Solved When I click on a link after searching in Google, I get redirected to different site

[OO00UCH]

I am having trouble getting rid of a website redirect problem. When I click on a link, I often get resent to another website.

I tried a number of adware removal tools and none of them seem to have solved the problem.

Thanks for your help.

I've attached the logs below:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6850

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/13/2011 5:45:40 PM
mbam-log-2011-06-13 (17-45-40).txt

Scan type: Quick scan
Objects scanned: 177077
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-13 17:50:35
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0084
Running: td0wrs7c.exe; Driver: C:\Users\Galen\AppData\Local\Temp\kxryqfow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_14
Run by Galen at 17:57:57 on 2011-06-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2520.1232 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\RotateImage\RCIMGDIR.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://lenovo.live.com
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: QuickNet BHO: {ea5ca8b6-9b9c-4994-a7a1-947b6c631be7} - c:\program files\regtweaker\key.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10q_Plugin.exe -update plugin
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rcimgd~1.lnk - c:\program files\rotateimage\RCIMGDIR.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{158A99FA-54A9-4C72-8829-9FB6332325F7} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{158A99FA-54A9-4C72-8829-9FB6332325F7}\1503344433 : DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{158A99FA-54A9-4C72-8829-9FB6332325F7}\1666475627E6F6F6E64454C4C4944554 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{158A99FA-54A9-4C72-8829-9FB6332325F7}\34865656A75602C4F65796A756 : DhcpNameServer = 192.168.2.1 208.59.247.45 208.59.247.46
TCP: Interfaces\{158A99FA-54A9-4C72-8829-9FB6332325F7}\44270214E6570716D6 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{158A99FA-54A9-4C72-8829-9FB6332325F7}\94E444F5055524C49434F575966496 : DhcpNameServer = 65.24.0.168 65.24.0.169 209.244.0.3
TCP: Interfaces\{D1ABE2CB-8C60-4EE6-AE45-DE362B6CB6CD} : DhcpNameServer = 129.79.1.1 129.79.5.100 129.79.8.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\galen\appdata\roaming\mozilla\firefox\profiles\p9nmvnpl.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\galen\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\galen\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\users\galen\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\galen\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\galen\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\galen\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XULRunner: {C0198FE6-570E-47BD-BC36-2628A79E3705} - c:\users\galen\appdata\local\{C0198FE6-570E-47BD-BC36-2628A79E3705}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-18 64288]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-1-28 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-10-23 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-24 172032]
R2 BPPROT;Intel(R) WiMAX Link Protocol Driver;c:\windows\system32\drivers\bpprot.sys [2008-12-1 22016]
R2 DMAgent;Intel(R) PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\bin\DMAgent.exe [2008-12-11 348160]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-30 66848]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-25 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-5-14 62320]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-30 2058776]
R2 WiMAXAppSrv;Intel(R) PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\bin\AppSrv.exe [2008-12-11 2379776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-6-30 72192]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-8-24 5073920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-8-24 106496]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-6-30 225408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-12 105592]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-9-22 5946368]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-5-7 21360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2151128]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-5-14 45424]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-9 15872]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-9 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-6-30 229400]
S4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448]
.
=============== Created Last 30 ================
.
2011-06-13 19:07:31 -------- d-----w- c:\users\galen\appdata\local\Adobe
2011-06-13 16:39:05 1156 ---ha-w- C:\aaw7boot.cmd
2011-06-13 16:12:18 -------- d-----w- c:\program files\RegCleaner
2011-06-13 15:51:48 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-13 15:38:46 -------- d-----w- c:\programdata\Hitman Pro
2011-06-11 13:25:19 -------- d-----w- c:\windows\system32\SPReview
2011-06-09 12:46:59 520064 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2011-06-09 12:45:59 97280 ----a-w- c:\windows\system32\dwmredir.dll
2011-06-09 12:44:59 90112 ----a-w- c:\windows\system32\srvcli.dll
2011-06-09 12:43:55 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-09 12:43:55 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-06-09 12:43:55 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-09 12:43:55 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-09 12:43:41 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-09 12:43:34 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-09 12:43:34 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-06-09 12:42:46 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-06-09 12:42:45 257024 ----a-w- c:\windows\system32\dpx.dll
2011-05-26 14:03:57 -------- d-----w- c:\program files\Conduit
2011-05-26 14:03:55 -------- d-----w- c:\program files\ConduitEngine
2011-05-26 14:03:51 -------- d-----w- c:\program files\uTorrentBar
2011-05-26 14:03:37 -------- d-----w- c:\program files\uTorrent
2011-05-26 14:02:44 -------- d-----w- c:\users\galen\appdata\roaming\uTorrent
2011-05-25 12:20:06 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 12:45:27 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 14:34:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-11 13:29:57 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 02:57:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 17:59:18.88 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/28/2010 5:40:58 PM
System Uptime: 6/13/2011 11:53:42 AM (6 hours ago)
.
Motherboard: LENOVO | | 2081CTO
Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | None | 784/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 37.791 GiB free.
F: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 3.47 GiB free.
S: is FIXED (NTFS) - 1 GiB total, 0.691 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97b-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Turbo Memory Controller
Device ID: PCI\VEN_8086&DEV_444E&SUBSYS_44438086&REV_11\4&324544AA&0&00E2
Manufacturer: Intel
Name: Intel(R) Turbo Memory Controller
PNP Device ID: PCI\VEN_8086&DEV_444E&SUBSYS_44438086&REV_11\4&324544AA&0&00E2
Service: iaNvStor
.
Class GUID:
Description: Intel(R) WiMAX Link 5350
Device ID: USB\VID_8086&PID_1405\5&75498B4&0&3
Manufacturer:
Name: Intel(R) WiMAX Link 5350
PNP Device ID: USB\VID_8086&PID_1405\5&75498B4&0&3
Service:
.
==== System Restore Points ===================
.
RP60: 6/11/2011 9:25:11 AM - Windows 7 Service Pack 1
RP61: 6/13/2011 12:33:13 AM - Windows Update
.
==== Installed Programs ======================
.
.
.NET Utilities
µTorrent
32 Bit HP CIO Components Installer
Access Help
Acrobat.com
Ad-Aware
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.4 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2.6
Adobe Reader 9.4.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Service Activation
ATI Catalyst Install Manager
BlackBerry Desktop Software 5.0.1
Bonjour
Camera Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CLEAR™ WiMAX Tutorial
Client Security - Password Manager
Conduit Engine
Conexant HD Audio
Connect
DecisionTools Suite Industrial 5.5 for Excel
DecisionTools Suite Industrial 5.5.1
Definition update for Microsoft Office 2010 (KB982726)
Drag-to-Disc
Dropbox
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Help Center
Integrated Camera Driver Installer Package Ver.1.25.500.0
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Management Engine Interface
Intel(R) PROSet/Wireless WiFi Software
Intel(R) PROSet/Wireless WiMAX Software
Intel® Active Management Technology
Intel® Matrix Storage Manager and Intel® Turbo Memory
Intel® Turbo Memory
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java(TM) 6 Update 14
Juniper Networks Network Connect 6.4.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
kuler
League of Legends
Lenovo Registration
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Welcome
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.0.1200
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mobile Broadband Connect
Move Media Player
Mozilla Firefox (3.6.17)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OBD-PC Link
OGA Notifier 2.0.0048.0
On Screen Display
Pando Media Booster
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Presentation Director
Printer Finder
Product Recovery Disc Burning Utility
Productivity Center Supplement for ThinkPad
PX Profile Update
QuickTime
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
RICOH R5U230 Media Driver ver.2.02.02.01
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Roxio Update Manager
Search Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skins
Skype Toolbars
Skype™ 5.1
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Suite Shared Configuration CS4
SUPERAntiSpyware
Symantec Endpoint Protection
System Requirements Lab
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Mobility Center Customization
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Status Gadget
TurboTax 2010
TurboTax 2010 winiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
Uninstall Startup Inspector
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
uTorrentBar Toolbar
Verizon Wireless Mobile Broadband Self Activation
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC Player
Wallpapers
Winamp
Winamp Detector Plug-in
Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009)
Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53)
Windows Driver Package - Ricoh (5U875UVC) Image (09/03/2008 1.25.500.0)
Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
Windows Live Toolbar
WinRAR archiver
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
6/6/2011 12:58:25 PM, Error: Microsoft-Windows-TBS [16385] - An internal TBS error was detected. The error code was 0x80070013. This is usually caused by unexpected TPM or driver behavior and may be transient.
6/13/2011 5:58:02 PM, Error: Service Control Manager [7016] - The Intel(R) PROSet/Wireless WiMAX Red Bend Device Management Service service has reported an invalid current state 0.
6/13/2011 12:44:30 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
6/13/2011 11:50:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVT Scheduler service to connect.
6/13/2011 11:50:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVT Backup Service service to connect.
6/13/2011 11:50:42 AM, Error: Service Control Manager [7000] - The TVT Backup Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2011 11:50:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVT Backup Protection Service service to connect.
6/13/2011 11:50:39 AM, Error: Service Control Manager [7000] - The TVT Backup Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2011 11:50:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ThinkVantage Registry Monitor Service service to connect.
6/13/2011 11:47:55 AM, Error: Service Control Manager [7023] - The Lenovo Microphone Mute service terminated with the following error: The system cannot find the file specified.
6/13/2011 11:47:19 AM, Error: amdkmdag [52236] - CPLIB :: General - Invalid Parameter
6/13/2011 11:13:03 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2011 11:12:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/13/2011 11:12:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/13/2011 11:12:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/13/2011 11:12:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/13/2011 11:12:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/13/2011 11:11:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/13/2011 11:11:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SPBBCDrv spldr SRTSP SRTSPX SYMTDI tdx TPPWRIF Wanarpv6 WfpLwf
6/13/2011 11:11:49 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2011 11:11:49 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 11:11:49 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2011 11:11:49 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2011 11:11:49 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2011 11:11:49 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/13/2011 11:11:47 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 11:11:47 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 11:11:47 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 11:11:47 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 1:58:22 PM, Error: amdkmdag [43029] - Display is not active
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

You're running two AV programs, Norton and Lavasoft Ad-Watch Live! Anti-Virus.
One of them has to go.
I suggest, Lavasoft goes.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


=====================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

• Link 1 (.exe file)
  Link 2 (zipped file)
  Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
• Click the Report tab, then click Scan.
• Check Drivers, Stealth, and uncheck the rest.
• Click OK.
• Wait until it's finished and then go to File > Save Report.
• Save the report to your Desktop.
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

 

[OO00UCH]

Thanks for getting back to me.

I uninstalled Ad-Aware and ran the two programs. I also found a file "MBR.dat" on my desktop, is that OK to delete? Here are the logs:

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-13 19:02:47
-----------------------------
19:02:47.478 OS Version: Windows 6.1.7601 Service Pack 1
19:02:47.478 Number of processors: 2 586 0x1706
19:02:47.479 ComputerName: BL-BUS-GHCHAN UserName: Galen
19:03:08.252 Initialize success
19:05:20.915 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:05:20.920 Disk 0 Vendor: FUJITSU_ 0084 Size: 152627MB BusType: 3
19:05:20.944 Disk 0 MBR read successfully
19:05:20.950 Disk 0 MBR scan
19:05:20.956 Disk 0 Windows 7 default MBR code
19:05:20.966 Disk 0 scanning sectors +312578048
19:05:21.001 Disk 0 scanning C:\Windows\system32\drivers
19:05:30.118 Service scanning
19:05:31.981 Disk 0 trace - called modules:
19:05:32.029 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
19:05:32.040 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8695c148]
19:05:32.050 3 CLASSPNP.SYS[8a40459e] -> nt!IofCallDriver -> [0x85f272c0]
19:05:32.061 5 ACPI.sys[89eb63d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85efe028]
19:05:32.073 Scan finished successfully
19:05:47.708 Disk 0 MBR has been saved successfully to "C:\Users\Galen\Desktop\MBR.dat"
19:05:47.714 The log file has been saved successfully to "C:\Users\Galen\Desktop\aswMBR.txt"






RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x9941B000 C:\Windows\system32\DRIVERS\igdpmd32.sys 6451200 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x98C13000 C:\Windows\system32\DRIVERS\atipmdag.sys 5410816 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x99C33000 C:\Windows\system32\DRIVERS\NETw5v32.sys 4272128 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x82E06000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82E06000 PnpManager 4268032 bytes
0x82E06000 RAW 4268032 bytes
0x82E06000 WMIxWDM 4268032 bytes
0x9D2C0000 Win32k 2416640 bytes
0x9D2C0000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8F208000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110612.002\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine)
0x8A615000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x8A20B000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9BA47000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8F80D000 C:\Windows\System32\Drivers\dump_iaStor.sys 897024 bytes
0x8A022000 C:\Windows\system32\DRIVERS\iaStor.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x99A42000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8A437000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x9BB49000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x89D0E000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xB9E2A000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA4281000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x89C2E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x98582000 C:\Windows\system32\drivers\CHDRT32.sys 471040 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x89E2E000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9531F000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 434176 bytes (Symantec Corporation, SPBBC Driver)
0x984A6000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x9841E000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x8A378000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x95207000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9A0B1000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xB9F51000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xB9F01000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9D570000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x99BA5000 C:\Windows\system32\drivers\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x89F6F000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F919000 C:\Windows\System32\Drivers\SRTSP.SYS 303104 bytes (Symantec Corporation, Symantec AutoProtect)
0x89EAD000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA4218000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9919D000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x89CCC000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x953B1000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8A799000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8A4EE000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9BA0A000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xA4354000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x99B60000 C:\Windows\system32\DRIVERS\e1y6032.sys 237568 bytes (Intel Corporation, Intel(R) Gigabit Network Connection NDIS 6 deserialized driver)
0x99AF9000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83218000 ACPI_HAL 225280 bytes
0x83218000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8A132000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9915B000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8A59E000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x95261000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8A75F000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9A128000 C:\Windows\system32\DRIVERS\SynTP.sys 200704 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8A1A7000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89FCF000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x9A046000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8A551000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x95293000 C:\Windows\System32\Drivers\SYMTDI.SYS 184320 bytes (Symantec Corporation, Network Dispatch Driver)
0x8A33A000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x89F06000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x89DB9000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x8A400000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8A52C000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8F37F000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8A106000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA4331000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9A1CE000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x95389000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xB9ECB000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x98530000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F963000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8A57E000 C:\Windows\System32\DRIVERS\Apsx86.sys 131072 bytes (Lenovo., Shockproof Disk Driver)
0x98563000 C:\Windows\system32\DRIVERS\atikmpag.sys 126976 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x8F8FA000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9913C000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x952C7000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9D550000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x9847C000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x8A5E1000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA438F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x99B3C000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x8A000000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA4306000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x98400000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x9A073000 C:\Windows\system32\drivers\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9850A000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8A1D6000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0x9A103000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x9A1AB000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x99C00000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x89C00000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0x8A186000 C:\Windows\System32\Drivers\DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0x99C18000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x99400000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8F9A5000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8F9D2000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x89DE3000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x89E00000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8F3A4000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110612.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x9A09D000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8A365000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xA426E000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x952F4000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x89E16000 00000074 73728 bytes
0x98C00000 C:\Windows\system32\DRIVERS\5U875.sys 73728 bytes (Ricoh co.,Ltd., Ricoh USB Camera driver)
0x9A199000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x98551000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0xA431F000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89E16000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0xA43C2000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x8A5D0000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F8E8000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8A166000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x991E1000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x89F3B000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x89CB3000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x9A08C000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x9530E000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8A3EC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8A7E9000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0xA425E000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x89F5F000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8A177000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x99BF0000 C:\Windows\system32\drivers\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x98522000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x952E6000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F997000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x89FC1000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8A3D5000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8F9E9000 C:\Windows\system32\DRIVERS\STREAM.SYS 57344 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x9918F000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x89E9F000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9A18C000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8F800000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9A11B000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x991F2000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x9A15B000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xB9EEC000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F3E4000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x9849A000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8F9BC000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x9A168000 C:\Windows\system32\drivers\tpm.sys 49152 bytes (Microsoft Corporation, TPM Device Driver)
0x8F3D8000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xC9EB0000 C:\Users\Galen\AppData\Local\Temp\aswMBR.sys 45056 bytes
0x89F54000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8A425000 C:\Windows\system32\DRIVERS\bpprot.sys 45056 bytes (Intel Corporation, Intel® WiMax Link 5050 Series Protocol driver)
0x8A608000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x985F5000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8F98C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9A1C3000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x99B9A000 C:\Windows\system32\drivers\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x89F30000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x9BA00000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x99B32000 C:\Windows\system32\DRIVERS\HECI.sys 40960 bytes (Intel Corporation, Intel(R) Management Engine Interface)
0x8F9C8000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x953F2000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8A19D000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x9A1F0000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xB9EC1000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x99B56000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8F3B8000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x8A129000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8A7D8000 C:\Windows\System32\DRIVERS\ApsHM86.sys 36864 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xC9EA7000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8A0FD000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xC9EC4000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8A3E3000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9D520000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8F9F7000 C:\Windows\system32\DRIVERS\tvtfilter.sys 36864 bytes (Lenovo, Rescue and Recovery filter driver)
0x8A790000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x9A183000 C:\Windows\system32\drivers\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x89EF5000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x89CC4000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x89F4C000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8A600000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BCD000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x89EFE000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F3F1000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F200000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8F984000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8A7E1000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xB9EF9000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8F3CB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x95200000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x8F3F9000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x8F3C4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x89FBA000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x95307000 C:\Windows\System32\drivers\Tppwr32v.sys 28672 bytes (Lenovo Group Limited, Power Manager)
0x952C0000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8F3D2000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0x9A17D000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x953AB000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x98419000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0x9A178000 C:\Windows\system32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0xB9FA3000 C:\Windows\System32\Drivers\SYMREDRV.SYS 20480 bytes (Symantec Corporation, Redirector Filter Driver)
0x9A174000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA43D3000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8F3C2000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0x9A1FC000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0x953FC000 C:\Windows\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0x9A1FA000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9A159000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x9BBFE000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
==============================================
>Stealth
==============================================

 

[Broni]

I also found a file "MBR.dat" on my desktop, is that OK to delete?

Your MBR looks fine, so, yes.

Which browser is getting redirected?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[OO00UCH]

I've been using Mozilla FireFox, so that's the one that has been redirected, but I'm not sure whether or not it affects IE.

Here's the ComboFix log (I had to split it up in posts):

ComboFix 11-06-13.01 - Galen 06/13/2011 19:32:23.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2520.1605 [GMT -4:00]
Running from: c:\users\Galen\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\windows\system32\Thumbs.db
Q:\Autorun.inf
S:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))
.
.
2011-06-13 23:31 . 2011-06-13 23:31 -------- d-----w- C:\32788R22FWJFW
2011-06-13 19:07 . 2011-06-13 19:08 -------- d-----w- c:\users\Galen\AppData\Local\Adobe
2011-06-13 16:39 . 2011-06-13 21:02 1156 ---ha-w- C:\aaw7boot.cmd
2011-06-13 16:12 . 2011-06-13 16:21 -------- d-----w- c:\program files\RegCleaner
2011-06-13 15:51 . 2011-06-13 15:51 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-13 15:38 . 2011-06-13 15:38 -------- d-----w- c:\programdata\Hitman Pro
2011-06-11 13:25 . 2011-06-11 13:25 -------- d-----w- c:\windows\system32\SPReview
2011-06-09 12:46 . 2010-11-20 12:29 520064 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2011-06-09 12:45 . 2010-11-20 12:21 1624064 ----a-w- c:\windows\system32\WMPEncEn.dll
2011-06-09 12:44 . 2010-11-20 12:21 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll
2011-06-09 12:43 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-09 12:43 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-09 12:43 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-09 12:43 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-06-09 12:43 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-09 12:43 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-06-09 12:43 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-09 12:42 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-06-09 12:42 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-05-26 14:03 . 2011-05-26 14:03 -------- d-----w- c:\program files\Conduit
2011-05-26 14:03 . 2011-05-26 14:03 -------- d-----w- c:\program files\uTorrent
2011-05-26 14:02 . 2011-06-12 03:52 -------- d-----w- c:\users\Galen\AppData\Roaming\uTorrent
2011-05-25 12:20 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 12:45 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 14:34 . 2011-06-13 22:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 13:29 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-29 13:11 . 2011-03-15 12:20 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-03-15 12:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 06:02 . 2011-05-10 22:29 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-10 22:29 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-08 14:18 . 2011-04-08 14:18 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-08 14:18 . 2011-04-08 14:18 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-08 14:18 . 2011-04-08 14:18 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-08 14:18 . 2011-04-08 14:18 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-08 14:18 . 2011-04-08 14:18 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-08 14:18 . 2011-04-08 14:18 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-08 14:18 . 2011-04-08 14:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-08 14:18 . 2011-04-08 14:18 367104 ----a-w- c:\windows\system32\html.iec
2011-04-08 14:18 . 2011-04-08 14:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-08 14:18 . 2011-04-08 14:18 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-08 14:18 . 2011-04-08 14:18 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-08 14:18 . 2011-04-08 14:18 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-08 14:18 . 2011-04-08 14:18 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-08 14:18 . 2011-04-08 14:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-08 14:18 . 2011-04-08 14:18 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-08 14:18 . 2011-04-08 14:18 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-08 14:18 . 2011-04-08 14:18 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-08 14:18 . 2011-04-08 14:18 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-08 14:18 . 2011-04-08 14:18 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-08 14:18 . 2011-04-08 14:18 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-08 14:18 . 2011-04-08 14:18 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-25 02:58 . 2011-05-10 22:29 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 02:58 . 2011-05-10 22:29 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 02:58 . 2011-05-10 22:29 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 02:57 . 2011-05-10 22:29 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 02:57 . 2011-05-10 22:29 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 02:57 . 2011-05-10 22:29 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 02:57 . 2011-05-10 22:29 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Galen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Galen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Galen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Galen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 174104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-19 1434920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-05-15 40960]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-03-27 33304]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-04-15 214576]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-04-15 660768]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RCIMGDIR.exe.lnk - c:\program files\RotateImage\RCIMGDIR.exe [2009-6-30 31744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2009-10-27 288112]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-28 1343400]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-02-02 229400]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 64288]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-01-29 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-24 172032]
S2 BPPROT;Intel(R) WiMAX Link Protocol Driver;c:\windows\system32\DRIVERS\bpprot.sys [2008-12-01 22016]
S2 DMAgent;Intel(R) PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2008-12-12 348160]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-04-15 66848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-02-12 2058776]
S2 WiMAXAppSrv;Intel(R) PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2008-12-12 2379776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2008-09-03 72192]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-08-24 5073920]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-08-24 106496]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-22 225408]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-09-22 5946368]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - BLACKBOX
*Deregistered* - aswMBR
*Deregistered* - BlackBox
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 19:54]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 03:01]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 03:01]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-505919019-455524809-3121656747-1003Core.job
- c:\users\Galen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-14 03:18]
.
2011-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-505919019-455524809-3121656747-1003UA.job
- c:\users\Galen\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-14 03:18]
.
2011-04-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
.
2011-06-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\Galen\AppData\Roaming\Mozilla\Firefox\Profiles\p9nmvnpl.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XULRunner: {C0198FE6-570E-47BD-BC36-2628A79E3705} - c:\users\Galen\AppData\Local\{C0198FE6-570E-47BD-BC36-2628A79E3705}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - c:\program files\RegTweaker\key.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Client\YontooIEClient.dll
AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe
AddRemove-HitmanPro35 - c:\users\Galen\Downloads\HitmanPro35.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-505919019-455524809-3121656747-1003_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Symantec\Common Client\ccService\Channels]
@Denied: (C D) (Everyone)
"{19D3274A-B445-4B51-B1D5-11FC2A2D66F4}"="{CD3C287F-954A-4B3D-A503-BF5804C7F779}"
"{354D8E5F-B50A-46AA-B13A-04A2B9948AD5}"="{519B704A-E218-478C-A3E3-1FCD9345BCF2}"
"{4117CDC6-6566-49E6-BB06-7D803ABBF977}"="{31A8FAD5-5385-4484-A300-B4B450E882C9}"
"{612433B6-1F32-45A2-A7BE-D3B4A61FA270}"="{31A8FAD5-5385-4484-A300-B4B450E882C9}"
"{7366A895-329D-4642-A74C-08C4810206DD}"="{31A8FAD5-5385-4484-A300-B4B450E882C9}"
"{74C26924-4EF0-4548-8B89-AA55F85759EF}"="{519B704A-E218-478C-A3E3-1FCD9345BCF2}"
"{94DEEF3E-47A3-41CF-A1FF-AEE4D6AD6562}"="{31A8FAD5-5385-4484-A300-B4B450E882C9}"
"{97DAEAE0-ECF1-4960-9201-002610E671E0}"="{82906A31-801F-4A21-88EF-612D08D7FF28}"
"{B7CCB674-D674-4FB9-AAA8-6F87FC4DA020}"="{82906A31-801F-4A21-88EF-612D08D7FF28}"
"{D4BDF26F-412E-4AD5-9F2C-B9D13A0A0D9F}"="{CD3C287F-954A-4B3D-A503-BF5804C7F779}"
"{EAB6C230-A86C-4E82-B8EE-087B70705911}"="{519B704A-E218-478C-A3E3-1FCD9345BCF2}"
"{4FC15686-01A5-4B80-B7A7-2357B428C85A}"="{2073F20F-FEE1-435B-B951-7AD9BD02BC84}"
"{A5456704-2B8A-40E2-AE90-D532FA48AE0A}"="{2073F20F-FEE1-435B-B951-7AD9BD02BC84}"
"{5FBD5F4E-BB34-4AFD-98B3-BF69BD0552EE}"="{3D1A48B1-3EF1-47D1-8E8C-96ED56FA92A9}"
"{1BF93DBC-1050-4A0C-B232-909E58D1A0C8}"="{3D1A48B1-3EF1-47D1-8E8C-96ED56FA92A9}"
"{35AACA34-E511-4B25-86D5-72F9D6D98E69}"="{51AD075C-789A-41D1-A2E3-87E084DDBAF7}"
"{5B417E1C-C40C-41CD-974D-B7C92F451FA4}"="{51AD075C-789A-41D1-A2E3-87E084DDBAF7}"
"{F2989566-805F-417D-BFBD-5EA8DD87EFFC}"="{1F11D43F-F3CC-4823-BA68-6A68D42E2BD7}"
"{6EDC6B46-BEB5-475D-9C34-D94659D1DAB2}"="{1F11D43F-F3CC-4823-BA68-6A68D42E2BD7}"
"{5C778968-7F6B-4606-840C-B8A4FCF9B065}"="{10F68606-B40A-482A-A4D7-C4E0241B2AFB}"
"{906E6A63-445B-4D18-BAA3-47D7A2CD93BF}"="{10F68606-B40A-482A-A4D7-C4E0241B2AFB}"
"{B4AFD9AD-29A0-4897-976A-CACC7023E26C}"="{376BAD35-CE5E-4BED-8FC2-70978920CB71}"
"{0B4DDDF0-7272-468D-B6A3-DCF34DBCDB3A}"="{376BAD35-CE5E-4BED-8FC2-70978920CB71}"
"{79F54528-FDCD-434D-92DF-A7D590FA1E44}"="{7972D29A-7595-402C-B4AA-88AF0EE8E926}"
"{01CEE317-35AF-4A16-A8D2-9A5EB5E01C10}"="{7972D29A-7595-402C-B4AA-88AF0EE8E926}"
"{88FDCC62-ABAE-4CC2-90BB-7FC74E681039}"="{27B11FC6-47FE-441E-A58E-C55D0BD4A281}"
"{02E41BC7-A700-4D7C-A859-2DE8806A3476}"="{475C09FB-F0A9-4A27-B6C1-15D0907C9FEB}"
"{5E2E3014-7B1A-4D0B-A3DA-B22868741479}"="{475C09FB-F0A9-4A27-B6C1-15D0907C9FEB}"
"{BC28C0CE-AE74-4F50-90DB-D65287ABE597}"="{27B11FC6-47FE-441E-A58E-C55D0BD4A281}"
"{E76E2072-CE71-4325-BFE7-5EAD37B2119D}"="{27B11FC6-47FE-441E-A58E-C55D0BD4A281}"
"{AD5369F7-7046-40E3-9518-849F0C23553E}"="{501147B7-75DD-4113-8037-458CD5043B32}"
"{D141FF4A-0652-4206-BD79-12ACFE5FDC43}"="{501147B7-75DD-4113-8037-458CD5043B32}"
"{F5B4B994-ED67-44FD-8F17-46B884C9B543}"="{BAA2CFAA-4174-48AE-BC10-4016C273A4C9}"
"{D42CC7BB-84D8-4AAB-9E36-33B493A33029}"="{BAA2CFAA-4174-48AE-BC10-4016C273A4C9}"
"{2CF86CE1-7AC2-4262-BAE3-C8A0C06E2663}"="{BC783FAF-403B-4C5E-8880-F72685FC75EB}"
"{521ECACC-1A52-4ECD-A7CB-B05AACFB5075}"="{BC783FAF-403B-4C5E-8880-F72685FC75EB}"
"{F533B460-A514-41BF-9274-28F74F742CB0}"="{5CDEFDA8-BAB3-40A2-9FA0-D0C31DD9026E}"
"{EA87C5E8-79BB-470E-A9D6-8B0A1E82989A}"="{5CDEFDA8-BAB3-40A2-9FA0-D0C31DD9026E}"
"{9ACE36A9-3CCA-4264-8B05-14C58C5F851D}"="{A07FECBF-3847-49BE-AC33-CED2729E5C16}"
"{55883742-43D6-463E-86BA-82134B1E32AC}"="{A07FECBF-3847-49BE-AC33-CED2729E5C16}"
"{9B8E92C6-4D1B-4B43-B2F7-210CA1E3CAB1}"="{5D49B054-440F-46D6-9400-0387CE55267D}"
"{4A30C738-E235-47B3-92EC-0FF6041A6E56}"="{5D49B054-440F-46D6-9400-0387CE55267D}"
"{B2B38A6D-8A46-45F0-B4A4-1920FFCF5C02}"="{98EDF268-A431-4838-A406-C94071E82E03}"
"{99FFC317-0DCE-48D7-A530-B1A1A5704A18}"="{98EDF268-A431-4838-A406-C94071E82E03}"
"{ADAC2A8E-16E8-4283-9237-0967F64703AA}"="{C522BC9B-F634-4947-B295-2D590F45B050}"
"{2F9672A5-0A7C-4B95-87BE-0A1FB103E675}"="{C522BC9B-F634-4947-B295-2D590F45B050}"
"{88E39F16-E361-401A-81D9-A794FBD0FE5F}"="{105829AB-30CB-4EA8-83CB-C03C2806375D}"
"{D50B948C-BA27-43DF-943A-0081549909CB}"="{105829AB-30CB-4EA8-83CB-C03C2806375D}"
"{5ECC93BE-6E7B-44D4-BACD-93B4873922F9}"="{CB2A8FAF-F65C-4883-9B37-F44708B6DFEE}"
"{43D4FB13-D368-4C9B-BE7B-85A118CE3161}"="{CB2A8FAF-F65C-4883-9B37-F44708B6DFEE}"
"{3B804032-F842-43A9-9087-682E9DF72BE3}"="{469957C5-ADB2-4389-AE04-FEA3BE349F16}"
"{4C573D5C-2E25-488B-91CD-AC1D6951857A}"="{469957C5-ADB2-4389-AE04-FEA3BE349F16}"

 

[OO00UCH]

"{94E6756D-2FED-4E18-9875-C57358EBC105}"="{17A0A49C-6A53-4454-BEF3-8438261D3328}"
"{B5EE9648-056A-4810-8D02-4A837CA6577F}"="{17A0A49C-6A53-4454-BEF3-8438261D3328}"
"{D19233AD-0898-4D3D-8E7F-32AB26B5C689}"="{B8D1DA27-613E-47B9-B980-5BA51D45B37E}"
"{29A8ED39-4F01-4894-A69E-3C0EE4E4C74F}"="{B8D1DA27-613E-47B9-B980-5BA51D45B37E}"
"{1436EB18-57A8-4E8E-89BD-74B0838638ED}"="{427C24C8-81CE-463E-AC3F-32497E110A58}"
"{3CC2187D-DE68-4467-BA7D-486747AD68D7}"="{427C24C8-81CE-463E-AC3F-32497E110A58}"
"{72305A87-BF87-4344-B926-3FA73D523145}"="{B8D1DA27-613E-47B9-B980-5BA51D45B37E}"
"{2F6D6475-1605-4344-9606-F6668750C4A0}"="{17760CC4-262F-4161-85E3-D46A95158875}"
"{209DDAFA-FEF5-44D5-9090-4D0588245561}"="{17760CC4-262F-4161-85E3-D46A95158875}"
"{7095623E-80C3-4CC3-8E3A-AA8151ECD7C9}"="{1CFF5B25-790B-412C-89D9-EF232053AA0A}"
"{083A4BCD-3C40-46A9-9356-79EBD7069340}"="{1CFF5B25-790B-412C-89D9-EF232053AA0A}"
"{338ED0B0-9D4D-4763-822C-CD2F74B798A2}"="{C5B2B568-F040-411C-99FC-8CE432792E1D}"
"{CB9881C5-A5F0-4118-AF1C-B8E6DB21CBAA}"="{C5B2B568-F040-411C-99FC-8CE432792E1D}"
"{65A24BA3-8925-4D5D-8968-2A8D70CB81A5}"="{00E28D81-C455-487F-B0B1-C30DCFEF0E7F}"
"{F11BB8B6-B891-4B69-951E-450FBE2A3B66}"="{00E28D81-C455-487F-B0B1-C30DCFEF0E7F}"
"{525321F5-12A1-4B6B-8D4C-8DB0FABF1543}"="{F08A38CA-CFF8-4C10-9C2F-94BF8514F852}"
"{F85904D3-4519-40C0-90AC-E22AD7B4B831}"="{F08A38CA-CFF8-4C10-9C2F-94BF8514F852}"
"{114D72C5-79F8-42AA-97CB-022D0D2C8BCA}"="{F08A38CA-CFF8-4C10-9C2F-94BF8514F852}"
"{B8917014-4885-4936-ACAA-4FB4CD8DD07A}"="{F08A38CA-CFF8-4C10-9C2F-94BF8514F852}"
"{6C36631A-8D81-4CB0-9ACC-EBF577557837}"="{0FB93CCB-47BE-43A7-9F30-61F45EA3E212}"
"{FBD0ED19-655D-4631-9E5B-8B2D0454D0F9}"="{0FB93CCB-47BE-43A7-9F30-61F45EA3E212}"
"{88EC2084-8A05-49C1-8DB2-4121E09FFA48}"="{25951A5A-50AC-4761-9499-EA6BCC63D448}"
"{8FDE7BA9-EDB7-44FD-AD4F-DC7061A7D4B8}"="{25951A5A-50AC-4761-9499-EA6BCC63D448}"
"{CD98EE14-D438-4F50-9AFD-8F88E0DA5855}"="{E6AF5880-F96A-4077-A0FE-E170E9B24B85}"
"{2D1DB479-5696-48FD-BE3E-922E2A89E5DC}"="{E6AF5880-F96A-4077-A0FE-E170E9B24B85}"
"{06EE0139-32F8-40A6-9E34-D6ADCB9F4221}"="{E091558F-0327-49B1-BE93-F2C1EB5A73D2}"
"{AABD8DCF-8373-4239-8164-ABA93BEE0210}"="{E091558F-0327-49B1-BE93-F2C1EB5A73D2}"
"{257769F5-A7A7-4981-BF08-65CF353E37BB}"="{04AF7C32-7074-46A6-A6E1-274847A28966}"
"{B5C1231E-F46B-4FA4-9C5F-BA60167A6EEB}"="{04AF7C32-7074-46A6-A6E1-274847A28966}"
"{1709A8AD-9D25-471F-9A09-9335ACE45A13}"="{B63E27AA-1716-4D15-9CFA-6A1EE9A7536C}"
"{71F80DAD-8B06-4FF1-B251-4647B5AAF5C4}"="{B63E27AA-1716-4D15-9CFA-6A1EE9A7536C}"
"{7CE3179D-0AAE-450C-BDEE-7980C90CA0B6}"="{4078B642-7460-4C8D-B052-ACAE049E0F50}"
"{5D2F4E98-3836-44B5-A60D-66712918AC82}"="{4078B642-7460-4C8D-B052-ACAE049E0F50}"
"{49742DAB-E4ED-4BEE-A97A-15713A9033FF}"="{D550D541-8214-4B67-932F-2F74A2C3554F}"
"{3691E402-CD91-472F-A2A5-23C239855D02}"="{D550D541-8214-4B67-932F-2F74A2C3554F}"
"{20BE2001-8825-4165-B5EB-BCCB1083B6F3}"="{B3E355AC-F8E7-4715-9D70-3EC8355EFD79}"
"{99287161-6494-4973-B629-93F4E1AE2F4D}"="{B3E355AC-F8E7-4715-9D70-3EC8355EFD79}"
"{D746995B-A66C-4B3C-AF86-50B45E73AB85}"="{5589F715-0A5A-438C-A001-BADE5BBE4D40}"
"{2086A7E2-11B3-44B9-AF32-3FB50E90D165}"="{5589F715-0A5A-438C-A001-BADE5BBE4D40}"
"{3725CBF0-AC53-4C1B-9E3E-100E14EDA04B}"="{5589F715-0A5A-438C-A001-BADE5BBE4D40}"
"{88C9DDB1-D8D7-4017-9493-B239FF865FB3}"="{C4C65EE4-FEFB-45FB-8D3A-09E56324D2C8}"
"{281C0143-F435-4A2E-AC82-9CA0C7C9977B}"="{C4C65EE4-FEFB-45FB-8D3A-09E56324D2C8}"
"{E085B234-5171-4138-A62D-36FD7588A495}"="{C4C65EE4-FEFB-45FB-8D3A-09E56324D2C8}"
"{A505DBF6-A499-49A2-81C7-75561F8DBA48}"="{C4C65EE4-FEFB-45FB-8D3A-09E56324D2C8}"
"{C020CDCF-D4E2-409A-80F1-2A9FD60B4655}"="{5F6E933B-C003-4CD4-ACC4-7FB112F77EC5}"
"{6A55063D-B1E7-43F0-8048-FFA1CBB2F11E}"="{5F6E933B-C003-4CD4-ACC4-7FB112F77EC5}"
"{52B2FF94-2644-4A16-A8F6-014928FB5F1E}"="{6CA6358D-1C54-4A48-960A-F881BB3A62CA}"
"{4FD3B03C-C906-4ED5-B6FF-75CC216F3054}"="{6CA6358D-1C54-4A48-960A-F881BB3A62CA}"
"{EA901739-3A85-4BCA-A426-FED60D9EEF95}"="{05541A4B-B948-44A1-B5F3-C71CAFAB7E48}"
"{F81BDF29-B1BA-46BC-8C90-19A8E0A3A1D4}"="{05541A4B-B948-44A1-B5F3-C71CAFAB7E48}"
"{92E58E6F-025B-4697-8169-C00F2C2AC804}"="{482BBF09-E1C6-4C25-978C-3A9FBD14B74F}"
"{D4EBAD46-4484-4341-BB7D-F078679F5989}"="{482BBF09-E1C6-4C25-978C-3A9FBD14B74F}"
"{0F48FCE9-9FA8-48D4-821E-EE978D94621D}"="{D81E89A1-1E63-417A-AFB8-7E3F1C68563A}"
"{50106EBD-F805-4619-B97D-A1136CABB252}"="{D81E89A1-1E63-417A-AFB8-7E3F1C68563A}"
"{56BD42B5-18F4-4626-A647-91E9DD36BDA0}"="{D81E89A1-1E63-417A-AFB8-7E3F1C68563A}"
"{85272CEC-5E0B-447C-AB39-8987F17B3C19}"="{21C1D1E8-4CDB-42BC-99AF-336591436DF8}"
"{E7A846F1-76D8-47C4-A151-C0FDD125B002}"="{21C1D1E8-4CDB-42BC-99AF-336591436DF8}"
"{D5686F18-5F72-49B6-AB59-1E91C82B243F}"="{D83ABB4A-1827-4D9F-8B7B-052DC3DD5FC6}"
"{C2F03A3D-D57F-4144-895F-5CF90A4A34F7}"="{D83ABB4A-1827-4D9F-8B7B-052DC3DD5FC6}"
"{556F3C8F-0101-4E5E-813C-23C3C6BB433E}"="{E11F5C34-66C8-4BB4-99D2-730E964EBE69}"
"{F43ACEA1-689D-4E19-B94A-C72C45B5E936}"="{E11F5C34-66C8-4BB4-99D2-730E964EBE69}"
"{0A9C295E-DFD0-4C60-9722-B39D49FCDD5A}"="{C07B3CA9-685F-496D-A154-BDEA6FC27356}"
"{7D1AF2B2-E156-45E3-9304-28625DB63BE0}"="{C07B3CA9-685F-496D-A154-BDEA6FC27356}"
"{41526AA8-328B-4F27-B384-4A27A9C8E50B}"="{D6770167-5C30-4FC8-9D5D-E024AC46D24C}"
"{29994184-FF43-4E16-B8F4-DFA154FAB70A}"="{D6770167-5C30-4FC8-9D5D-E024AC46D24C}"
"{2DEB7E96-989E-4762-AF6D-E17FF3AE4DD0}"="{D6770167-5C30-4FC8-9D5D-E024AC46D24C}"
"{E7596B44-6300-4DD8-A930-A78B7EE16B3A}"="{A359EDDC-9588-4CA8-A771-32E471CC61BF}"
"{28D20DE8-C686-4184-83B1-50F27F501299}"="{A359EDDC-9588-4CA8-A771-32E471CC61BF}"
"{13C865CC-EADB-4E6F-9F1C-16B9E0B41BC0}"="{A359EDDC-9588-4CA8-A771-32E471CC61BF}"
"{FCA72C47-E472-4B05-A740-BCB876D200F0}"="{83EC5C43-9BE0-4532-B83C-DCDE7DB00A38}"
"{47189EDD-FE34-460E-BC4D-AE7272F27ACE}"="{83EC5C43-9BE0-4532-B83C-DCDE7DB00A38}"
"{4CC54946-D5DF-42FD-9AAE-4B3E65664E3C}"="{81885CBD-F5F4-48DD-9A0F-C7F0AE53F386}"
"{4DBC5123-B1FC-42D1-878E-D78FED8A6DCE}"="{81885CBD-F5F4-48DD-9A0F-C7F0AE53F386}"
"{5D89AC94-22C7-4BD6-8B98-C4CB6FA039E9}"="{A359EDDC-9588-4CA8-A771-32E471CC61BF}"
"{0D469D4B-6E39-475B-8F0F-6C336569EFFC}"="{B136514D-D4D4-4438-B2D7-2AF6B3FB4ADA}"
"{1859B20B-092C-4673-B7F3-AE434A18D2D6}"="{B136514D-D4D4-4438-B2D7-2AF6B3FB4ADA}"
"{3C23A8FE-0E35-4651-9779-EC880AF6072D}"="{D0289C60-8925-4B60-8B1A-0C6CFB68666D}"
"{E870DFF4-82D8-4F80-ABBD-986AB82F2C56}"="{D0289C60-8925-4B60-8B1A-0C6CFB68666D}"
"{AF68A994-5A44-494D-AC34-7AD3535886EE}"="{EB14D64F-7AA6-4B2B-AE7F-FB643F0A64DF}"
"{69C48999-3D52-4C1F-922F-894668B03F01}"="{6A470968-F667-41C3-9657-7C092693E345}"
"{FCA06DDB-A699-439E-817C-A3DB57487E3F}"="{6A470968-F667-41C3-9657-7C092693E345}"
"{44DE987E-6E04-4330-8C92-92ACB98DDC3A}"="{82DB1EE5-9C0C-45BB-9630-63A5986F163C}"
"{BAA87F9C-881E-45AB-88AE-3A4A46A23B08}"="{82DB1EE5-9C0C-45BB-9630-63A5986F163C}"
"{C8B9BC13-8740-4A93-BEA9-34829CD8258E}"="{1A74821C-2F11-4F47-930B-F232F713C58A}"
"{ACC244E9-0CF5-4C18-9EFC-4A6239611EC4}"="{1A74821C-2F11-4F47-930B-F232F713C58A}"
"{0DBD47A8-4476-4288-BBAC-67D1354BBC0B}"="{1A74821C-2F11-4F47-930B-F232F713C58A}"
"{C276286A-5398-4289-9BDE-4534A20FEFCD}"="{B07C6C86-09D5-4323-9FD1-07E0AE5FE0F2}"
"{D8EE2D5F-7162-48D0-B8AF-DB952553450B}"="{B07C6C86-09D5-4323-9FD1-07E0AE5FE0F2}"
"{018A1732-D838-40B7-AD29-3C3F810BC8AC}"="{4D3E4824-1FEA-4B26-96F0-5A112D3BC063}"
"{FE6A0781-BBA9-4DA8-B9AC-405489902AE1}"="{B07C6C86-09D5-4323-9FD1-07E0AE5FE0F2}"
"{21469917-DD10-4BCA-942D-86E7DB96542C}"="{B07C6C86-09D5-4323-9FD1-07E0AE5FE0F2}"
"{75571899-CB7E-4AB5-80DF-190FA8538C03}"="{B55034E0-BC70-424B-8944-66A5A9A5D43D}"
"{464F880B-619E-4B35-B89E-8284B17084DA}"="{B55034E0-BC70-424B-8944-66A5A9A5D43D}"
"{016FD849-5C98-4FF8-A97D-A311A69831D4}"="{4D3E4824-1FEA-4B26-96F0-5A112D3BC063}"
"{9BB72802-4F12-4FDF-8466-27D452B4899D}"="{DD308591-3D67-40B9-BD29-52C7E57A72CE}"
"{B4CDF93A-CFBC-4570-8385-02C3FCE26D74}"="{DD308591-3D67-40B9-BD29-52C7E57A72CE}"
"{2F4888B4-3061-4C44-BDC1-7AA1CF7D9311}"="{B1DEF2C9-3F11-43CB-A93C-66DBA2FAAF56}"
"{E773610A-4585-40B5-9C01-1B618590D19F}"="{1E5CB423-406F-4619-ADAA-0F887E971F73}"
"{2CFC6973-7D2D-4B77-BB89-3CBC5A355CDA}"="{B1DEF2C9-3F11-43CB-A93C-66DBA2FAAF56}"
"{E63FC20D-C7B1-4914-AFE9-1A0F1C21A064}"="{1E5CB423-406F-4619-ADAA-0F887E971F73}"
"{9D2E01AE-9A27-4895-88D9-E2581E755EA0}"="{71CAD165-C046-472F-BBAE-B2BE3C7ABD47}"
"{080BBB77-5E50-45B0-91FB-455BB68089A9}"="{71CAD165-C046-472F-BBAE-B2BE3C7ABD47}"
"{6AC81AB5-CCC7-4EAB-8120-DE663C8775D4}"="{A9DB1F67-B770-4EBB-974A-87BFBFAA944B}"
"{9B32D15B-D43D-4AB9-B188-4FFBECF50836}"="{A9DB1F67-B770-4EBB-974A-87BFBFAA944B}"
"{8989B1B4-8322-4A4C-8096-369B84CFB1E4}"="{47C865B1-FAE9-43C9-9D34-4232D8AE0FF6}"
"{16C44354-CDC2-4BF8-9709-A2B90752BE8A}"="{47C865B1-FAE9-43C9-9D34-4232D8AE0FF6}"
"{032A196F-465B-42ED-9636-749AC80C8CF1}"="{87066DCE-DDE8-4244-B293-AE4FC3D9B941}"
"{114F8437-39C4-4D0E-BC9D-FF9DB829E1F6}"="{87066DCE-DDE8-4244-B293-AE4FC3D9B941}"
"{72F8295C-070E-4192-B8E7-4957A115CB19}"="{991E5F3B-EF09-4BFD-9A8F-8EF2CA59F482}"
"{6A8CD3F8-ADFF-44F3-BAA8-3CCB67E0C7F1}"="{991E5F3B-EF09-4BFD-9A8F-8EF2CA59F482}"
"{B581594B-8820-429F-BEA9-7AB85A6C88AF}"="{991E5F3B-EF09-4BFD-9A8F-8EF2CA59F482}"
"{89BEEB1A-4CC3-499C-AE72-D35B94A90D32}"="{7713A0BE-C3FD-45DC-8F90-1E62FF8C7470}"
"{88135C10-226C-4083-A967-696EA0DC827B}"="{7713A0BE-C3FD-45DC-8F90-1E62FF8C7470}"
"{BB0C2B63-B289-4C6E-976A-3046197B54C2}"="{7713A0BE-C3FD-45DC-8F90-1E62FF8C7470}"
"{76460605-85A4-493A-8D06-C8020206564D}"="{7713A0BE-C3FD-45DC-8F90-1E62FF8C7470}"
"{D19139DF-6316-47F9-9874-6327A88BC1FF}"="{53560AC3-9C8A-48C3-9097-DCA66EF24E69}"
"{BC37AB5C-291B-4C39-9A23-3F68F35E5877}"="{53560AC3-9C8A-48C3-9097-DCA66EF24E69}"
"{057C9BC2-253B-4481-9033-2CCB0AF3AAD8}"="{276AE8BB-FC0F-47F6-9FAB-5986A60EDB6B}"
"{AADF522F-CD80-4672-9C80-BF0ADF78FF51}"="{276AE8BB-FC0F-47F6-9FAB-5986A60EDB6B}"
"{64496A2F-BAEA-42A1-878F-F87494E8A86A}"="{18FAC3B6-8FF6-4234-857E-64CE95E9F272}"
"{E9AC5BA3-9EAC-43B9-BA2D-0FB94CA3718E}"="{18FAC3B6-8FF6-4234-857E-64CE95E9F272}"
"{F21EED0B-9435-4442-A4D7-AA9A564D605B}"="{E27BF720-711F-46E9-8D3F-49B3E56E5D5C}"
"{888FE8F7-F9D2-4A0A-B8BC-59E7684DB671}"="{E27BF720-711F-46E9-8D3F-49B3E56E5D5C}"
"{7C7B2B48-1F4E-4299-A668-6684D5A2732E}"="{519B9C31-264F-4DE0-A1B8-58D0C7BC329D}"
"{3879F060-FBA8-46D4-AD81-66E14A9FEC23}"="{519B9C31-264F-4DE0-A1B8-58D0C7BC329D}"
"{794D4996-6F2B-40F9-B231-A6B19BE6D0E8}"="{41098CE0-79A6-4D49-B714-DCB51BA6480F}"
"{7F8D740E-0FEC-43DF-97F9-94E7BA5FAA61}"="{41098CE0-79A6-4D49-B714-DCB51BA6480F}"
"{6D1D53A1-A45D-4745-B05C-C126F67E56B6}"="{08E4AEF1-8467-4204-AEA5-2FFC1D8E08F6}"
"{B58F53B4-734B-4830-A1A7-0666F1AEDD2D}"="{08E4AEF1-8467-4204-AEA5-2FFC1D8E08F6}"
"{15678477-239D-4A88-BBC0-5DECE4CBBD73}"="{4585F02D-F5E8-490D-860E-071BDE3E52EC}"
"{3BB77456-D937-43F5-961C-9D170D873D45}"="{4585F02D-F5E8-490D-860E-071BDE3E52EC}"
"{794E3281-DF4B-4B72-865E-B0DBDEB75C0D}"="{F7DF7FE1-251C-4BAF-9B89-D5554C94E3AC}"
"{FACF42EA-D6E0-4439-BBC5-BC26A8514EAB}"="{F7DF7FE1-251C-4BAF-9B89-D5554C94E3AC}"
"{A35AE381-AF68-4861-AD3B-4E77C4885B79}"="{FE6439B7-E88B-4F6F-8A88-F5B232097281}"
"{A0951068-3F8B-4B1B-A865-4570B2726454}"="{FE6439B7-E88B-4F6F-8A88-F5B232097281}"
"{26F23A58-C30C-4C57-820F-C2A5C84911B6}"="{8EA5A294-97BC-4BF4-AC26-89E50D575224}"
"{567F6924-EC58-401E-ADC2-6924529FF4E3}"="{8EA5A294-97BC-4BF4-AC26-89E50D575224}"
"{340ABA44-690F-479B-A3C0-E13F74E3635E}"="{5520CAF7-69F4-4D88-BD72-F176F6A65421}"
"{16E11DA0-070E-43FB-B362-1F08DAC61D86}"="{5520CAF7-69F4-4D88-BD72-F176F6A65421}"
"{E68F5DDC-C3C4-4802-A5CA-CF9002A89427}"="{229A7DF6-EEF6-4B45-A535-8217ADDAB7CC}"
"{2B373088-BF9C-40F6-B33C-ACAE9F25C5C8}"="{229A7DF6-EEF6-4B45-A535-8217ADDAB7CC}"
"{93D0E143-0862-4CE0-82F6-4690CE992BB4}"="{68010E9B-C78A-4D99-A386-32164D0AD2B7}"
"{1C1D38FF-2AB8-4CEE-A28F-5288A9CC6663}"="{971D7390-3F99-4D1C-8E1A-3A16466BD97F}"
"{BA6C51D1-8925-4ACE-A62D-6245DA4578AE}"="{971D7390-3F99-4D1C-8E1A-3A16466BD97F}"
"{09221B64-0F24-4082-A4F9-F2EB3A491038}"="{E28736A2-A033-4251-965F-11AC689C9259}"
"{CA7E20C1-23C5-492D-B303-FF571464F007}"="{E28736A2-A033-4251-965F-11AC689C9259}"
"{239538BA-ED04-4AC3-AD2C-9417FFC096F4}"="{8ED23076-CA53-447B-9D4B-71B45B064CA7}"
"{D6F906B3-0AD2-47D8-B6A1-262ECFFF743E}"="{8ED23076-CA53-447B-9D4B-71B45B064CA7}"
"{E66F18A2-8855-4175-8968-D1065B5B5757}"="{79DBA5F5-DFD5-4E67-A664-5838C7CA8803}"
"{127E5534-2207-40E1-B5B0-CFD1F213B12E}"="{79DBA5F5-DFD5-4E67-A664-5838C7CA8803}"
"{2D89CB34-0004-46D2-83FA-E3884694BE62}"="{79DBA5F5-DFD5-4E67-A664-5838C7CA8803}"
"{AA420D2F-8C78-4298-9EBA-512C56B0790C}"="{D6F40BD7-72EF-4C98-B667-56BF196746C9}"
"{D287D5CA-AECC-4724-BB5B-1756D3326CA8}"="{D6F40BD7-72EF-4C98-B667-56BF196746C9}"
"{1DB3AAE8-DE0B-4D86-A54A-5C300FA6266B}"="{A18922AF-471C-402B-BFF4-73C678279D8A}"
"{BE659CE7-AA58-48F8-A038-F91D8F810426}"="{A18922AF-471C-402B-BFF4-73C678279D8A}"
"{38C0C919-5FAB-41A3-A2A0-26837A63575D}"="{7C0B1AE5-003B-430E-938D-7306E04D9A30}"
"{55248926-D870-4F80-A587-10CCEA52F8AA}"="{7C0B1AE5-003B-430E-938D-7306E04D9A30}"
"{81430C68-A303-4472-87CF-4D725CE8F8C3}"="{7C0B1AE5-003B-430E-938D-7306E04D9A30}"
"{097BA54C-B94F-411F-9DB6-12C61710366E}"="{2BAF3FD9-AE30-4EBE-B8DD-BABC820F2510}"
"{B315F6B5-C36D-4231-9673-787F2511BD45}"="{2BAF3FD9-AE30-4EBE-B8DD-BABC820F2510}"
"{A3B9EDFC-65FD-4B47-A208-3FAE4D71EED2}"="{34206C3F-E75E-40A5-B378-7BD626EB1CC9}"
"{C8031546-8235-4FF9-80B2-D418673F6C4B}"="{34206C3F-E75E-40A5-B378-7BD626EB1CC9}"
"{C518C9AE-B487-4BDC-B7EB-8B5563ABB1DF}"="{34206C3F-E75E-40A5-B378-7BD626EB1CC9}"
"{31CFC979-F1F2-4B0B-B519-B24A1BECAE1C}"="{0C93B847-004B-4B8E-9ED3-E3C08144DF3E}"
"{7CEBE54D-2FDC-425D-856B-0506CD543B0A}"="{0C93B847-004B-4B8E-9ED3-E3C08144DF3E}"
"{F562B24F-7AAB-4BD2-85ED-CE44B98CBE29}"="{C4D414BC-57BE-4656-B8BB-D4A7963863E7}"
"{D36A8589-7578-4D29-A630-F1315DB6783B}"="{C4D414BC-57BE-4656-B8BB-D4A7963863E7}"
"{A240C386-A8F0-4107-8EC7-68B6C3A141FD}"="{C4D414BC-57BE-4656-B8BB-D4A7963863E7}"
"{51F232DB-1B6F-4112-85A6-5C035A128F4F}"="{8AE17473-849F-47C8-93D4-F6DC8850C501}"
"{24554DC3-1388-4DD9-BB91-EFAB3E9BD1DA}"="{8AE17473-849F-47C8-93D4-F6DC8850C501}"
"{606675A6-BF1B-42F1-AE4D-101C1C3C2A83}"="{8AE17473-849F-47C8-93D4-F6DC8850C501}"
"{731A6C61-10F5-45AC-B6AC-D229EB0A80B1}"="{8AE17473-849F-47C8-93D4-F6DC8850C501}"
"{E9006D3E-D1E7-4CDA-A198-D7C4FCCAB50C}"="{7F92184C-6BC3-4337-B78E-E3CE10524880}"
"{F1DB9B43-8298-40CB-8D86-77914680911B}"="{CB601687-FF80-49A4-B962-5E8C0608C1C6}"
"{93EC8017-E838-4E2E-A631-3D63199D3CCD}"="{CB601687-FF80-49A4-B962-5E8C0608C1C6}"
"{74693E0A-E304-48EE-8C0A-65838E289700}"="{7F92184C-6BC3-4337-B78E-E3CE10524880}"
"{AF1F1C5B-474D-471E-A59B-8F8FD64544BB}"="{DFCD5088-953E-4A12-BC1D-F6BC84C36F8F}"
"{2DC561D3-A248-47C0-972F-57CD7C832907}"="{DFCD5088-953E-4A12-BC1D-F6BC84C36F8F}"
"{41E5A346-6D58-4FDE-A807-A993385C7736}"="{B485953A-D602-4AEE-9B68-1BC14E33A07E}"
"{9392EFF5-387F-45E2-9D9E-902A0D5FF56C}"="{B485953A-D602-4AEE-9B68-1BC14E33A07E}"
"{6A84D578-87DC-4D8A-A231-50DE5C5518AC}"="{D6DC28F6-A35C-4CC8-801A-DF22664C6375}"
"{24B361A7-C82A-430A-9F91-80F2D56F0702}"="{D6DC28F6-A35C-4CC8-801A-DF22664C6375}"
"{C06AE653-ED2A-43FA-BB13-8BF994A91CCB}"="{026D1B8A-675E-44F2-9436-EB899C4EB2D2}"
"{E31EAF0E-C9B6-4BD0-9C3B-ED29B65B4472}"="{026D1B8A-675E-44F2-9436-EB899C4EB2D2}"
"{47102F9E-ABEB-4A53-B59A-E904FF8B777A}"="{0CC4038C-42C1-4E6E-832B-844355FFA596}"
"{437D1518-6BC7-445E-A5F6-C44876A8C8E5}"="{0CC4038C-42C1-4E6E-832B-844355FFA596}"
"{666E488A-053D-4752-9178-E5EB4D40B2AD}"="{87E6B08C-9793-44F9-B11F-83CA270FEB6A}"
"{926439D7-02B1-4687-93C9-C530EECE2B04}"="{87E6B08C-9793-44F9-B11F-83CA270FEB6A}"
"{A23B2F6D-673F-415B-AF7A-65035E4A3782}"="{C8B65B76-AC6E-4A10-930F-B57C586BD03D}"
"{A67BBB29-5420-4FDB-929C-06B86FF7B1DD}"="{C8B65B76-AC6E-4A10-930F-B57C586BD03D}"
"{6B236126-7789-441E-8C79-B352662E7983}"="{14174584-20CF-477C-B86B-E77CC5BF59E4}"
"{C3287C3F-6B3F-45C6-A317-E68B6B7B21B9}"="{14174584-20CF-477C-B86B-E77CC5BF59E4}"
"{32D90F95-D59F-4E59-A189-F82CB6AD7F29}"="{FEA291C7-4173-4B52-89AD-EBA2FD5207CA}"
"{5EFA3DC2-09A3-416E-B489-A15470EDD6CD}"="{FEA291C7-4173-4B52-89AD-EBA2FD5207CA}"
"{C881B70A-BCDC-4269-976D-2FE828E5D0E6}"="{6F318E7E-550A-4DDE-8543-232F3F3489FA}"
"{2AF0678D-097E-4A30-8EEB-03BDBB51C546}"="{6F318E7E-550A-4DDE-8543-232F3F3489FA}"
"{30C59A66-1345-4920-B23F-0BF0A41B4124}"="{FEA291C7-4173-4B52-89AD-EBA2FD5207CA}"
"{7706BECA-5315-45A9-BC71-17A9EE1F1FFC}"="{8B033E5A-419D-4415-9896-27F94E3F0C2D}"
"{01135E88-B3CA-4A94-9CE1-ADE48B767586}"="{8B033E5A-419D-4415-9896-27F94E3F0C2D}"
"{D47649AB-637D-41A8-963F-88FFB37C2E55}"="{E279B14A-3B95-4BF7-ADE9-5B79B97027A0}"
"{9902D0F8-CCC5-44C4-BE27-6B0D5912DE49}"="{E279B14A-3B95-4BF7-ADE9-5B79B97027A0}"
"{99204AAC-5B5F-460C-B8FF-94515258ABE8}"="{E4E9BAB8-FFFF-4C00-AEA3-FF7415A90720}"
"{51101412-4A31-43E5-9DDB-CF2A9703DFE1}"="{E4E9BAB8-FFFF-4C00-AEA3-FF7415A90720}"
"{5E97029A-4AFA-4693-8A23-E1547C1513CD}"="{E4E9BAB8-FFFF-4C00-AEA3-FF7415A90720}"
"{FC029970-C220-4714-B868-80A4F9CE0FDA}"="{1359B6EC-1731-4F22-8464-B1F412EDCDD5}"
"{EB6639A0-39EF-4DFD-9D30-98C786A2FA3C}"="{1359B6EC-1731-4F22-8464-B1F412EDCDD5}"
"{591DD4B7-1795-408D-ADEC-4C8B3D90CD14}"="{E39B0A89-7651-42DB-9A4B-40766866B730}"
"{E48B1894-1E3F-4900-B627-DEBE8FF24893}"="{E39B0A89-7651-42DB-9A4B-40766866B730}"
"{65D54FCA-C9D2-4277-B658-9514D1B102B7}"="{C636E0E4-4254-4A0F-B2FB-B4AEF7D07CB0}"
"{90092AB6-CC60-4169-8BEC-694B41025E1F}"="{C636E0E4-4254-4A0F-B2FB-B4AEF7D07CB0}"
"{2F7AFB70-9ADF-4B2E-8AF0-8CBB0FC4C9DF}"="{CA5393BB-CD62-4EAE-98B6-0291918CA27F}"
"{4A6F2A13-0318-4C15-980C-DF77BADFFC02}"="{CA5393BB-CD62-4EAE-98B6-0291918CA27F}"
"{EC45F06B-FF93-4DC7-8E7B-DA3162D17829}"="{31EE1F79-FDDF-4623-9752-9E1F81196D47}"
"{753D8E52-4A25-41A9-AAA4-0803B5BCB365}"="{31EE1F79-FDDF-4623-9752-9E1F81196D47}"
"{8BC9EC90-D136-4F3D-9FF1-D8CAEF28F096}"="{542AFAA2-1590-4850-85B1-634C72EB3DD5}"
"{F5BA6272-1615-4DDB-BE33-8A485AFE2F38}"="{542AFAA2-1590-4850-85B1-634C72EB3DD5}"
"{9E4AC2FE-2732-49BA-A2F9-68871D22AAED}"="{93B4002F-54A4-48EA-AB45-F914B2247688}"
"{75C62929-8C22-4B41-971D-EAC6272CA024}"="{93B4002F-54A4-48EA-AB45-F914B2247688}"
"{AEDAF781-2A8F-4520-B6AF-5C66B5ACEF8B}"="{9429DDCD-1A10-41C3-9B80-D808371AF52B}"
"{5A1F591E-7DB1-4C68-BE88-8F2A4BC5CB12}"="{9429DDCD-1A10-41C3-9B80-D808371AF52B}"
"{792E332B-C708-472B-A3F6-BE846149854A}"="{58DF4A31-6B5D-40A3-AB9F-D225EDB5979D}"
"{166B707C-A855-4277-8214-730DA390832B}"="{58DF4A31-6B5D-40A3-AB9F-D225EDB5979D}"
"{409518B3-C267-4068-887D-EDFD392EC166}"="{B526AB31-3DC9-4DEA-A64B-D46DA6F4CD8B}"
"{C949F01C-59C4-4DBC-B7CD-6AA3044C784B}"="{B526AB31-3DC9-4DEA-A64B-D46DA6F4CD8B}"
"{59E7FFAF-F97B-412C-BDB4-62745FD96764}"="{B526AB31-3DC9-4DEA-A64B-D46DA6F4CD8B}"
"{1D8093DB-B11F-455D-A5A2-C99D17EF0FEF}"="{23C67B1A-D045-4615-AF3A-02EB75668DFE}"
"{02B80C45-8621-4DBA-88EF-4DC230A72AC4}"="{23C67B1A-D045-4615-AF3A-02EB75668DFE}"
"{784B6991-74E7-4A39-804D-961390ECC813}"="{5A79B856-F505-4521-ACB7-93CD8F7195C2}"
"{FA813412-F89B-4A0C-9FEC-4581087D7A93}"="{5A79B856-F505-4521-ACB7-93CD8F7195C2}"
"{EB5D9D82-3363-4822-9D38-07A0D77ACCDF}"="{E22EC741-31FA-44A9-8C04-AC8441EBF686}"
"{6862D5B8-CD59-4EFA-889B-77BF5BF35F65}"="{E22EC741-31FA-44A9-8C04-AC8441EBF686}"
"{6D627973-ED29-459C-A6E3-0890B7935678}"="{B5A04ACE-D8E3-4453-9363-2620C64DCBDC}"
"{ECA38448-FF49-4654-A4C5-F3C020E51A64}"="{B5A04ACE-D8E3-4453-9363-2620C64DCBDC}"
"{73144B25-2856-46A6-9998-8CFDB920B2A2}"="{0F9DF4B7-56AE-4BAB-82F0-955030003C53}"
"{CE1394BF-E9E0-47F1-ABF6-58A31B25901B}"="{0F9DF4B7-56AE-4BAB-82F0-955030003C53}"
"{F258E871-FF95-4567-A297-30DFDDE51133}"="{44F312A8-5083-44D8-98E6-A2A0128A310E}"
"{D4984B1F-5F9A-4493-813B-6629AA9B2E4E}"="{44F312A8-5083-44D8-98E6-A2A0128A310E}"
"{620787F6-7D04-4D08-AB34-937E5123F72D}"="{169EC5D6-ED61-459C-A3C5-C294627DF28B}"
"{A1FF5A93-5D2D-45F1-AAB6-0FD0AD27065C}"="{169EC5D6-ED61-459C-A3C5-C294627DF28B}"
"{80A28C68-5D68-4B81-9AC1-8BA4028C3504}"="{F0E42CDE-8BF6-4DB2-916D-4A2E33133ED4}"
"{FEBC1596-34D7-4AA3-8515-EEEE9B6EF91E}"="{F0E42CDE-8BF6-4DB2-916D-4A2E33133ED4}"
"{340510F5-5D9E-4B51-9344-4E9DB4AB49C9}"="{66E3C21C-44FE-4A41-A022-68CE1424A6AF}"
"{3BD7E18C-3018-4ADD-BA30-66A122F4E977}"="{66E3C21C-44FE-4A41-A022-68CE1424A6AF}"
"{70BD04C5-BBDE-43FC-B726-21E8B71A9DCC}"="{05A1AF55-3FEB-4A1E-BD73-E40512333FB5}"
"{045EEE2D-A836-440B-A6F7-DA99021A5C67}"="{05A1AF55-3FEB-4A1E-BD73-E40512333FB5}"
"{F9B340E8-C5EA-4B3B-AD07-B67BE5B7A6A8}"="{F1C548E8-FFFB-442D-8D7C-9774189EEB54}"
"{22797C70-0206-4054-B9E6-A7F42FAB8449}"="{F1C548E8-FFFB-442D-8D7C-9774189EEB54}"
"{75B362E8-058B-45C4-9688-D9884245A4CE}"="{4E016646-1E1C-45DF-8F6D-C632A03D0F47}"
"{E26E3631-1295-4DE4-9DF0-4C34CF0FCE19}"="{4E016646-1E1C-45DF-8F6D-C632A03D0F47}"
"{06D1B7C5-68E9-40DC-9DA1-A7F58BD22EBA}"="{AAF3C641-A1D8-43C9-8ED9-3FFF0A1A8D2B}"
"{D8FE82FB-EB01-4C44-A165-424F64D72D09}"="{0ADC5745-7944-48F8-956B-0F5EA4B0A6EE}"
"{912E7CFF-C7F1-46B3-BB28-BCC9C3CE726F}"="{0ADC5745-7944-48F8-956B-0F5EA4B0A6EE}"
"{1D30E889-78C8-45A6-ABA2-C1CED791D3B4}"="{218512F2-7C6E-4243-AF55-D707968EFB8C}"
"{62A70B3D-B86B-4C09-B21C-14FBA56F8B61}"="{218512F2-7C6E-4243-AF55-D707968EFB8C}"
"{EF4850C6-D97F-410C-8228-3C04DE69E440}"="{0ADC5745-7944-48F8-956B-0F5EA4B0A6EE}"
"{24E6A109-BAE1-4F33-8B73-8A2EDF764255}"="{F9D17BAE-F272-467C-BEF9-A6D8F517D75B}"
"{99EFCB4A-4158-4682-937D-6500C032AC35}"="{F9D17BAE-F272-467C-BEF9-A6D8F517D75B}"
"{BA91BEFC-2CCE-4593-973F-1B3B3D6EBA7B}"="{17BD76F4-0F6E-46A4-B59C-8463EBD02ECC}"
"{BBA19B0B-9A99-43B9-8BA7-0B502A2C3202}"="{17BD76F4-0F6E-46A4-B59C-8463EBD02ECC}"
"{AA171870-A359-4D94-8B74-9900F83348C3}"="{E3CB6109-2B2C-440F-A1E1-74C91D126F5A}"
"{E0D11FB8-109A-42AA-9859-D5033F318D53}"="{E3CB6109-2B2C-440F-A1E1-74C91D126F5A}"
"{2C2AF65D-374D-47CD-9BC5-88A46A58F512}"="{BF2A77FD-565F-4EC1-9EE6-D222FEA43589}"
"{CD676AD0-972C-4502-AF04-60E74D281624}"="{BF2A77FD-565F-4EC1-9EE6-D222FEA43589}"
"{838F5156-E942-4C61-8BDF-41A208FDE9DA}"="{AF6DFD4D-5741-4C5E-BBA3-E66740DE03FC}"
"{8A5EAACB-B40E-455A-BD7D-AEF8595D8F97}"="{AF6DFD4D-5741-4C5E-BBA3-E66740DE03FC}"
"{5A2B9814-FE86-4B3F-8F03-6057805B367D}"="{54577808-84F7-4D2A-9944-925750944B62}"
"{220F0F76-7BA2-456B-86A9-57022937760F}"="{54577808-84F7-4D2A-9944-925750944B62}"
"{92928A97-FF69-4FA8-A9F9-0CE1FD60D632}"="{54577808-84F7-4D2A-9944-925750944B62}"
"{E67821A0-6262-4DD1-9A3F-D5C2B5C4D99F}"="{CA17B46D-FA19-4BEE-9314-56B7234102A6}"
"{2FC3E1BA-2487-4EF2-B205-6B7BA6D47F3A}"="{CA17B46D-FA19-4BEE-9314-56B7234102A6}"
"{947F3D79-C433-4BD2-AAA2-8C9F86B8438E}"="{29291CD6-5E9E-483E-942F-C48567634CE1}"
"{F963F3C7-B7D3-4222-A179-5A1BDCBDB6E5}"="{29291CD6-5E9E-483E-942F-C48567634CE1}"
"{1311FBC5-A69E-493D-8777-5B16746FFFBA}"="{09A46521-6F65-4616-9785-12818467067D}"
"{5D8F858A-3316-40EF-9F51-AA78DB1D9A7D}"="{29291CD6-5E9E-483E-942F-C48567634CE1}"
"{3148DDB2-A0AB-47B5-A3D7-DDF9CB4B080E}"="{09A46521-6F65-4616-9785-12818467067D}"
"{CC095757-F6BC-4285-90E5-38CBCF4938CB}"="{BA3ED625-F251-4255-BB5C-32F0EBB334E3}"
"{CED894D5-A66B-42E4-98C7-7D8B20307293}"="{BA3ED625-F251-4255-BB5C-32F0EBB334E3}"
"{AC3009EF-F3C2-431B-9D13-5670D6495B75}"="{A20243C1-D1C0-454B-A23C-9E5FD56DF90C}"
"{26F943F3-F7FE-4FE9-AD9F-9EC5D2FDD798}"="{A20243C1-D1C0-454B-A23C-9E5FD56DF90C}"
"{575D7217-132D-4666-8AAE-4B4BD0D563FA}"="{073DBB90-C7B5-4375-85DE-AEE95516F063}"
"{93E77154-39C1-4991-8F33-05F64AB7168F}"="{073DBB90-C7B5-4375-85DE-AEE95516F063}"
"{AB63045B-C87A-4B2A-90B2-DBA5229D04BC}"="{10D0854C-A819-4880-8B20-74808044FA23}"
"{51DF5826-DF98-466E-BF3E-5836C421776C}"="{10D0854C-A819-4880-8B20-74808044FA23}"
"{2B3C9187-518B-44A3-8DB5-DAC540EB42B3}"="{4894C0BA-22B0-46DF-A397-50A35809B28B}"
"{2FF54037-63C0-4CC9-B297-DF3ACBD86D2D}"="{4894C0BA-22B0-46DF-A397-50A35809B28B}"
"{6851F143-FE3E-4813-85CE-F4E3A4EAC3AF}"="{2DB5DD42-D84E-4A17-A9EF-39177753E025}"
"{2C350058-665D-4FAB-AE76-41B632B6BD27}"="{2DB5DD42-D84E-4A17-A9EF-39177753E025}"
"{6BD0D80B-207A-4E8A-B2EC-DE0E33D36062}"="{DA5FA1FD-EC90-4964-A1A2-774CEA9B8EA4}"
"{E4CD0408-5B60-4C50-946E-41EBE64D784D}"="{DA5FA1FD-EC90-4964-A1A2-774CEA9B8EA4}"
"{1B42B630-8707-4254-9CDA-B3FD5AE5F8F1}"="{17881C36-C280-441D-8C3D-298622872582}"
"{88F26C93-E03F-48F3-920B-525FE580E266}"="{17881C36-C280-441D-8C3D-298622872582}"
"{8974E168-1B21-4B5F-A702-2FF1DD8D94E8}"="{5193FD73-E7B6-4A6D-8763-6EB013D71D61}"
"{B47D1EB2-4B00-4DB6-A15B-4619CC4FE501}"="{5193FD73-E7B6-4A6D-8763-6EB013D71D61}"
"{14E0B68B-DC2B-4B1B-90C0-D25D71607AA7}"="{E540334E-3A9F-41CA-B6CB-FC989F6DC509}"
"{2D2C20DF-8A3A-429E-8CB1-D1DEEDA23FD9}"="{E540334E-3A9F-41CA-B6CB-FC989F6DC509}"
"{CA01614F-7F01-4AD2-92A7-C6B3FF0ADAF4}"="{7FBD0A3B-5050-412A-A314-C9C61228FEA9}"
"{85A1D2A2-AD22-4977-B321-F2F6B8D16D32}"="{2120E7D1-81FC-4D69-A662-8EF9A3ABCDDD}"
"{CCC1246A-6D41-4498-9B1A-E12CBB1F9EB2}"="{2120E7D1-81FC-4D69-A662-8EF9A3ABCDDD}"
"{05F278F8-4A27-4DA6-931F-1C0B753DD4DB}"="{90CD1F43-F585-46FB-8B96-5A1DB682D09C}"
"{38282541-4D62-4D26-B16C-2F316FC8830D}"="{90CD1F43-F585-46FB-8B96-5A1DB682D09C}"
"{05E8A0B9-695E-4CDF-AA22-E6C17A567071}"="{25113D75-E45C-47A3-92F8-C7A9558495D9}"
"{FE9BE312-013F-4A84-962B-2CE79EE25DD2}"="{25113D75-E45C-47A3-92F8-C7A9558495D9}"
"{DEF34180-AFBB-4198-B365-EC3CCBDE33E8}"="{EFECD5CC-395B-48F5-A748-A5A447DBBCF5}"
"{46C2B8BE-B1FB-4F8F-B039-92231AA82930}"="{EFECD5CC-395B-48F5-A748-A5A447DBBCF5}"
"{A289DA0F-A7C1-4CBA-94CA-39C5244645B6}"="{5CE1D3E1-5B0A-4044-8195-21AA4E1E8614}"
"{C7787BB4-2510-45BC-8E5A-FDB833322EDE}"="{5CE1D3E1-5B0A-4044-8195-21AA4E1E8614}"
"{3200C2BB-2BD1-4A23-9798-7F4928834208}"="{970289E7-4797-499F-94EA-417D1B181A39}"
"{771B129D-4AA1-4D0D-AD0E-F84F9D5B6349}"="{970289E7-4797-499F-94EA-417D1B181A39}"
"{361676F3-D8A1-470A-B6B4-01639B71E5FA}"="{60F57CB7-95BA-44B1-B576-3BE1641705DE}"
"{60278EBD-0AED-40AD-A5C4-F8EE59160DB1}"="{60F57CB7-95BA-44B1-B576-3BE1641705DE}"
"{087FAAB9-B9B6-484B-97FD-00030B68885B}"="{A4D83B58-309A-448B-A3E5-09CBF9756241}"
"{32287BB0-BF0B-4829-976F-B27D15DE1740}"="{A4D83B58-309A-448B-A3E5-09CBF9756241}"
"{D9163D17-C161-42F9-8DA7-EADAE261C3B6}"="{AD28A198-8420-4E9F-919D-E61CE76A849A}"
"{3B869559-39CC-4B32-87E3-E33CF3C0D09B}"="{AD28A198-8420-4E9F-919D-E61CE76A849A}"
"{8FF59C7D-70E4-4508-8DB8-BD557FAF966E}"="{981A9556-6CCA-4135-96B4-7994A3E82A4F}"
"{422CADF1-955A-484F-922A-1870F0BB2DE1}"="{981A9556-6CCA-4135-96B4-7994A3E82A4F}"
"{15ED9F2A-2CC6-4A7C-8229-13384131CFA2}"="{C60F11FD-2F4F-47FA-8C85-C6BA2B273F00}"
"{94E1ADAE-6BF6-47B6-A38D-6EAE1FA9B9CB}"="{C60F11FD-2F4F-47FA-8C85-C6BA2B273F00}"
"{5F272F8F-5C84-4EB7-89D2-85687B441C64}"="{C60F11FD-2F4F-47FA-8C85-C6BA2B273F00}"
"{BDAC4709-31B7-41C1-B618-121A40B99A09}"="{27317DC4-8F85-4510-B8B8-842FE04088D1}"
"{4AB2E081-38DA-487A-988A-B4EDD38F48B1}"="{27317DC4-8F85-4510-B8B8-842FE04088D1}"
"{F53AFCAF-DC6B-4170-8379-CE98FCFC2B2C}"="{27317DC4-8F85-4510-B8B8-842FE04088D1}"
"{418292AB-46ED-4BB4-A5E9-A24AD182B8B4}"="{27317DC4-8F85-4510-B8B8-842FE04088D1}"
"{2B9F152A-A0E4-4961-B4C8-04B0916B4622}"="{BA506D06-2D7A-4742-878B-74CB04E94B31}"
"{8E8F2ED1-BCA2-4373-AEE1-BD19F8B8DD13}"="{BA506D06-2D7A-4742-878B-74CB04E94B31}"
"{550D1F14-6E65-4C0D-BB5E-59C34E348692}"="{789230A9-1D6A-4DD1-A80A-BE444D111D4E}"
"{5446017B-D62B-4664-A3E4-64D79C3F1C7E}"="{789230A9-1D6A-4DD1-A80A-BE444D111D4E}"
"{95D9F1A8-CF2B-4970-A537-D6EAF2484CE9}"="{1DF963A5-7953-4771-BBC9-96C7551DDAA1}"
"{8BCCA0D9-DA58-4051-B50C-D85488BC7989}"="{1DF963A5-7953-4771-BBC9-96C7551DDAA1}"
"{9FF1A38D-BBBA-40BC-A692-C21378F2A279}"="{5144AADD-AFD1-438D-8996-747E1353B460}"
"{E97DCF87-C31F-46A7-B271-09964D6A8933}"="{5144AADD-AFD1-438D-8996-747E1353B460}"
"{03EAF520-4B21-4C36-958A-2C0EFB24F765}"="{CCA37883-D886-4A90-8C49-2312D7512071}"
"{BEDC3EFB-CA04-478C-915C-5504BA80F3DB}"="{CCA37883-D886-4A90-8C49-2312D7512071}"
"{F1A72FF9-DEAD-4765-B362-AEFAAF55F452}"="{554E4536-A1A1-43BD-9FB2-556541A4196A}"
"{BFA97EB4-A70D-42BA-BD45-580C134C45D5}"="{554E4536-A1A1-43BD-9FB2-556541A4196A}"
"{EAF77D52-00E7-45C9-9536-656913867554}"="{E902F761-2303-42E9-B7C0-F6E07E99007C}"
"{E56AB707-4140-4184-8549-B4DD09590885}"="{E902F761-2303-42E9-B7C0-F6E07E99007C}"
"{8FC52F55-1872-46B5-B4F8-8FD2E5FD95D7}"="{480CCD8A-7ACF-4A19-BE03-7A03243E4BE6}"
"{4FDC2A7B-0903-495B-8468-301EB7EA46A8}"="{480CCD8A-7ACF-4A19-BE03-7A03243E4BE6}"
"{BE6D9703-8EDB-4506-A3FD-169DE0CFA1FC}"="{480CCD8A-7ACF-4A19-BE03-7A03243E4BE6}"
"{BF0387A6-D484-40FC-ACE6-015B04A3E094}"="{2E5E603B-8EF9-43B7-AC01-8EAA78611B47}"
"{C9A3320B-D43B-4958-8761-DBF4AC2D74AD}"="{2E5E603B-8EF9-43B7-AC01-8EAA78611B47}"
"{39B548E1-2B67-4DD6-835F-FB50930F438E}"="{175F8739-BD50-4B7D-9EF1-07F9A2413E3F}"
"{BE5DC670-0060-48E7-91C2-D978C474DB40}"="{8E55FDFD-E479-42B8-8D53-3B82AF299E03}"
"{CE234A9D-CF0E-4C63-AA97-826FF1A2E8F0}"="{8E55FDFD-E479-42B8-8D53-3B82AF299E03}"
"{EB9F356C-92C5-4856-975E-3A04FD25CE0F}"="{4C962973-43AF-4944-B5FC-F69EA434EFC8}"
"{C4931CC3-D720-4AE3-877C-EBF4E32E9A18}"="{4C962973-43AF-4944-B5FC-F69EA434EFC8}"
"{8708314F-B77F-4B59-8476-EF08EB53C99A}"="{AF425318-57E1-41CD-8C9B-A0A64949DD4A}"
"{B7DDB187-7F4E-4EFD-A804-BE6AABFB31FD}"="{AF425318-57E1-41CD-8C9B-A0A64949DD4A}"
"{367D8A09-41F8-41FB-8506-F373A83F0BFE}"="{39DC44F7-DA07-4200-95B5-66C8AE315C00}"
"{BA76421F-9AA3-42BD-96FA-4FFB2E928C10}"="{39DC44F7-DA07-4200-95B5-66C8AE315C00}"
"{67570193-7C7D-40E0-BF35-C25842C5254B}"="{E04F301A-D448-4851-80D7-42BA4C7FD734}"
"{BC2BF5DD-7FC1-4E83-AC81-DA60612DDB7B}"="{E04F301A-D448-4851-80D7-42BA4C7FD734}"
"{5E285700-EDD2-4569-AB70-CA00ED5AD1E1}"="{7A5F032A-546D-42B1-ADFF-69925C4823BD}"
"{7C38D547-5684-4160-8C2D-735312466C34}"="{7A5F032A-546D-42B1-ADFF-69925C4823BD}"
"{6ED73A19-B540-4451-A4E7-BBFD1A4FC4A2}"="{1C24D776-0A94-4EF4-A0D9-28E890E5A430}"
"{1E382A74-01BA-4AD2-9F41-D6D9D2EDC7BF}"="{1C24D776-0A94-4EF4-A0D9-28E890E5A430}"
"{6B289078-15E9-4832-B5DA-15F45919A077}"="{A44DE473-6C9D-4852-9E74-4B624E6534C7}"
"{4AEC505F-64D1-4290-8209-D1414C3EB726}"="{A44DE473-6C9D-4852-9E74-4B624E6534C7}"
"{90920F02-5C8A-45CC-A20F-E74E75B050F6}"="{43E32A44-C5AB-4C5F-8204-8811BBDB6891}"
"{EBDF4C83-9216-46D9-B597-736D367BEE3A}"="{43E32A44-C5AB-4C5F-8204-8811BBDB6891}"
"{DA546F40-A4ED-4296-AC01-1172E83F045E}"="{2963A4C8-E45B-47C3-BCF3-9A60260C559D}"
"{81A87E9D-29F0-4B9D-A83A-F6DBC305BB52}"="{2963A4C8-E45B-47C3-BCF3-9A60260C559D}"
"{0B6BCC53-4E5F-4CD8-8B66-06F62852150A}"="{3F1B990F-AAC1-4F66-AC3F-EEEEE06A2A75}"
"{B9F744BA-643C-4733-9C5E-1F8C2DC36D2E}"="{3F1B990F-AAC1-4F66-AC3F-EEEEE06A2A75}"
"{E5A24813-6822-4184-9295-A5B05066EC2B}"="{0356CED8-26EC-40AB-A782-18A4B872C326}"
"{5E84BFF5-B585-4189-83E6-F35B0F6A093C}"="{0356CED8-26EC-40AB-A782-18A4B872C326}"
"{E167F78D-FE97-40B6-902E-BF25D2B59EC7}"="{0FC05B1B-93A8-49F7-91BC-931839D95CA2}"
"{BF604DB2-05B3-43EE-91AE-73D719EFEE26}"="{0FC05B1B-93A8-49F7-91BC-931839D95CA2}"
"ccSvcHst_ccSetMgr"="{EBD8B622-350C-4196-920C-482740644D15}"
"ccSettingsService"="{EBD8B622-350C-4196-920C-482740644D15}"
"SNDServiceRequestChannel"="{EBD8B622-350C-4196-920C-482740644D15}"
"SNDLocationChannel"="{EBD8B622-350C-4196-920C-482740644D15}"
"ccSvcHst_ccEvtMgr"="{EBD8B622-350C-4196-920C-482740644D15}"
"ccEvtCli"="{EBD8B622-350C-4196-920C-482740644D15}"
"{FFEF82A3-9DB7-4D3E-AF23-680724B56E61}"="{EBD8B622-350C-4196-920C-482740644D15}"
"{F6AA4711-4546-4312-B792-E1EB53F84AE4}"="{EBD8B622-350C-4196-920C-482740644D15}"
"{6E560D44-CC46-4C56-9BAA-2D3682AA3B28}"="{EBD8B622-350C-4196-920C-482740644D15}"
"{C3C35B26-F232-46C8-A5FC-4136EC5DEB22}"="{3049DFAC-46ED-43B6-B1B6-B2AD273D5AC0}"
"{BFADC982-75E5-497A-A114-95856CCE9A33}"="{3049DFAC-46ED-43B6-B1B6-B2AD273D5AC0}"
"SAVSubmissionEngineIPC"="{EBD8B622-350C-4196-920C-482740644D15}"
"SAVSubmissionEngineCallbackIPC"="{EBD8B622-350C-4196-920C-482740644D15}"
"{83A529C4-64A9-408D-A40A-1358A991C537}"="{3049DFAC-46ED-43B6-B1B6-B2AD273D5AC0}"
"{ED618858-DF3B-4197-AFC0-D303EFF7BE80}"="{3049DFAC-46ED-43B6-B1B6-B2AD273D5AC0}"
"{FFDA61DA-8130-4132-8C12-1B4A0D0BFEC1}"="{3049DFAC-46ED-43B6-B1B6-B2AD273D5AC0}"
"{2913E6E6-60C7-4A40-970E-723AE9A09193}"="{37582820-11C9-466B-BF01-7F1E7876C9D2}"
"{D07E2CCE-148C-4295-A7EE-2BE64B8A1808}"="{37582820-11C9-466B-BF01-7F1E7876C9D2}"
"{F647D491-14AC-4E61-B0A7-1F4A44D162DB}"="{BAC4D5A2-72C2-4B70-A75D-842334A57C53}"
"{DEA5B3D1-A340-4C55-AAA6-81AE4B4978D9}"="{BAC4D5A2-72C2-4B70-A75D-842334A57C53}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-13 19:40:43
ComboFix-quarantined-files.txt 2011-06-13 23:40
.
Pre-Run: 40,890,036,224 bytes free
Post-Run: 40,856,571,904 bytes free
.
- - End Of File - - 28B8B02195BA6EA3F2973412CA49208F

 

[Broni]

Combofix looks good now.

Still redirected?

Can you check, if IE is getting redirected as well?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

 

[OO00UCH]

I checked about 5-10 searches for each browser and it looks like the problem is gone. Thanks!

Here's the log:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:13 on 13/06/2011 (Galen)
Firefox version 3.6.17 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:50 08/07/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [16:29 13/06/2011]

C:\Users\Galen\Application Data\Mozilla\Firefox\Profiles\p9nmvnpl.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [13:37 28/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:43 08/07/2009]

-=E.O.F=-

 

[Broni]

Good news

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[OO00UCH]

Here are the two logs:

OTL logfile created on: 6/14/2011 1:27:40 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Galen\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 52.62% Memory free
4.92 Gb Paging File | 3.52 Gb Available in Paging File | 71.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 37.00 Gb Free Space | 26.85% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.47 Gb Free Space | 35.53% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.15% Space Free | Partition Type: NTFS

Computer Name: BL-BUS-GHCHAN | User Name: Galen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/14 01:23:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Galen\Desktop\OTL.exe
PRC - [2011/04/30 12:05:23 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/26 15:06:06 | 000,161,336 | ---- | M] (Google) -- C:\Users\Galen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 19:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/08/24 18:00:30 | 000,352,256 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/24 18:00:02 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/08 21:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/04/15 13:50:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/04/14 06:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/04/02 09:35:20 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/11 13:10:44 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/03/10 23:13:34 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/02/19 06:05:52 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/02/11 23:47:06 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/02/11 23:46:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/02/11 05:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 05:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/28 14:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/11 21:29:34 | 000,348,160 | ---- | M] (Red Bend Ltd.) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
PRC - [2008/12/11 21:29:06 | 002,379,776 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
PRC - [2008/11/04 20:47:50 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/06/12 14:41:14 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\RotateImage\RCIMGDIR.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/14 01:23:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Galen\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2008/03/13 05:46:24 | 000,079,224 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/28 19:22:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/10/27 10:34:04 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/08/24 18:00:02 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/03 11:08:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/04/02 09:35:20 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/03/30 07:08:14 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/03/11 13:10:44 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/02/11 23:47:06 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/02/11 23:46:58 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009/02/11 05:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/11 21:29:34 | 000,348,160 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent) Intel(R)
SRV - [2008/12/11 21:29:06 | 002,379,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv) Intel(R)
SRV - [2008/11/04 20:47:50 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/25 11:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/05/22 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110613.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/22 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110613.024\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/10 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/07 15:46:14 | 000,021,360 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020000}_0)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/14 11:14:24 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/22 16:47:10 | 005,946,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/09/03 17:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 17:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 12:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 21:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 21:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 21:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/08/24 18:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/08/24 17:09:56 | 000,106,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009/04/15 13:50:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/02/09 05:01:16 | 000,452,608 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/02/02 08:47:00 | 000,229,400 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2009/01/28 20:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 20:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/05 00:35:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/12/01 14:36:14 | 000,022,016 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\bpprot.sys -- (BPPROT) Intel(R)
DRV - [2008/09/03 14:25:00 | 000,072,192 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U875.sys -- (5U875UVC)
DRV - [2008/08/22 02:10:32 | 000,225,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/02/15 05:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/10/18 02:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/29 22:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 21:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-505919019-455524809-3121656747-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-505919019-455524809-3121656747-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-505919019-455524809-3121656747-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-505919019-455524809-3121656747-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-505919019-455524809-3121656747-1003\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-505919019-455524809-3121656747-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-505919019-455524809-3121656747-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {C0198FE6-570E-47BD-BC36-2628A79E3705}:1.9.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/01 00:32:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 00:12:19 | 000,000,000 | ---D | M]

[2010/08/28 17:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galen\AppData\Roaming\Mozilla\Extensions
[2010/06/13 12:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galen\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/06/13 13:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galen\AppData\Roaming\Mozilla\Firefox\Profiles\p9nmvnpl.default\extensions
[2010/08/28 17:17:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Galen\AppData\Roaming\Mozilla\Firefox\Profiles\p9nmvnpl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/01 20:08:53 | 000,001,919 | ---- | M] () -- C:\Users\Galen\AppData\Roaming\Mozilla\Firefox\Profiles\p9nmvnpl.default\searchplugins\bing-zugo.xml
[2011/06/13 13:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/15 17:44:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\GALEN\APPDATA\LOCAL\{C0198FE6-570E-47BD-BC36-2628A79E3705}
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/06/13 19:38:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-505919019-455524809-3121656747-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-505919019-455524809-3121656747-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-505919019-455524809-3121656747-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-505919019-455524809-3121656747-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-505919019-455524809-3121656747-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-505919019-455524809-3121656747-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

 

[OO00UCH]

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2011/06/14 01:22:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Galen\Desktop\OTL.exe
[2011/06/13 20:13:24 | 000,000,000 | ---D | C] -- C:\Users\Galen\Desktop\GooredFix Backups
[2011/06/13 20:10:57 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Galen\Desktop\GooredFix.exe
[2011/06/13 19:40:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/13 19:40:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/13 19:40:44 | 000,000,000 | ---D | C] -- C:\Users\Galen\AppData\Local\temp
[2011/06/13 19:31:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/13 19:31:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/13 19:31:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/13 19:31:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/13 19:31:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/13 19:31:05 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/13 19:25:39 | 004,120,909 | R--- | C] (Swearware) -- C:\Users\Galen\Desktop\ComboFix.exe
[2011/06/13 19:02:25 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Users\Galen\Desktop\aswMBR.exe
[2011/06/13 18:53:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/13 17:57:30 | 000,607,310 | R--- | C] (Swearware) -- C:\Users\Galen\Desktop\dds.scr
[2011/06/13 17:33:55 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Galen\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/13 15:07:31 | 000,000,000 | ---D | C] -- C:\Users\Galen\AppData\Local\Adobe
[2011/06/13 12:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2011/06/13 11:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/11 09:25:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/06/09 08:45:16 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/06/01 09:09:04 | 000,000,000 | ---D | C] -- C:\Users\Galen\Documents\Pfizer
[2011/05/28 16:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/26 10:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/05/26 10:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/05/26 10:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/05/26 10:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/05/26 10:02:44 | 000,000,000 | ---D | C] -- C:\Users\Galen\AppData\Roaming\uTorrent
[2011/05/17 10:52:29 | 000,000,000 | ---D | C] -- C:\Users\Galen\Desktop\Ragner
[2 C:\Users\Galen\Desktop\*.tmp files -> C:\Users\Galen\Desktop\*.tmp -> ]
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/14 01:23:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Galen\Desktop\OTL.exe
[2011/06/14 01:20:26 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-505919019-455524809-3121656747-1003UA.job
[2011/06/14 01:20:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/14 01:20:20 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2011/06/14 01:20:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/13 20:10:58 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Galen\Desktop\GooredFix.exe
[2011/06/13 19:52:30 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 19:52:30 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 19:45:13 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/13 19:44:44 | 1981,816,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 19:38:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/13 19:25:44 | 004,120,909 | R--- | M] (Swearware) -- C:\Users\Galen\Desktop\ComboFix.exe
[2011/06/13 19:06:20 | 000,139,264 | ---- | M] () -- C:\Users\Galen\Desktop\RKUnhookerLE.EXE
[2011/06/13 19:05:47 | 000,000,512 | ---- | M] () -- C:\Users\Galen\Desktop\MBR.dat
[2011/06/13 19:02:28 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Users\Galen\Desktop\aswMBR.exe
[2011/06/13 17:57:31 | 000,607,310 | R--- | M] (Swearware) -- C:\Users\Galen\Desktop\dds.scr
[2011/06/13 17:46:49 | 000,302,592 | ---- | M] () -- C:\Users\Galen\Desktop\td0wrs7c.exe
[2011/06/13 17:34:06 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Galen\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/13 17:02:22 | 000,001,156 | -H-- | M] () -- C:\aaw7boot.cmd
[2011/06/13 12:02:11 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/06/13 11:51:48 | 000,017,480 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/13 11:19:40 | 000,650,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/13 11:19:40 | 000,117,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/13 11:10:29 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-505919019-455524809-3121656747-1003Core.job
[2011/06/13 00:36:02 | 000,000,567 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk
[2011/06/11 23:32:17 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/06/11 23:32:17 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/06/11 10:07:58 | 002,389,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Users\Galen\Desktop\*.tmp files -> C:\Users\Galen\Desktop\*.tmp -> ]
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/13 19:31:15 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/13 19:31:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/13 19:31:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/13 19:31:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/13 19:31:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/13 19:06:20 | 000,139,264 | ---- | C] () -- C:\Users\Galen\Desktop\RKUnhookerLE.EXE
[2011/06/13 19:05:47 | 000,000,512 | ---- | C] () -- C:\Users\Galen\Desktop\MBR.dat
[2011/06/13 17:46:48 | 000,302,592 | ---- | C] () -- C:\Users\Galen\Desktop\td0wrs7c.exe
[2011/06/13 12:39:05 | 000,001,156 | -H-- | C] () -- C:\aaw7boot.cmd
[2011/06/13 11:51:48 | 000,017,480 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/09 08:47:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/09 08:46:53 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/06/09 08:44:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/09 08:44:41 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/06/09 08:44:26 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/05/08 11:19:49 | 000,217,384 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/04/27 17:57:48 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/27 17:57:48 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/28 07:57:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/31 20:33:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/15 17:44:33 | 000,000,120 | ---- | C] () -- C:\Users\Galen\AppData\Local\Dcanayiyohuyagas.dat
[2010/12/15 17:44:33 | 000,000,000 | ---- | C] () -- C:\Users\Galen\AppData\Local\Jkewehib.bin
[2010/09/23 09:01:24 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/08/28 16:40:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/02/14 13:40:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2010/01/22 17:02:07 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/01/13 20:14:44 | 000,021,412 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/09/22 16:47:12 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/09/22 16:47:10 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/09/22 16:47:10 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/09/22 16:47:10 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,389,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,650,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,117,340 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/30 02:16:23 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2009/06/30 02:01:49 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/06/30 02:01:49 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2009/06/30 01:59:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/06/30 01:59:51 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/06/30 01:59:51 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/06/30 01:59:51 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/06/30 01:59:51 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/06/30 01:59:51 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/06/30 01:19:00 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2009/06/10 17:54:22 | 000,197,655 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/04 20:51:08 | 000,000,542 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009/02/18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/12/11 21:28:34 | 000,002,048 | ---- | C] () -- C:\Windows\System32\EventLogMessages.dll
[2008/04/08 17:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\Windows\System32\wsiShared.dll
[2002/04/16 10:14:42 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2002/04/16 10:14:00 | 001,683,456 | ---- | C] () -- C:\Windows\System32\LTCLR13n.dll
[2002/04/16 10:14:00 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL

========== LOP Check ==========

[2011/05/23 09:40:15 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\Dropbox
[2010/08/28 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\InterVideo
[2010/08/28 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\Juniper Networks
[2010/08/28 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\Leadertech
[2010/08/28 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\Lenovo
[2010/08/28 17:17:10 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\LolClient
[2010/08/28 17:17:32 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\Research In Motion
[2010/08/28 17:17:32 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\SystemRequirementsLab
[2010/08/28 17:17:32 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\TomTom
[2010/05/24 10:15:50 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\Update
[2011/06/11 23:52:00 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\uTorrent
[2011/06/13 00:49:38 | 000,000,000 | ---D | M] -- C:\Users\Galen\AppData\Roaming\wsInspector
[2011/06/14 01:20:20 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2011/04/20 09:12:31 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/05/23 09:36:37 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/13 12:02:11 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/06/13 17:02:22 | 000,001,156 | -H-- | M] () -- C:\aaw7boot.cmd
[2011/06/13 11:47:03 | 000,027,213 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/06/13 19:40:43 | 000,057,143 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/06/13 19:44:44 | 1981,816,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/14 13:40:52 | 000,023,237 | ---- | M] () -- C:\P1005.log
[2011/06/13 19:44:53 | 2642,423,808 | -HS- | M] () -- C:\pagefile.sys
[2009/06/30 01:48:06 | 000,000,211 | ---- | M] () -- C:\setup.log
[2009/06/30 02:29:06 | 000,001,072 | ---- | M] () -- C:\sysiclog.txt
[2011/03/14 13:10:00 | 000,076,240 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_14.03.2011_13.09.21_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/09/22 12:50:36 | 000,293,888 | ---- | M] (Hewlett-Packard ) -- C:\Windows\System32\spool\prtprocs\w32x86\HP1006S.DLL
[2010/06/18 09:35:00 | 000,302,080 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp104.dll
[2008/01/20 22:32:37 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/09/20 15:43:48 | 000,081,224 | ---- | M] (Microsoft Corporation.) -- C:\Windows\System32\spool\prtprocs\w32x86\lmdippr8.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2010/11/20 08:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/24 19:29:49 | 000,000,574 | -HS- | M] () -- C:\Users\Galen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2010/01/13 20:48:00 | 000,000,221 | -HS- | M] () -- C:\Users\Galen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (2).ini
[2011/04/11 10:15:37 | 000,000,221 | -HS- | M] () -- C:\Users\Galen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/06/13 19:02:28 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Users\Galen\Desktop\aswMBR.exe
[2011/06/13 19:25:44 | 004,120,909 | R--- | M] (Swearware) -- C:\Users\Galen\Desktop\ComboFix.exe
[2011/06/13 20:10:58 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Galen\Desktop\GooredFix.exe
[2011/06/13 17:34:06 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Galen\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/14 01:23:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Galen\Desktop\OTL.exe
[2011/06/13 19:06:20 | 000,139,264 | ---- | M] () -- C:\Users\Galen\Desktop\RKUnhookerLE.EXE
[2011/06/13 17:46:49 | 000,302,592 | ---- | M] () -- C:\Users\Galen\Desktop\td0wrs7c.exe
[2 C:\Users\Galen\Desktop\*.tmp files -> C:\Users\Galen\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/06/11 10:10:10 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2011/06/11 10:10:09 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2011/06/11 10:10:08 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2011/06/11 10:10:09 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2011/06/11 10:10:08 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2011/06/11 10:10:09 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/11 10:20:03 | 000,000,402 | -HS- | M] () -- C:\Users\Galen\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >






OTL Extras logfile created on: 6/14/2011 1:27:40 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Galen\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 52.62% Memory free
4.92 Gb Paging File | 3.52 Gb Available in Paging File | 71.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 37.00 Gb Free Space | 26.85% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.47 Gb Free Space | 35.53% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.15% Space Free | Partition Type: NTFS

Computer Name: BL-BUS-GHCHAN | User Name: Galen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-505919019-455524809-3121656747-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01C6D0D1-0829-4AB3-955D-59FF12A14931}" = OBD-PC Link
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{046A6A59-B8B3-408F-9332-ACCFA2157F64}" = Printer Finder
"{052E244C-3674-8907-D9C3-092C89521B94}" = Catalyst Control Center Localization Korean
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10F90FAD-6627-7113-86AE-C243C74F0DEF}" = CCC Help German
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{1433371A-F983-9562-3947-92420A72849D}" = Catalyst Control Center Graphics Previews Vista
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22266E88-29AF-8D27-F85F-DD75D76E4AE2}" = Catalyst Control Center Localization German
"{23146B80-2B64-023D-0696-A753E5C45FB4}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2AA05D77-7A32-4D35-9A9E-5DD5469B20DD}" = DecisionTools Suite Industrial 5.5.1
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{356C896A-6BE6-487D-AA37-C999F945E6CF}" = Integrated Camera TWAIN
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3752F72E-A481-41C7-256B-C20D7BFBE3BC}" = CCC Help English
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{433894BE-54BF-CC72-2147-14EA837ADC87}" = CCC Help Portuguese
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = CLEAR™ WiMAX Tutorial
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{52F58309-1687-0C82-699A-27D9029B9429}" = CCC Help Spanish
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6ADC5DFC-24AA-D4E1-478A-5CD6337F8051}" = Catalyst Control Center Localization Italian
"{6B00B854-F04B-5C6A-63C5-21B9EF8CE3CF}" = CCC Help French
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi Software
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{771C80E2-7A02-D773-96C3-155F217CD02A}" = CCC Help Japanese
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7913C2B6-272E-40E4-B0D1-453864E1E266}" = Intel(R) PROSet/Wireless WiMAX Software
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation
"{7B647582-EE62-8275-9D76-15692741C585}" = Catalyst Control Center Localization Chinese Traditional
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{821456F8-EB18-41A8-DED5-695096B7D9D6}" = Catalyst Control Center Localization Chinese Standard
"{8220C00D-CBA1-AB41-1A66-7B99FAEF65F9}" = ATI Catalyst Install Manager
"{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.25.500.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACB5112-A58B-7283-B771-6271A0D9471D}" = Catalyst Control Center Core Implementation
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EBBED54-C2D0-928A-7CA9-D28FAD39C4B6}" = CCC Help Korean
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager and Intel® Turbo Memory
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94B1AD86-8764-8853-F4BB-7F92D5E94AA3}" = Catalyst Control Center Graphics Full New
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97BBF90F-A852-4AA0-872B-42D13AA22D94}" = Mobile Broadband Connect
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B14495A-E66F-3D68-3B03-D40A6862D6D7}" = ccc-utility
"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A7EE37A9-367B-651F-9F4A-0BDE35D7417F}" = CCC Help Chinese Standard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{ABC6E084-55EA-5860-4654-B21FFE886B1B}" = PX Profile Update
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_944" = Adobe Acrobat 9.4.4 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE2832A3-8108-F2BF-7086-BE66D29106E7}" = Catalyst Control Center Graphics Light
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B104C813-FB09-4B7B-B675-5EF0C176AF66}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA0B7C1F-5315-50C4-1EE9-FFA688A28C74}" = Catalyst Control Center Localization Spanish
"{BAAC402D-86A7-3918-4A24-7C8E83AE1756}" = CCC Help Swedish
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBDD2E21-F74F-FE49-956D-13FB1999DC28}" = CCC Help Italian
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{BF1ECD50-5A11-B18B-4AA0-20E41E7C20F7}" = Catalyst Control Center Localization Japanese
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C7010632-E5EE-4263-B80E-BC9D45439EB0}" = TurboTax 2010 winiper
"{C710E77E-6AC2-608B-214C-CEF6B9CDBA6E}" = Catalyst Control Center InstallProxy
"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer
"{C945C17F-2E78-4511-ABB6-EF637D2EE8FB}" = Skins
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCCF9048-DAFD-F1F5-B860-9B5C32FBD2D6}" = Catalyst Control Center Localization Portuguese
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D22E6706-136E-4810-AF2E-359AE30A7323}" = ThinkVantage Status Gadget
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2ACDD92-7A9F-FCE8-2452-8A660792038E}" = CCC Help Chinese Traditional
"{E4CB66D5-C29E-9612-5E32-6807E91A82CD}" = Catalyst Control Center Localization Swedish
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EA5AB32C-970E-D7C4-C896-1C927FB3E384}" = Catalyst Control Center Localization Dutch
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3AE0BDB-1679-4873-BED4-F94B36CB10E4}" = DecisionTools Suite Industrial 5.5 for Excel
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9230D65-8EED-B6DD-F9FB-8AEFDE06579C}" = Catalyst Control Center Localization French
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FAA034EC-DB6A-A753-5DCE-DD7D75EDEA8E}" = ccc-core-static
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FDB0E9EE-CE83-4481-9D65-253EB4096660}" = .NET Utilities
"{FF878914-1DDC-44E2-92F6-69DE291DDCA7}" = CCC Help Dutch
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001)
"3A508078B63BDC7D117BD9B1BD97C7FE8E79672B" = Windows Driver Package - Ricoh (5U875UVC) Image (09/03/2008 1.25.500.0)
"3EB6CB625B5778835F0A66A7529E69050E0EE033" = Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"EC1E678D1EFB79A1D02C312390944027C715CD5C" = Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009)
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"HECI" = Intel(R) Management Engine Interface
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"SystemRequirementsLab" = System Requirements Lab
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TurboTax 2010" = TurboTax 2010
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC Player" = VLC Player
"Winamp" = Winamp
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-505919019-455524809-3121656747-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Media Player" = Move Media Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[Broni]

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=====================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="
  [2011/04/01 20:08:53 | 000,001,919 | ---- | M] () -- C:\Users\Galen\AppData\Roaming\Mozilla\Firefox\Profiles\p9nmvnpl.default\se archplugins\bing-zugo.xml
  [2 C:\Users\Galen\Desktop\*.tmp files -> C:\Users\Galen\Desktop\*.tmp -> ]
  [12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[OO00UCH]

There was nothing after performing the ESET Online Scanner, but here are the rest of the logs. There was a problem when running the temp file cleaner, and it seemed to interfere with Symantec Endpoint Protection, so I'm not sure if I need to run that again.

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jun 14 11:50:52 2011

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

------------------------------------

Finished reporting.

 

[OO00UCH]

All processes killed
========== OTL ==========
Prefs.js: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=" removed from keyword.URL
File C:\Users\Galen\AppData\Roaming\Mozilla\Firefox\Profiles\p9nmvnpl.default\se archplugins\bing-zugo.xml not found.
C:\Users\Galen\Desktop\~WRL0003.tmp deleted successfully.
C:\Users\Galen\Desktop\~WRL1390.tmp deleted successfully.
C:\Windows\System32\SET1277.tmp deleted successfully.
C:\Windows\System32\SET1969.tmp deleted successfully.
C:\Windows\System32\SET36AF.tmp deleted successfully.
C:\Windows\System32\SET4A94.tmp deleted successfully.
C:\Windows\System32\SET4C50.tmp deleted successfully.
C:\Windows\System32\SET865.tmp deleted successfully.
C:\Windows\System32\SET97C4.tmp deleted successfully.
C:\Windows\System32\SETC3AE.tmp deleted successfully.
C:\Windows\System32\SETC744.tmp deleted successfully.
C:\Windows\System32\SETE03A.tmp deleted successfully.
C:\Windows\System32\SETE44E.tmp deleted successfully.
C:\Windows\System32\SETEFAC.tmp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Galen
->Temp folder emptied: 12835 bytes
->Temporary Internet Files folder emptied: 82804578 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 113425612 bytes
->Flash cache emptied: 2192007 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1320 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 189.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Galen
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06142011_115314

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Symantec Endpoint Protection
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.22
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.17)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````






Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Galen
->Temp folder emptied: 79 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16886505 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 16.00 mb

 

[Broni]

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[OO00UCH]

Thanks so much! The computer seems to be running great. I haven't had a redirection problem, and websites (and even the computer itself) seem to be loading faster.

Here's the log:
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Galen
->Temp folder emptied: 18999 bytes
->Temporary Internet Files folder emptied: 951250 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49894579 bytes
->Flash cache emptied: 982 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Galen
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.24.0 log created on 06142011_145752

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

Yes!!

Good luck and stay safe