Inactive Search engine redirect and system tray icons not reappearing

[msmall10]

i tried running it last month, but i was working remotely, so i wasn't able to do it. There's only two txt files in that folder: Add-Remove Programs and ComboFix-quarantined- files.
Everything seems to be working. Every so often the window im working in flickers, but i just right click and it stops.

 

[crunchie]

Ok. Just do an on-line scan for me please.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan​

• Trend Micro HouseCall​

• F-Secure Online Virus Scanner​

 

[msmall10]

C:\Documents and Settings\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application
C:\Documents and Settings\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application
C:\Documents and Settings\matt small\Downloads\registrybooster(2).exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\ProgramData\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application
C:\Programs&Games\Microsoft Office 2010 Activator [KMS Activator] - www.GuruFuel.com.rar a variant of Win32/HackKMS.A application
C:\Programs&Games\Sony Vegas Pro 9 + Crack and KeyGen.rar a variant of Win32/Keygen.AR application
C:\Users\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application
C:\Users\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application
C:\Users\matt small\Downloads\registrybooster(2).exe Win32/RegistryBooster application
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\ehep0.jar a variant of Java/TrojanDownloader.Agent.NAL trojan



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# plugin-container.exe=1.9.2.13
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=eb83c9ce817ac54ab89fa3e4d56f56ec
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-05 09:54:19
# local_time=2011-01-05 04:54:19 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 3726552 45740588 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=393459
# found=12
# cleaned=0
# scan_time=25463
C:\Documents and Settings\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\matt small\Downloads\registrybooster(2).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Programs&Games\Microsoft Office 2010 Activator [KMS Activator] - www.GuruFuel.com.rar a variant of Win32/HackKMS.A application (unable to clean) 00000000000000000000000000000000 I
C:\Programs&Games\Sony Vegas Pro 9 + Crack and KeyGen.rar a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\matt small\Downloads\registrybooster(2).exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\ehep0.jar a variant of Java/TrojanDownloader.Agent.NAL trojan (unable to clean) 00000000000000000000000000000000 I

 

[crunchie]

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi
C:\Documents and Settings\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi
C:\Documents and Settings\matt small\Downloads\registrybooster(2).exe
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\ProgramData\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi
C:\Programs&Games\Microsoft Office 2010 Activator [KMS Activator] - www.GuruFuel.com.rar
C:\Programs&Games\Sony Vegas Pro 9 + Crack and KeyGen.rar
C:\Users\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi
C:\Users\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi
C:\Users\matt small\Downloads\registrybooster(2).exe
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV \ehep0.jar

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[msmall10]

ComboFix 11-01-02.04 - matt small 01/06/2011 11:24:08.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1485 [GMT -5:00]
Running from: c:\users\matt small\Desktop\ComboFix.exe
Command switches used :: c:\users\matt small\Desktop\CFScript.txt
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\documents and settings\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi"
"c:\documents and settings\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi"
"c:\documents and settings\matt small\Downloads\registrybooster(2).exe"
"c:\program files\Uniblue\RegistryBooster\Launcher.exe"
"c:\program files\Uniblue\RegistryBooster\registrybooster.exe"
"c:\programdata\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi"
"c:\programs&games\Microsoft Office 2010 Activator [KMS Activator] - www.GuruFuel.com.rar"
"c:\programs&games\Sony Vegas Pro 9 + Crack and KeyGen.rar"
"c:\users\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi"
"c:\users\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi"
"c:\users\matt small\Downloads\registrybooster(2).exe"
"c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV \ehep0.jar"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Uniblue\RegistryBooster\Launcher.exe
c:\program files\Uniblue\RegistryBooster\registrybooster.exe
c:\programdata\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi
c:\users\All Users\Application Data\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi
c:\users\All Users\VistaCodecs\{485E22DC-9EFE-4E26-AAA2-792BB0784D74}\Vista Codec Package.msi
c:\users\matt small\Downloads\registrybooster(2).exe

.
((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.

2011-01-06 16:53 . 2011-01-06 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-04 04:42 . 2011-01-04 04:42 -------- d-----w- c:\users\matt small\AppData\Local\Threat Expert
2011-01-02 22:48 . 2011-01-02 22:48 -------- d-----w- c:\program files\ZSoft
2011-01-02 01:23 . 2011-01-02 01:23 -------- d-----w- c:\program files\ESET
2011-01-02 00:36 . 2011-01-02 00:36 -------- d-----w- C:\_OTL
2010-12-26 23:30 . 2010-12-31 02:55 -------- d-----w- c:\program files\Xilisoft
2010-12-26 19:25 . 2010-12-31 02:42 -------- d-----w- c:\program files\CCleaner
2010-12-26 01:18 . 2010-12-26 01:18 -------- d-----w- c:\program files\iPod
2010-12-26 01:18 . 2010-12-31 02:44 -------- d-----w- c:\program files\iTunes
2010-12-26 01:18 . 2010-12-26 01:20 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-23 22:38 . 2010-12-31 02:42 -------- d-----w- c:\program files\Free Window Registry Repair
2010-12-23 19:53 . 2010-12-23 19:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
2010-12-18 17:56 . 2011-01-03 02:52 -------- d-----w- c:\users\matt small\AppData\Roaming\vlc
2010-12-15 20:01 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 20:01 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-10 10:55 . 2010-12-10 10:55 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 19:54 . 2010-01-07 00:50 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-12-23 19:53 . 2010-05-19 07:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-12-23 07:42 . 2010-05-01 18:37 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-12-23 07:41 . 2010-05-20 08:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-12-20 23:09 . 2010-11-24 03:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-11-24 03:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 07:13 . 2010-01-07 00:50 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-08 18:12 . 2007-09-30 03:33 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 18:11 . 2007-09-30 03:33 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 18:11 . 2007-09-30 03:33 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 18:11 . 2007-09-30 03:33 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-25 05:11 . 2010-11-25 04:51 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-25 05:11 . 2010-11-25 04:52 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-12 23:53 . 2010-05-23 14:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-10 07:49 . 2010-07-07 18:55 4323040 ----a-w- c:\windows\system32\drivers\LVUVC.sys
2010-11-10 07:49 . 2010-07-07 18:54 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-11-10 07:49 . 2010-07-07 18:54 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-11-10 07:48 . 2010-11-10 07:48 283744 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-11-10 07:47 . 2010-11-10 07:47 195168 ----a-w- c:\windows\system32\lvci13101216.dll
2010-11-10 07:47 . 2010-07-07 18:50 416352 ----a-w- c:\windows\system32\LVCodec2.dll
2010-11-10 07:46 . 2010-11-10 07:46 20704 ----a-w- c:\windows\system32\drivers\lvbusflt.sys
2010-11-10 07:45 . 2010-11-10 07:45 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-11-10 07:45 . 2010-11-10 07:45 10871128 ----a-w- c:\windows\system32\LogiDPP.dll
2010-11-10 07:45 . 2010-11-10 07:45 316248 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-11-10 07:32 . 2010-11-10 07:32 38238 ----a-w- c:\windows\system32\Repository.reg
2010-10-19 15:41 . 2009-10-03 05:57 222080 ------w- c:\windows\system32\MpSigStub.exe
.

------- Sigcheck -------

[7] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
[-] 2009-07-14 . C468ADABA2040F6585FE04EA4C81984A . 543232 . . [6.1.7600.16385] . . c:\windows\System32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\matt small\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-01 2397424]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-11 6703648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-27 1862144]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-11-25 1287120]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-7-18 576000]
MLB.TV NexDef Plug-in.lnk - c:\users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-5-13 802960]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-5 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-13 800032]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-27 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
PHOTOfunSTUDIO 5.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-5-17 172544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-16 721904]
R1 SABKUTIL;SABKUTIL; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e2c2e102d9f;Google Update Service (gupdate1c9e2c2e102d9f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
R2 TS_TFTP;TS TFTP;c:\program files\AnywhereTS\srv\srvstart.exe [2007-10-29 36864]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-06-19 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-19 29472]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 218592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2008-09-25 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 MCEBuddy;MCEBuddy Service;c:\program files\Tyrell\MCEBuddy\MCEBuddySvc.exe [2010-01-24 20480]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2010-11-10 20704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 102448]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - CFCATCHME
*Deregistered* - CFcatchme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmein.com/login.asp
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: webattend.com
Trusted Zone: webtrain.com
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} - hxxp://www.webattend.com/components/wt0523.cab
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=cce877c8fbf127563&browserVersion=8.0
FF - ProfilePath - c:\users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Personas Interactive: btpersonas@brandthunder.com - %profile%\extensions\btpersonas@brandthunder.com
FF - Ext: Fast Youtube Downloader: fastYoutubeDownloader@yevgenyandrov.net - %profile%\extensions\fastYoutubeDownloader@yevgenyandrov.net
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: MileWideBack: {dc0fa13c-3dae-73eb-e852-912722c852f9} - %profile%\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\matt small\AppData\Roaming\Move Networks
.
.

 

[msmall10]

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client\ccService\Channels]
@Denied: (C D) (Everyone)
"{258E4CF1-8035-474F-AF1B-30D6B9E4F55B}"="{3D8D3047-FF84-4703-A918-351E3745C966}"
"{6EEEC0B2-3418-4583-BD12-01AD3A35ED15}"="{68380BAF-A48A-4B14-876B-A54EE40DE840}"
"{7647BDA1-EF1E-489F-88CC-67B09631C987}"="{724A4FD9-1DF6-4668-A6E3-836C77B2B8E9}"
"{8152B3EB-E728-47A8-9388-EC9264F0CD75}"="{3D8D3047-FF84-4703-A918-351E3745C966}"
"{CDE9F31D-F3BF-4697-862E-A7330FA5DEE4}"="{724A4FD9-1DF6-4668-A6E3-836C77B2B8E9}"
"{E610EE94-FB92-45EF-8C2D-6805C31F608D}"="{83EBB44C-C727-47EB-9963-083878E71FF0}"
"{5A10FD38-3275-4C4B-97BF-283CA5AEA699}"="{255B818E-671E-4987-84AC-22116EBE364A}"
"{1D60D9F8-6F51-4145-B818-8C8A504856C4}"="{14201159-DCB9-4CEB-9F28-717E0DB9DC07}"
"{0F28522A-0EEC-4B08-9B45-EB0AF900DA18}"="{14201159-DCB9-4CEB-9F28-717E0DB9DC07}"
"{B28AFF3F-2F8C-41FD-B125-FAD0C4A36AE9}"="{94D09C89-5E35-46BC-85E5-46D078CA2E46}"
"{9F6440D7-CA1F-43A0-AEA7-8B285B8D0128}"="{D3A604EA-19C9-4651-9852-C3005A5BA0F3}"
"{2C72071F-3563-4275-A161-2CD94B2B098F}"="{7062E343-DF18-445B-84A8-E641B45055F3}"
"{8A3070D2-FD93-4680-96DA-19A55FBB51F5}"="{7062E343-DF18-445B-84A8-E641B45055F3}"
"{451830F4-B220-4A2F-A310-5D7B486F3E36}"="{9B0D58BF-26AF-4913-B662-DAF0992ECD2E}"
"{F7521315-7B2C-44E3-A702-69056D3FDE6B}"="{437F4045-78B3-4AF6-B167-A54D2F848D0F}"
"{D6D59B50-97E0-4FDE-8760-9D585206C638}"="{437F4045-78B3-4AF6-B167-A54D2F848D0F}"
"{59717720-12DC-451C-8768-76303490E3B3}"="{DAFF7E5F-B7E0-4000-9287-64B774811443}"
"{FB500B33-0A2D-4C92-93DF-DE87BB96DEE5}"="{3711A508-755F-4C50-9178-A9579CEF77D8}"
"{A1B08C8F-BE3C-48FE-B2D7-41D21C6F4512}"="{3711A508-755F-4C50-9178-A9579CEF77D8}"
"{683536F0-317E-47FE-A1C9-6615372F040C}"="{DCEFEE93-4F8A-4B2E-8639-11287478C279}"
"{251B70D5-DA3F-4013-B7A9-37F08ECDCCBE}"="{1EF9216C-A16E-4D81-B2EC-B26A80248DF5}"
"{F5A62E4F-9385-4725-90A0-C532BAF1E5E7}"="{56036F8C-374E-47EE-9060-3BA1DB1F5473}"
"{C7EDA060-AABF-433F-A11B-D24499D2B328}"="{D908C5B3-BBE8-49DA-9723-B8E18D3D9178}"
"{F898FFF5-E5DC-45DC-8C67-C02D8436BD6F}"="{D908C5B3-BBE8-49DA-9723-B8E18D3D9178}"
"{5BAE098A-BA52-4F3F-ADA5-17A7F72F90B8}"="{56036F8C-374E-47EE-9060-3BA1DB1F5473}"
"{9A6031F4-7877-424E-8AA5-77BEA4AC3147}"="{00550BDC-792F-41A0-A408-F8FF89A51394}"
"{1D7E1748-62E1-48FD-B730-03A2FA97EC2F}"="{2F3F005F-D523-45C2-9B11-3A025B45EDE5}"
"{7ED437EB-9BCC-446C-9846-5FEAFACFDCC5}"="{CCB7D5E0-414A-43AE-9565-E837FA831098}"
"{C9B500EB-2510-4A63-8587-BA89E32CE066}"="{81F91242-E942-46CB-A731-F96D950C77A0}"
"{C5D938E8-22FF-47EE-8BCE-6D79E7D4B9FD}"="{81F91242-E942-46CB-A731-F96D950C77A0}"
"{CD2DFC60-EDC1-4618-9218-34AE12741D1A}"="{20B47F36-7B4C-4FD1-A2FE-F317202EC6E6}"
"{C5EA4095-B6FE-4EB5-99B0-F44B7217AB2A}"="{FD3F4311-0717-4254-B267-F67D9DDCC870}"
"{9F6F6FEA-F117-4245-BB10-851383676056}"="{FD3F4311-0717-4254-B267-F67D9DDCC870}"
"{FCAA19F0-1B86-4C62-AB94-4436979F5385}"="{C526BF9F-F73F-4633-A454-E7B0A7837964}"
"{5F1875E4-D7AE-420F-AA87-C1E79553FB0D}"="{78137BD4-B9BA-434E-88AD-0C8BA91EC282}"
"{C51A1A6F-A2D6-458A-B126-1BFC01C2F4ED}"="{78137BD4-B9BA-434E-88AD-0C8BA91EC282}"
"{E49D6033-1C73-444D-8412-B92DAC0F5CF2}"="{A429E9FD-BF02-45C4-A8BB-274488692C7C}"
"{0D9BB854-373C-4E44-80DD-82D9D07A47EC}"="{F0985EEB-2B0F-477A-B00B-3E748361F847}"
"{B65720CC-1E32-4CA1-95C6-F35E03D13DF3}"="{1472A385-C849-456F-949F-5E421558F02D}"
"{C3984182-071B-4C42-9EAB-03B0C44F9B97}"="{CAAF4C9D-5509-45AF-A656-32B7C20BE82F}"
"{7DADC287-F8AF-4E0A-8D4D-17199150C72D}"="{CAAF4C9D-5509-45AF-A656-32B7C20BE82F}"
"{B5D40B69-6415-4849-A169-9471E9805CD5}"="{07B89D75-59C8-42A7-B741-E7999B1C3065}"
"{E4E9DF46-6BA0-44E6-82E1-B2A69851C3E9}"="{EF6F37BF-6C9B-484F-AA7B-680B594CB016}"
"{2703F341-C77B-455C-BA72-5530902DBDE5}"="{EF6F37BF-6C9B-484F-AA7B-680B594CB016}"
"{1278A7DC-D927-4A17-8FF0-7A2DA459E719}"="{86890D00-1186-488C-923A-36943771E9C1}"
"{FEC9EA5F-D2F8-420A-A957-70781AFFD1C1}"="{86890D00-1186-488C-923A-36943771E9C1}"
"{3B3133BF-DEBC-4EEE-863A-E868E25189E1}"="{58E7A825-6828-4AB1-BA4A-E350D8E056DA}"
"{93E1082A-C53C-46C1-B137-1F86F3179AE2}"="{58E7A825-6828-4AB1-BA4A-E350D8E056DA}"
"{837A30D3-F8FC-4B08-9F70-CB5702613C1B}"="{F7AD1465-8071-48EC-990D-CFC2233C0078}"
"{6EC8B00E-DDD4-4EDD-9567-C52075D8D5AC}"="{4FB41A77-C5EC-4F1A-A34A-D1B6513FA65B}"
"{04EDC334-004B-47D2-B4A0-4F75361B52B6}"="{4FB41A77-C5EC-4F1A-A34A-D1B6513FA65B}"
"{A38E6936-AB16-43F1-9F1F-0D7B3EB199D5}"="{F0F21A32-BD1D-4415-A04F-49478413BC8D}"
"{B7B30845-0926-4489-8A16-F5C71FE91DFC}"="{F0F21A32-BD1D-4415-A04F-49478413BC8D}"
"{C2390DA8-41AE-46B2-A5E6-3CD64C10E1BF}"="{3FA99524-34A0-4262-8116-F515CEE79BF1}"
"{B5CAF68E-630A-4E90-97AA-05813232220E}"="{15E7FCBC-9ABA-4275-953B-152D3EEC45A8}"
"{C53FB0FE-7B0F-40AF-85BD-4F4F5AA4C4D3}"="{530DD3BA-CCCB-458C-80AD-D7EE32F89628}"
"{632E6357-958D-491F-980F-184CAB0C7426}"="{530DD3BA-CCCB-458C-80AD-D7EE32F89628}"
"{8470AB1E-8907-4F5A-943E-93A769504504}"="{70F991BD-264E-4F86-95D2-CD5D4C228B83}"
"{9B3C6960-55A4-48BD-B0C3-ABD075908B6E}"="{7F078DCF-CD8F-451A-9BCE-FADA41FA7A6D}"
"{57F4F6E0-ACBA-4541-8E93-423514564F60}"="{7F078DCF-CD8F-451A-9BCE-FADA41FA7A6D}"
"{19A6C8CE-85E5-423A-93A2-00EFB09ABBBA}"="{B7C6C05C-10C4-47AD-AD3F-074B481E3953}"
"{4F787445-CF68-454D-B541-6FABC9DCEBF2}"="{74EB45F7-62BE-4EC8-B452-D0126175D2AD}"
"{FB65F464-A4DC-4A4D-A5E9-B65D13EA2870}"="{74EB45F7-62BE-4EC8-B452-D0126175D2AD}"
"{B4EBEE3F-CBFA-4C4B-873D-82FCCF6AE2C3}"="{EA64EF25-E470-4722-8866-8C1783724D08}"
"{D9788DC5-BE8E-43C3-9C66-BE713FAF03E6}"="{DB554A0D-8CA5-4329-BE68-16309911E9A9}"
"{354FAF73-B0F1-49FB-A2C5-78246C4F43CA}"="{08185047-17BF-4348-AAA2-486A34BCF393}"
"{96E5D08D-2CB5-42E6-9E1A-EBA425A5780A}"="{08185047-17BF-4348-AAA2-486A34BCF393}"
"{1C50A936-4CE1-4BE7-BBB5-28BB268CBA9A}"="{53BEBD27-F224-457C-A022-DB59FF21E281}"
"{940D08E0-521D-4206-B05F-C8B2E12F8937}"="{16F76879-BBF8-46B0-8FE0-BF43FEAAC16A}"
"{A3B50ED7-534C-4D8F-8A76-681DE3E7381F}"="{16F76879-BBF8-46B0-8FE0-BF43FEAAC16A}"
"{A46BB227-C246-4010-82FC-642E6FB3F10F}"="{DFA1D955-9DBC-4751-ACFB-FD4D1853DE8F}"
"{E39926E5-64C0-40F2-B762-C0389DCD0B9A}"="{6F892C6A-F705-44D8-A5CB-F2EFFC10DC70}"
"{A5AA1692-43C2-482F-B7A5-93229AE0704F}"="{6F892C6A-F705-44D8-A5CB-F2EFFC10DC70}"
"{4018A635-2BD5-4FED-96E5-4C53E2A3AD32}"="{DFD21436-3CC4-40EA-8AC4-E44CC105F2F0}"
"{A6522AD4-344F-493D-95C8-097FCE154CA2}"="{AFFF198C-51DF-4CC3-B018-A04374470F67}"
"{ACF34CAF-6B7E-4948-B7D0-0159B91CD5A3}"="{AFFF198C-51DF-4CC3-B018-A04374470F67}"
"{1C09A06E-7839-401A-B875-3090CE29FDEA}"="{17EF6B9D-D3F0-43B9-B396-F3347C7D61F7}"
"{FAEC2551-F71A-4F00-86F9-1E2FB8C67403}"="{F1F9FDB9-DD2A-4A25-9876-9B27F6892353}"
"{0415DC78-85A9-49DC-9B81-62398CB57041}"="{F1F9FDB9-DD2A-4A25-9876-9B27F6892353}"
"{9A7D1D79-DE78-4C01-8600-FFC3A8042A91}"="{FC9E4F8A-111C-4201-AB7E-DCD1A172C8FC}"
"{12E32C8F-EB7F-460C-86B5-3EB54658357C}"="{912A5AD7-B700-4BB6-AF01-D2595DE1E1B3}"
"{E9C90F07-8662-4A02-BEE5-52B3D09564D2}"="{912A5AD7-B700-4BB6-AF01-D2595DE1E1B3}"
"{1AD8FC30-A34B-4AB1-BE17-BE6D71A5A748}"="{C9DE9539-064E-43A1-84B4-9FF1D93E2D32}"
"{6B2E84E9-F31C-41EC-9057-2F1B6F438CF2}"="{C9DE9539-064E-43A1-84B4-9FF1D93E2D32}"
"{538CC162-09D0-49CE-9999-C343ABF133C2}"="{F7ABFEEA-6B7B-4071-8EB7-D3F42FF37814}"
"{29FD1373-619E-4D0B-830A-06E1A16E7D2E}"="{C693BB16-AD3B-4CDB-BD04-1AD8DD8A18A7}"
"{4C69C2FA-72FE-4B0B-87F0-A41651A1C747}"="{F0BD8310-B95B-46B6-BA79-10866D87A177}"
"{C1A4A44D-8772-46CB-A99A-2689AE9F2492}"="{1700A072-4BC8-4DB8-ACFE-96E25FDBB32D}"
"{B1EC4AE6-8544-43CD-9556-4FA850E6E53B}"="{F0BD8310-B95B-46B6-BA79-10866D87A177}"
"{E6FC24BD-6584-450E-BE77-F8B48AC92245}"="{C693BB16-AD3B-4CDB-BD04-1AD8DD8A18A7}"
"{9D1B5001-364C-4C80-BA31-B078018F258E}"="{E06A47B5-FC3A-4D68-AF8E-CA1A5E391BCB}"
"{0C061882-A081-402E-8EEA-D327FAEDDD53}"="{6317FCC0-DA66-4FE8-BE17-926452CFB755}"
"{17C3C0C3-C169-4A10-ABE4-8D7492D5F565}"="{CE7490AA-7DF8-4F0F-8A13-99F6DEE154D6}"
"{47D15730-341E-485F-9C97-252B7CEC3B13}"="{362FF233-2807-4E02-ACB2-73E7C54D8008}"
"{23AEC6D0-9E4E-4F33-99D4-4B367861B717}"="{362FF233-2807-4E02-ACB2-73E7C54D8008}"
"{C97A97D7-7248-4A77-8615-3AA19A650C1A}"="{6317FCC0-DA66-4FE8-BE17-926452CFB755}"
"{B9D73179-3649-4EBE-B364-E969A30D9165}"="{B3A63B7D-6EB3-46FE-A022-2468057F5B73}"
"{85A9CFD9-D375-4C1D-9731-54B147698EE8}"="{DF2F84C4-1B1F-4145-88AA-1E7A8EFE35D4}"
"{7E97C6EE-ABD1-4BAF-AF8E-016D1EB32519}"="{947EAA02-5A8B-4FA1-AEDA-FE4B7D717D97}"
"{8F980EE4-2F9C-4B66-8536-D0EA994081CB}"="{947EAA02-5A8B-4FA1-AEDA-FE4B7D717D97}"
"{64F846BD-6EB0-4441-ACE4-C87605482F3A}"="{BC035A46-DFE7-45E6-8F32-3ED77AEAC5CD}"
"{A7F55D1C-98A5-444A-8D57-E47C90421942}"="{2ABDD67E-019C-4C8B-8442-4BDA01060029}"
"{F5893AAB-7AFB-4003-9CFD-ADB8968403FF}"="{2ABDD67E-019C-4C8B-8442-4BDA01060029}"
"{45297EE0-2A2F-4366-9EB9-64ADB26016D8}"="{2B0AA92B-AC1B-44FF-B725-6A72AF7AFC52}"
"{40672798-D005-4DAC-B1CB-B3A707E32497}"="{019A9326-3F5D-429B-9BFD-9DD0619FEB2D}"
"{67B4EC11-8052-4B77-977F-6655C276CADE}"="{E3E6D072-5573-429F-AD54-D02A71D51B90}"
"{CD2EE7D4-5E85-4F03-88D6-D80D9F59EB50}"="{0007C8BF-6D42-4D90-AA20-ED3C337EF3E5}"
"{EA008516-432C-487F-B398-BFE40F85AC29}"="{E3E6D072-5573-429F-AD54-D02A71D51B90}"
"{99319FE2-DCDD-491B-9668-C708AF79B7CB}"="{019A9326-3F5D-429B-9BFD-9DD0619FEB2D}"
"{0AAE6FE1-8287-46B8-BFEE-1BE2F4ED28BE}"="{35EBCB59-28C8-430E-9E9B-86CFED4A97B0}"
"{45A53D27-42C3-419A-8867-ACA136350DDB}"="{35EBCB59-28C8-430E-9E9B-86CFED4A97B0}"
"{3719C6D5-AC48-4E3D-AB0B-9FB4C3DBFAC6}"="{0C55BCFC-DECE-4F5E-88EF-839298D671BF}"
"{CD1A8723-C02B-49FA-BDAC-FF2CAC21C36D}"="{AD85EC12-F09C-4920-A1E4-4243C13B2D8D}"
"{63539E95-2BB0-4F7F-B429-915DD7DA897C}"="{DA65D6AB-E821-4311-B904-A4939E7A3018}"
"{E71878A4-2415-4D27-9073-942C3489E1FF}"="{DA65D6AB-E821-4311-B904-A4939E7A3018}"
"{65C3361D-27DF-4E3E-8775-89D7FBA7FBCF}"="{E24DB8FE-437B-45D5-8431-305C8038C5B1}"
"{BCD30C9A-40ED-4D2E-A73A-D113AD4EC89E}"="{EE089F88-B5E9-4337-9FBA-4D47A08C5248}"
"{65032204-9E31-4D36-9F2A-4F523EAAB4FD}"="{0BC7EF78-466D-49DF-9749-EC2F5F868AAA}"
"{2044C65D-5C2C-479D-BA67-35ECE280D082}"="{0BC7EF78-466D-49DF-9749-EC2F5F868AAA}"
"{81194EB1-7D27-4086-B23A-BB2050ED8151}"="{476BFD72-837D-4D60-BE35-B8E4B93C963A}"
"{060FD416-0E8B-4193-AAC6-C962976C3C51}"="{40F53C37-7183-40FD-99B7-D26A7D20FEE7}"
"{842DF0D7-93F6-47E8-9A63-962EA10951AF}"="{7C90A2A2-00CA-4F90-8B92-12689C9F1797}"
"{D7165859-FA7E-4799-9DBB-67925B50838D}"="{D02B940A-E99E-4EC2-A7D1-B9BCED56ABA3}"
"{4578AB4C-BFCF-4779-B832-A61B2D343C49}"="{D02B940A-E99E-4EC2-A7D1-B9BCED56ABA3}"
"{96DCB54C-74BE-4E6F-A8FD-5460624A04CA}"="{0872CF1C-F5B3-4EF1-A86B-854938E9208A}"
"{EFB4DA93-AB4E-4185-AA52-13268EDB457B}"="{6CEB6F64-DCD0-489F-BBCE-B916796F7B49}"
"{F796C74C-C182-4EB2-AF0E-8BE4D7146F52}"="{213DA905-2868-4BCE-A01D-859436D2F8DA}"
"{733F5E51-FEE7-40B6-B8C6-2706621E3635}"="{213DA905-2868-4BCE-A01D-859436D2F8DA}"
"{98FDB9FF-7AA9-4C05-A8F7-7421813D8E20}"="{049FECBB-3AB5-488A-92EE-CE22FD0805A2}"
"{21A8BBBA-2B67-4D82-924A-485E36F4CE8B}"="{049FECBB-3AB5-488A-92EE-CE22FD0805A2}"
"{6032716C-0967-46BD-8AB8-38160BD2A109}"="{7EBB3D30-D5E2-4869-A055-DADC23541D04}"
"{141693A7-197A-4CE3-A81C-48BA04414F09}"="{EF7D13CB-4CDA-4D22-BCEC-3CCA19CF2E63}"
"{76C7E9A9-5016-4816-B84F-9BCEAF70A5A0}"="{3D1CF165-115A-4920-917F-37C1E632CC55}"
"{32046A9D-4FF4-4AF4-B728-F3E605B9006F}"="{E79A2CC9-C8D4-499C-B020-845014A788AD}"
"{D0C3EC87-81A1-4B23-A178-AFE74FC10412}"="{E79A2CC9-C8D4-499C-B020-845014A788AD}"
"{86491098-AE2E-4EC0-9EC5-9A179AF6F9D4}"="{78702EB3-2BF2-48CF-988F-66C48529D14D}"
"{31092FAC-8B60-4911-9B60-B0CA43D875D9}"="{7414233B-97C5-4149-B613-DA6C8EF6EAB8}"
"{72324082-633A-448D-86FA-9652EA37A00B}"="{A36CC76D-AA7F-4FB3-814B-560AF32DE00D}"
"{380E1C76-B555-43DF-9227-75CFE6F00821}"="{A36CC76D-AA7F-4FB3-814B-560AF32DE00D}"
"{3F86791A-038F-41A7-8F92-4FD77EA370B6}"="{4A85E6B6-EF0E-4B86-98E6-52F241CAE3B1}"
"{F4F105B4-AFCE-44A1-B100-4930BC105522}"="{69A59FD2-DDAD-4952-BACD-DCEABF8FE01F}"
"{4BC49A4B-27B7-42C0-A26F-2D0BEC864286}"="{E8476E2A-CBD2-4490-9CDF-6FEC9E7292EE}"
"{99D16E9F-8C1E-4EF2-BAB6-CCC4C296B58D}"="{E8476E2A-CBD2-4490-9CDF-6FEC9E7292EE}"
"{72E3D79E-A7E0-4918-B096-7048CE9C27FA}"="{CAB4A579-F842-4D61-80BD-E977135F8148}"
"{DA51CBB1-BE33-48BD-9830-598BA06AA162}"="{83267CEF-AE80-4F88-A231-C7D082761E0E}"
"{D70B7BAA-F812-4722-97BC-12C8CCC2C28A}"="{83267CEF-AE80-4F88-A231-C7D082761E0E}"
"{99079BA8-BBD8-4A91-8A72-D8F2FDA03F3F}"="{540D89DB-1D4B-42D2-BF6D-568893DC05B6}"
"{D2025B70-57BE-450B-AE88-0E7BDFFF36B4}"="{CC8D4491-B15C-4B5D-9E4F-9B18629495AB}"
"{7F75F690-10B2-46AD-89BC-F69C0F53499A}"="{CC8D4491-B15C-4B5D-9E4F-9B18629495AB}"
"{6B889403-B2BF-4F62-A97D-DB2E54BD9927}"="{FA425946-CE5A-47A0-B1AF-E434B4BE12AE}"
"{A35B49CF-586B-432B-BDFD-F86A689381BC}"="{31271B9A-8A02-46E2-82D2-2A2C48F5AE6D}"
"{25EA500D-DAE6-4720-A596-CBBD0413090A}"="{0AB481C9-B80A-4CDD-B284-C8DF84A81B2B}"
"{D738ED55-829B-4C64-BE07-E57D7D67FE15}"="{31271B9A-8A02-46E2-82D2-2A2C48F5AE6D}"
"{802E0237-22D6-4A1E-943C-AD8C322C03DA}"="{A6895D9E-ECC7-4A7D-BF4A-8B0F8DBC6CDF}"
"{9145A899-328A-47F7-BA40-80A2DCBF81DC}"="{5FAFD5DF-D815-480B-8A94-4EAF91DB16DC}"
"{E59B07D4-4DC1-4DE3-8BE4-C627D7FDE932}"="{F1DA788A-1977-4F90-84D4-20AE667C17CB}"
"{E3D03E3D-F5F0-445C-BE09-384C8DAE46D3}"="{5FAFD5DF-D815-480B-8A94-4EAF91DB16DC}"
"{405FA2E8-329F-4E94-8FE1-6DF42E829E90}"="{80A9280E-32A2-4076-A18B-77432F28D39C}"
"{A59C4985-2D80-4EDF-9378-DD35EEF876EC}"="{27C7061F-3412-441C-8D23-9A66CEDEE8FA}"
"{7BC333D9-A3DB-4DCE-A7FA-1EFD74C317E8}"="{1B486873-93AC-444F-989D-431FA73E034A}"
"{218095ED-CC14-4889-99E5-9CF34FB8B143}"="{1B486873-93AC-444F-989D-431FA73E034A}"
"{B24DC7E6-8302-4C87-A8AE-69A6EA7240E8}"="{1EE35DEC-5642-420E-BEBB-FF37F2E3A35D}"
"{B3C9D609-5A4A-4B19-A0EB-1F8D42E0A07E}"="{AD67A87A-9CC2-42C1-8D8D-93D50B885809}"
"{9614E561-76D6-4170-A07C-E91D8C9E7263}"="{31923B3C-54F5-4DBF-8F8A-ED42BA4BDD05}"
"{78B9BB84-018B-4E98-8163-C49E184264C5}"="{AD67A87A-9CC2-42C1-8D8D-93D50B885809}"
"{F74D1A26-7184-4860-B4AF-61DB5AC11581}"="{D8C80CC6-4DE3-4244-A210-D350E62B6121}"
"{5F67012B-0008-456B-A001-8A59208CED4F}"="{FCD2D189-170C-4173-85BD-7F7E6DFEF2DB}"
"{59E8D1A1-9AD0-4BB9-8695-D65C6EC45F64}"="{FCD2D189-170C-4173-85BD-7F7E6DFEF2DB}"
"{6416F6F3-137B-4306-BBC6-F4B5087DE943}"="{B9665550-EDA4-4265-8936-4BB1515C0123}"
"{66287DFF-B4D3-4864-9691-D517AA389153}"="{B86E81D3-85D0-48BB-A7B0-1D399F272F1D}"
"{E458896D-52C6-4FDD-B557-0D4A1B0D6349}"="{B86E81D3-85D0-48BB-A7B0-1D399F272F1D}"
"{EEF45D3B-4BCA-4599-AED3-3A8FE77DD56C}"="{BC70ECAD-4C5F-4C22-8123-AD37596373AA}"
"{0486EB87-45EA-4FDB-A942-5083F8978981}"="{3B34029C-EAA6-4057-A80C-EF88B70EA1FF}"
"{F9C03C2A-5DF4-42D3-98A8-F1D6F5CFBB86}"="{3B34029C-EAA6-4057-A80C-EF88B70EA1FF}"
"{60B1D13A-1211-4118-91E9-EA7AFDF05C00}"="{ADCF4E3D-B79D-46D3-8F06-902F4BD1DD82}"
"{E24C0B83-6430-47A7-9A7B-6A701B6BE858}"="{C4A20312-4DF9-4F75-82AE-E58212705194}"
"{2B71D7EE-4CBC-4FCC-8C2C-A4AC14A1FB4C}"="{C4A20312-4DF9-4F75-82AE-E58212705194}"
"{3F1551CC-4760-4A7C-B958-A7E0BA71DFCD}"="{F5CD8E58-EDB7-40D3-A6C4-E5C3A39FE8EB}"
"{A1615DE3-FE1E-4877-9469-6C9349E0F987}"="{95877741-3D54-41DD-AC0C-4D7DC5536073}"
"{2DD5A06F-A65D-441B-991B-F8BBB48F1215}"="{95877741-3D54-41DD-AC0C-4D7DC5536073}"
"{D074FC68-5EA2-4C6F-95A4-7E7D1FCEAC07}"="{F05D84DF-A39E-4A63-9851-C050A2741B3B}"
"{62DB2AD9-4A6A-45EC-956D-CF21DABB6510}"="{6CD7B555-E734-4A08-A405-661D493ACD50}"
"{D56E1065-3AB8-440B-8ACC-1607350F54A7}"="{D3647F80-DAFA-4D52-8E7C-B3830FB29EBA}"
"{A2188A35-D70C-40E1-98D5-D2A3105C1937}"="{D3647F80-DAFA-4D52-8E7C-B3830FB29EBA}"
"{790BAA31-042B-46B2-82A1-8351D029D01E}"="{CA552C25-6C8A-4B89-BD18-E15ABD9A7A0D}"
"{456A505D-95C9-43C9-8F80-1D76A48F2968}"="{3DA1BB7E-16D5-456F-921B-14506AA4801A}"
"{702F1BE1-5743-4799-B48F-468860118347}"="{C6142F1C-6700-4285-AACD-75460E011AD8}"
"{C63D9836-A18E-4DDF-892B-B49DF234280E}"="{C6142F1C-6700-4285-AACD-75460E011AD8}"
"{7817A2B7-4344-4FDE-B73F-0B6735E9198F}"="{3ED3D105-AE21-4239-8580-E4F17E05ABC8}"
"{FC8B4735-0565-40D6-A95C-90B8CF789FB8}"="{3ED3D105-AE21-4239-8580-E4F17E05ABC8}"
"{2D4A30F8-2206-4680-B0E6-FF7ECA89B133}"="{7F5A48F3-EF08-459A-ADAB-CFC1361DE676}"
"{8B483EE0-424A-4DEE-BE1A-4FAAE4322388}"="{7F5A48F3-EF08-459A-ADAB-CFC1361DE676}"
"{E27BF9E2-4167-46AB-BCEE-8CC9928FCF7D}"="{3A0D0488-98D8-4B90-96A9-61CFEAEC74B7}"
"{BE208E4D-E54B-4FB0-AEF2-669D97E48290}"="{3A0D0488-98D8-4B90-96A9-61CFEAEC74B7}"
"{828FC422-7820-44EC-A8AC-8CB85E6D8F2D}"="{67143093-AA32-4D1E-B2F9-B09F4C482836}"
"{5921FDC9-8DC2-427A-ABB8-A19D8B12D8DB}"="{CDB9E30B-C735-4B46-85D9-BC901F0CE7EC}"
"{BAA7EE63-C1FC-4BEB-9556-AAB47AA9907C}"="{2B70C6CE-0B3E-4798-9A0E-2739096695FF}"
"{39A84DB0-C3D0-4108-9C0A-7DCCECB7909C}"="{2B70C6CE-0B3E-4798-9A0E-2739096695FF}"
"{00C930C8-BDE0-4385-9152-710CCFC36310}"="{2FFAF49D-728C-43C7-9553-6A170AE83501}"
"{45404933-07F4-4018-903F-9D8F657317AB}"="{2FFAF49D-728C-43C7-9553-6A170AE83501}"
"{562DD3C5-78C0-42CD-9A72-C53C4FC2EA12}"="{79FF9686-5647-49CB-8894-7C072D9DFF92}"
"{4DCF4C2E-3C51-4940-86D6-478B7318E113}"="{33EF58A4-DADD-4D2C-AF5B-E333B0272452}"
"{54E62B05-58C0-4210-9E04-C80BFADF22DC}"="{33EF58A4-DADD-4D2C-AF5B-E333B0272452}"
"{6B9799F2-2DCA-4904-8815-885832CA56B3}"="{D985D8A9-D171-480D-BEC7-CFEC1D17CF6F}"
"{63EFB789-8C54-4D29-BFAA-1DB5D62071C4}"="{D985D8A9-D171-480D-BEC7-CFEC1D17CF6F}"
"{6BF149A5-545B-4408-90A2-264DC41D7757}"="{AC26EC0D-26DD-4BE6-AE71-228AF5E795CE}"
"{91A581CD-8E2F-48C6-9318-8E9F88F38EAF}"="{1BD3FFEE-2625-448F-9A8C-79B355B9CC7E}"
"{FD4ACC6D-F7CA-4688-A9B0-AA104A020236}"="{1BD3FFEE-2625-448F-9A8C-79B355B9CC7E}"
"{F78B9899-4706-42CC-B683-F32CB369523E}"="{97F3BDED-4FFF-4450-844E-01F26BDA4131}"
"{446F82CE-EE26-4175-BBE6-2FFB8C07CD70}"="{8AAD365E-B87D-47D6-B9E3-DC9D5F890332}"
"{D12427F3-CE75-4D97-8284-953F4772D248}"="{8AAD365E-B87D-47D6-B9E3-DC9D5F890332}"
"{0A361B80-3FBF-4A5D-90D6-FD9A1BACDF8D}"="{27C96B01-09BE-4E32-99F3-C22DB2BAC3EC}"
"{555143D0-7104-404F-B48F-D9BB02C7AA88}"="{2E97F4C5-4380-42EA-A75C-1DBEE8687C44}"
"{AFA2BF53-EE8F-4856-B081-35F310D8B351}"="{2728906F-EBA8-42E1-8832-AD60D652D7BB}"
"{5A540FA3-2B2C-4219-BF2B-D57531F64478}"="{2728906F-EBA8-42E1-8832-AD60D652D7BB}"
"{D68C82BE-66F8-4421-AD97-62C9CEE97703}"="{176C1456-4E78-4EF1-8D14-B86FC796F367}"
"{78B36DB9-E549-496A-920C-889242C85697}"="{0767A3E3-EA48-4950-A2C4-6AE6FB2622E9}"
"{597D6C09-2939-48CD-B1F6-7133103C179C}"="{0F70F440-7622-4253-85D2-6BC27B70480D}"
"{AE89E38B-6DBE-4053-A7FF-2BDD9024A5BE}"="{0767A3E3-EA48-4950-A2C4-6AE6FB2622E9}"
"{9A2AC5EA-AEB8-4739-BC36-D47B788DE345}"="{13A54885-FA74-49CC-B79C-613C9B07A6D8}"
"{7C8F85BB-0EAD-4CF6-B23F-361678FA1DC8}"="{A1D005A3-F59A-4B24-B30B-0ACEAEA8319F}"
"{A74B0DC2-FA35-4AAF-85BB-DE3A362471F2}"="{A1D005A3-F59A-4B24-B30B-0ACEAEA8319F}"
"{A0F617E8-07D2-4B6C-992E-65597D9CA438}"="{8838570A-DB07-4474-A27E-93919DD09E7F}"
"{6FDEAD34-E502-436E-8536-004528302F9E}"="{8F2A4155-5CCD-4BBB-B107-21F69DCAAF5E}"
"{3C3FA589-2EDC-42BB-ACBB-D95686AA96FF}"="{8F2A4155-5CCD-4BBB-B107-21F69DCAAF5E}"
"{D8744430-22E0-41A7-A040-848FFB568BB6}"="{228E5B79-503F-413E-99F8-1D56150D6A32}"
"{AD9B45EB-7FE6-4173-B1A4-04DD4A89E027}"="{CD68FAAD-7244-4024-A66D-9F67E355DD03}"
"{0BE3CD42-3004-41B8-BA6B-BCC71AB2F639}"="{CD68FAAD-7244-4024-A66D-9F67E355DD03}"
"{8DCC33A6-E918-464B-9072-7262A0A7A036}"="{5E745C93-3E7F-4ED8-9EF3-12B1BEE416FE}"
"{5D102B75-4AE7-43D3-97A6-102390F2D58C}"="{5E745C93-3E7F-4ED8-9EF3-12B1BEE416FE}"
"{837F07E6-F62A-40EF-A8F0-D6B280C66F5E}"="{EAFD7A7C-C2AD-47AA-B9AC-3B3D2C8C9F3D}"
"{F5F342BF-F8F5-4B4B-8E45-FA08CFB8925A}"="{1624442B-1402-482D-A86E-49A2CA1F616B}"
"{4788FE6D-1BF1-4412-BAE8-8EBED55BB5A3}"="{1624442B-1402-482D-A86E-49A2CA1F616B}"
"{F4ABD4F2-2410-4C10-B86D-DF808A0BBAD1}"="{848F66E6-2DF0-4C6F-AF9C-D2BDD94E48FE}"
"{2FAE970B-EA62-4DD1-8927-8FF430672644}"="{DA9D401B-5453-400B-9F29-3687B6BB4631}"
"{518E4A02-48C9-4351-9DFB-D3101B3FDAD8}"="{DA9D401B-5453-400B-9F29-3687B6BB4631}"
"{EF41E6FB-810B-436C-8941-352710216505}"="{CF861977-15E9-4BC2-A4FE-DBD5B36817D2}"
"{CAAA4BC7-A253-4BED-9ED9-CC2D0E849DAA}"="{8807E36D-A82E-4BC5-BA1F-5F61A7F73AF5}"
"{D6843473-ED97-47EE-9C8A-62C3245E92D5}"="{8807E36D-A82E-4BC5-BA1F-5F61A7F73AF5}"
"{D4424352-CF57-45FD-A96C-B69F2728B1AC}"="{F46F159D-9B30-49F2-881F-57CFF2556066}"
"{7154A47C-738C-4279-813F-9B098ECF7377}"="{0B833DAA-B935-4196-AB92-BFE7ECC7B92D}"
"{AB261A51-F2E9-4697-A489-596AE8D58109}"="{81692DED-1285-47BE-BC04-D7BED69F97B4}"
"{C0AA8CA2-5BE8-4B03-8BB4-3B354D86BB2B}"="{2C3346F8-EA75-4517-8733-411423BF6BED}"
"{727E6292-F825-4DF7-879F-E807CE932575}"="{61DA3583-25A1-429C-914C-93530B3F7EEF}"
"{0DA737FD-DFFE-49A6-950C-B28D34533459}"="{4A121F6F-1AD7-40EC-A762-2CED10A24158}"
"{3E3A15C9-FB40-46A9-A862-5C39EBF85E30}"="{6D449ADF-58F0-4CAE-A12E-9982C9E52D36}"
"{55AF7800-7B15-4779-9637-2F24FBE610C1}"="{6D449ADF-58F0-4CAE-A12E-9982C9E52D36}"
"{05E6EBEF-967C-4F49-8AF8-7F36DE82D9E1}"="{35F89E31-B66B-43D5-8709-10EB06279C30}"
"{AFA0D00A-FEF4-4DE1-B4B4-2D6505258AD4}"="{1016D81A-FCC8-4EF7-AA6C-E6FEEBA4CEFA}"
"{1A5356DB-110E-4305-8AFE-5F686422C7CB}"="{1016D81A-FCC8-4EF7-AA6C-E6FEEBA4CEFA}"
"{1950201E-9867-469B-ABD1-8092AE9264C3}"="{91EFC23D-E7D0-4F01-AD40-0B68F3577A15}"
"{1CA71049-93F6-4B8D-BBFA-952FF97826E2}"="{0B77A563-29D2-4673-82A2-5ABF766C6D17}"
"{8067C410-7309-408E-B89A-05C80C469654}"="{C9D7BCC9-677A-4EF2-85F4-C732163144F4}"
"{F95394EC-9C4F-4EC9-A8B2-019880C1EEC4}"="{C9D7BCC9-677A-4EF2-85F4-C732163144F4}"
"{3B8A0483-FD06-4FF1-91BE-1CEA23A83454}"="{6E773B2C-0034-4180-BE55-093C54B1A8B1}"
"{FA83043C-D883-4C1F-90EA-3E8BC7200FD3}"="{36255248-033A-4E77-BD9C-5CD2BF752FBF}"
"{BC7DD456-23E2-489A-B009-3582B1E62E9E}"="{36255248-033A-4E77-BD9C-5CD2BF752FBF}"
"{9C7E5BA8-EED8-4F89-8B57-DCE1C53746D1}"="{3565A3B0-DF19-4068-83B8-A470AE84B8B2}"
"{35D871C6-72E4-4899-BCDE-CAF71F24BA68}"="{6678E39D-9341-40C2-9CF4-5AEE52D0ED30}"
"{46FEA3A8-074B-4B37-80C6-B93F63E5762C}"="{993F7581-5BC7-4946-87FD-B0CAFE3D6DB5}"
"{33161DC9-759E-4CCE-8245-636B2FA0FA2D}"="{993F7581-5BC7-4946-87FD-B0CAFE3D6DB5}"
"{E3CCA8D8-A468-4302-992D-8729B60AA89B}"="{10A3F5A1-1476-4DCB-AF91-7D32A28B8A4A}"
"{FA0EDBF0-EC1F-4E36-B629-116AB63DBAD6}"="{10A3F5A1-1476-4DCB-AF91-7D32A28B8A4A}"
"{24020F7C-A310-4482-9103-F7605723E48C}"="{8CDF5DFD-0278-40DF-81F2-4285AB9C30CA}"
"{D5BFBE69-0A78-4833-AF07-CB73AEC7A505}"="{C54A2373-3C4C-44A6-A2F2-F2B7250275AA}"
"{92459EEF-BC1B-4521-A45C-24D0B83EB973}"="{C54A2373-3C4C-44A6-A2F2-F2B7250275AA}"
"{6D15ACCD-B150-4458-ABC2-BB01B4213BAA}"="{9C7B63FE-FE06-4ACA-916A-9037511CAD24}"
"{D1AEE0EA-4D6E-4E05-A374-244BE55DBE4D}"="{D9C6CA28-0C0B-4D4F-AE88-AE017B1D0877}"
"{62CA4714-4BDC-4400-A085-90511CC8D48D}"="{D9C6CA28-0C0B-4D4F-AE88-AE017B1D0877}"
"{51C9BB50-DD7B-479D-B375-C07BC07173B4}"="{E67340AC-B1B5-47C9-B36F-73E2CA712CE6}"
"{07CADD03-7B44-41E1-AB01-0AAFA253ACAC}"="{E67340AC-B1B5-47C9-B36F-73E2CA712CE6}"
"{8AA0889C-304A-4CE6-9A60-7B067C615CDC}"="{60A330C8-2229-44F9-AE3A-1F5771A2BACA}"
"{E5AC9915-7B2B-4B30-A874-EAE1C71D5ED6}"="{243BA644-1997-4D56-A69D-7CA162D6B514}"
"{BA5E89D0-5C3A-430A-98ED-80C51A4F02DF}"="{243BA644-1997-4D56-A69D-7CA162D6B514}"
"{66B22231-800A-4F98-A7F6-6D6F338843DF}"="{A812D63E-6EBC-4E93-8CA1-FF9462A5E400}"
"{FC86BA91-12FB-4D20-B615-3B02D738AEE2}"="{5DD8D4F5-87A4-4D88-A67E-FBD70F6EB71A}"
"{CF7A426A-43DD-40FD-9EA8-8B6AA5646A25}"="{DDB1B265-3757-47F6-8507-B39545F851ED}"
"{B2E95801-8C59-4957-AD5D-EDDD11317F76}"="{DDB1B265-3757-47F6-8507-B39545F851ED}"
"{C08C4B62-20B4-429B-A45E-8487A917C164}"="{D027963A-336C-479C-B747-8301BBF2B5DD}"
"{C32C9B52-C2FD-4DC7-A788-E5C0E4D9F10E}"="{EA4F0F4D-5040-470C-B21F-799D79E6327A}"
"{29C5A268-376A-431C-92B1-4C4B81363525}"="{90ECD25C-2204-4664-87A4-EF5050DD8D2B}"
"{E2CE6939-04DA-4B90-9B15-D22F6DCB6E08}"="{8E133189-B015-4A5A-8F16-15F5F9124EB8}"
"{9271455F-D9CE-4843-8123-AC0DDCF86B78}"="{B6F42D70-68BB-447A-B99D-2937324DA103}"
"{6DB32BFB-D05F-4703-8607-872119C3502B}"="{B6F42D70-68BB-447A-B99D-2937324DA103}"
"{BEFE4AEB-C8E0-44BE-827D-5F1E03289816}"="{CE368D82-2303-4985-A853-C561ABF81825}"
"{996CEBBA-485C-49EB-A65D-2B9E06CC5A95}"="{F1F18CF8-542A-43D6-9F33-45B3FBCDC807}"
"{F17493CA-56C5-4E26-8CBB-9036B4308640}"="{7216328A-2BCC-4AED-B718-957C0BDE9C42}"
"{CD45CED7-7DC5-463F-915A-E4882FD37287}"="{7216328A-2BCC-4AED-B718-957C0BDE9C42}"
"{E0B37171-CA63-4054-91DE-09A3B0B174DD}"="{74956129-42D3-4AE2-99B8-7B1E2C6CF64B}"
"{CB77C531-A46F-4515-B631-2EAB87AF2762}"="{95349DD5-626D-48CA-BA21-DDD208EB4816}"
"{25E399F5-9546-4357-9D81-AF1EE4C7C058}"="{95349DD5-626D-48CA-BA21-DDD208EB4816}"
"{AA5A1050-41DD-4234-94E0-3245A15DAD54}"="{1A5FAF38-37DB-43DE-A37D-B70C68377854}"
"{E3895AAA-7C29-4BD9-A93F-50199F6A3404}"="{297F17FC-D230-4F68-8FC0-939C23E1A938}"
"{753BA65A-3487-442C-880E-8C4034B8C7F3}"="{3804A418-74C2-4E0E-B741-83A813342F46}"
"{C3302FD5-211A-478C-A3D5-0CD59BAE8913}"="{297F17FC-D230-4F68-8FC0-939C23E1A938}"
"{D516E3DD-472E-42D3-8C37-23018A84CF68}"="{57089B37-0B5E-4574-8446-57E13B1C305A}"
"{DF4ABB50-E007-42E8-803C-E3C7F39C5AEE}"="{A9D7A5C8-4391-4712-94ED-D0E31B4E08E3}"
"{50C0509C-630B-4BC8-831B-A6C8DAB0C2A8}"="{64D18C4A-B242-4E8E-8649-DC06DF5D90D4}"
"{971971DF-68FF-4699-A4E2-2716C6B9261A}"="{64D18C4A-B242-4E8E-8649-DC06DF5D90D4}"
"{1079B0DB-50E2-4F9C-847A-A4821C76502F}"="{8374CFBF-46D0-495B-8987-8F10BD4CAFD6}"
"{68779547-A2D1-48CD-A21B-9FEC9EB744C9}"="{FDA4D4FC-4016-4B4A-8B62-C6F08AAB1C3E}"
"{45917345-EA68-4A82-9F1E-1F21A7C5F48B}"="{9C1BDFCA-44E5-4403-8CAF-143B3C8E5910}"
"{88756034-4D7A-4C95-B904-86E752EF2753}"="{9C1BDFCA-44E5-4403-8CAF-143B3C8E5910}"
"{2C0050E6-F6E8-412B-B5EA-97BF02F59836}"="{964A3DD7-21F6-4F36-8047-CEBC9DA27991}"
"{C5565C5C-CB3A-48CA-94DC-2004D09E18D1}"="{938AA879-0D49-465E-9814-AA951E4D1D08}"
"{84238243-BFDA-4CAD-A3D7-B147AFD9938F}"="{02718068-DF33-4E94-8104-3EC3067474E8}"
"{F82AFEB0-9332-4884-886E-AD52FDE74A13}"="{E96D42E5-4FD4-4274-B3ED-2745D687702A}"
"{830E2EA9-2C90-41B1-81D8-C9BFD6E7511F}"="{E96D42E5-4FD4-4274-B3ED-2745D687702A}"
"{8DD0123C-E161-4B3C-A263-9EDDC7D31F83}"="{946E64EB-A825-4277-A627-77652D0E42A9}"
"{62259CD1-C29C-4D11-B89B-784E5A7379E6}"="{27587C71-7AD4-4092-BD4E-BB846F24ECAF}"
"{A679CE89-4CA5-4D55-832B-2492F488EE42}"="{738F7FBF-38F4-4F96-BD9B-657B94E0B26D}"
"{2A464B23-2A33-4146-A27B-BE39134BF62E}"="{738F7FBF-38F4-4F96-BD9B-657B94E0B26D}"
"{2972A8E7-9166-451F-A62B-582702578A06}"="{B225B03E-48E0-41E1-8C98-916581EFC494}"
"{F6F469F6-E91E-4CD4-B1B0-CC789F41A4D4}"="{E1EC27DB-43C0-4D62-91CA-34965CE09EB3}"
"{20C77521-2E5D-4C2D-A144-F071A27784CE}"="{7B461608-8119-4AAE-AF04-73419FE2F8A8}"
"{E29E762C-121D-4613-A789-B96B48E05CA3}"="{7B461608-8119-4AAE-AF04-73419FE2F8A8}"
"{21F6C57E-FC2B-454C-861D-BA6A08CD5320}"="{3058AC4E-5F9B-4471-BC75-E6F0FC8D3DDF}"
"{8D035583-08E0-4749-B2AB-CD1567C8FF77}"="{A121F465-7AEB-41DC-A3BA-324A80870ADA}"
"{10F48FC9-070E-495E-8EDF-E4126013684F}"="{A121F465-7AEB-41DC-A3BA-324A80870ADA}"
"{56440417-BBF7-4931-A0BA-F1B53478AA47}"="{C14FB996-0DBC-44E8-BB42-21D2C78CFAD3}"
"{D72E9239-B509-42C6-AE0D-252A1142C8A7}"="{005B23DB-CFFA-4845-910B-534611D439E6}"
"{C3DD9E00-C1CD-41FD-8C4E-A220509D503D}"="{005B23DB-CFFA-4845-910B-534611D439E6}"
"{EC15EF19-1461-4ED8-A3F4-EB8E7C638119}"="{E4E76CC2-5E49-4344-B982-D700D09EE66A}"
"{E305F173-03D1-4E0D-B7EC-4B086FF2150B}"="{7328CB1B-3BF8-45AB-8568-97EAC42112C0}"
"{111F4ACC-3524-42CA-B761-BD43BDB5AC05}"="{7328CB1B-3BF8-45AB-8568-97EAC42112C0}"
"{C7FDBD16-6718-47EB-B7CE-0F0C29AD04D4}"="{00A01DF3-BBB0-4F61-A7C7-610EC7B70ECC}"
"{299367B4-EB6C-4F46-B230-08090ADD72CE}"="{5A196A3C-733C-410D-9853-FB38F36299B3}"
"{0E5A1177-CFE4-463E-B2D4-47B4C9AD24C4}"="{5A196A3C-733C-410D-9853-FB38F36299B3}"
"{0F1CAF32-8445-4029-A09A-BE59ED7D8D8B}"="{BE309617-4925-47C1-9F9D-AF9D6E907363}"
"{0EDC81AC-556E-4C77-BB8F-4B4807ECEE51}"="{98E57AAD-3391-4C0B-82B1-D2BD17B8A277}"
"{574863CB-DD9A-490B-BB34-63485B3E5AF9}"="{98E57AAD-3391-4C0B-82B1-D2BD17B8A277}"
"{8C276026-1674-4909-A41C-9AA275F3213A}"="{ED0EC107-5E7E-4E60-A20E-D90C161A097F}"
"{B1D53E45-C895-434D-A6D1-92A113607D58}"="{CD6A41AB-C04A-4D51-9E2E-3B03FC424E74}"
"{6D026444-679E-4093-A002-E057CE974E4A}"="{CD6A41AB-C04A-4D51-9E2E-3B03FC424E74}"
"{175C169D-9330-45DE-9415-561D53D01E96}"="{6FA61BE8-C644-4324-96FB-BE9909362DA4}"
"{3D2655BC-1A51-4A86-90AB-6988D1F04F47}"="{AFAE354D-1A8C-4988-9444-EAB3A05F0C4B}"
"{5AC81FED-2671-47EB-ADD0-D6F2AF14ED37}"="{C665734F-7D1D-446C-963E-236DB9BE7E42}"
"{19A55220-467B-48F9-8894-D098FB45388C}"="{C665734F-7D1D-446C-963E-236DB9BE7E42}"
"{B476BA53-7F74-4CEC-B1EB-059802250CB5}"="{19A6D82C-9969-491B-BEAD-AC8479A872A5}"
"{A18E4D65-C71E-4C68-9179-D8726235C473}"="{CB2F6AC9-E4EE-4747-9B30-C88DB0BD4CE6}"
"{F4AACF03-BE6A-4242-8876-4109CB89D51D}"="{182FBA13-4169-4E52-9929-552B6319B0FE}"
"{5286CAA6-DDE1-4995-B071-3E31DD40BE59}"="{182FBA13-4169-4E52-9929-552B6319B0FE}"
"{1B461E51-4179-4881-B57A-175AA55048E0}"="{2633DBAD-415E-4649-8027-986283666A9D}"
"{2C579D59-8319-4425-A081-980D70C1C45A}"="{2633DBAD-415E-4649-8027-986283666A9D}"
"{A7A3B4F0-7CAE-4A33-8750-BE9F42978967}"="{65B827CC-5E3B-4F65-AAF5-41E6E1145644}"
"{9CE2377F-6F91-424F-9B77-140782C1D84E}"="{0B1E92EC-963E-4A32-A72D-E58FE1D5A289}"
"{ADEB654E-BC71-4232-AC4D-9AFC74932036}"="{4265BD86-205A-420F-8730-082E20069E8B}"
"{6D08D627-8603-4432-BDB1-282456CC8166}"="{7FD4BE33-6A1F-4AD1-8E43-CDF7B7E639BE}"
"{E819E357-CF9F-4737-89EB-2430A4DA859E}"="{4265BD86-205A-420F-8730-082E20069E8B}"
"{CE77DB29-1367-4CD9-AE14-8408350226EF}"="{0B1E92EC-963E-4A32-A72D-E58FE1D5A289}"
"{D23992D4-A1EB-4CB5-9182-CA41979F466E}"="{8FA5771A-3C8F-4E8C-B7F1-EE8B2DE061B2}"
"{473609D1-5415-4DA0-8EB5-838A7EDD8314}"="{8A7A95EF-E079-45B4-BCCA-E1DD6E419A47}"
"{212E3036-D0E8-4551-9861-EF988B2F87AB}"="{8A7A95EF-E079-45B4-BCCA-E1DD6E419A47}"
"{FD1EF1E2-F3DC-4332-A3B7-6F83116B1050}"="{2DECA091-16FA-4180-866D-74A666382B9E}"
"{79FB0781-A4FA-4DC4-9D3C-A6A02FCF49D3}"="{62DF5DA8-6038-4281-95A4-1F28438ADF5C}"
"{C35B5422-6D9E-4708-A790-AEB9AAD171B4}"="{62DF5DA8-6038-4281-95A4-1F28438ADF5C}"
"{7F723B37-8A9A-49A9-8FB9-4445F720A3D0}"="{85192259-AFEF-4310-8B41-1EFF83FFB91A}"
"{43D94F02-EEF8-45D5-B553-F36EACC717B2}"="{2D23FE71-A114-4B5F-9EB2-71E89C0AB005}"
"{11D723A8-6B33-4F6F-A1E1-9F10923A04E7}"="{2D23FE71-A114-4B5F-9EB2-71E89C0AB005}"
"{2E241A32-9EB4-4CA3-92B5-D1EDCB43792B}"="{F24E1394-3738-4EFF-9D74-CDC970E6E2D1}"
"{F65ABF23-8048-4CE9-9DD1-DBAD0ED18424}"="{6DF101A7-FF61-4255-9C77-27A175EC8E15}"
"{16C1F53D-161B-41A4-86EE-71BED1851AE0}"="{6DF101A7-FF61-4255-9C77-27A175EC8E15}"
"{A0ABDEAB-4C90-414E-8C51-B99E4ECFC1A7}"="{1510F973-D671-411C-98F5-A9628A416A77}"
"{8AFAD9E2-AA1B-4389-B499-EF4DA5118CBF}"="{1510F973-D671-411C-98F5-A9628A416A77}"
"{8B0BD6A1-1169-43DF-812D-779B549EA51B}"="{E830CF16-EA23-414A-BA8E-A4F5F45B8A27}"
"{66DCED2E-4EF8-4ABD-AE18-791E47A6735A}"="{9E39C0C1-788E-4CF7-B768-CC8A7F1CFB9F}"
"{57E55B2D-E340-47A6-8907-BE604700E647}"="{9E39C0C1-788E-4CF7-B768-CC8A7F1CFB9F}"
"{B513EC7C-62A0-46A3-9F6A-4F5472AE6A90}"="{4FC52FFC-1959-4D02-A487-033CD8B7D7BA}"
"{8AA0333D-543D-4872-8CBE-97A0D7D9ED6C}"="{FF4DBF44-1EB4-4309-A281-E790E2F03AA6}"
"{AB4571C0-F83F-4153-BD96-269CF1C9FF63}"="{FF4DBF44-1EB4-4309-A281-E790E2F03AA6}"
"{C45B0CB9-8555-4F3C-9981-CBABB4B5A101}"="{F6E08A64-53BB-4515-98D5-344E90B65E7B}"
"{75115133-D4C7-4626-A36A-3D952732B35F}"="{EF7141C1-1574-4DB2-9B86-28441203B203}"
"{1617F6D9-0CC2-4F23-9178-45E014538663}"="{EF7141C1-1574-4DB2-9B86-28441203B203}"
"{8C715E28-A787-469E-AC44-BE5D8954BBD8}"="{BAB357F6-AABF-4E0F-8941-3060DBD7AC10}"
"{13A7E613-933E-448B-9625-93BEE135BFC7}"="{BAB357F6-AABF-4E0F-8941-3060DBD7AC10}"
"{671F47F3-A03D-4A28-BE3E-A24A327B31A5}"="{4BB297F0-E9CB-484C-8877-EA986BA7A320}"
"{B5EB40A7-5C8F-4DB3-B6F2-1E13FA8C5C3C}"="{4BB297F0-E9CB-484C-8877-EA986BA7A320}"
"{31DE53B0-76F3-468D-A7BD-98AA58F0D69B}"="{28C2291D-77E3-4F1B-B8F1-2B014EE17371}"
"{3883F52A-F3DC-46F5-8DCA-F2A5B6EBE620}"="{28C2291D-77E3-4F1B-B8F1-2B014EE17371}"
"{BFB15ADF-B43F-4ECE-B65D-1A793F77BC9E}"="{B83E0A5E-2D16-4223-945D-47302CF13FD6}"
"{A87AFF07-A579-430F-B966-433DE5788473}"="{710B1909-84CF-4610-AFC1-425064AC9B80}"
"{DCFAF5FE-1519-4B62-9590-B22CD882951C}"="{710B1909-84CF-4610-AFC1-425064AC9B80}"
"{7AAC1AFC-A56E-4476-86FF-7BAEBAACF142}"="{E311A3B9-5CD9-48F4-BB0D-055655EBA764}"
"{3F51CF14-25F1-44A3-87F1-C1D290C2A67B}"="{FFD91E50-E154-4E33-97F9-47E66B84C6BB}"
"{3C8E7CF7-DCC6-4C0E-A7AB-FA9994D92FE0}"="{FFD91E50-E154-4E33-97F9-47E66B84C6BB}"
"{0E76B742-AE60-4914-8BAB-58227713278A}"="{B9CEE913-06CD-4AEB-91BC-4DED53E668D3}"
"{240635E0-F5DE-44DA-A3DB-DE51C23B6B88}"="{C48578F2-C331-4ED0-8B7F-3D8233FC75AA}"
"{9FF70A96-470B-4714-BF6D-FD6ED1CD1C33}"="{C48578F2-C331-4ED0-8B7F-3D8233FC75AA}"
"{02C5C8EC-AB84-4229-84AD-302154AA652B}"="{38E62684-85DB-47E8-B0EC-3A45D5F8BE17}"
"{EF424B59-2147-476E-9906-AC91BACC7097}"="{38E62684-85DB-47E8-B0EC-3A45D5F8BE17}"
"{14E92BF3-1DF9-42E7-82D3-6BDDBF8892EA}"="{A6D591EA-19C9-4C74-B6EC-F350E88EF326}"
"{4CD38B44-4ED8-47FE-879E-8F18F5DE010E}"="{A6D591EA-19C9-4C74-B6EC-F350E88EF326}"
"{229D89F9-1F30-4334-AFCB-3735C29F23C3}"="{61323AB7-4366-4F19-B829-557EF95C9229}"
"{91DDFD58-145E-4D10-BAE7-953B8DBE0F09}"="{61323AB7-4366-4F19-B829-557EF95C9229}"
"{81BEA433-F192-4351-B98D-96B073762F2D}"="{0C8F87CD-B6EE-45A3-8BE2-65505D8709AF}"
"{BE7DC417-E6FC-4C66-AE6C-6E39E9071074}"="{0C8F87CD-B6EE-45A3-8BE2-65505D8709AF}"
"{176933C1-6CC4-4027-B453-5CE80642557B}"="{07641EAE-F577-44DA-83DA-6818978F0E38}"
"{581D5D22-CF13-4DBF-B4C1-77A1E825FB14}"="{07641EAE-F577-44DA-83DA-6818978F0E38}"
"{2D6CDFD0-3385-4A92-9E70-4C03486EDB07}"="{F0B7083F-5E57-4B91-9E49-0C43E0F23C79}"
"{ECA4AD6D-E316-4FAC-9E8E-1897F5395481}"="{F0B7083F-5E57-4B91-9E49-0C43E0F23C79}"
"{B471B540-7AF0-4DD6-9E71-12C1ED49DB11}"="{F0C588D8-7946-450E-9CF6-B7FD002D14BF}"
"{BBC02470-A6DD-4537-B92F-116460D9A479}"="{94016C7E-1CB3-4D84-BADA-C1C8CF379781}"
"{CC9C7897-31AA-4254-8FA3-133C07F9EBD3}"="{94016C7E-1CB3-4D84-BADA-C1C8CF379781}"
"{D17195BF-A937-4C59-BC53-76CDE4FF345C}"="{0D72BC11-0D67-4124-88B9-150E93169DCF}"
"{66AB13F1-D24B-48FC-843C-D587ABB70938}"="{7CCB68E9-D4B9-4112-828F-69E87B91C0BC}"
"{9C6B8AEF-D4E9-4611-B7DB-5DFF851C3583}"="{7CCB68E9-D4B9-4112-828F-69E87B91C0BC}"
"{EC57BE0A-0962-4BB3-966C-D60ADAF86262}"="{A0D2F04A-FD28-4090-A619-50202FACB06F}"
"{9949DC2F-749D-4252-9CCB-A74FA9A8E352}"="{17CBABFC-C499-4206-9AF0-8AE3985B072C}"
"{AE66E2F4-0ED2-43D5-A488-B347FD68ED67}"="{D2E677D8-F33A-453A-9B3E-E0D9A55B818B}"
"{E96D7000-B5C0-46ED-9BC6-E85C71A0BE9E}"="{D2E677D8-F33A-453A-9B3E-E0D9A55B818B}"
"{A78309F0-89DB-4411-A860-F910F2213945}"="{1EC53364-4DD6-42FD-9E82-11998828FB7C}"
"{06096970-E62A-43FE-8FD9-EF6A7A5CB59B}"="{E68EA312-16EF-4BF9-A06D-53C683A4E23C}"
"{CE559A56-5F0C-4D22-A793-34EAE77E6343}"="{E68EA312-16EF-4BF9-A06D-53C683A4E23C}"
"{4D6584B2-E382-4C8A-BEB9-5EBAE28FBFE2}"="{413BF8D2-396A-4FB4-B89D-F4FA83A97613}"
"{F061E9B2-428A-40C3-9131-78BAB04DFE8C}"="{413BF8D2-396A-4FB4-B89D-F4FA83A97613}"
"{DB24E637-C51F-42C7-B7D9-0478FB2F48DA}"="{3129248D-396C-49BF-AF57-BE3C92DAA180}"
"{A63892B5-F926-43F8-8203-228A5DD4529E}"="{D3D997F1-C9C3-49EB-BC6A-2A5469DA57B3}"
"{855A8D5E-77B7-4D6D-B4A3-962B83B2755E}"="{D3D997F1-C9C3-49EB-BC6A-2A5469DA57B3}"
"{B9B55215-AEEC-4C9A-ACE3-3CA1BFF60C95}"="{F71D31E0-A961-432A-91D6-22EF2D643748}"
"{3619C465-3105-4910-BE66-A9C77432FBBD}"="{E86072E8-BB78-4D30-9EBB-D5A41C837820}"
"{58AE3862-F054-435F-9FAA-541FFADABE96}"="{6DE8DB59-266C-41C6-95FB-1F5AC6AC6B93}"
"{0BF7F0A6-A5BE-42AA-A167-ADBDB9F68B9A}"="{E86072E8-BB78-4D30-9EBB-D5A41C837820}"
"{C6A4CE3C-70D9-4E46-B37B-436C52211E6A}"="{561E3E77-E900-4F24-B6D4-52087DA81B13}"
"{F3DF742D-2A1C-4BDA-8F98-98F442BEC616}"="{BD911DF5-983E-45B2-9DEF-8C2F313E13FB}"
"{7AECB9D6-D795-4857-AE86-A3D8003D3DA0}"="{BD911DF5-983E-45B2-9DEF-8C2F313E13FB}"
"{B3C3F0CD-68EC-4C05-9D51-B9984310B009}"="{E6CA8E6F-99AC-41EB-BE6F-106289989986}"
"{5266BA4C-9301-4299-BE13-19836075F234}"="{7A872822-EA7A-456D-93FB-C4E6B7BEF0DC}"
"{CCBD77F6-BD21-4920-8CA3-DEAD32DD5CA9}"="{7A872822-EA7A-456D-93FB-C4E6B7BEF0DC}"
"{A8491567-D169-4789-9A8C-2655D99AF2FC}"="{3A46B192-3C60-4644-9115-C98C7A764DC7}"
"{34641162-4FA9-4B99-A827-7E02365FE411}"="{D8B94211-4A07-4686-A198-86808247F93F}"
"{267DB875-A104-4874-A24D-A435DBBAAFBB}"="{D8B94211-4A07-4686-A198-86808247F93F}"
"{8AE085ED-636A-443E-89D2-BE61FFB937F7}"="{4E4D0E60-E053-4DF0-ADA0-475B062A3138}"
"{4F49D4DB-D656-4D92-A6D9-6A6C82B3F6E4}"="{4E4D0E60-E053-4DF0-ADA0-475B062A3138}"
"{F8DE7F62-BDE5-41C3-A978-718036EBF957}"="{20D7D45A-4287-4964-BF07-A7D6AE45750C}"
"{1B5E9299-534C-43F1-A90F-7991A4D84E4C}"="{32B4EDD7-215C-4E96-A15E-8470D2C27ED1}"
"{39BF7783-19DC-4018-93C0-6AD08BA46CC1}"="{BA84F2F9-275C-4A85-BAD2-343BE8516DF4}"
"{7D3CB09F-35D8-44EF-8F19-94BB4AAB2DB1}"="{BA84F2F9-275C-4A85-BAD2-343BE8516DF4}"
"{E219D7A4-D889-4CB2-B5D7-7983320F0AA5}"="{32B4EDD7-215C-4E96-A15E-8470D2C27ED1}"
"{74830C4A-DE85-490C-AF0B-6A43141927FC}"="{9117F612-735E-49A9-BEAE-FE32C6C66F6B}"
"{32D72F71-705E-493F-811E-3A02804F3811}"="{9117F612-735E-49A9-BEAE-FE32C6C66F6B}"
"{618F0B79-6A53-4779-94E3-A80324D4B72C}"="{9B2C5251-1011-4AA9-BF17-4D8B10269801}"
"{0FE285DD-0D2B-423E-AA8C-B0117F599ACF}"="{9B2C5251-1011-4AA9-BF17-4D8B10269801}"
"{C33A2647-EE04-4B5F-AD29-C637AF48F6D1}"="{4DBABA6C-9CA9-4A4E-BF78-C9718195D689}"
"{08ED0D8E-7607-42EB-9792-304ABCE94615}"="{4DBABA6C-9CA9-4A4E-BF78-C9718195D689}"
"{29A4BF99-2492-4671-B7D7-728C4F8799C9}"="{2DF8BD57-2E43-48FA-B1FF-0157958C1F2B}"
"{FAD4271A-BF0E-405C-A4CE-079617603073}"="{2DF8BD57-2E43-48FA-B1FF-0157958C1F2B}"
"{0FDE8F92-CAD8-485F-98A0-17EFACBD3C33}"="{9EF9719B-89A5-4FC1-977E-13337E5BA8CD}"
"{53ECAC0E-3D11-41CC-AFB4-236AE4C4ABE5}"="{5E937DA7-C0E1-41CB-93B2-D3B4C05574E8}"
"{3FDF17EF-4AE5-433E-B75B-D3B39CEF9B0D}"="{97DD878E-B861-4FA1-BFD8-87A266AF5509}"
"{0B5E58DD-974B-40DA-AE21-E25BABE5D674}"="{97DD878E-B861-4FA1-BFD8-87A266AF5509}"
"{077AD046-39E5-4DAB-9932-D6ED1A974035}"="{2B90FD8A-3078-4B57-9476-9613B79B34C2}"
"{48C8715B-AFC4-4699-B81E-BA7D4D87846C}"="{E24E72D7-9D5A-42D1-9237-CA24E08520E6}"
"{1FA0A2B4-4AEA-484D-84F7-9FDD702DA6F7}"="{E24E72D7-9D5A-42D1-9237-CA24E08520E6}"
"{392EC68B-956E-4C46-B81B-A67C63C47E33}"="{2B90FD8A-3078-4B57-9476-9613B79B34C2}"
"{E890F6FD-9082-4836-A1BA-ECC9925C2C83}"="{D70EEF20-0133-4F43-B653-B0B7561F02C8}"
"{6678C914-EF41-4788-9BDB-4B663761207E}"="{2ED81F9F-CE69-4AE0-B32D-2451A08FF896}"
"{1E907950-B3A8-4157-830F-EE66E4C01FF9}"="{2ED81F9F-CE69-4AE0-B32D-2451A08FF896}"
"{C37F49F0-CE85-483A-B83D-105A6DD79028}"="{D13BBA41-57F2-4754-A9FC-C9E051BA6D00}"
"{EA62404C-8573-4DF4-8B13-3A71E22FE4B3}"="{D13BBA41-57F2-4754-A9FC-C9E051BA6D00}"
"{6CE814AA-477D-43FD-B6A7-8D0DA49E35F4}"="{5D641F5D-B133-4AE3-9E28-1A6CA4B8AA92}"
"{45EC257B-F62D-40C5-BA84-3956C1C24316}"="{AB0FA501-6646-40BA-B74E-99D92BC33FA7}"
"{3DCABE81-00E5-4AB9-A9CA-B1015DF7C29B}"="{5D641F5D-B133-4AE3-9E28-1A6CA4B8AA92}"
"{DD5A4547-2B2A-4D06-A6A8-C321AE004EEC}"="{6781EB29-863C-49AE-B40D-4B9420EE7467}"
"{95E662B6-BC35-4D6D-9634-4D37D5EDD42C}"="{DFA76C39-A369-44FD-A8B9-2F4AFF4F3FD5}"
"{13031466-D711-40E5-A640-CD27DE178E0D}"="{5CF26F43-BB5D-4D0F-90B9-33D59C6F58AB}"
"{881DEB9F-FF02-45F8-A34F-C831F89B4566}"="{DFA76C39-A369-44FD-A8B9-2F4AFF4F3FD5}"
"{5B5C3F1D-D0E7-4292-BB4C-89F95F6CA32D}"="{5CF26F43-BB5D-4D0F-90B9-33D59C6F58AB}"
"{3387041A-04CA-425D-8581-AA7645A36134}"="{04A48883-6C72-44B5-A00A-B892B878348E}"
"{29210B85-B3C1-48DE-BC48-CEE6BE6D03F9}"="{04A48883-6C72-44B5-A00A-B892B878348E}"
"{9A2CE224-2A84-44A9-B33F-524E396B4263}"="{C34B6454-FCA2-464A-9292-2598C79EE20A}"
"{11C77DA8-830C-4B8E-A61A-A0D529AE59EA}"="{C34B6454-FCA2-464A-9292-2598C79EE20A}"
"ccSvcHst_ccSetMgr"="{8C82FFEC-468F-40D1-A76F-49B2E77234F8}"
"SNDServiceRequestChannel"="{8C82FFEC-468F-40D1-A76F-49B2E77234F8}"
"SNDLocationChannel"="{8C82FFEC-468F-40D1-A76F-49B2E77234F8}"
"ccSettingsService"="{8C82FFEC-468F-40D1-A76F-49B2E77234F8}"
"ccSvcHst_ccEvtMgr"="{8C82FFEC-468F-40D1-A76F-49B2E77234F8}"
"ccEvtCli"="{8C82FFEC-468F-40D1-A76F-49B2E77234F8}"
"{F3593249-5B78-44B9-B40A-9268325A2049}"="{8C82FFEC-468F-40D1-A76F-49B2E77234F8}"
"{0B329BD7-6F19-42A2-AFD1-6D97388430DC}"="{FC5E7A98-7C26-4FAE-850C-E83B7EB20661}"
"{BDB037DE-AD6A-499A-9CB6-1637C20FB504}"="{FC5E7A98-7C26-4FAE-850C-E83B7EB20661}"
"{14446E3A-1ED0-48A8-BCCB-95A9277F57CC}"="{EAC71F06-9F7A-4C4D-9BF7-2702967C1C22}"
"{CBC6564D-CB15-4E91-8283-DBD0920C30EF}"="{EAC71F06-9F7A-4C4D-9BF7-2702967C1C22}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-06 12:18:37
ComboFix-quarantined-files.txt 2011-01-06 17:18
ComboFix2.txt 2011-01-03 15:57

Pre-Run: 109,564,452,864 bytes free
Post-Run: 109,344,329,728 bytes free

- - End Of File - - A1D0848D5F544C78582E8E497EAA091D

 

[crunchie]

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client\ccService\Channels]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

==============

How are things with the PC?

 

[msmall10]

ComboFix 11-01-02.04 - matt small 01/06/2011 23:25:42.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1468 [GMT -5:00]
Running from: c:\users\matt small\Desktop\ComboFix.exe
Command switches used :: c:\users\matt small\Desktop\CFScript.txt
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://nexdef.mlb.com
.
((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 04:54 . 2011-01-07 04:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-04 04:42 . 2011-01-04 04:42 -------- d-----w- c:\users\matt small\AppData\Local\Threat Expert
2011-01-02 22:48 . 2011-01-02 22:48 -------- d-----w- c:\program files\ZSoft
2011-01-02 01:23 . 2011-01-02 01:23 -------- d-----w- c:\program files\ESET
2011-01-02 00:36 . 2011-01-02 00:36 -------- d-----w- C:\_OTL
2010-12-26 23:30 . 2010-12-31 02:55 -------- d-----w- c:\program files\Xilisoft
2010-12-26 19:25 . 2010-12-31 02:42 -------- d-----w- c:\program files\CCleaner
2010-12-26 01:18 . 2010-12-26 01:18 -------- d-----w- c:\program files\iPod
2010-12-26 01:18 . 2010-12-31 02:44 -------- d-----w- c:\program files\iTunes
2010-12-26 01:18 . 2010-12-26 01:20 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-23 22:38 . 2010-12-31 02:42 -------- d-----w- c:\program files\Free Window Registry Repair
2010-12-23 19:53 . 2010-12-23 19:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
2010-12-18 17:56 . 2011-01-03 02:52 -------- d-----w- c:\users\matt small\AppData\Roaming\vlc
2010-12-15 20:01 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 20:01 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-10 10:55 . 2010-12-10 10:55 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 19:54 . 2010-01-07 00:50 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-12-23 19:53 . 2010-05-19 07:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-12-23 07:42 . 2010-05-01 18:37 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-12-23 07:41 . 2010-05-20 08:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-12-20 23:09 . 2010-11-24 03:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-11-24 03:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 07:13 . 2010-01-07 00:50 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-08 18:12 . 2007-09-30 03:33 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 18:11 . 2007-09-30 03:33 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 18:11 . 2007-09-30 03:33 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 18:11 . 2007-09-30 03:33 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-25 05:11 . 2010-11-25 04:51 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-25 05:11 . 2010-11-25 04:52 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-12 23:53 . 2010-05-23 14:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-10 07:49 . 2010-07-07 18:55 4323040 ----a-w- c:\windows\system32\drivers\LVUVC.sys
2010-11-10 07:49 . 2010-07-07 18:54 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-11-10 07:49 . 2010-07-07 18:54 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-11-10 07:48 . 2010-11-10 07:48 283744 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-11-10 07:47 . 2010-11-10 07:47 195168 ----a-w- c:\windows\system32\lvci13101216.dll
2010-11-10 07:47 . 2010-07-07 18:50 416352 ----a-w- c:\windows\system32\LVCodec2.dll
2010-11-10 07:46 . 2010-11-10 07:46 20704 ----a-w- c:\windows\system32\drivers\lvbusflt.sys
2010-11-10 07:45 . 2010-11-10 07:45 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-11-10 07:45 . 2010-11-10 07:45 10871128 ----a-w- c:\windows\system32\LogiDPP.dll
2010-11-10 07:45 . 2010-11-10 07:45 316248 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-11-10 07:32 . 2010-11-10 07:32 38238 ----a-w- c:\windows\system32\Repository.reg
2010-10-19 15:41 . 2009-10-03 05:57 222080 ------w- c:\windows\system32\MpSigStub.exe
.

------- Sigcheck -------

[7] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
[-] 2009-07-14 . C468ADABA2040F6585FE04EA4C81984A . 543232 . . [6.1.7600.16385] . . c:\windows\System32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

 

[msmall10]

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\matt small\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-01 2397424]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-11 6703648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-27 1862144]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-11-25 1287120]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-7-18 576000]
MLB.TV NexDef Plug-in.lnk - c:\users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-5-13 802960]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-5 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-13 800032]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-27 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
PHOTOfunSTUDIO 5.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-5-17 172544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-16 721904]
R1 SABKUTIL;SABKUTIL; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e2c2e102d9f;Google Update Service (gupdate1c9e2c2e102d9f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
R2 TS_TFTP;TS TFTP;c:\program files\AnywhereTS\srv\srvstart.exe [2007-10-29 36864]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-06-19 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-19 29472]
R3 CFcatchme;CFcatchme;c:\users\MATTSM~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 218592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2008-09-25 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 MCEBuddy;MCEBuddy Service;c:\program files\Tyrell\MCEBuddy\MCEBuddySvc.exe [2010-01-24 20480]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2010-11-10 20704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 102448]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2011-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmein.com/login.asp
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: webattend.com
Trusted Zone: webtrain.com
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} - hxxp://www.webattend.com/components/wt0523.cab
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=cce877c8fbf127563&browserVersion=8.0
FF - ProfilePath - c:\users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Personas Interactive: btpersonas@brandthunder.com - %profile%\extensions\btpersonas@brandthunder.com
FF - Ext: Fast Youtube Downloader: fastYoutubeDownloader@yevgenyandrov.net - %profile%\extensions\fastYoutubeDownloader@yevgenyandrov.net
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: MileWideBack: {dc0fa13c-3dae-73eb-e852-912722c852f9} - %profile%\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\matt small\AppData\Roaming\Move Networks
.
.
Completion time: 2011-01-07 00:20:24
ComboFix-quarantined-files.txt 2011-01-07 05:20
ComboFix2.txt 2011-01-06 17:18
ComboFix3.txt 2011-01-03 15:57

Pre-Run: 109,270,245,376 bytes free
Post-Run: 109,205,282,816 bytes free

- - End Of File - - C6CB579F95ED32004A186684539DA3B2

 

[msmall10]

computer seems to be running smoothly. Have not run into any problems that I have noticed. Thanks for all the help so far.

 

[crunchie]

One that I missed.

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd 3\termsrv.dll | c:\windows\System32\termsrv.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[msmall10]

ComboFix 11-01-02.04 - matt small 01/07/2011 10:12:22.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1379 [GMT -5:00]
Running from: c:\users\matt small\Desktop\ComboFix.exe
Command switches used :: c:\users\matt small\Desktop\CFScript.txt
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 15:46 . 2011-01-07 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-04 04:42 . 2011-01-04 04:42 -------- d-----w- c:\users\matt small\AppData\Local\Threat Expert
2011-01-02 22:48 . 2011-01-02 22:48 -------- d-----w- c:\program files\ZSoft
2011-01-02 01:23 . 2011-01-02 01:23 -------- d-----w- c:\program files\ESET
2011-01-02 00:36 . 2011-01-02 00:36 -------- d-----w- C:\_OTL
2010-12-26 23:30 . 2010-12-31 02:55 -------- d-----w- c:\program files\Xilisoft
2010-12-26 19:25 . 2010-12-31 02:42 -------- d-----w- c:\program files\CCleaner
2010-12-26 01:18 . 2010-12-26 01:18 -------- d-----w- c:\program files\iPod
2010-12-26 01:18 . 2010-12-31 02:44 -------- d-----w- c:\program files\iTunes
2010-12-26 01:18 . 2010-12-26 01:20 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-23 22:38 . 2010-12-31 02:42 -------- d-----w- c:\program files\Free Window Registry Repair
2010-12-23 19:53 . 2010-12-23 19:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
2010-12-18 17:56 . 2011-01-03 02:52 -------- d-----w- c:\users\matt small\AppData\Roaming\vlc
2010-12-15 20:01 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 20:01 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-10 10:55 . 2010-12-10 10:55 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 19:54 . 2010-01-07 00:50 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-12-23 19:53 . 2010-05-19 07:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-12-23 07:42 . 2010-05-01 18:37 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-12-23 07:41 . 2010-05-20 08:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-12-20 23:09 . 2010-11-24 03:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-11-24 03:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 07:13 . 2010-01-07 00:50 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-08 18:12 . 2007-09-30 03:33 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 18:11 . 2007-09-30 03:33 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 18:11 . 2007-09-30 03:33 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 18:11 . 2007-09-30 03:33 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-25 05:11 . 2010-11-25 04:51 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-25 05:11 . 2010-11-25 04:52 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-12 23:53 . 2010-05-23 14:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-10 07:49 . 2010-07-07 18:55 4323040 ----a-w- c:\windows\system32\drivers\LVUVC.sys
2010-11-10 07:49 . 2010-07-07 18:54 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-11-10 07:49 . 2010-07-07 18:54 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-11-10 07:48 . 2010-11-10 07:48 283744 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-11-10 07:47 . 2010-11-10 07:47 195168 ----a-w- c:\windows\system32\lvci13101216.dll
2010-11-10 07:47 . 2010-07-07 18:50 416352 ----a-w- c:\windows\system32\LVCodec2.dll
2010-11-10 07:46 . 2010-11-10 07:46 20704 ----a-w- c:\windows\system32\drivers\lvbusflt.sys
2010-11-10 07:45 . 2010-11-10 07:45 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-11-10 07:45 . 2010-11-10 07:45 10871128 ----a-w- c:\windows\system32\LogiDPP.dll
2010-11-10 07:45 . 2010-11-10 07:45 316248 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-11-10 07:32 . 2010-11-10 07:32 38238 ----a-w- c:\windows\system32\Repository.reg
2010-10-19 15:41 . 2009-10-03 05:57 222080 ------w- c:\windows\system32\MpSigStub.exe
.

------- Sigcheck -------

[7] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
[-] 2009-07-14 . C468ADABA2040F6585FE04EA4C81984A . 543232 . . [6.1.7600.16385] . . c:\windows\System32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\matt small\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-01 2397424]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-11 6703648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-27 1862144]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-11-25 1287120]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-7-18 576000]
MLB.TV NexDef Plug-in.lnk - c:\users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-5-13 802960]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-5 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-13 800032]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-27 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
PHOTOfunSTUDIO 5.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-5-17 172544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-16 721904]
R1 SABKUTIL;SABKUTIL; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e2c2e102d9f;Google Update Service (gupdate1c9e2c2e102d9f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
R2 TS_TFTP;TS TFTP;c:\program files\AnywhereTS\srv\srvstart.exe [2007-10-29 36864]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-06-19 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-19 29472]
R3 CFcatchme;CFcatchme;c:\users\MATTSM~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 218592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2008-09-25 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 MCEBuddy;MCEBuddy Service;c:\program files\Tyrell\MCEBuddy\MCEBuddySvc.exe [2010-01-24 20480]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2010-11-10 20704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 102448]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]
.
.

 

[msmall10]

------- Supplementary Scan -------
.
uStart Page = https://secure.logmein.com/login.asp
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: webattend.com
Trusted Zone: webtrain.com
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} - hxxp://www.webattend.com/components/wt0523.cab
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=cce877c8fbf127563&browserVersion=8.0
FF - ProfilePath - c:\users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Personas Interactive: btpersonas@brandthunder.com - %profile%\extensions\btpersonas@brandthunder.com
FF - Ext: Fast Youtube Downloader: fastYoutubeDownloader@yevgenyandrov.net - %profile%\extensions\fastYoutubeDownloader@yevgenyandrov.net
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: MileWideBack: {dc0fa13c-3dae-73eb-e852-912722c852f9} - %profile%\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\matt small\AppData\Roaming\Move Networks
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3712)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-01-07 11:29:37
ComboFix-quarantined-files.txt 2011-01-07 16:29
ComboFix2.txt 2011-01-07 05:20
ComboFix3.txt 2011-01-06 17:18
ComboFix4.txt 2011-01-03 15:57

Pre-Run: 109,255,655,424 bytes free
Post-Run: 108,869,722,112 bytes free

- - End Of File - - 49E0A88004F33DAB36BFB8E5E0251395

 

[crunchie]

My apologies, but there was a space in the fix that should not have been there and you will need to run that again as below:

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll | c:\windows\System32\termsrv.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[msmall10]

ComboFix 11-01-02.04 - matt small 01/07/2011 23:54:02.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1709 [GMT -5:00]
Running from: c:\users\matt small\Desktop\ComboFix.exe
Command switches used :: c:\users\matt small\Desktop\CFScript.txt
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://nexdef.mlb.com
.
--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll --> c:\windows\System32\termsrv.dll
.
((((((((((((((((((((((((( Files Created from 2010-12-08 to 2011-01-08 )))))))))))))))))))))))))))))))
.

2011-01-08 05:23 . 2011-01-08 05:23 -------- d-----w- c:\users\matt small\AppData\Local\temp
2011-01-08 05:23 . 2011-01-08 05:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-07 20:36 . 2011-01-07 20:36 -------- d-----w- c:\users\matt small\AppData\Local\Avid
2011-01-07 20:32 . 2011-01-07 20:32 -------- d-----w- c:\programdata\Avid
2011-01-07 20:09 . 2011-01-07 20:09 -------- d-----w- c:\windows\system32\MEDIA
2011-01-07 20:08 . 2011-01-07 20:08 -------- d-----w- c:\program files\Common Files\PACE
2011-01-07 20:06 . 2011-01-07 20:06 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2011-01-07 20:00 . 2011-01-07 20:00 -------- d-----w- c:\program files\Digidesign
2011-01-07 20:00 . 2011-01-07 20:00 -------- d-----w- c:\program files\Common Files\Digidesign
2011-01-07 19:58 . 2011-01-07 20:07 -------- d-----w- c:\program files\Common Files\Avid
2011-01-07 19:54 . 2011-01-07 19:54 -------- d-----w- c:\program files\Licenses
2011-01-07 19:54 . 2011-01-07 20:07 -------- d-----w- c:\program files\Avid
2011-01-04 04:42 . 2011-01-04 04:42 -------- d-----w- c:\users\matt small\AppData\Local\Threat Expert
2011-01-02 22:48 . 2011-01-02 22:48 -------- d-----w- c:\program files\ZSoft
2011-01-02 01:23 . 2011-01-02 01:23 -------- d-----w- c:\program files\ESET
2011-01-02 00:36 . 2011-01-02 00:36 -------- d-----w- C:\_OTL
2010-12-26 23:30 . 2010-12-31 02:55 -------- d-----w- c:\program files\Xilisoft
2010-12-26 19:25 . 2010-12-31 02:42 -------- d-----w- c:\program files\CCleaner
2010-12-26 01:18 . 2010-12-26 01:18 -------- d-----w- c:\program files\iPod
2010-12-26 01:18 . 2010-12-31 02:44 -------- d-----w- c:\program files\iTunes
2010-12-26 01:18 . 2010-12-26 01:20 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-23 22:38 . 2010-12-31 02:42 -------- d-----w- c:\program files\Free Window Registry Repair
2010-12-23 19:53 . 2010-12-23 19:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
2010-12-18 17:56 . 2011-01-07 21:16 -------- d-----w- c:\users\matt small\AppData\Roaming\vlc
2010-12-15 20:01 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 20:01 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-10 10:55 . 2010-12-10 10:55 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 19:54 . 2010-01-07 00:50 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-12-23 19:53 . 2010-05-19 07:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-12-23 07:42 . 2010-05-01 18:37 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-12-23 07:41 . 2010-05-20 08:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-12-20 23:09 . 2010-11-24 03:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-11-24 03:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 07:13 . 2010-01-07 00:50 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-08 18:12 . 2007-09-30 03:33 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-12-08 18:11 . 2007-09-30 03:33 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-12-08 18:11 . 2007-09-30 03:33 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-12-08 18:11 . 2007-09-30 03:33 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-25 05:11 . 2010-11-25 04:51 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-25 05:11 . 2010-11-25 04:52 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-12 23:53 . 2010-05-23 14:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-10 07:49 . 2010-07-07 18:55 4323040 ----a-w- c:\windows\system32\drivers\LVUVC.sys
2010-11-10 07:49 . 2010-07-07 18:54 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-11-10 07:49 . 2010-07-07 18:54 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-11-10 07:48 . 2010-11-10 07:48 283744 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-11-10 07:47 . 2010-11-10 07:47 195168 ----a-w- c:\windows\system32\lvci13101216.dll
2010-11-10 07:47 . 2010-07-07 18:50 416352 ----a-w- c:\windows\system32\LVCodec2.dll
2010-11-10 07:46 . 2010-11-10 07:46 20704 ----a-w- c:\windows\system32\drivers\lvbusflt.sys
2010-11-10 07:45 . 2010-11-10 07:45 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-11-10 07:45 . 2010-11-10 07:45 10871128 ----a-w- c:\windows\system32\LogiDPP.dll
2010-11-10 07:45 . 2010-11-10 07:45 316248 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-11-10 07:32 . 2010-11-10 07:32 38238 ----a-w- c:\windows\system32\Repository.reg
2010-10-19 15:41 . 2009-10-03 05:57 222080 ------w- c:\windows\system32\MpSigStub.exe
.

 

[msmall10]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\matt small\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-01 2397424]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-11 6703648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-27 1862144]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-02 119152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-11-25 1287120]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2010-05-05 77824]

c:\users\matt small\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-7-18 576000]
MLB.TV NexDef Plug-in.lnk - c:\users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2010-5-13 802960]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-1-7 634880]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-5 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-13 800032]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-27 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
PHOTOfunSTUDIO 5.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-5-17 172544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-16 721904]
R1 SABKUTIL;SABKUTIL; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e2c2e102d9f;Google Update Service (gupdate1c9e2c2e102d9f);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
R2 TS_TFTP;TS TFTP;c:\program files\AnywhereTS\srv\srvstart.exe [2007-10-29 36864]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-06-19 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-19 29472]
R3 CFcatchme;CFcatchme;c:\users\MATTSM~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-01-29 30576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 218592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2008-09-25 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 MCEBuddy;MCEBuddy Service;c:\program files\Tyrell\MCEBuddy\MCEBuddySvc.exe [2010-01-24 20480]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2010-11-10 20704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 102448]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-05-28 391296]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = https://secure.logmein.com/login.asp
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: webattend.com
Trusted Zone: webtrain.com
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} - hxxp://www.webattend.com/components/wt0523.cab
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=cce877c8fbf127563&browserVersion=8.0
FF - ProfilePath - c:\users\matt small\AppData\Roaming\Mozilla\Firefox\Profiles\420w6fuk.default\
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Personas Interactive: btpersonas@brandthunder.com - %profile%\extensions\btpersonas@brandthunder.com
FF - Ext: Fast Youtube Downloader: fastYoutubeDownloader@yevgenyandrov.net - %profile%\extensions\fastYoutubeDownloader@yevgenyandrov.net
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: MileWideBack: {dc0fa13c-3dae-73eb-e852-912722c852f9} - %profile%\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\matt small\AppData\Roaming\Move Networks
.
.
Completion time: 2011-01-08 00:50:30
ComboFix-quarantined-files.txt 2011-01-08 05:50
ComboFix2.txt 2011-01-07 16:29
ComboFix3.txt 2011-01-07 05:20
ComboFix4.txt 2011-01-06 17:18
ComboFix5.txt 2011-01-08 04:52

Pre-Run: 106,804,486,144 bytes free
Post-Run: 106,752,741,376 bytes free

- - End Of File - - 3599B66D661EB0D1E433A16A905FFC99

 

[crunchie]

Good. How are things now?

 

[msmall10]

Everything seems to be working. Haven't had any problems yet. Thanks for all the help.

 

[crunchie]

No worries .

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

 

[msmall10]

I'm still having some explorer.exe problems. The windows flicker and i can't click anything until its done. And then sometimes it stops responding and the exe has to restart.

 

[crunchie]

Do you have your Windows 7 CD?
Try running sfc /scannow as per these instructions;

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Let me know if there is an improvement.

 

[msmall10]

It says "Windows Resource Protection did not find any integrity violations."

 

[crunchie]

Ok. Lets just run an on-line scan to see if there are any left-overs.

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[msmall10]

i can't run that site. it says the update is failing and the license is expired.

 

[crunchie]

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Panda Active Scan​

• Trend Micro HouseCall​

• F-Secure Online Virus Scanner​