-02-10 16:29 - 2016-01-27 13:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-02-10 16:29 - 2016-01-27 13:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-02-10 16:29 - 2016-01-27 13:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-02-10 16:29 - 2016-01-27 13:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-02-10 16:29 - 2016-01-27 13:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-02-10 16:29 - 2016-01-27 13:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-02-10 16:29 - 2016-01-27 13:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2016-02-10 16:29 - 2016-01-27 13:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-02-10 16:29 - 2016-01-27 13:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-02-10 16:29 - 2016-01-27 13:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-02-10 16:29 - 2016-01-27 13:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-02-10 16:29 - 2016-01-27 13:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll 2016-02-10 16:29 - 2016-01-27 13:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-02-10 16:29 - 2016-01-27 13:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-02-10 16:29 - 2016-01-27 13:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-02-10 16:29 - 2016-01-27 13:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-02-10 16:29 - 2016-01-27 13:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-02-10 16:29 - 2016-01-27 13:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-02-10 16:29 - 2016-01-27 13:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll 2016-02-10 16:29 - 2016-01-27 13:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll 2016-02-10 16:29 - 2016-01-27 13:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-02-10 16:29 - 2016-01-27 13:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-02-10 16:29 - 2016-01-27 13:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-02-10 16:29 - 2016-01-27 13:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-02-10 16:29 - 2016-01-27 13:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-02-10 16:29 - 2016-01-27 13:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-02-10 16:29 - 2016-01-27 13:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2016-02-10 16:29 - 2016-01-27 13:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-02-10 16:29 - 2016-01-27 13:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-02-10 16:29 - 2016-01-27 12:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll 2016-02-10 16:29 - 2016-01-27 12:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-02-10 16:29 - 2016-01-27 12:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-02-10 16:29 - 2016-01-27 12:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-02-10 16:29 - 2016-01-27 12:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-02-10 16:29 - 2016-01-27 12:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-02-10 16:29 - 2016-01-27 12:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-02-10 16:29 - 2016-01-27 12:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-02-10 16:29 - 2016-01-27 12:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-02-10 16:29 - 2016-01-27 12:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-02-10 16:29 - 2016-01-27 12:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-02-10 16:29 - 2016-01-27 12:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-02-10 16:29 - 2016-01-27 12:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll 2016-02-10 16:29 - 2016-01-27 12:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-02-10 16:29 - 2016-01-27 12:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-02-10 16:29 - 2016-01-27 12:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-02-10 16:29 - 2016-01-27 12:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-02-10 16:29 - 2016-01-27 12:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-02-10 16:29 - 2016-01-27 12:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-02-10 16:29 - 2016-01-27 12:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-02-10 16:29 - 2016-01-27 12:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-02-10 16:29 - 2016-01-27 12:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll 2016-02-07 15:19 - 2016-02-07 15:19 - 00003022 _____ C:\WINDOWS\System32\Tasks\klcp_update 2016-02-07 15:19 - 2016-02-07 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2016-02-07 15:19 - 2016-02-07 15:19 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2016-02-02 22:43 - 2016-01-23 09:01 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2016-02-02 22:43 - 2016-01-23 09:01 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2016-02-02 22:43 - 2016-01-23 08:47 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2016-02-02 22:42 - 2016-01-23 11:31 - 42983992 _____ C:\WINDOWS\system32\nvcompiler.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 37615040 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 31115712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 24941112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 21202488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 20741880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 17632544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 17224664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 17174032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 17116616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 02543160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 02187712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436175.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436175.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00745408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00541184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00445912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2016-02-02 22:42 - 2016-01-23 11:31 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2016-02-02 22:38 - 2015-12-18 14:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2016-02-02 22:38 - 2015-12-18 14:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2016-01-31 12:03 - 2016-01-31 12:03 - 00000000 ____D C:\KVRT_Data 2016-01-30 20:28 - 2016-01-30 20:28 - 00000000 ____D C:\NPE 2016-01-30 20:27 - 2016-01-30 20:36 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\NPE 2016-01-28 19:38 - 2016-01-16 14:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-01-28 19:38 - 2016-01-16 14:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-01-28 19:38 - 2016-01-16 14:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-01-28 19:38 - 2016-01-16 14:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-01-28 19:38 - 2016-01-16 14:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-01-28 19:38 - 2016-01-16 14:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-01-28 19:38 - 2016-01-16 14:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2016-01-28 19:38 - 2016-01-16 14:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-01-28 19:38 - 2016-01-16 14:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-01-28 19:38 - 2016-01-16 14:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2016-01-28 19:38 - 2016-01-16 14:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2016-01-28 19:38 - 2016-01-16 14:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-01-28 19:38 - 2016-01-16 14:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-01-28 19:38 - 2016-01-16 14:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-01-28 19:38 - 2016-01-16 14:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-01-28 19:38 - 2016-01-16 14:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-01-28 19:38 - 2016-01-16 14:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2016-01-28 19:38 - 2016-01-16 13:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-01-28 19:38 - 2016-01-16 13:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-01-28 19:38 - 2016-01-16 13:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-01-28 19:38 - 2016-01-16 13:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll 2016-01-28 19:38 - 2016-01-16 13:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll 2016-01-28 19:38 - 2016-01-16 13:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll 2016-01-28 19:38 - 2016-01-16 13:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-01-28 19:38 - 2016-01-16 13:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll 2016-01-28 19:38 - 2016-01-16 13:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-01-28 19:38 - 2016-01-16 13:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll 2016-01-28 19:38 - 2016-01-16 13:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe 2016-01-28 19:38 - 2016-01-16 13:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe 2016-01-28 19:38 - 2016-01-16 13:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2016-01-28 19:38 - 2016-01-16 13:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-01-28 19:38 - 2016-01-16 13:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-01-28 19:38 - 2016-01-16 13:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll 2016-01-28 19:38 - 2016-01-16 13:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll 2016-01-28 19:38 - 2016-01-16 13:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-01-28 19:38 - 2016-01-16 13:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-01-28 19:38 - 2016-01-16 13:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-01-28 19:38 - 2016-01-16 13:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll 2016-01-28 19:38 - 2016-01-16 13:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-01-28 19:38 - 2016-01-16 13:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2016-01-28 19:38 - 2016-01-16 13:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-01-28 19:38 - 2016-01-16 13:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll 2016-01-28 19:38 - 2016-01-16 13:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll 2016-01-28 19:38 - 2016-01-16 13:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-01-28 19:38 - 2016-01-16 13:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-01-28 19:38 - 2016-01-16 13:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll 2016-01-28 19:38 - 2016-01-16 13:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2016-01-28 19:38 - 2016-01-16 13:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2016-01-28 19:38 - 2016-01-16 13:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2016-01-28 19:38 - 2016-01-16 13:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-01-28 19:38 - 2016-01-16 13:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll 2016-01-28 19:38 - 2016-01-16 13:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2016-01-28 19:38 - 2016-01-16 13:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2016-01-28 19:38 - 2016-01-16 13:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-01-28 19:38 - 2016-01-16 13:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2016-01-28 19:38 - 2016-01-16 13:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe 2016-01-28 19:38 - 2016-01-16 13:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-01-28 19:38 - 2016-01-16 13:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2016-01-28 19:38 - 2016-01-16 13:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-01-28 19:38 - 2016-01-16 13:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-01-28 19:38 - 2016-01-16 13:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe 2016-01-28 19:38 - 2016-01-16 13:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-01-28 19:38 - 2016-01-16 13:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-01-28 19:38 - 2016-01-16 13:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-01-28 19:38 - 2016-01-16 13:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll 2016-01-28 19:38 - 2016-01-16 13:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll 2016-01-28 19:38 - 2016-01-16 13:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-01-28 19:38 - 2016-01-16 13:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll 2016-01-28 19:38 - 2016-01-16 13:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-01-28 19:38 - 2016-01-16 13:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-01-28 19:38 - 2016-01-16 13:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2016-01-28 19:38 - 2016-01-16 13:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll 2016-01-28 19:38 - 2016-01-16 13:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-01-28 19:38 - 2016-01-16 13:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2016-01-28 19:38 - 2016-01-16 13:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-01-28 19:38 - 2016-01-16 13:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll 2016-01-28 19:38 - 2016-01-16 13:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-01-28 19:38 - 2016-01-16 13:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2016-01-28 19:38 - 2016-01-16 13:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-01-28 19:38 - 2016-01-16 13:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll 2016-01-28 19:38 - 2016-01-16 13:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-01-28 19:38 - 2016-01-16 13:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2016-01-28 19:38 - 2016-01-16 13:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-01-28 19:38 - 2016-01-16 13:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-01-28 19:38 - 2016-01-16 13:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-01-28 19:38 - 2016-01-16 13:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-01-28 19:38 - 2016-01-16 13:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-01-28 19:38 - 2016-01-16 13:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-01-28 19:38 - 2016-01-16 13:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-01-28 19:38 - 2016-01-16 13:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-01-28 19:38 - 2016-01-16 13:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2016-01-28 19:38 - 2016-01-16 13:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-01-28 19:38 - 2016-01-16 13:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-01-28 19:38 - 2016-01-16 13:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll 2016-01-28 19:38 - 2016-01-16 13:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-01-28 19:38 - 2016-01-16 13:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2016-01-28 19:38 - 2016-01-16 13:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-01-28 19:38 - 2016-01-16 13:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-01-28 19:38 - 2016-01-16 13:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2016-01-28 19:38 - 2016-01-16 13:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-01-28 19:38 - 2016-01-16 13:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-01-28 19:38 - 2016-01-16 13:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-01-28 19:38 - 2016-01-16 13:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2016-01-28 17:36 - 2016-01-28 17:36 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-27 16:31 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF 2016-02-27 16:31 - 2015-07-29 23:34 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-02-27 16:30 - 2015-03-12 18:53 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-27 16:25 - 2015-11-13 19:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-27 16:25 - 2015-11-13 19:26 - 00000000 ____D C:\ProgramData\NVIDIA 2016-02-27 16:25 - 2015-08-10 20:38 - 00000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-02-27 16:25 - 2015-03-12 18:53 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-27 16:25 - 2015-03-09 10:38 - 00000490 _____ C:\WINDOWS\Tasks\Online Backup Update Notifier.job 2016-02-27 16:25 - 2014-12-17 19:40 - 00000000 ___RD C:\Users\WoShiProDevils\Dropbox 2016-02-27 16:25 - 2014-12-17 19:39 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\Dropbox 2016-02-27 16:25 - 2014-12-17 13:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-02-27 16:25 - 2014-12-17 12:51 - 00000000 __RDO C:\Users\WoShiProDevils\OneDrive 2016-02-27 16:24 - 2015-10-30 14:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-02-27 16:24 - 2014-12-19 10:37 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\CrashDumps 2016-02-27 16:23 - 2014-12-17 14:04 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4A8CD187-9DFA-4CF9-BE96-81E02A08EE53} 2016-02-27 16:18 - 2015-12-26 15:24 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\IObit 2016-02-27 16:18 - 2015-12-26 15:24 - 00000000 ____D C:\ProgramData\IObit 2016-02-27 16:18 - 2015-12-26 15:24 - 00000000 ____D C:\Program Files (x86)\IObit 2016-02-27 16:16 - 2014-12-17 13:34 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\IDM 2016-02-27 16:15 - 2014-12-17 14:03 - 00000000 ____D C:\Program Files (x86)\Steam 2016-02-27 12:01 - 2014-12-17 13:34 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\DMCache 2016-02-27 11:43 - 2015-08-10 20:38 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-02-27 11:10 - 2016-01-15 18:30 - 00000000 ____D C:\Users\WoShiProDevils\Desktop\Idol Pic 2016-02-27 10:45 - 2014-12-17 13:34 - 00000000 ____D C:\Users\WoShiProDevils\Downloads\Video 2016-02-27 10:08 - 2014-12-17 12:48 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\VirtualStore 2016-02-26 21:56 - 2015-09-03 17:07 - 00000000 ____D C:\Users\WoShiProDevils\.oracle_jre_usage 2016-02-26 21:56 - 2015-01-06 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2016-02-26 21:56 - 2014-12-17 13:51 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2016-02-26 21:56 - 2014-12-17 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-26 21:56 - 2014-12-17 13:51 - 00000000 ____D C:\Program Files\Java 2016-02-26 18:07 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-26 18:07 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-25 07:51 - 2014-12-17 13:34 - 00000000 ____D C:\Users\WoShiProDevils\Downloads\Compressed 2016-02-23 21:31 - 2015-08-25 20:01 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\Spotify 2016-02-23 21:17 - 2015-08-25 20:01 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\Spotify 2016-02-23 21:04 - 2014-12-17 13:34 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager 2016-02-23 19:20 - 2014-12-17 14:23 - 00002421 _____ C:\Users\WoShiProDevils\Desktop\New Text Document.txt 2016-02-23 17:03 - 2014-12-17 14:26 - 00000000 ____D C:\Users\WoShiProDevils\Desktop\Shirlene folder=) 2016-02-22 18:50 - 2014-12-17 14:23 - 00000000 ___RD C:\Users\WoShiProDevils\Desktop\Mass Order 2016-02-21 19:19 - 2015-07-07 07:49 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\VMware 2016-02-21 15:27 - 2016-01-24 13:37 - 00000000 ____D C:\Users\WoShiProDevils\Desktop\EMK 2016-02-20 11:30 - 2015-03-12 18:53 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-20 11:01 - 2015-10-30 15:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-02-20 11:01 - 2014-12-17 14:30 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-02-20 10:46 - 2015-08-10 20:38 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-02-20 00:35 - 2015-11-03 21:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-02-14 22:46 - 2014-12-17 13:57 - 00000000 ____D C:\ProgramData\Origin 2016-02-14 14:55 - 2015-07-04 12:42 - 00000904 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMWE.lnk 2016-02-14 14:55 - 2015-07-04 12:42 - 00000892 _____ C:\Users\Public\Desktop\AMWE.lnk 2016-02-13 13:57 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\rescache 2016-02-11 23:05 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-10 22:29 - 2014-12-17 12:52 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-02-10 21:51 - 2014-12-17 12:48 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-02-10 21:49 - 2015-10-30 17:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-10 18:07 - 2014-12-17 14:46 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-10 18:04 - 2014-12-17 14:46 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-08 12:16 - 2015-11-11 19:05 - 00004122 _____ C:\Users\WoShiProDevils\Desktop\Pocket MapleStory Build.txt 2016-02-07 20:13 - 2014-12-17 13:57 - 00000000 ____D C:\Program Files (x86)\Origin 2016-02-06 12:34 - 2015-09-26 10:13 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LG Bridge.Lnk 2016-02-06 12:34 - 2015-06-26 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Bridge 2016-02-05 20:34 - 2015-07-29 23:32 - 00002425 _____ C:\Users\WoShiProDevils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-04 22:45 - 2015-12-18 18:45 - 00000000 ____D C:\Users\WoShiProDevils\Desktop\G4 Backup 2016-02-04 13:32 - 2014-12-17 12:48 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\Packages 2016-02-04 03:01 - 2015-10-30 15:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-02-04 03:01 - 2015-10-30 15:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-02 22:57 - 2015-11-13 19:27 - 00000000 ____D C:\Users\WoShiProDevils 2016-02-02 22:44 - 2015-11-13 19:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-02-02 22:44 - 2014-12-17 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-02-02 22:43 - 2015-11-13 19:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-02-02 22:39 - 2014-12-17 12:58 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Local\NVIDIA 2016-02-02 19:25 - 2015-03-12 18:53 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-02 19:25 - 2014-12-17 12:55 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-01 18:28 - 2015-12-26 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3 2016-01-30 20:27 - 2014-12-17 13:37 - 00000000 ____D C:\ProgramData\Norton 2016-01-30 20:22 - 2014-12-17 13:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-01-30 20:21 - 2015-12-04 07:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security 2016-01-30 20:02 - 2015-10-28 15:57 - 00000000 ____D C:\Users\WoShiProDevils\AppData\Roaming\vlc 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-01-29 08:01 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-01-28 21:58 - 2015-12-04 19:18 - 00000000 ____D C:\WINDOWS\Minidump 2016-01-28 21:58 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\ModemLogs ==================== Files in the root of some directories ======= 2015-03-07 16:01 - 2015-03-07 16:01 - 0000695 _____ () C:\Users\WoShiProDevils\AppData\Local\recently-used.xbel Some files in TEMP: ==================== C:\Users\WoShiProDevils\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-17 19:57 ==================== End of FRST.txt ============================ I could not run the eset online scanner. it download the database and gave error cant download database file due to proxy.
  5. RKill log Rkill 2.8.3 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2016 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 02/27/2016 10:06:58 AM in x64 mode.Windows Version: Windows 10 Pro Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * fcvsc [Missing Service] * HdAudAddService [Missing Service] * HyperVideo [Missing Service] * netvsc [Missing Service] * wfpcapture [Missing Service] * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [incorrect ImagePath] * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [incorrect ImagePath] * swenum => \SystemRoot\System32\drivers\swenum.sys [incorrect ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost #[iPv6] 0.0.0.0 fr.a2dfp.net 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 atlas.aamedia.ro 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 www2.a-counter.kiev.ua 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 20 out of 13674 HOSTS entries shown. Please review HOSTS file for further entries. Program finished at: 02/27/2016 10:07:07 AMExecution time: 0 hours(s), 0 minute(s), and 9 seconds(s) Malwarebytes Log Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 27/2/2016Scan Time: 10:09 AMLogfile: Administrator: Yes Version: 2.2.0.1024Malware Database: v2016.02.26.07Rootkit Database: v2016.02.17.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 10CPU: x64File System: NTFSUser: WoShiProDevils Scan Type: Threat ScanResult: CompletedObjects Scanned: 369299Time Elapsed: 4 min, 58 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 1PUP.Optional.AceWebExtension, HKU\S-1-5-21-810425901-1927846891-3043253424-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AceWebException, C:\Users\WoShiProDevils\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe, , [92bd4a1bd1c866d0ae64786652b19070] Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  6. FRST.txtAddition.txt Random files are being generated on my desktop. check the property and those files are 0kb and i cant delete/locate them on my desktop. i am not sure if i am infected by virus so just checking to be sure.
  7. # AdwCleaner v2.005 - Logfile created 10/19/2012 at 00:24:11 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Owner - WINDOWSVISTA # Boot Mode : Normal # Running from : C:\Users\Owner\Downloads\Programs\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files\searchresults1 Folder Found : C:\Program Files\Trymedia Folder Found : C:\Users\Owner\AppData\LocalLow\searchresults1 Folder Found : C:\Users\Owner\AppData\Roaming\Babylon Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l72udwo9.default\searchresults1 ***** [Registry] ***** Key Found : HKCU\Software\APN DTX Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B} Key Found : HKCU\Software\searchresults1 Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\StartSearch Key Found : HKLM\SOFTWARE\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383} Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94366E2C-9923-431C-B0D6-747447DD0F2B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchresults1 Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} Key Found : HKU\S-1-5-21-3429488616-1519292121-1956305698-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94366E2C-9923-431C-B0D6-747447DD0F2B}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A9T&apn_uid=7418299174944100&p2=^A9T^YYYYYY^YY^US -\\ Mozilla Firefox v [unable to get version] Profile name : default File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l72udwo9.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [4156 octets] - [19/10/2012 00:24:11] ########## EOF - C:\AdwCleaner[R1].txt - [4216 octets] ##########
  8. ComboFix 12-10-18.02 - Owner 10/18/2012 19:13:29.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.756 [GMT 8:00] Running from: C:\Users\Owner\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Cloud Antivirus Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Windows\system32\tmp6EF8.tmp C:\Windows\system32\tmp6F57.tmp C:\Windows\system32\tmp7F91.tmp C:\Windows\system32\tmpB20D.tmp C:\Windows\system32\tmpB22D.tmp C:\Windows\system32\tmpF702.tmp ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_nvsvc ((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 ))))))))))))))))))))))))))))))) 2012-10-18 11:26:56 . 2012-10-18 11:30:06 -------- d-----w- C:\Users\Owner\AppData\Local\temp 2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- dc----w- C:\Users\UpdatusUser\AppData\Local\temp 2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- dc----w- C:\Users\Public\AppData\Local\temp 2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- d-----w- C:\Users\UpdatusUser.WindowsVista\AppData\Local\temp 2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-10-18 11:26:56 . 2012-10-18 11:26:56 -------- d-----w- C:\Users\Administrator\AppData\Local\temp 2012-10-18 10:50:05 . 2011-03-10 10:04:57 46280 ----a-w- C:\Windows\system32\drivers\PSKMAD.sys 2012-10-17 12:49:24 . 2012-09-24 15:16:36 93672 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll 2012-10-16 16:27:04 . 2012-10-16 16:27:04 -------- d-----w- C:\ProgramData\DriverGenius 2012-10-16 15:55:48 . 2012-10-16 15:55:56 -------- dc----w- C:\Program Files\searchresults1 2012-10-14 05:07:00 . 2012-10-14 05:07:00 107888 ----a-w- C:\Windows\system32\CmdLineExt.dll 2012-10-14 04:52:11 . 2012-10-14 04:52:11 -------- d-----w- C:\Windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP 2012-10-14 04:51:59 . 2012-10-14 04:51:59 -------- dc----w- C:\Program Files\Common Files\Wise Installation Wizard 2012-10-13 01:12:53 . 2012-10-13 01:12:53 -------- dc----w- C:\Program Files\Common Files\Java 2012-10-10 09:39:17 . 2012-10-10 10:13:33 172544 ----a-w- C:\Windows\system32\wintrust.dll 2012-10-10 09:39:09 . 2012-10-10 10:13:15 2048 ----a-w- C:\Windows\system32\tzres.dll 2012-10-10 09:36:33 . 2012-09-27 18:07:26 99192 ----a-w- C:\Windows\system32\drivers\idmwfp.sys 2012-10-01 14:23:52 . 2012-10-01 14:23:52 -------- d-----w- C:\Users\Owner\AppData\Local\FLT 2012-10-01 14:00:11 . 2012-10-06 01:22:24 -------- dc----w- C:\Program Files\F1 2012 2012-09-26 09:35:38 . 2012-09-26 11:31:11 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe 2012-09-25 00:40:15 . 2012-09-25 00:40:15 -------- d-----w- C:\Windows\CheckSur 2012-09-24 14:46:50 . 2012-08-30 15:57:37 3487434 ----a-w- C:\Windows\system32\nvcoproc.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-10-17 13:50:49 . 2009-06-23 18:32:42 139128 -c--a-w- C:\Windows\system32\drivers\PnkBstrK.sys 2012-10-17 13:50:40 . 2009-06-29 15:27:19 215128 -c--a-w- C:\Windows\system32\PnkBstrB.xtr 2012-10-17 13:50:40 . 2009-06-23 18:32:27 215128 ----a-w- C:\Windows\system32\PnkBstrB.exe 2012-10-15 11:02:45 . 2009-06-23 18:32:27 215128 ----a-w- C:\Windows\system32\PnkBstrB.ex0 2012-10-13 01:11:56 . 2012-02-04 09:23:50 821736 -c--a-w- C:\Windows\system32\npdeployJava1.dll 2012-10-13 01:11:56 . 2010-04-24 04:29:35 746984 -c--a-w- C:\Windows\system32\deployJava1.dll 2012-10-10 23:35:32 . 2008-05-09 11:40:08 975248 -c--a-w- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent.exe 2012-10-09 16:22:14 . 2012-04-19 13:43:33 73656 -c--a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 16:22:14 . 2012-04-19 13:43:33 696760 -c--a-w- C:\Windows\system32\FlashPlayerApp.exe 2012-09-12 17:17:46 . 2012-09-12 12:48:17 712048 ----a-w- C:\Windows\system32\drivers\ndis.sys 2012-09-12 17:17:46 . 2012-09-12 12:48:17 33280 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys 2012-09-12 17:17:38 . 2012-09-12 12:48:13 240496 ----a-w- C:\Windows\system32\drivers\netio.sys 2012-09-12 17:17:38 . 2012-09-12 12:48:13 187760 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 17:17:38 . 2012-09-12 12:48:13 1292144 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-09-12 17:11:27 . 2012-09-12 12:48:11 490496 ----a-w- C:\Windows\system32\d3d10level9.dll 2012-09-07 09:04:46 . 2009-03-06 02:15:55 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-06 11:52:23 . 2011-04-10 16:00:43 142496 -c--a-w- C:\Windows\system32\drivers\SYMEVENT.SYS 2012-08-30 19:13:00 . 2012-01-02 03:34:20 12465512 ----a-w- C:\Windows\system32\nvwgf2um.dll 2012-08-30 19:13:00 . 2012-01-02 03:34:19 1009512 ----a-w- C:\Windows\system32\nvdispco32.dll 2012-08-30 19:13:00 . 2012-01-02 03:34:18 2422120 ----a-w- C:\Windows\system32\nvapi.dll 2012-08-30 19:13:00 . 2012-01-02 03:34:18 15291752 ----a-w- C:\Windows\system32\nvd3dum.dll 2012-08-30 15:57:55 . 2012-06-29 15:51:27 645992 ----a-w- C:\Windows\system32\nvvsvc.exe 2012-08-30 15:57:54 . 2012-06-29 15:51:27 62312 ----a-w- C:\Windows\system32\nvshext.dll 2012-08-30 15:57:54 . 2012-06-29 15:51:27 108392 ----a-w- C:\Windows\system32\nvmctray.dll 2012-08-30 15:57:32 . 2012-06-29 15:51:27 3963240 ----a-w- C:\Windows\system32\nvcpl.dll 2012-08-30 15:57:27 . 2012-06-29 15:51:27 2836840 ----a-w- C:\Windows\system32\nvsvc.dll 2012-08-30 02:40:14 . 2012-08-30 02:40:14 429416 ----a-w- C:\Windows\system32\nvStreaming.exe 2012-08-25 03:00:42 . 2012-08-25 03:00:30 514560 ----a-w- C:\Windows\system32\qdvd.dll 2012-08-15 11:40:56 . 2012-08-15 11:03:23 400896 ----a-w- C:\Windows\system32\srcore.dll 2012-08-15 11:40:40 . 2012-08-15 11:03:19 2345984 ----a-w- C:\Windows\system32\win32k.sys 2012-08-15 11:40:06 . 2012-08-15 11:03:16 492032 ----a-w- C:\Windows\system32\win32spl.dll 2012-08-15 11:40:06 . 2012-08-15 11:03:15 317440 ----a-w- C:\Windows\system32\spoolsv.exe 2012-08-15 11:39:00 . 2012-08-15 11:03:03 41984 ----a-w- C:\Windows\system32\browcli.dll 2012-08-15 11:39:00 . 2012-08-15 11:03:03 102912 ----a-w- C:\Windows\system32\browser.dll 2012-08-15 11:38:17 . 2012-08-15 11:03:00 769024 ----a-w- C:\Windows\system32\localspl.dll 2012-08-11 01:26:42 . 2012-09-06 11:51:02 585888 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\srtsp.sys 2012-08-08 05:18:19 . 2012-09-06 11:51:02 926880 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\SymEFA.sys 2012-08-07 18:42:43 . 2012-09-06 11:51:01 134304 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\ccSetx86.sys 2012-07-28 03:25:32 . 2012-09-06 11:51:02 368288 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\SymDS.sys 2012-07-28 03:05:21 . 2012-09-06 11:51:01 175264 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\Ironx86.sys 2012-07-27 19:09:02 . 2012-07-27 19:09:02 57792 ----a-w- C:\Windows\system32\sirenacm.dll 2012-07-27 18:54:00 . 2012-07-27 18:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR 2012-07-26 11:08:06 . 2012-07-26 11:08:06 862664 ----a-w- C:\Windows\system32\msvcr110.dll 2012-07-26 11:08:06 . 2012-07-26 11:08:06 534480 ----a-w- C:\Windows\system32\msvcp110.dll 2012-07-26 11:08:06 . 2012-07-26 11:08:06 251864 ----a-w- C:\Windows\system32\vccorlib110.dll 2012-07-26 11:08:06 . 2012-07-26 11:08:06 153536 ----a-w- C:\Windows\system32\atl110.dll 2012-07-26 11:08:06 . 2012-07-26 11:08:06 115656 ----a-w- C:\Windows\system32\vcomp110.dll 2012-07-23 01:34:24 . 2012-09-06 11:51:02 338592 -c--a-r- C:\Windows\system32\drivers\N360\1401010.002\symnets.sys 2012-10-18 10:59:23 . 2012-10-18 10:59:12 261616 -c--a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94366e2c-9923-431c-b0d6-747447dd0f2b}] 2012-03-22 07:24:14 87008 -c--a-w- C:\Program Files\searchresults1\searchresultsDx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2012-03-15 21:02:40 86696 -c--a-w- C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 21:02:40 86696] "{94366e2c-9923-431c-b0d6-747447dd0f2b}"= "C:\Program Files\searchresults1\searchresultsDx.dll" [2012-03-22 07:24:14 87008] [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] [HKEY_CLASSES_ROOT\clsid\{94366e2c-9923-431c-b0d6-747447dd0f2b}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-10-17 13:36:48 220632 -c--a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-10-17 13:36:48 220632 -c--a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-10-17 13:36:48 220632 -c--a-w- C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12:20 94208 -c--a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12:20 94208 -c--a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12:20 94208 -c--a-w- C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49:16 22376 -c--a-w- C:\Program Files\Internet Download Manager\IDMShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2012-10-13 01:14:20 3536320] "SkyDrive"="C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-10-17 13:36:44 238552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-27 09:07:48 10967656] "Panda Security URL Filtering"="C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 02:51:36 217256] "PSUAMain"="C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-12 23:15:56 37152] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "<NO NAME>"= 0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk] backup=C:\Windows\pss\OfficeSAS.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Connect.lnk] backup=C:\Windows\pss\OpenVPN Connect.lnk.CommonStartup backupExtension=.CommonStartup path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Connect.lnk HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Grid Service HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Immunet Protect [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] 2010-12-05 20:56:42 390728 -c--a-w- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51:26 919008 -c--a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-27 20:51:36 35768 -c--a-w- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 06:54:26 91520 -c--a-w- C:\Program Files\Microsoft Office\Office14\BCSSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-09-07 09:04:44 766536 -c--a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager] 2010-05-10 06:12:28 439568 -c--a-w- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2012-07-27 19:09:02 4272064 -c--a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2012-01-20 13:03:48 719672 -c--a-w- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-07-27 02:37:50 180224 -c--a-w- C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2012-03-27 09:07:48 10967656 ----a-w- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2012-08-04 10:40:23 1353080 -c--a-w- C:\Program Files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 01:04:54 252848 -c--a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2010-12-05 20:55:24 5542168 -c--a-w- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] 2011-06-30 10:11:16 2648184 -c--a-w- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2009-07-14 01:14:24 660480 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2009-07-14 01:14:47 65024 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [x] R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl.sys [x] R3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des [x] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [x] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys [x] R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360\1401010.002\SYMDS.SYS [x] S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360\1401010.002\SYMEFA.SYS [x] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys [x] S1 BHDrvx86;BHDrvx86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [x] S1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360\1401010.002\ccSetx86.sys [x] S1 IDSVix86;IDSVix86;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121016.001\IDSvix86.sys [x] S1 NNSALPC;NNSALPC;C:\Windows\system32\DRIVERS\NNSAlpc.sys [x] S1 NNSHTTP;NNSHTTP;C:\Windows\system32\DRIVERS\NNSHttp.sys [x] S1 NNSIDS;NNSIDS;C:\Windows\system32\DRIVERS\NNSIds.sys [x] S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\system32\DRIVERS\NNSNAHSL.sys [x] S1 NNSPICC;NNSPICC;C:\Windows\system32\DRIVERS\NNSPicc.sys [x] S1 NNSPIHSW;NNSPIHSW;C:\Windows\system32\DRIVERS\NNSPihsw.sys [x] S1 NNSPOP3;NNSPOP3;C:\Windows\system32\DRIVERS\NNSPop3.sys [x] S1 NNSPROT;NNSPROT;C:\Windows\system32\DRIVERS\NNSProt.sys [x] S1 NNSPRV;NNSPRV;C:\Windows\system32\DRIVERS\NNSPrv.sys [x] S1 NNSSMTP;NNSSMTP;C:\Windows\system32\DRIVERS\NNSSmtp.sys [x] S1 NNSSTRM;NNSSTRM;C:\Windows\system32\DRIVERS\NNSStrm.sys [x] S1 NNSTLSC;NNSTLSC;C:\Windows\system32\DRIVERS\NNSTlsc.sys [x] S1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys [x] S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360\1401010.002\Ironx86.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360\1401010.002\SYMNETS.SYS [x] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [x] S2 dgdersvc;Device Error Recovery Service;C:\Windows\system32\dgdersvc.exe [x] S2 FsUsbExService;FsUsbExService;C:\Windows\system32\FsUsbExService.Exe [x] S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys [x] S2 MBAMScheduler;MBAMScheduler;C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [x] S2 N360;Norton 360;C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x] S2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys [x] S2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys [x] S2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys [x] S2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys [x] S2 PSUAService;Panda Product Service;C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys [x] S3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\system32\FsUsbExDisk.SYS [x] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [x] S3 PSKMAD;PSKMAD;C:\Windows\system32\DRIVERS\PSKMAD.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - WS2IFSL Contents of the 'Scheduled Tasks' folder 2012-10-18 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:43:33 . 2012-10-09 16:22:20] ------- Supplementary Scan ------- uStart Page = hxxp://www.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A9T&apn_uid=7418299174944100&p2=^A9T^YYYYYY^YY^US mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = proxy.singnet.com.sg IE: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\l72udwo9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com.sg/ FF - prefs.js: network.proxy.http - proxy.singnet.com.sg FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2009-06-26 03:22; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - - - - ORPHANS REMOVED - - - - WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file) MSConfigStartUp-DivXUpdate - C:\Program Files\DivX\DivX Update\DivXUpdate.exe MSConfigStartUp-SSDMonitor - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe MSConfigStartUp-Windows Mobile Device Center - C:\Windows\WindowsMobile\wmdc.exe AddRemove-uTorrent - C:\Program Files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe\" /s \"N360\" /m \"C:\Program Files\Norton 360\Engine\20.1.1.2\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="C:\Windows\system32\GameMon.des -service" --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11] "AdvancedGeneration"=dword:00000000 "AutomaticallyUpdateCheck"=dword:00000001 "ClubSearchFeatureNum"=dword:00000000 "CompareFeatureNum"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "Currency"=dword:00000056 "ExportFeatureNum"=dword:00000000 "FilterByClubFeatureNum"=dword:00000000 "FMPath"="" "GameDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011\\games" "GenieReportFeatureNum"=dword:00000000 "GraphStep"=dword:00000000 "HighlightedAttributes"=dword:00000000 "HighQualityGUI"=dword:00000001 "HintsFeatureNum"=dword:00000000 "HistoryDir"="C:\\FM Genie Scout 11\\History Points" "HistoryFeatureNum"=dword:00000000 "LangDB"="C:\\FM Genie Scout 11\\lang_db.dat" "Language"="English" "LanguageDBFeatureNum"=dword:00000004 "LastSaveGame"="" "LastUpdateCheck"=dword:0000a049 "LoadLangDB"=dword:00000001 "MinCondition"=dword:00000050 "PlayerSearchFeatureNum"=dword:00000004 "ProxyHost"="" "ProxyPort"="" "SaveDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011\\" "ScreenshotFeatureNum"=dword:00000000 "ScreenshotsDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011" "ShortlistDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2011\\shortlists" "ShortlistFeatureNum"=dword:00000000 "ShowHistory"=dword:00000001 "SkinName"="PSV Eindhoven" "StaffSearchFeatureNum"=dword:00000000 "TopFormationFeatureNum"=dword:00000000 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "TranslateStaffSkills"=dword:00000001 "UniqueID"="D5-E080-E52F" "UseAuthentication"=dword:00000000 "UseProxy"=dword:00000000 "UserName"="" "UserPassword"="" "Version"=dword:00000081 "VersionOf"=dword:00000000 [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11g] "PicturesNumber"=dword:00057cfc [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12] "AdClicksNum"=dword:00000008 "AdImpressionsNum"=dword:00000019 "AdvancedGeneration"=dword:00000000 "AutomaticallyUpdateCheck"=dword:00000001 "ClubSearchFeatureNum"=dword:00000000 "CompareFeatureNum"=dword:00000000 "CompressHistoryPoints"=dword:00000000 "Currency"=dword:00000056 "ExportFeatureNum"=dword:00000000 "FilterByClubFeatureNum"=dword:00000000 "FMPath"="" "GameDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012\\games" "GameLoadedCounter"=dword:00000008 "GenieReportFeatureNum"=dword:00000001 "GraphStep"=dword:00000000 "HighlightedAttributes"=dword:00000000 "HighQualityGUI"=dword:00000001 "HintsFeatureNum"=dword:00000000 "HistoryDir"="C:\\FM Genie Scout 12\\History Points" "HistoryFeatureNum"=dword:00000000 "LangDB"="C:\\FM Genie Scout 12\\lang_db.dat" "Language"="English" "LanguageDBFeatureNum"=dword:00000007 "LastSaveGame"="" "LastUpdateCheck"=dword:0000a0a6 "LoadLangDB"=dword:00000001 "MinCondition"=dword:00000050 "PlayerSearchFeatureNum"=dword:00000007 "ProxyHost"="" "ProxyPort"="" "SaveDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012\\" "ScreenshotFeatureNum"=dword:00000000 "ScreenshotsDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012" "ShortlistDir"="C:\\Users\\Owner\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists" "ShortlistFeatureNum"=dword:00000000 "ShowDonateNotification"=dword:00000000 "ShowGuidNotification"=dword:00000000 "ShowHistory"=dword:00000001 "SkinName"="Steklo Black" "StaffSearchFeatureNum"=dword:00000001 "TopFormationFeatureNum"=dword:00000000 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "TranslateStaffSkills"=dword:00000001 "UniqueID"="D5-E080-E52F" "UseAuthentication"=dword:00000000 "UseProxy"=dword:00000000 "UserName"="" "UserPassword"="" "Version"=dword:000000ce "VersionOf"=dword:0000007b "VersionOf201"=dword:0000007b [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. a v ý µ#\OpenWithList] "a"="vlc.exe" "b"="a" [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC] @Denied: (C D) (Everyone) [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints] @Denied: (C D) (Everyone) "{FFAA6780-253F-4641-9BF3-A6F8AF5E2618}"="" "{ED9C13BB-8994-43A4-8156-E445828694DF}"="" "{0F7A789B-9208-4BD3-8BCC-3D8A6DB74D22}"="" "{16A1A044-CB51-4EB0-A436-4B549D0B17BE}"="" "{63DCF0B0-88C1-4016-9BCF-731A6358B534}"="" [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c1,34,ba,64,9f,02,b4,21,a6,ac,2e,45,1b,3e,3c,9e,92,7f,3b,98,ee,93,18, f7,2b,f0,b7,1b,97,bd,fd,dc,e1,7f,34,a0,d7,16,e5,5f,cb,76,ef,4e,4f,2c,63,68,\ "??"=hex:14,af,65,1f,0d,e2,ba,9a,6e,8b,98,b4,45,d2,99,6f [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000\Software\SecuROM\License information*] "datasecu"=hex:21,46,6d,46,73,8a,24,e3,7d,8d,f8,ed,71,7f,f8,74,a7,10,91,61,d6, 92,c8,a1,ae,15,21,65,62,cc,7e,fe,e8,db,88,a2,08,48,f7,b3,55,92,ce,10,7f,e4,\ "rkeysecu"=hex:3a,14,c3,31,e8,71,be,4e,a7,2c,de,39,47,6b,04,5d [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):4b,e5,68,99,7f,3e,05,dd,2c,e8,ce,0f,71,7e,e6,c5,c6,0e,f5,cc,01, 68,7f,9c,39,2d,fc,81,b9,65,d3,72,ad,0a,c5,9e,d7,a4,13,43,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):0f,b5,2b,28,fc,f7,ef,46,91,dc,5b,fb,89,97,10,a7,03,6f,85,eb,0c, 0d,83,d3,a4,ee,1e,b1,c1,81,36,22,69,37,db,5d,5f,ff,79,e7,00,00,00,00,00,00,\ [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{a80886ee-b41e-4272-bb4a-0d197a6623ac}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000cb "Therad"=dword:00000009 [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1000_Classes\CLSID\{fc37c768-0325-4302-b32c-94983fc2a1c5}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000010b "Therad"=dword:00000011 "SpecVersion"=dword:000000f8 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ [HKEY_USERS\S-1-5-21-3429488616-1519292121-1956305698-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. a v ý µ#\OpenWithList] "a"="vlc.exe" "b"="a" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels] @Denied: (C D) (Everyone) "ccSvcHst_UserSession2_3380"="{DA0DA856-9357-4DC7-86CE-A5511F639CD0}" "ccSvcHst_UserSession2_2272"="{DB2E59E0-6BBB-48CD-8067-990C9C2DF254}" "ccSvcHst_UserSession2_2480"="{B6F412D8-6778-4405-9554-0A09A6FB628D}" "ccSvcHst_UserSession2_2144"="{E8ABC747-0636-4678-8E17-7BC795A679C6}" "ccSvcHst_UserSession2_2900"="{2955BE94-DC4B-480B-8C95-0D2BC4903C4E}" "ccSvcHst_UserSession2_2868"="{0F6FBDDF-6117-47D7-875B-4E6DF25330BD}" "ccSvcHst_UserSession2_2204"="{9C7619D1-585F-4A27-AD54-0017FB1FF9CC}" "ccSvcHst_UserSession2_2148"="{8F2D0A29-08B7-4346-A09B-862404AB49D3}" "ccSvcHst_UserSession2_2364"="{5B1D3006-B8B5-470B-8035-E4CB269BBC37}" "ccSvcHst_UserSession2_2236"="{4E10BB9D-17EA-4FBE-B6A8-6140404BE303}" "ccSvcHst_UserSession2_2252"="{28C43FD4-EDD7-4497-A9FA-FA9A923ED22E}" "ccSvcHst_UserSession2_2748"="{ABE48364-A9E7-42A3-9ADF-98CFC216B6C6}" "ccSvcHst_UserSession2_2360"="{9BAE9353-4FB1-4174-8F4A-96BD1257392A}" "ccSvcHst_UserSession2_2548"="{75CFEB85-2439-46D2-B548-9D72ED70FAFA}" "ccSvcHst_UserSession2_3456"="{017B2608-E045-415B-B00B-8CE426556451}" "ccSvcHst_UserSession2_2860"="{8EB78505-34A8-4600-9BB6-2DFAD564D582}" "ccSvcHst_UserSession2_2440"="{448563A4-6680-4340-ABE2-BEB8F03E30C6}" "ccSvcHst_UserSession2_3024"="{92EED0C7-8103-4623-BB83-B41313C97FCE}" "ccSvcHst_UserSession2_2916"="{171E41EC-996E-4A9D-B7F5-5A7E310FFF52}" "ccSvcHst_UserSession2_3056"="{AA760A3F-D559-4C51-81F0-F8C3C85A50A4}" "ccSvcHst_UserSession_4636"="{8166E094-F7B7-4BD4-9995-5F6F1BF559BC}" "ccSvcHst_UserSession2_3448"="{DCF07928-554F-4AC7-AC08-DC35875B17E2}" "ccSvcHst_UserSession2_3376"="{9DD318C0-E230-4D96-9F5E-C243B7860F45}" "ccSvcHst_UserSession2_3044"="{246750F3-A765-491B-AC03-087174FEBC3F}" "ccSvcHst_UserSession2_3240"="{6038F2F9-D9EC-42AA-9AFA-FD5BF7D2925C}" "ccSvcHst_UserSession2_2408"="{AB961CC0-724C-4EAE-B883-29C5386A7591}" "ccSvcHst_UserSession2_3204"="{AE81D214-7BD6-404E-BA76-E337A846F8B9}" "ccSvcHst_UserSession2_2588"="{24F95B08-0CEE-4DC3-8CEB-58AC859EBA90}" "ccSvcHst_UserSession2_3208"="{8B430A53-B15B-49E9-AF9A-4811A5FFE97A}" "ccSvcHst_UserSession2_3796"="{D7E76C7A-D498-44CE-AD64-8D14F157616F}" "ccSvcHst_UserSession2_3148"="{D1800BB5-83D6-4231-9C0B-28AA0911E0C1}" "ccSvcHst_UserSession2_3300"="{EDB8EEA1-EE24-4978-A030-FA9ED1CB8DEB}" "ccSvcHst_UserSession2_3256"="{7E6D9F59-1CDE-4AC4-B4B5-1DD6068B6947}" "ccSvcHst_UserSession2_3284"="{2F79591D-61E9-42A2-8E3D-CF1411882D15}" "ccSvcHst_UserSession2_3196"="{732655BE-AB7B-4428-BC86-44FF1E480BA2}" "ccSvcHst_UserSession2_2452"="{B97375D4-628C-4FF2-BDE4-31FF920D1734}" "ccSvcHst_UserSession2_3188"="{F97B0212-11D9-4719-9752-1C7B666CD3E8}" "ccSvcHst_UserSession2_4036"="{D12D049D-5DC4-40F6-8FD5-C7C75F07557B}" "ccSvcHst_UserSession2_2400"="{E658E558-F23F-485C-8205-F3B081879DA3}" "ccSvcHst_UserSession2_2808"="{4D9CCDAC-11FD-462A-A8CB-ECF5E0BB1B58}" "ccSvcHst_UserSession2_2368"="{476935D6-C5C0-48C1-A38B-DEA7BC529042}" "ccSvcHst_UserSession2_3392"="{936A2861-F43C-4F45-ABE0-E6E2999F7C1F}" "ccSvcHst_UserSession2_3232"="{0CA3A02C-F207-470B-9E57-B494F4AFCCB6}" "ccSvcHst_UserSession2_2456"="{78B95B78-461D-4F81-9FCB-21FD3DBDD43D}" "ccSvcHst_UserSession2_3224"="{B63D54A6-0E14-470F-B41C-049A960A8231}" "ccSvcHst_UserSession2_3216"="{35E8BB01-25F1-438F-B9D8-86E0C8E37416}" "ccSvcHst_UserSession2_3012"="{C42EC6FC-59B3-4BB7-A876-6CFFBFE38628}" "ccSvcHst_UserSession2_3396"="{29662DE1-BB4A-4EB4-9738-6A428BF42DCD}" "ccSvcHst_UserSession2_3192"="{2F77367F-3F63-495C-BAF3-D4272488AF65}" "ccSvcHst_UserSession2_3340"="{331B7769-4794-48E0-9AE6-1004933D767F}" "ccSvcHst_UserSession2_3212"="{812C39CB-C9F9-48FE-AE25-0D9BB71F3D72}" "ccSvcHst_UserSession2_3124"="{9A37B8C1-BE1A-4616-9246-DA8AB278DD10}" "ccSvcHst_UserSession2_3440"="{B9C69DC9-B34D-4B86-A326-5B3B8CD9E041}" "ccSvcHst_UserSession2_3308"="{44FF4F6D-92DE-4582-BC48-A24B35391A6D}" "ccSvcHst_UserSession2_3708"="{CD53B415-1FB9-4CD8-B208-CA018E9A90E4}" "ccSvcHst_UserSession2_1076"="{04CE2F69-52D6-4797-900B-0DF09BD023F3}" "ccSvcHst_UserSession2_3304"="{FEE955E4-2F92-4E14-84D5-4C11C49E96C1}" "ccSvcHst_UserSession2_3248"="{51BA88BC-6A76-4B03-A1D8-86DF189BA427}" "ccSvcHst_UserSession2_3548"="{E4CD576A-F796-4C65-8278-16DB3C69EDCB}" "ccSvcHst_UserSession2_3272"="{0DC26155-3CAA-4F7E-9298-4D577217A48E}" "ccSvcHst_UserSession2_3092"="{F820F8C6-7456-4ADC-B024-A752C6B2FB2B}" "nasa_ipc_server"="{E6CDB83B-9ADF-4398-BF0C-F44BAF013815}" "ccSvcHst_UserSession2_3436"="{A02B1062-B069-4C01-81BD-86589B2F4B2B}" "g_coVistaProxyChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "Tuneup_Context_Switch_Channel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccSvcHst_UserSession2_3444"="{3D6D87E2-AD89-45B5-AFD6-D31862BEC714}" "ccSvcHst_N360"="{B55D9405-915A-402F-AE41-7A54934B902D}" "DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccSvcHst_UserSession2_3948"="{36EE3F03-981B-43C4-8795-F5B2B895CFB2}" "{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "ccGenericEvent_Global_EM"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccGenericEvent_Global_LM"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccGenericLog_Manager"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ipcChannel_ShastaServer"="{B55D9405-915A-402F-AE41-7A54934B902D}" "{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_buSvcComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "SNDServiceRequestChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "SymRedirSvcRequestChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "SNDLocationChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "NortonNetServiceIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "NetMapServiceIPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ncw_performance_IPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_NCWSvcComm_NortonCommunityWatchConfiguration"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_isDataPrComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_ProcessDetection_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_AvProdSvcComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "isError_Service_IPC"="{B55D9405-915A-402F-AE41-7A54934B902D}" "QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "BashIPCChannel"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_ISPOCClient_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_IDataStoreMgr_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_buVssComm_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "_HSPlayerCommand_"="{B55D9405-915A-402F-AE41-7A54934B902D}" "{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "IPS_COMMAND_CHANNEL"="{B55D9405-915A-402F-AE41-7A54934B902D}" "{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "FWAlert"="{B55D9405-915A-402F-AE41-7A54934B902D}" "AvProdSession_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AvProdSession_Options_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AvProdSession_MessageCenter_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AvProdSession_Scanless_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "_buUIComm_S-1-5-21-3429488616-1519292121-1956305698-1000"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AvProdSession_IPUA_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AvProdSession_CanIRun_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "clt::AlertChannel2_01"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "{D9D79767-CD29-487E-9729-730A5CA33689}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "CO_PS_{55DBA8A2-CF13-4600-8FC8-C7B989ABF841}_1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "g_coUserCommandChannel_S-1-5-21-3429488616-1519292121-1956305698-1000"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "TRUSTCHANNEL"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "SDKCHANNEL1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "AVModule_ExclusionManager_{C6198C0B-693E-4CE5-BDED-C1C7ABE5E22C}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "{A1B48937-0778-4e7c-885B-271F65B485D2}"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ToasterNotify\\SessionID_1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{402B87AC-BAC1-4C75-B855-91E355024A89}" "_ReputationSvcComm_ReputationPublisher"="{B55D9405-915A-402F-AE41-7A54934B902D}" "ncw_reputation_scan_server_IPC"="{601B9D26-ED1E-47AC-B352-35B7046571F1}" "ccSvcHst_UserSession2_2760"="{402B87AC-BAC1-4C75-B855-91E355024A89}" [HKEY_LOCAL_MACHINE\SOFTWARE\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints] @Denied: (C D) (Everyone) "{7E708133-F733-4226-BD5D-8F0DC279139B}"="" "{DA0DA856-9357-4DC7-86CE-A5511F639CD0}"="" "{8A3E23DC-89A4-4B83-B216-97EB12BBEDFC}"="" "{B4074B16-1D4A-43E0-BEBA-7F573F98B3BB}"="" "{4842A3C6-4909-43D1-9D8C-FA4A10223BC3}"="" "{C43B4199-673A-4380-BCB5-2037C232A4F6}"="" "{382624D7-878E-4340-9F13-0A68F112AF8E}"="" "{86E02384-AB42-45BE-A837-40B7F176129E}"="" "{E1F66B9B-7506-4AF3-8C8A-0D8F63AA7506}"="" "{87E85A4E-0DC7-4F79-A5F3-29AAAA847F73}"="" "{2D70DD10-8232-431F-AE62-5485D204D76F}"="" "{8E9F7467-08C4-4E49-8652-E16A2CA448C9}"="" "{FA2DF399-7A71-4BB1-B674-E6B38B7FAD5E}"="" "{D9AA54D7-A7AC-4EF8-81F7-7625F8A499E2}"="" "{21250460-ACD2-4241-9F86-09CF32980F40}"="" "{E25F7460-FE01-4A5C-ADD0-854388614FE0}"="" "{2A2273FF-40D1-4284-B227-89D0BAB99A73}"="" "{E4286E75-0D07-45FF-A7FD-03882DC9F9D2}"="" "{715EE43B-D14F-44A5-B078-949B3A99105F}"="" "{15B4CBA7-3497-4714-9997-74C70A1883B9}"="" "{4B433E1E-7C8A-48C5-91CC-8980F163FD9D}"="" "{42D8A33F-1FCD-4685-A3D4-581545EA2380}"="" "{1815ED29-FA1B-4E37-B47F-48F4A27B1069}"="" "{23C74058-20A6-4A7C-8654-4ECE7561F0D4}"="" "{E975BC04-83EF-4B62-9710-A81FDB1FE19D}"="" "{5BC2028F-48C6-40CE-BA6B-8FDDC76A2608}"="" "{9867EC9E-CCC5-4CB1-B63E-9CF8F37A8AA9}"="" "{0F6BC09A-1DC7-4A43-8B3C-8EB8CD414929}"="" "{1E3450B4-72C5-4443-9A1B-BE6D130536C4}"="" "{0FEB4ABF-27E8-46D2-837F-666FC00568EB}"="" "{524F5C26-D554-41AB-8A54-4752E40AE69F}"="" "{09ED0574-520B-45DC-87E1-B54E91B65109}"="" "{DB2E59E0-6BBB-48CD-8067-990C9C2DF254}"="" "{13D9A36D-DE95-4795-986A-D30A371A63C4}"="" "{09595FAE-BBE3-4068-BFB9-B2EAEA28F01C}"="" "{C5862FF3-B98D-4EBA-A6B8-9A8F4E5CE4FA}"="" "{B8A500DD-032E-4255-AF95-F9688753E3FD}"="" "{DE945FA1-6947-412E-ADC7-59848DD95E02}"="" "{0AA6E30B-A4C6-4EB2-9F3D-7AA116ED3302}"="" "{FCF68C65-CEEF-433A-8A5A-C13DDE29F2A6}"="" "{59E3122C-340E-47D1-A3C2-00475CBD3D7F}"="" "{F96B032D-E0E4-4094-86B3-43F29E82201B}"="" "{B6F412D8-6778-4405-9554-0A09A6FB628D}"="" "{D2C6C7BC-D4CD-40F3-98DA-53547B02E174}"="" "{34AFAD79-7C6A-4F38-9F2A-7199B79470B8}"="" "{631674E8-1B27-452A-A7E3-DE1593DCF3D7}"="" "{4DC90014-FD18-4B6E-AAE5-FAADD13957A1}"="" "{5F80C429-689B-4836-B11C-658730927D6F}"="" "{3BFE0423-1AF3-48FA-9E2D-498E5CD29913}"="" "{02822A2D-2F49-4B3D-9402-4F005F0F1C6E}"="" "{BE5420C6-266D-4BF6-88BB-20FC4676A840}"="" "{062ADEEB-256F-4704-A6E9-3DF3A7A4E468}"="" "{E8ABC747-0636-4678-8E17-7BC795A679C6}"="" "{1A4BC342-CEAA-4080-8C5A-8BE2C554A0BC}"="" "{6CA625FD-595F-4A69-9F92-F69AA9E9673E}"="" "{93E459E6-1081-4A2E-A098-37AD30522099}"="" "{B8B7D877-F236-4B61-85B7-B610A54D5891}"="" "{473C22CD-D671-460A-80EC-0464CB27D044}"="" "{3DF8A305-E049-426B-A614-01499E4B771B}"="" "{7A868217-C31B-44FE-B189-1D5857B8170F}"="" "{BB5F3F29-858C-4EB8-BA8E-CCBCE1DD61DC}"="" "{7D0A60EF-7EE3-4ACC-811F-82C7FB8CD98F}"="" "{4381D4EA-CA06-4CE3-9523-6E564352D1BB}"="" "{4D2E2D09-FDF9-4C2E-A0D9-42FCF56B776D}"="" "{BB056BD9-B688-4078-804E-FEC40152037A}"="" "{4880A03F-19A4-44B2-A12D-A948B9EAC22C}"="" "{1AEDD993-7A3C-43CB-B30B-176B5BFA31F0}"="" "{9B17B898-1AF9-4DA9-BA67-1F5550E9AC03}"="" "{D88E3458-4F5B-4B22-B5F1-D29D2942C8C1}"="" "{8991BEEC-7F84-4B24-B811-D1B754700250}"="" "{505DC54D-05DF-4BCB-8953-129A685AA622}"="" "{4E9C8945-DDE1-495D-B13F-CC350A257CB7}"="" "{2955BE94-DC4B-480B-8C95-0D2BC4903C4E}"="" "{40B54D1D-A840-4271-9DA4-87984E536761}"="" "{0F6FBDDF-6117-47D7-875B-4E6DF25330BD}"="" "{6B75193C-C42E-44E9-93E1-6DF8FBA9E483}"="" "{6525DD9E-9531-4629-894E-13D720FE89D0}"="" "{4DBEB134-F92B-43B2-B4B9-9150517B1481}"="" "{B89330BF-833C-405E-B73C-9E611CD265F3}"="" "{DED12D7F-9860-4DAF-95DB-865E8CAE2D3D}"="" "{D1AA07F6-AC19-4464-9361-89F8A023F68D}"="" "{6F6C4DA6-14F0-4584-B066-CCEE878D2B51}"="" "{7CB9956C-18F7-4F15-A1C7-7496893E64B5}"="" "{5AFFDBDB-3A03-415E-A274-01C83D246F55}"="" "{974231C8-02AC-40E6-85C5-CBA3F1C85DD5}"="" "{7A9DEF9E-15D5-4D0D-8E19-0A4298B83241}"="" "{9C7619D1-585F-4A27-AD54-0017FB1FF9CC}"="" "{99AAD83E-392D-4248-9FD0-DAFA87EF1CF4}"="" "{FB7C3EC6-93E5-40F7-A7A3-15D3A2A9C336}"="" "{A9AD1FC7-7917-486C-8D51-0920BA33AEC4}"="" "{53CDA2FA-0D4E-4BBF-820C-438ADD2E5725}"="" "{5B7ABED5-94A9-4068-BDCB-3979E483C505}"="" "{AB185598-092C-4E87-B109-7D6D265CC9B8}"="" "{24ABDC57-F3F3-4158-9131-BA6B812D2503}"="" "{EF1DB7CA-4871-4C84-AA74-54E0B7DC1AEE}"="" "{E339485D-7AE9-4DC4-A6CC-309EA6CE22D5}"="" "{DB003574-733C-4F3E-BFF1-781FB1F75872}"="" "{80B16FE6-DF80-427B-BC6E-1E6B3FC11D3E}"="" "{30083351-0B33-4529-A100-A6E975A956BD}"="" "{4EEA4315-B229-45AB-A487-3AC2BF5FE946}"="" "{AF3731B4-EFF3-42E0-95A2-DCB2CDB40B08}"="" "{08F3E32D-CABE-4FA8-A6C3-A2DA8A32AA4D}"="" "{357F52C6-CF6E-48F7-9E82-05A39A840FAC}"="" "{0C7E9700-384D-4562-AED7-FFB9E6FAE975}"="" "{CC325648-BF8E-46B6-8B17-DBB79F272327}"="" "{E5EA881A-6E93-4EAD-B326-4765CA07A717}"="" "{2F839636-A3DB-4804-A2D2-33E5535A2069}"="" "{9013E870-77B9-48DA-8A5D-F0B55E742364}"="" "{93FDD883-912C-49B3-A935-06E63951656F}"="" "{5082A36C-8399-464E-A0C3-08E118AB0BE9}"="" "{04C4061E-FBE7-426A-9F2A-9C2A61A48D52}"="" "{3771DE4C-AF6F-4401-842F-9AFA033720B8}"="" "{8F2D0A29-08B7-4346-A09B-862404AB49D3}"="" "{4C59B293-3E45-40FA-863D-7488F8CA39B7}"="" "{023C6980-5D8B-4566-9877-A4288C807A26}"="" "{21223973-EC26-4989-87E7-AD2C5244F426}"="" "{82EF08F4-8710-421C-AC03-C8ABEA0E7B67}"="" "{6AC158FB-4BBE-4892-9170-F97E773D6122}"="" "{286CBB2F-141E-443F-8DAF-87C6B20C056A}"="" "{82F5C57F-1F4D-4C6A-A910-0AE7BE74ECB4}"="" "{1F8B79DC-8AFE-43F6-8BE5-2E35B4F62BA6}"="" "{603530C4-F8DA-413B-BCA7-7DFD0CC8D829}"="" "{E4353A79-9B70-44F8-A067-22111CDBBAC7}"="" "{1A43456E-AD60-45F5-A872-25DE2CCC7721}"="" "{77C8AF0F-10BA-41A9-B327-86F6EBC6DD80}"="" "{827814BC-7792-46C5-8DF0-69677659F1DC}"="" "{FA9D19B2-A277-49AB-8CFB-473F45727E43}"="" "{12B04FA4-962D-4AA9-AB17-5B205CDC54C3}"="" "{D8FD8A14-FBEB-4F9E-A4ED-B96030FF8FF9}"="" "{B17DC375-FDC6-4B8B-B0AC-DC472A4621B3}"="" "{5560D5D7-5174-415F-B5F7-24B6E9C07613}"="" "{14DF53F3-0508-4F20-BBBB-C523F249D6E4}"="" "{AA55B99C-66BA-476E-9233-507CB46C626D}"="" "{7B9782AA-FD39-467B-A46A-AFD758D46DCD}"="" "{B52F5962-258A-4CB7-9561-AF6A4F950984}"="" "{4B01D6F4-C686-40EE-AF6C-9AFCFF317A4C}"="" "{FA949F73-6DC0-4089-BB90-BBC7D6F41A9F}"="" "{1700BCD6-13FC-4D24-B646-745E629732A8}"="" "{F1EDE2A5-B95A-4B92-8B17-796EE36C5ED8}"="" "{9A75B3ED-8F9D-46AF-BB4F-E3D1A4020282}"="" "{8800EDF1-8E82-41C5-B6D8-EA0B250085D7}"="" "{EAD22610-9BFE-42A4-BEF4-394806778E05}"="" "{8A812AC3-3471-42DC-9F79-7472B57BE9ED}"="" "{3BC1E507-ABD3-45EE-A0D2-F6CB251F7496}"="" "{9C78A161-6917-48F4-B8B1-50FBA51D03D6}"="" "{DE902B11-D59D-4A86-8826-D60B7F6F8B31}"="" "{404072B9-17EC-4783-AB5C-665BEEEA61BB}"="" "{0675CC15-7A19-47C0-88BC-02CE1381D633}"="" "{33A26696-5255-48EB-AA12-695949B79699}"="" "{D9304987-9927-401E-8208-F2C38468528F}"="" "{A0E825C1-601D-4F1D-A4FF-400176CB698C}"="" "{C2A8D85D-127C-48F5-B843-7E74D2531A7A}"="" "{5ED71AE5-94C7-4F0C-A961-79B453BF954A}"="" "{2ECCF776-5E63-4DCB-8B26-7289FF88F0EA}"="" "{92A98F4C-6FDB-4453-8A76-C6FE9C96D7F4}"="" "{38E2CF7C-E29E-46FE-8495-9E55F1C9F444}"="" "{80289955-062F-4AF7-AB1D-077E03E6F8FE}"="" "{B52FF19D-2C31-4764-87D8-FA538CB968E9}"="" "{ABDB725C-814C-4A44-B263-1B441C8B9B6C}"="" "{C26E437D-29C1-44F6-A2BE-10A29F24B59F}"="" "{9158B774-2E8D-4DE6-8E86-6B7635D854A1}"="" "{54EE03BA-6559-4CFF-9CE8-7FBAAFD18ABA}"="" "{7853EB82-D833-4A29-B83E-83ED2558D990}"="" "{CBAA0A04-6527-4055-88C8-A11F9E1BD33D}"="" "{5C90C959-8DFF-450F-896F-73DB560F9837}"="" "{8762929C-E51B-424F-9351-26713A1BB922}"="" "{73CD2B56-84D5-446C-98C0-CE5ACAA4C19C}"="" "{DA01D9BB-09EA-496A-A80A-0898BA4C3E8F}"="" "{26A0033B-4582-4BAC-AB3F-F3A05E173DDE}"="" "{22BED23D-8704-4BB7-ADC7-402BEBF47E00}"="" "{5B1D3006-B8B5-470B-8035-E4CB269BBC37}"="" "{EE028568-30D1-4A78-81E8-D0D4C664BED6}"="" "{FBBEE0AC-1595-4CC5-80B2-65D605DF3A2D}"="" "{BA7D8A9A-E83A-4021-8A50-2E8550645F2A}"="" "{39D08A57-17E5-4B83-9168-123820D55776}"="" "{3FE4FE93-49F0-4DBB-BFE1-C1D1D324A0A0}"="" "{4E10BB9D-17EA-4FBE-B6A8-6140404BE303}"="" "{CE55CD06-F042-44C4-8AA4-F0A5F007964A}"="" "{E95134B3-846A-46B2-BFFF-52DB75AFFBDF}"="" "{47EC32C2-B499-4C8C-9E3F-2DB655BB5921}"="" "{E33190BE-40ED-4C9E-895A-D57C275AE4B3}"="" "{8101DF2D-3CAE-4F97-88F1-0C3FAA2CC59B}"="" "{BC1A4057-97F1-4270-AC09-F2AB8CA92EE6}"="" "{99E1FDD6-9050-4FB0-9564-2373CEC1632D}"="" "{6475CB87-6476-4980-ACA1-D71E91CE69C2}"="" "{003822A7-06E6-497C-9340-BDF249730287}"="" "{5F83D008-51AE-4936-AE5B-F1BF7BA1BE32}"="" "{F14DDEDB-8EE6-4C7B-ADC0-CAB21D5A97C5}"="" "{BC91757A-B4C1-4EF3-991B-AFC32BD94437}"="" "{2A0D347F-7190-48BD-AFFA-0FAE963C4174}"="" "{B7A64C1B-1468-49E3-BC66-CA0BCAE6EA92}"="" "{87AA3A46-6C17-4D83-8137-7052F30148F6}"="" "{E21630A3-3D9E-4DA2-835D-2B335546981F}"="" "{2EF35C04-D211-44BF-B380-70D2988D3091}"="" "{334ECE4E-1FEE-4EB0-A7F2-AADCA50369E7}"="" "{C9FC1005-3D3A-419B-984B-982DBBC52E6B}"="" "{E4174957-866D-4654-85A9-1CFF3FBB6FAC}"="" "{1C90900C-E03D-49DF-81DA-E370DD16DF1F}"="" "{BFAB2F1F-0D7F-4B07-B038-5C5DA9790C06}"="" "{D1A6DAFB-81E0-410A-87AD-C4A042D9097C}"="" "{4FBC98C3-4AFA-4AC7-BA5E-B5FDADAF8B26}"="" "{B85F2C11-3334-4DEA-94C3-46C2D70D3739}"="" "{0A4E0093-2E0F-44CB-837B-8E2D498C1D3E}"="" "{6CA56438-48F5-4CAA-A2E8-A6287432911A}"="" "{868F0D08-AB05-4EC0-8BC3-DE5F230E5E9A}"="" "{28C43FD4-EDD7-4497-A9FA-FA9A923ED22E}"="" "{2EC623E3-FCC4-4102-9F5E-06C49281DE10}"="" "{ABE48364-A9E7-42A3-9ADF-98CFC216B6C6}"="" "{5AADDFF3-E090-4730-A14B-8E0CAE8DA24B}"="" "{579FD489-1347-4CBD-8AB7-DB0444F3AA23}"="" "{891FFD51-4574-4B77-A29F-25D320D1DE40}"="" "{8B51AC12-3645-4BFA-A553-2366BBD8BDCE}"="" "{9BAE9353-4FB1-4174-8F4A-96BD1257392A}"="" "{6A20D3BD-C96C-457E-B949-ACB6C4BA648C}"="" "{049663E0-2047-4AA4-AA3A-DA60BC4D6897}"="" "{F76E0335-6913-4F18-8E51-1CF54AFFFCEF}"="" "{60EBC192-9328-426A-95C6-BC02D8288697}"="" "{2B5544B9-481F-4355-84B1-C58BD878A322}"="" "{8A9396F4-9FDB-404D-BC63-BAB293DCCAF9}"="" "{2660AA0A-952C-45C1-B527-990897ADA65D}"="" "{BBCAD07C-BA7D-4FE4-A329-F446F071E954}"="" "{EF92BCAB-5EC3-4944-BA22-2AAC6EF81C47}"="" "{392D0EA0-90E2-48E7-9741-2BBCE6D1CAFC}"="" "{08D838FE-6EB7-45DA-B341-1B2D1551891B}"="" "{70675216-5B4D-4FA9-8F7B-00CA7AF8C430}"="" "{0EFA0E01-F14C-4E19-82DF-440BC818F00A}"="" "{75CFEB85-2439-46D2-B548-9D72ED70FAFA}"="" "{261ADBE6-DFA9-4986-8F38-E79A661BCEB7}"="" "{0770BE67-F83F-4757-ABE7-D98A18172C24}"="" "{DEDABA50-C31F-4481-B981-A4FAE7EBB562}"="" "{B503899C-D8E1-47C8-BFFB-291D29A2CA4C}"="" "{B34F4297-F069-4469-98F0-D1B87B8E765C}"="" "{3CE45D5B-9360-4324-93E3-A45F62B599D6}"="" "{099DD2D0-D8EC-444A-8B61-98DBA16611AD}"="" "{AF5945F0-0DFE-439A-ACB7-B05695643778}"="" "{143F81AE-A87C-48F3-83E5-B5A61F3A1FCC}"="" "{A95BD5F2-F35A-4F2E-91D0-72E1A17C18EC}"="" "{1F5F63E4-6627-469B-9AF6-5B5E79A0B671}"="" "{49BFED85-67EC-4008-9F8E-A49AD044D5AC}"="" "{6228BE61-7390-43AA-A961-50B1769FF0B7}"="" "{8830749E-7F0A-4CB3-B755-25671F5454FC}"="" "{FBDDEEB5-9EB3-4DC3-A489-791BC469A5B0}"="" "{EBF260D7-6D21-418F-ABED-B0B51DA7EC0F}"="" "{1FFF6127-460A-40A4-AC24-D6B4AB97F45F}"="" "{7566C084-3BEA-4A06-94F3-2203274BC738}"="" "{0E88807F-54E4-4DFE-A5B7-FBFD5D8143DF}"="" "{A29749BD-A729-41DF-B090-AA7F6B025632}"="" "{B0DA9558-C054-456B-B48D-15764BA7CF45}"="" "{A343FD2F-8A87-42CB-8C7A-783226F661B9}"="" "{3679DF33-6331-4A96-9E49-8CA2C42E524B}"="" "{D7DEEF75-FB18-4B68-931D-7100D58FDD26}"="" "{14816D69-6ABF-4806-BBD5-7F5BEF7279D6}"="" "{9E5E4209-F309-4E23-B09C-3D1FB310D2D1}"="" "{297DF63F-A5BE-440B-B4D8-4DC2B810027B}"="" "{B313106D-E9BA-4E5F-A8FA-9A45A436A573}"="" "{64D63D2F-F438-4483-A132-83E1C02C9D5C}"="" "{FE510F03-965C-4F2A-8694-CB6ECFD3AE15}"="" "{D989E848-1A01-4A6D-872B-8767FEAC8B14}"="" "{FF8D27BD-8A0B-4B12-B9FD-266E27DD704D}"="" "{3E79C0FA-009E-409F-B54A-ECE3C859EEF1}"="" "{58B965B1-CDEF-47D0-8E7F-296CCD0E5422}"="" "{BD2E9988-BFFD-4A4E-9B2B-3EA60E930DA9}"="" "{017B2608-E045-415B-B00B-8CE426556451}"="" "{18702866-A687-45FF-8FE8-69E36064C2F1}"="" "{B3DD701D-FA6F-4709-8237-6C64FDC50C5D}"="" "{51490D6B-ACE7-4EE9-84D7-5E3ED57D2E85}"="" "{58604ACF-115A-413A-B71B-27B7268937FA}"="" "{8FC0B30D-A4BC-4679-A90E-D9ADB79ADE49}"="" "{E98BB672-B020-42F1-9361-852DDD0996D9}"="" "{82F44D9E-C896-401A-9096-461F36B46605}"="" "{6ED61253-A0A7-420E-A1B5-C6871A1D3211}"="" "{55029DA5-CC45-4219-9416-6C8964981A99}"="" "{6368404F-12B8-448E-9109-AC212AFF845F}"="" "{8515F0DB-E9BE-44A6-A09C-ABDBDCB22627}"="" "{24E99E0F-03FA-42CD-99FB-BA6178D5BA5B}"="" "{9D05AB00-B0E3-4B28-AF35-8ADE40B21099}"="" "{8EB78505-34A8-4600-9BB6-2DFAD564D582}"="" "{2967A14E-72B0-4231-9435-88D307143880}"="" "{80C31F68-51FF-47D9-8128-E3E3A51D2715}"="" "{47370E08-1CF3-4F69-88F3-C6F5A11E395E}"="" "{448563A4-6680-4340-ABE2-BEB8F03E30C6}"="" "{28550DB9-A44E-4B11-A250-4D89A950163D}"="" "{AD60681B-A61E-4BBC-9D36-D5E5A88C8194}"="" "{FBB64870-049B-4B04-9779-6B0520C13781}"="" "{5BE5FE7A-0C8E-4EFF-B283-456F17E2BF05}"="" "{2314019A-D45B-4FB4-9421-7E4C3B154D7A}"="" "{BD10039B-5E58-4E4B-A64F-7F2B3880EF17}"="" "{57075F69-63C5-49AE-8FE8-74E4A30480A2}"="" "{6B5B4605-7056-4F6C-8053-52BB3D31A112}"="" "{B20DB7B8-481A-42DA-935F-09057E1EA7B3}"="" "{E4E7803B-80BC-47D2-8301-36B52DD37A60}"="" "{7C7B0AF6-2794-494B-9E2D-40A7E34BCA18}"="" "{E39F59EF-09FE-4057-8A33-99427B529BCF}"="" "{7D1B90E8-A456-41BA-AC89-C04DB4A0B042}"="" "{C3FE236F-8B01-4840-9015-4E246E069B51}"="" "{CA3D9A46-6D01-4073-88ED-AA1AE038CE98}"="" "{3B167CF2-D958-47E3-AFDE-30CF54405B90}"="" "{E4FBDC3F-A287-4083-8A15-46D1F276C0CD}"="" "{25EBACAD-5E8E-458C-A972-6ED315B0E745}"="" "{A277C50F-6618-4258-919D-BA19A1FC7299}"="" "{6F62C302-1C72-49D9-B20A-68718822565A}"="" "{911F465E-89FE-4B7D-82A7-979085FA4D07}"="" "{022C4C8D-5556-41AD-84FC-7D12AB2B9013}"="" "{F4709B08-1AB6-4DCF-AAAB-73F2AFD98821}"="" "{82A8B83E-96A4-4E4D-8BCE-1D6F02B9EE3C}"="" "{92EED0C7-8103-4623-BB83-B41313C97FCE}"="" "{4A0E762D-CAF2-4774-B311-EA7BC8924D8D}"="" "{171E41EC-996E-4A9D-B7F5-5A7E310FFF52}"="" "{777319BD-0092-4C9D-8B84-BD5CB3770C47}"="" "{64EA5579-25B3-47B0-8FD3-A42F04158950}"="" "{56AB9FCF-856B-4FCA-8927-EC7101518922}"="" "{355257F3-5D06-4130-B645-D1CDA1A78D68}"="" "{0A6CBA65-C362-4FBB-B4F6-3C9A6EFEB8F7}"="" "{4FA703E0-B8DE-4165-AF3B-6B44F03B660E}"="" "{20875D91-ACA6-401B-9ADB-31149ABEA46D}"="" "{F6E1E2D4-B2D2-44A0-8B9A-6A4926F9DA9A}"="" "{B31928BB-CC50-4289-BAE4-BC38B92E37FA}"="" "{870A33DA-EE44-49D0-9DE1-B5A52377CE1F}"="" "{02653E90-B80B-4CD1-84EE-7D8E84DB3B1D}"="" "{2B6A82D3-4557-48D8-8040-0FC350A16E45}"="" "{F0B31D5A-75BD-4307-B364-6EE2B8571DD4}"="" "{E4CD8FC6-9778-42A0-BB89-C903B0712501}"="" "{C3AFD8A2-4F22-49AB-8469-3CA63D0B807E}"="" "{232C2213-4702-4A1B-936A-8D9D06B79DF5}"="" "{DBDD8DDA-9391-452D-A61A-7E856A14B823}"="" "{843019A1-83DB-4A67-8A65-CAD2DE814096}"="" "{5F0E784B-8A52-4BAB-9D74-A073B493DC9F}"="" "{8630DD0F-46B9-45FD-8C6D-9A2B38B84909}"="" "{C940C6E6-1ACA-4230-BFBD-E273FB25844A}"="" "{AAE4139D-BFF4-4786-9B7C-39F23DD89260}"="" "{D898B11B-5018-478C-8B59-764D138B6C2B}"="" "{49B5DD93-C2AB-4926-AE34-01E7EF735B15}"="" "{1C7CECCE-A11B-49B8-AAE1-CB64664EB0CB}"="" "{6AC220A8-06E2-4ABE-82E7-19DE247ED351}"="" "{C2950EA9-DB73-4926-B4A3-61FBBAED79CD}"="" "{97BFAAA0-D76B-41C9-93A0-8823BA75A9B0}"="" "{DE104FDF-8A22-4A4C-9203-12F85D639357}"="" "{BA404511-6B18-4C4E-9F27-072C41743DC3}"="" "{DA057171-FDC8-49F6-80DC-7874B9625D6D}"="" "{975E4D1D-273D-4D0C-9D20-66400CD8BFE3}"="" "{CAC10309-29C9-40F0-A63F-B421BD0F574C}"="" "{54FE52C0-369F-4BDF-ABDA-A0FEDEEF5B58}"="" "{0BDF17DC-0709-40CE-9283-BB9A715ECF9C}"="" "{B377CF70-33AF-49A3-8A5B-12D2AD84165E}"="" "{36E4EA45-A317-468C-B71E-0EA639A6D5A8}"="" "{C28E03B0-9DE3-4598-8557-071B59E2E19B}"="" "{E1E827E5-CDFC-45C4-8C9C-EC8978D04EF5}"="" "{DFF9B39A-C115-4FA5-99F9-D606AFD545B8}"="" "{AA760A3F-D559-4C51-81F0-F8C3C85A50A4}"="" "{25F62D6F-4DB4-4F74-BC3C-0078BA481C5D}"="" "{D356BBBC-AB73-4B6D-91DF-5A3F193B7AD6}"="" "{721C29B0-96C9-4684-9985-A0B8C92B23DB}"="" "{C455F5AD-2443-4480-AAFC-34F93ED0BBAF}"="" "{F666095E-8D83-4B84-9259-F5BFB1D6B64F}"="" "{6B48EAC2-CBE2-4AFB-9716-B3BCEB4B1DE9}"="" "{7AD8BF9E-5936-4130-BB94-B119DE978CC7}"="" "{2544623A-F060-4A6D-8E75-27F01B731DC1}"="" "{30BAD576-00DE-4ABB-B4A0-D6C2B6640C2E}"="" "{BD28CA8C-7E7C-4A78-8A17-3474F8C9820E}"="" "{64353876-6D73-4CEC-9C71-379DEEE7DDBC}"="" "{8166E094-F7B7-4BD4-9995-5F6F1BF559BC}"="" "{D21652C3-AB12-4790-BC4E-C6BC939EADEA}"="" "{AE635587-E6C2-4E2C-A2C3-7C55356561D5}"="" "{9881AC8E-EED2-4EB8-A4F0-A572770341A5}"="" "{8B562F8B-5E73-4F8F-AE8A-C1D420F33A92}"="" "{86A07D0D-B518-452E-B6B1-CCEEC47CDD6F}"="" "{77342782-1BD7-401E-A502-BC968A7FEEC5}"="" "{D3BD15CD-BE7D-4C9A-B9E8-E0941FE5DCC4}"="" "{DCF07928-554F-4AC7-AC08-DC35875B17E2}"="" "{71AC201C-C8C8-4616-881B-A1508775AC24}"="" "{6420A077-68D4-469F-92C8-6696D211CF2B}"="" "{543BD4FB-E3C3-489D-8D0C-A902C1F8C758}"="" "{9DD318C0-E230-4D96-9F5E-C243B7860F45}"="" "{7A883053-8748-496D-837F-B6BB125F8CAB}"="" "{246750F3-A765-491B-AC03-087174FEBC3F}"="" "{2BBECB07-D25C-45BA-A429-524CA4B35375}"="" "{D94B986C-E1C3-4F70-B7EF-906F8DA25D2C}"="" "{AFAC74DA-9746-4539-A5A4-254976CB8C39}"="" "{AB961CC0-724C-4EAE-B883-29C5386A7591}"="" "{34DDDAB3-765E-463E-AA8E-C6C706AE5ECB}"="" "{45D32A6E-7E72-4257-99DA-914BBC3AEC03}"="" "{90C527CF-5E22-40C4-AA35-8725543FA1FD}"="" "{F68E6A59-6681-46B7-BBA1-CF031BBA97F9}"="" "{1555F750-009D-45CB-A654-4026CB95A76A}"="" "{05F83C8C-E149-438B-8C87-C9869620A4A2}"="" "{163D7F22-224F-41E8-AFFA-FFD067390C5B}"="" "{AE81D214-7BD6-404E-BA76-E337A846F8B9}"="" "{324C20A9-B864-493E-88DF-5A2DAB43C289}"="" "{24F95B08-0CEE-4DC3-8CEB-58AC859EBA90}"="" "{637C34C4-3C0F-4354-AF99-4A5AD7D143D7}"="" "{5B46C989-B019-4E88-B95F-7D681950359D}"="" "{5DE62013-33D7-4A9A-BB7D-E99153AD0FC3}"="" "{8B430A53-B15B-49E9-AF9A-4811A5FFE97A}"="" "{304D6B50-55B2-4FD2-A138-54C71B2A5C1A}"="" "{D7E76C7A-D498-44CE-AD64-8D14F157616F}"="" "{E6AA9A6C-80CA-4FCB-B3EC-CFF2378C51F5}"="" "{C07C34F4-5A62-4208-8DBE-3CA5C4E3AFC3}"="" "{6F7C5D2B-23A2-478E-8FFF-1878017D9D46}"="" "{72CECF30-3182-43EA-A4A2-D42DA2A14831}"="" "{05295F6A-2F6B-4656-9E26-4DDBA3514143}"="" "{3E466E11-7BF4-403A-806D-5DFA1C5E0BF4}"="" "{EC20A1DE-7AEB-45BA-81A6-14D70934718F}"="" "{8F0BA37F-8DFB-4553-9E93-6996045EEC5F}"="" "{B8AFF97D-8F7C-4022-8431-D33B76BA5A59}"="" "{101B7284-8732-437F-86AD-5D0FCEB82CAB}"="" "{D05F04E6-1556-4D12-AF60-7209D76C56C9}"="" "{786227F6-C147-4541-A12C-382644BA3933}"="" "{2C02D742-F8EE-45A8-A081-F0B0D2143AE8}"="" "{70BB30B9-485A-4F86-A12E-D69F44176DAD}"="" "{EC41741D-2BBC-4256-9464-275418A59767}"="" "{EDB8EEA1-EE24-4978-A030-FA9ED1CB8DEB}"="" "{213F5807-32E2-4424-9860-1A8C43E93CC6}"="" "{CD637544-7F74-43E8-8C78-27E7574A5115}"="" "{8AED5DB5-3217-40C0-9EF4-891EF7AB3790}"="" "{84AC9C49-97E5-4F0D-B32B-7C113C96A399}"="" "{775BAFFE-6D10-4299-A1E9-2570C699C19A}"="" "{0C199277-4368-4C9B-BEDA-738CA931B9F1}"="" "{5CF6798A-03A1-4B86-9830-4847527BCCE8}"="" "{5ED675B6-F3D2-4890-9416-F872B529FF28}"="" "{D1EE2162-4F87-4022-A162-EAD69429378F}"="" "{20E60C63-5806-4748-BD91-90E0268FF794}"="" "{BECE34DB-4C86-4BDF-A4D1-2BCD6B70C363}"="" "{368017BC-9BCE-49A5-9635-5D327389A454}"="" "{460244BF-DC92-45B0-97BB-D6D6E35F1B78}"="" "{2F79591D-61E9-42A2-8E3D-CF1411882D15}"="" "{8CB04152-1BF6-4E2D-8441-A0F60990744A}"="" "{641658DA-4BA2-429B-8F41-27D7E9904A23}"="" "{6E31582B-DBEC-499B-98D5-91BCC85EFD7B}"="" "{C54B5FDF-B464-4921-BD72-47A7BAD32707}"="" "{42DD6D87-EF84-4F5F-8714-833F2CF7864A}"="" "{00E79B6A-F239-469B-BF11-6BFCF975E046}"="" "{6D5CC850-226C-4EA1-9EAC-92D73D928B87}"="" "{E323BFE9-FAAE-487C-88A1-F89D0CEF3BA4}"="" "{6ABB3F4E-1D10-4825-8089-7FEF8D0DFD92}"="" "{732655BE-AB7B-4428-BC86-44FF1E480BA2}"="" "{9DBE4C0F-FDD5-4A35-812F-1DABFCC29808}"="" "{C5B71504-9D86-489E-AB1D-24CC92B65148}"="" "{B3FF4078-2433-418B-B6E1-42916BC81F9C}"="" "{0906B890-FAC9-43F0-A5D2-2342A31D292F}"="" "{CE155F72-777E-41F1-A204-9CC408F4AE6B}"="" "{E8079623-FF86-4362-B8BD-C7CF7C75782D}"="" "{85C9F047-B8FB-42D8-939B-9D0278A70C2E}"="" "{B97375D4-628C-4FF2-BDE4-31FF920D1734}"="" "{F052EB5F-E4DC-4E3D-8250-E5D1EC8F1A9B}"="" "{33A07717-6AD7-49A0-90F3-646A3EB5FA5D}"="" "{645258BA-5FA2-4432-92F1-3FF8487509A8}"="" "{1890E15B-523D-426C-86C3-160005FCFF9F}"="" "{1E1F1066-4936-4D84-8119-370ED79400A7}"="" "{DB1EDCFA-C5BE-4767-89E3-01E78AC2A8E7}"="" "{1058F11D-215A-4F8A-8FE8-E79E0EEB935F}"="" "{535EB099-4655-4F39-B70C-E367043911D5}"="" "{BB5BB8CE-91E6-4534-81F0-1D6EC398577F}"="" "{43BCCE1C-44FE-4157-B88E-39D5B21C0847}"="" "{9598E7B3-24E4-438D-A4A4-5C53E287D7B5}"="" "{87ABC0A5-E44D-4E8B-8B6F-F56FD0B8B777}"="" "{48A46381-5CDC-4613-88C7-E5360C685CE8}"="" "{D12D049D-5DC4-40F6-8FD5-C7C75F07557B}"="" "{575D4F04-C7EA-4525-9BE0-7811A03C328C}"="" "{E6C26026-20F9-4ED9-BEA3-EFE10000D698}"="" "{EC22B78A-1027-4624-8842-5CB3142F783D}"="" "{E658E558-F23F-485C-8205-F3B081879DA3}"="" "{F3EB74B4-D963-43DD-ADC8-D27C739C885D}"="" "{4D9CCDAC-11FD-462A-A8CB-ECF5E0BB1B58}"="" "{9274AE36-AEBD-464A-B350-58BE3D999ADD}"="" "{C2B631C5-FE3B-477E-B601-B475E6B8845C}"="" "{BCA9A665-72E1-44CC-AAE2-EAE2B179A3C1}"="" "{CFD141C8-3E36-4A42-B165-6CBC036C5EAC}"="" "{35091830-3879-40A3-A1F1-3E5F6E96B9DB}"="" "{476935D6-C5C0-48C1-A38B-DEA7BC529042}"="" "{083F073D-1E37-4711-AE3F-6D4882B1CD9E}"="" "{D1800BB5-83D6-4231-9C0B-28AA0911E0C1}"="" "{B78C6E9A-606F-4650-A9C3-E30D12F8515C}"="" "{936A2861-F43C-4F45-ABE0-E6E2999F7C1F}"="" "{B3C0C051-09E0-4C09-B53B-B994F11F973C}"="" "{31D1323D-9D76-4CF5-A215-F18D145DC788}"="" "{81287D43-6531-4DFF-814F-0EDA8389392E}"="" "{0CA3A02C-F207-470B-9E57-B494F4AFCCB6}"="" "{E90F038C-6930-4C8A-810C-0B7EAE6838EF}"="" "{F6FF6CD8-14EE-4CF9-9CCB-EB236838C8E8}"="" "{5F23EFC0-AC63-48E3-BF2F-256215CED20D}"="" "{12E5615B-BD90-48CF-A2AF-0DDC0F3E9A8D}"="" "{505AE454-4DA1-4BB9-BCD8-69FBDDF99E7B}"="" "{78B95B78-461D-4F81-9FCB-21FD3DBDD43D}"="" "{692C3CDE-40A7-47B8-824C-B3B108B43E4A}"="" "{B63D54A6-0E14-470F-B41C-049A960A8231}"="" "{0A5B3698-F497-4903-9FF2-46E985E562BA}"="" "{4B843075-2F73-42FB-A274-B2C8EF1CE529}"="" "{A35ACE96-029F-41B7-9B72-754931445214}"="" "{37D9557C-EBEA-47BE-A922-08778627C28B}"="" "{6448381B-EABB-4447-8FDE-4A853CCC14EF}"="" "{19F26C85-CE43-47CE-A816-4EC787E5B47B}"="" "{B8D9AF10-7F8A-4858-AFD7-CEDABFCC421C}"="" "{35E8BB01-25F1-438F-B9D8-86E0C8E37416}"="" "{D76B6438-D9C3-49EC-B188-667F8C5555BB}"="" "{C42EC6FC-59B3-4BB7-A876-6CFFBFE38628}"="" "{55BF233D-8EC0-4F10-86E4-4DCC0FF42F7E}"="" "{F97B0212-11D9-4719-9752-1C7B666CD3E8}"="" "{6AE0F00C-318C-4C07-A31F-C0CFF67696FD}"="" "{29662DE1-BB4A-4EB4-9738-6A428BF42DCD}"="" "{5FF83BB1-E69D-4043-A90B-885E3F96EC0C}"="" "{E4C1C864-9B03-4015-8C45-FF5543917322}"="" "{1B56E599-47AE-4A22-85C3-C1F12B02EF11}"="" "{6038F2F9-D9EC-42AA-9AFA-FD5BF7D2925C}"="" "{5E309780-B48E-4F46-9D48-17E471FADFDA}"="" "{F59BD678-D298-4BB0-902B-5E0C93F9C0ED}"="" "{83CAE9D4-5462-4F83-8092-AE25DD19FC8A}"="" "{2F77367F-3F63-495C-BAF3-D4272488AF65}"="" "{28C8A6D3-D5D0-46B4-A7B3-2F298FBC2AB2}"="" "{B51AD2E1-0A7A-4009-8CC9-22F1A8B61E35}"="" "{FF322C02-8800-4DA9-B24E-074BA02AF16A}"="" "{B20AFD07-7134-46E6-A8BC-854E3D5519CE}"="" "{E253097A-7A0E-443C-BD86-30146E06B133}"="" "{331B7769-4794-48E0-9AE6-1004933D767F}"="" "{2AC3FE5F-D522-4E1C-8226-439F530C5B9D}"="" "{7E6D9F59-1CDE-4AC4-B4B5-1DD6068B6947}"="" "{AA9DBD00-638C-41D3-8911-D6C91BACE1DE}"="" "{812C39CB-C9F9-48FE-AE25-0D9BB71F3D72}"="" "{6C57E3E6-C81F-422A-8CB9-16A324493227}"="" "{9A37B8C1-BE1A-4616-9246-DA8AB278DD10}"="" "{90F8CB03-5CCD-42D8-9E8B-0B074D249450}"="" "{730255D0-A343-40D5-A924-3101533C6E01}"="" "{8FAAFF1E-C9E2-4874-A0B0-A4084C02D05D}"="" "{EAC729C0-4A3F-4BB0-8B8A-1557B076C245}"="" "{1C076348-8A8D-4E7C-8292-B4EC23B7C231}"="" "{B9C69DC9-B34D-4B86-A326-5B3B8CD9E041}"="" "{5B98F681-F149-442D-ADC7-B753A04C1B4E}"="" "{44FF4F6D-92DE-4582-BC48-A24B35391A6D}"="" "{5E80CD3A-0FB3-4A3E-9FD8-06EF7CFF8DFF}"="" "{C1DD1AA5-04F4-494E-BB0B-DE4ACF362B54}"="" "{76BF029B-DE0C-46CA-969E-75C59561C739}"="" "{CD53B415-1FB9-4CD8-B208-CA018E9A90E4}"="" "{CADA05EC-5EFE-4152-AC1D-B726FD2A86AD}"="" "{249CE653-1BD3-49D6-8F2F-02C9F177E589}"="" "{46CF6650-88A9-46F6-92A4-82C3A752293F}"="" "{6A8BF2E2-B4B9-4F70-9446-D59583CA9680}"="" "{610B5B50-45C2-4579-B385-ED30E90D5E04}"="" "{106947A1-5F8B-4616-B0AD-FF00F3B993F7}"="" "{79F4DF41-906A-475F-8C13-D01735AC79C8}"="" "{8F4B073C-D73A-4BEF-9D06-6313AC8996CB}"="" "{0A92776D-2BC0-4D99-8A2E-FF305D3BCCBB}"="" "{04CE2F69-52D6-4797-900B-0DF09BD023F3}"="" "{945E1510-97A1-405D-BE04-EB3B79A87979}"="" "{71C02B14-C3F2-4FA6-BD26-F0CB7A71CE8E}"="" "{ED96A3EB-D656-4A2B-AC79-A983CED22469}"="" "{DE07AEA0-99ED-440A-A48D-D5490D53E633}"="" "{4E89AF34-2B57-4F69-ADE5-86C1A59C2BC6}"="" "{01EC7054-AC94-4316-BEEA-32F93F0C4408}"="" "{2E2B0F8D-C315-432D-80B1-CDF14262EA9D}"="" "{AF7488AA-0A62-4BB2-8B99-B8F787876F94}"="" "{75C023DE-70EA-438C-B207-DF738969A77C}"="" "{B3FFB5CD-E82B-4C72-AE02-3EBCD54C8960}"="" "{05DBADF6-38B3-42C0-B0CB-8A98BC903ACA}"="" "{FEE955E4-2F92-4E14-84D5-4C11C49E96C1}"="" "{7C1413CA-9757-44AA-B8E7-E9B87FE70862}"="" "{AE561E5C-EF99-41AC-9331-0E8DC74B5038}"="" "{0CAD8DDC-3DC4-4258-842C-F3DFF5695076}"="" "{51BA88BC-6A76-4B03-A1D8-86DF189BA427}"="" "{7D9D78BE-9F49-481B-BE74-6527BDE754AB}"="" "{A018763D-2430-4378-B713-094BB4126138}"="" "{3631ECB2-DCC4-4DB4-BF92-392203A83BF5}"="" "{E4887741-FFDD-4915-AF31-0CAEF9F8A34E}"="" "{5D8F0D47-8285-4001-B0C7-40EE4B35BF70}"="" "{E4CD576A-F796-4C65-8278-16DB3C69EDCB}"="" "{CB4D5CCD-1C56-4410-82B1-B6F056D620B2}"="" "{0DC26155-3CAA-4F7E-9298-4D577217A48E}"="" "{D350F2E5-4EA8-4320-8E9E-2CCAA2EA1BA7}"="" "{1176402F-D92F-45F0-952B-76829AF49DF0}"="" "{A2B295E9-736B-40AB-B280-589BC8F549BB}"="" "{F820F8C6-7456-4ADC-B024-A752C6B2FB2B}"="" "{51E53C97-EF04-4351-B621-6B949206FDF2}"="" "{17FA03B0-542C-4C8A-8AF2-4AF973E27FCD}"="" "{E6CDB83B-9ADF-4398-BF0C-F44BAF013815}"="" "{5F497825-9BA5-4D7A-B38C-F7FEAF2175A5}"="" "{EF3AA6BC-418B-4865-A23D-F207EEDA49B9}"="" "{55C2583F-25FA-4496-9207-45877857EB2B}"="" "{A02B1062-B069-4C01-81BD-86589B2F4B2B}"="" "{0E3A1245-7BBA-4183-A65F-84E61EE2A3D0}"="" "{B03D6A69-FD9E-4F65-A8AA-F1C48B8F6140}"="" "{37248B4F-0F6B-4012-A7B0-83566E3DEA01}"="" "{3D6D87E2-AD89-45B5-AFD6-D31862BEC714}"="" "{AAFA949E-3515-4D61-8430-F7CF5B91A3AC}"="" "{21A878A1-8B54-428E-B455-6D7653ED4A19}"="" "{077D0B02-54B1-4F65-9CE3-C72A01CF3A5A}"="" "{364000BE-B7FB-4DA1-B87A-CEC5C394E52F}"="" "{601B9D26-ED1E-47AC-B352-35B7046571F1}"="" "{36EE3F03-981B-43C4-8795-F5B2B895CFB2}"="" "{B55D9405-915A-402F-AE41-7A54934B902D}"="" "{402B87AC-BAC1-4C75-B855-91E355024A89}"="" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(5436) C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll ------------------------ Other Running Processes ------------------------ C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\conhost.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe ************************************************************************** Completion time: 2012-10-18 19:36:31 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-18 11:36:30 Pre-Run: 328,132,829,184 bytes free Post-Run: 327,921,541,120 bytes free - - End Of File - - 26FCF616E587C2AB93E5B293A48A568E
  9. RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 10/17/2012 21:39:04 ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\MSVCP110.dll -> UNLOADED [sUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\MSVCP110.dll -> UNLOADED [sUSP PATH][DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\MSVCP110.dll -> UNLOADED ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\RunOnce : Uninstall C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727 (C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727") -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3429488616-1519292121-1956305698-1000[...]\RunOnce : Uninstall C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727 (C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727") -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Windows\2012 GG Screensaver.scr) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x8371754D -> HOOKED (Unknown @ 0x870246F8) SSDT[14] : NtAlertThread @ 0x8369FB3F -> HOOKED (Unknown @ 0x870247D8) SSDT[19] : NtAllocateVirtualMemory @ 0x8364CF85 -> HOOKED (Unknown @ 0x87023BD0) SSDT[22] : NtAlpcConnectPort @ 0x83660299 -> HOOKED (Unknown @ 0x8645D528) SSDT[43] : NtAssignProcessToJobObject @ 0x836B87E4 -> HOOKED (Unknown @ 0x86E18818) SSDT[74] : NtCreateMutant @ 0x836AF1FE -> HOOKED (Unknown @ 0x86FF78C0) SSDT[86] : NtCreateSymbolicLinkObject @ 0x8362E1AD -> HOOKED (Unknown @ 0x86490108) SSDT[87] : NtCreateThread @ 0x8371575E -> HOOKED (Unknown @ 0x866B7CD8) SSDT[88] : NtCreateThreadEx @ 0x8369E831 -> HOOKED (Unknown @ 0x864901D8) SSDT[96] : NtDebugActiveProcess @ 0x836E7EC8 -> HOOKED (Unknown @ 0x87023B50) SSDT[111] : NtDuplicateObject @ 0x8369A8E5 -> HOOKED (Unknown @ 0x87023D28) SSDT[131] : NtFreeVirtualMemory @ 0x834C021C -> HOOKED (Unknown @ 0x870268A8) SSDT[145] : NtImpersonateAnonymousToken @ 0x83693266 -> HOOKED (Unknown @ 0x87024538) SSDT[147] : NtImpersonateThread @ 0x83671281 -> HOOKED (Unknown @ 0x87024618) SSDT[155] : NtLoadDriver @ 0x835E4466 -> HOOKED (Unknown @ 0x8644A138) SSDT[168] : NtMapViewOfSection @ 0x83679B9C -> HOOKED (Unknown @ 0x870267C8) SSDT[177] : NtOpenEvent @ 0x8366FFA5 -> HOOKED (Unknown @ 0x86FF77E0) SSDT[190] : NtOpenProcess @ 0x8365BF35 -> HOOKED (Unknown @ 0x870200D8) SSDT[191] : NtOpenProcessToken @ 0x8369928D -> HOOKED (Unknown @ 0x870232A0) SSDT[194] : NtOpenSection @ 0x836A8A20 -> HOOKED (Unknown @ 0x86FF7600) SSDT[198] : NtOpenThread @ 0x836B1B28 -> HOOKED (Unknown @ 0x870023C0) SSDT[215] : NtProtectVirtualMemory @ 0x836804B3 -> HOOKED (Unknown @ 0x86FF7480) SSDT[304] : NtResumeThread @ 0x8366BF24 -> HOOKED (Unknown @ 0x86FF7F88) SSDT[316] : NtSetContextThread @ 0x83716FF9 -> HOOKED (Unknown @ 0x87024DC0) SSDT[333] : NtSetInformationProcess @ 0x8364A2AF -> HOOKED (Unknown @ 0x87024EA0) SSDT[350] : NtSetSystemInformation @ 0x8362763C -> HOOKED (Unknown @ 0x87023698) SSDT[366] : NtSuspendProcess @ 0x83717487 -> HOOKED (Unknown @ 0x86FF76E0) SSDT[367] : NtSuspendThread @ 0x836D1363 -> HOOKED (Unknown @ 0x87024C00) SSDT[370] : NtTerminateProcess @ 0x8365C414 -> HOOKED (Unknown @ 0x87025040) SSDT[371] : unknown @ 0x83673965 -> HOOKED (Unknown @ 0x87024CE0) SSDT[385] : NtUnmapViewOfSection @ 0x8369C538 -> HOOKED (Unknown @ 0x87024F70) SSDT[399] : NtWriteVirtualMemory @ 0x8368C2C5 -> HOOKED (Unknown @ 0x87026978) S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x8734D978) S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x87361B40) S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x870EC938) S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x87421B60) S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x87422AE8) S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x87484100) S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x863B8670) S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x873619F0) S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x873B19C8) S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x8741C838) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost #[iPv6] 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 aconti.net 127.0.0.1 secure.aconti.net 127.0.0.1 www.aconti.net #[Dialer.Aconti] [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKX-221CA0 ATA Device +++++ --- User --- [MBR] 2c405caade8550823bfbf08d8cffbb15 [bSP] f57f0610176664743bad23659f79e138 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EADS-00L5B1 ATA Device +++++ --- User --- [MBR] 10559c0d6846e0abda76675030b47cfb [bSP] 2810de4fae0d84d37c859df7a3401bd2 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953865 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  10. My pc was infected with this software. Google and found that its a scamware... I do a lot of online transaction and online I-banking so will need help to remove it asap.. Malwarebytes Anti-Malware (PRO) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.16.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Owner :: WINDOWSVISTA [administrator] Protection: Enabled 10/17/2012 6:53:57 PM mbam-log-2012-10-17 (18-53-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 266674 Time elapsed: 20 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Owner at 19:10:49 on 2012-10-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.345 [GMT 8:00] . AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} FW: Cloud Antivirus Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Windows\system32\dgdersvc.exe C:\Windows\system32\FsUsbExService.Exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Internet Download Manager\idman.exe C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Smart PC Cleaner\SPCSmartScan.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\rundll32.exe C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Java\jre7\bin\javaw.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\CCleaner\CCleaner.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A9T&apn_uid=7418299174944100&p2=^A9T^YYYYYY^YY^US uSearch Bar = Preserve mStart Page = hxxp://www.google.com uProxyOverride = proxy.singnet.com.sg BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.1.1.2\ips\IPSBHO.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - c:\program files\searchresults1\searchresultsDx.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.1.1.2\CoIEPlg.dll TB: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - c:\program files\searchresults1\searchresultsDx.dll uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [skyDrive] "c:\users\owner\appdata\local\microsoft\skydrive\SkyDrive.exe" /background uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [smart PC Cleaner] c:\program files\smart pc cleaner\SPCLauncher.exe mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe" mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [speetItUpFree] "c:\program files\speeditup free\speeditupfree.exe" StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:0 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-Explorer: EnableShellExecuteHooks = dword:1 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254238491099 DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.140.0.cab DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab TCP: NameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{7B230672-0023-4F2A-8E71-867FDC9F8867} : DHCPNameServer = 192.168.1.1 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 ads.bleepingcomputer.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\l72udwo9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com.sg/ FF - prefs.js: network.proxy.http - proxy.singnet.com.sg FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\microsoft\search enhancement pack\default manager\dmextension\components\FFGlobalExtension.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll FF - ExtSQL: !HIDDEN! 2009-06-26 03:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1401010.002\SymDS.sys [2012-9-6 368288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys [2012-9-6 926880] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-2-9 752128] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-2 995488] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys [2012-9-6 134304] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\ipsdefs\20121013.001\IDSvix86.sys [2012-10-16 386720] R1 NNSALPC;NNSALPC;c:\windows\system32\drivers\NNSAlpc.sys [2012-6-27 82472] R1 NNSHTTP;NNSHTTP;c:\windows\system32\drivers\NNSHttp.sys [2012-6-27 120744] R1 NNSIDS;NNSIDS;c:\windows\system32\drivers\NNSIds.sys [2012-6-27 122664] R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\drivers\NNSNAHSL.sys [2012-6-27 28712] R1 NNSPICC;NNSPICC;c:\windows\system32\drivers\NNSpicc.sys [2012-6-27 93992] R1 NNSPIHSW;NNSPIHSW;c:\windows\system32\drivers\NNSPihsw.sys [2012-6-27 60968] R1 NNSPOP3;NNSPOP3;c:\windows\system32\drivers\NNSPop3.sys [2012-6-27 104104] R1 NNSPROT;NNSPROT;c:\windows\system32\drivers\NNSProt.sys [2012-6-27 286376] R1 NNSPRV;NNSPRV;c:\windows\system32\drivers\NNSPrv.sys [2012-6-27 153000] R1 NNSSMTP;NNSSMTP;c:\windows\system32\drivers\NNSSmtp.sys [2012-6-27 106536] R1 NNSSTRM;NNSSTRM;c:\windows\system32\drivers\NNSStrm.sys [2012-7-12 206632] R1 NNSTLSC;NNSTLSC;c:\windows\system32\drivers\NNStlsc.sys [2012-6-27 92840] R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2012-7-13 174632] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys [2012-9-6 175264] R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1401010.002\symnets.sys [2012-9-6 338592] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960] R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-2-9 3246040] R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-12-20 95568] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-5-1 217088] R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-10-10 99192] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-11 676936] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2012-8-11 95200] R2 N360;Norton 360;c:\program files\norton 360\engine\20.1.1.2\ccSvcHst.exe [2012-9-6 143928] R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2012-7-13 140064] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-1-2 1258856] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-7-13 148520] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-7-13 103464] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-7-13 114216] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-7-13 120872] R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2012-7-13 36640] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-2-9 167968] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 18120] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-25 106656] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-5-1 36640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-6 22856] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-17 40776] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-9-24 149352] R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2012-10-16 46280] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-8 27632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-19 250808] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-1 30312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-2-5 115184] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-3-26 18432] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-1 96488] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-1 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-1 121576] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-1 98152] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-8-19 26112] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-6-30 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-30 1343400] . =============== Created Last 30 ================ . 2012-10-17 10:53:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-10-16 16:27:04 -------- d-----w- c:\programdata\DriverGenius 2012-10-16 16:26:17 -------- dc----w- c:\users\owner\appdata\roaming\Smart PC Cleaner 2012-10-16 15:55:48 -------- dc----w- c:\program files\Smart PC Cleaner 2012-10-16 15:55:48 -------- dc----w- c:\program files\searchresults1 2012-10-16 11:45:59 58864 -c--a-w- c:\program files\mozilla firefox\libEGL.dll 2012-10-16 11:45:59 473584 -c--a-w- c:\program files\mozilla firefox\libGLESv2.dll 2012-10-16 11:45:59 2846192 -c--a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-10-16 11:45:59 276464 -c--a-w- c:\program files\mozilla firefox\freebl3.dll 2012-10-16 11:45:59 115184 -c--a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-10-16 11:45:58 916976 -c--a-w- c:\program files\mozilla firefox\firefox.exe 2012-10-16 11:45:57 2106216 -c--a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2012-10-16 11:45:57 1998168 -c--a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2012-10-16 11:45:56 73712 -c--a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-10-16 11:45:56 261616 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-10-16 11:45:56 18928 -c--a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2012-10-16 11:45:56 115696 -c--a-w- c:\program files\mozilla firefox\crashreporter.exe 2012-10-16 11:33:37 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2012-10-14 05:07:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2012-10-14 04:52:11 -------- d-----w- c:\windows\7104189AC5924A56AC9E7C0CA135DA3C.TMP 2012-10-14 04:51:59 -------- dc----w- c:\program files\common files\Wise Installation Wizard 2012-10-13 01:12:12 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-10-10 09:39:17 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 09:39:09 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 09:36:33 99192 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2012-10-01 14:23:52 -------- d-----w- c:\users\owner\appdata\local\FLT 2012-10-01 14:00:11 -------- dc----w- c:\program files\F1 2012 2012-09-26 09:35:38 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-25 00:40:15 -------- d-----w- c:\windows\CheckSur 2012-09-24 14:46:50 3487434 ----a-w- c:\windows\system32\nvcoproc.bin . ==================== Find3M ==================== . 2012-10-15 11:02:53 139128 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-10-15 11:02:45 215128 -c--a-w- c:\windows\system32\PnkBstrB.xtr 2012-10-15 11:02:45 215128 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-10-14 08:07:29 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-10-13 01:11:56 746984 -c--a-w- c:\windows\system32\deployJava1.dll 2012-10-10 10:10:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 10:10:46 1159680 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 10:10:46 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 10:08:50 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 09:50:38 542208 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 09:50:34 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-10 09:50:34 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-09 16:22:14 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 16:22:14 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-12 17:17:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 17:17:46 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 17:17:38 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 17:17:38 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-12 17:17:38 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 17:11:27 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-07 09:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-06 11:52:23 142496 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-08-30 15:57:55 645992 ----a-w- c:\windows\system32\nvvsvc.exe 2012-08-30 15:57:54 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-08-30 15:57:54 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-08-30 15:57:32 3963240 ----a-w- c:\windows\system32\nvcpl.dll 2012-08-30 15:57:27 2836840 ----a-w- c:\windows\system32\nvsvc.dll 2012-08-30 02:40:14 429416 ----a-w- c:\windows\system32\nvStreaming.exe 2012-08-25 03:00:42 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-08-15 11:40:56 400896 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 11:40:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 11:40:06 492032 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 11:40:06 317440 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 11:39:00 41984 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 11:39:00 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-15 11:38:17 769024 ----a-w- c:\windows\system32\localspl.dll 2012-08-11 01:26:42 585888 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\srtsp.sys 2012-08-08 05:18:19 926880 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys 2012-08-07 18:42:43 134304 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys 2012-07-28 03:25:32 368288 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\SymDS.sys 2012-07-28 03:05:21 175264 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys 2012-07-27 19:09:02 57792 ----a-w- c:\windows\system32\sirenacm.dll 2012-07-27 18:54:00 321472 ----a-w- c:\windows\WLXPGSS.SCR 2012-07-26 11:08:06 862664 ----a-w- c:\windows\system32\msvcr110.dll 2012-07-26 11:08:06 534480 ----a-w- c:\windows\system32\msvcp110.dll 2012-07-26 11:08:06 251864 ----a-w- c:\windows\system32\vccorlib110.dll 2012-07-26 11:08:06 153536 ----a-w- c:\windows\system32\atl110.dll 2012-07-26 11:08:06 115656 ----a-w- c:\windows\system32\vcomp110.dll 2012-07-23 01:34:24 338592 -c--a-r- c:\windows\system32\drivers\n360\1401010.002\symnets.sys 2012-07-22 14:22:18 772592 -c--a-w- c:\windows\system32\npdeployJava1.dll . ============= FINISH: 19:14:26.70 =============== attach.txt
  11. any update?
  12. For hyunaya.com not sure whats the ip since Malwarebytes did not block it? had post the norton 360 screenshot http://imgur.com/vV8ZA 93.190.141.158 for http://www.am-addiction.com 89.149.226.178 for http://wiki.d-addicts.com/
  13. hyunaya.com is not block norton 360 block almost all the images.. http://www.am-addiction.com is block << FP its a forum for Korean POP wiki.d-addicts.com/ is block FP too..
  14. 66.212.28.215 website http://forums.sgclub.com its a Singapore base forum.
  15. with (89.149.226.178) is block