Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: PC freezing and high disk usage warning, what is going on?


(!)

liketolearn's Avatar
liketolearn liketolearn is offline
Member with 202 posts.
THREAD STARTER
 
Join Date: Sep 2008
Location: westcoast Canada
Experience: Beginner
26-Aug-2011, 01:46 AM #1
PC freezing and high disk usage warning, what is going on?
I am on windows 7 64 bit 4 GB intel core i7 870 and it was pretty fast, but now very sporadic and freezes/not responding. Also getting an alert from norton of high disk usagefrom windows host process Rundll32 when not even doing anything. Was not sure about the hijackthis for the 64bit so not sure what to do about giving more info. Any ideas would be much appreciated. Thanks.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
26-Aug-2011, 05:00 AM #2
We need to see some additional information about what is happening in your machine.*
Please perform the following scan:
  • Download DDS by sUBs from one of the following links.* Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.* *
  • When done, DDS will open two (2) logs
    * * * * *1. DDS.txt
    * * * * *2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

    *
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.*
Information on A/V control HERE

Kevin
liketolearn's Avatar
liketolearn liketolearn is offline
Member with 202 posts.
THREAD STARTER
 
Join Date: Sep 2008
Location: westcoast Canada
Experience: Beginner
26-Aug-2011, 09:56 AM #3
Thanks for your reply, here are the logs. I have NIS 2011 if that matters.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Family at 6:45:32 on 2011-08-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.3053 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Simple Star\PhotoShow 5\data\Xtras\mssysmgr.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Simple Star PhotoShow Media Manager] C:\PROGRA~2\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STATUS~1.LNK - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
Trusted Zone: facebook.com\www
Trusted Zone: google.com\maps
Trusted Zone: standardlife.ca
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{03715117-1B1B-46A2-9FBA-8A7F9641F6B8} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-15 1151096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110824.030\IDSviA64.sys [2011-8-25 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-8 2533400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-25 136824]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]
.
=============== Created Last 30 ================
.
2011-08-26 13:08:01 -------- d-----w- C:\Users\Family\AppData\Local\ElevatedDiagnostics
2011-08-26 02:02:06 -------- d-----w- C:\Program Files (x86)\ESET
2011-08-25 22:12:39 73728 ------w- C:\Windows\SysWow64\BrDctF2.dll
2011-08-25 22:12:39 5120 ------w- C:\Windows\SysWow64\BrDctF2L.dll
2011-08-25 22:12:39 3072 ------w- C:\Windows\SysWow64\BrDctF2S.dll
2011-08-25 22:12:39 176128 ------w- C:\Windows\SysWow64\BroSNMP.dll
2011-08-24 15:07:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-24 15:07:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-23 19:28:02 -------- d-----w- C:\Users\Family\AppData\Roaming\GetRightToGo
2011-08-23 18:52:40 -------- d-----w- C:\Users\Family\AppData\Roaming\WinAVI
2011-08-23 18:52:40 -------- d-----w- C:\Users\Family\AppData\Local\WinAVI
2011-08-23 18:52:32 -------- d-----w- C:\Program Files (x86)\WinAVI
2011-08-12 16:40:18 -------- d-----w- C:\Users\Family\.frostwire5
2011-08-10 15:57:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
.
==================== Find3M ====================
.
2011-08-16 00:34:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 405570 ----a-w- C:\Windows\SysWow64\ipboot.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-09 00:45:12 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys
2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-22 18:51:24 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2011-06-22 18:51:18 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-13 19:22:49 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-06-13 19:01:19 127034 ----a-w- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 6:45:57.25 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/12/2011 5:22:24 PM
System Uptime: 8/26/2011 6:12:43 AM (0 hours ago)
.
Motherboard: MSI | | H55M-P33(MS-7636)
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | CPU 1 | 2787/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 879.834 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76361462&REV_03\4&285C8AE2&0&00E0
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76361462&REV_03\4&285C8AE2&0&00E0
Service: RTL8167
.
==== System Restore Points ===================
.
RP113: 8/24/2011 10:59:58 PM - Windows Update
RP114: 8/25/2011 3:07:26 PM - Removed MFL-Pro Suite
RP115: 8/25/2011 3:11:54 PM - Installed MFL-Pro Suite
RP116: 8/25/2011 3:40:01 PM - Revo Uninstaller's restore point - Logitech Desktop Messenger
RP117: 8/25/2011 4:38:20 PM - Revo Uninstaller's restore point - Logitech Desktop Messenger
RP118: 8/25/2011 4:38:56 PM - Removed Logitech Desktop Messenger
RP119: 8/25/2011 4:41:22 PM - Revo Uninstaller's restore point - Click to Call with Skype
RP120: 8/25/2011 4:48:20 PM - Windows Update
RP121: 8/25/2011 5:02:56 PM - Windows Update
RP122: 8/25/2011 6:33:19 PM - Restore Operation
RP123: 8/25/2011 9:29:28 PM - Installed HiJackThis
RP124: 8/25/2011 10:57:17 PM - Revo Uninstaller's restore point - Ask Toolbar
RP125: 8/25/2011 10:59:38 PM - Revo Uninstaller's restore point - HiJackThis
RP126: 8/25/2011 11:00:23 PM - Removed HiJackThis
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Software Update
ArcSoft MediaImpression for Kodak
Brother MFL-Pro Suite MFC-440CN
Compatibility Pack for the 2007 Office system
eReg
ESET Online Scanner v3
FrostWire 4.21.8
Google Earth
Google Update Helper
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 24
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG ODD Auto Firmware Update
LG Power Tools
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Norton Internet Security
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PaperPort
PhotoShow 5
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Revo Uninstaller 1.92
Roxio PhotoShow
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Skype™ 5.5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VirtualDJ Home FREE
.
==== Event Viewer Messages From Past Week ========
.
8/26/2011 6:43:34 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
8/25/2011 8:22:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CYDTHEKID-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{03715117-1B1B-46A2-9FBA-8A7F9641F6B8}. The master browser is stopping or an election is being forced.
8/25/2011 6:37:54 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
8/25/2011 5:30:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/24/2011 6:35:53 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.143. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.
8/23/2011 7:44:51 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
8/21/2011 9:04:29 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on E: cannot be read.
8/21/2011 9:03:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
26-Aug-2011, 11:50 AM #4
Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important

    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:



  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
liketolearn's Avatar
liketolearn liketolearn is offline
Member with 202 posts.
THREAD STARTER
 
Join Date: Sep 2008
Location: westcoast Canada
Experience: Beginner
26-Aug-2011, 09:45 PM #5
Ok so I tried everything to get Combofix to run a full scan but it froze/stalled at stage 4 even after 1 hour. I have been guided to use it before and have not had any problems but not on this computer. I followed your instructions exact. I tried deleting the first download link and tried the second, and it still froze at stage 4 after 1 1/2 hours. Is there something else I should try or is it just that I never let it run long enough. I know it goes to 50 or so and at that rate, my norton would come back on in 5 hrs and it still would be running. Thanks again!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
27-Aug-2011, 03:28 AM #6
Reboot to safe mode with networking, delete old version of cf, d/l again and give another try
liketolearn's Avatar
liketolearn liketolearn is offline
Member with 202 posts.
THREAD STARTER
 
Join Date: Sep 2008
Location: westcoast Canada
Experience: Beginner
27-Aug-2011, 04:45 PM #7
OK that worked. I forgot to disable norton before rebooting in safemode and had to go back and forth to safe mode, but, all done.
Here is the log
ComboFix 11-08-27.01 - Family 08/27/2011 12:18:36.5.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.2769 [GMT -7:00]
Running from: c:\users\Family\Desktop\Gotcha.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rob\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-07-27 to 2011-08-27 )))))))))))))))))))))))))))))))
.
.
2011-08-26 22:16 . 2011-08-26 22:16 -------- d-----w- C:\gotcha
2011-08-26 02:02 . 2011-08-26 02:02 -------- d-----w- c:\program files (x86)\ESET
2011-08-26 00:07 . 2011-08-26 01:37 -------- d-----w- c:\users\UpdatusUser
2011-08-25 22:12 . 2009-01-16 02:20 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll
2011-08-25 22:12 . 2007-12-14 05:16 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2011-08-25 22:12 . 2007-12-14 05:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2011-08-25 22:12 . 2006-12-28 20:39 176128 ------w- c:\windows\SysWow64\BroSNMP.dll
2011-08-24 15:07 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 15:07 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 19:28 . 2011-08-23 19:29 -------- d-----w- c:\users\Family\AppData\Roaming\GetRightToGo
2011-08-23 18:52 . 2011-08-23 18:52 -------- d-----w- c:\users\Family\AppData\Roaming\WinAVI
2011-08-23 18:52 . 2011-08-23 18:52 -------- d-----w- c:\users\Family\AppData\Local\WinAVI
2011-08-23 18:52 . 2011-08-23 18:55 -------- d-----w- c:\program files (x86)\WinAVI
2011-08-12 16:40 . 2011-08-12 16:48 -------- d-----w- c:\users\Family\.frostwire5
2011-08-10 15:57 . 2011-07-16 05:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 00:34 . 2011-05-17 03:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 04:26 . 2011-08-10 15:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-09 00:45 . 2011-05-02 22:36 386168 ----a-w- c:\windows\system32\drivers\NISx64\1206000.01D\symnets.sys
2011-07-07 02:52 . 2011-01-12 16:43 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-01-12 16:43 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 14:14 . 2011-06-28 14:14 53248 ----a-r- c:\users\Family\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-06-22 18:51 . 2011-07-21 21:22 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2011-06-22 18:51 . 2010-12-08 23:23 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-06-13 19:22 . 2011-06-13 19:22 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-06-13 19:01 . 2011-06-13 19:01 127034 ----a-w- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2011-06-11 03:07 . 2011-07-13 08:56 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-07-01 112152]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-30 210216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-23 1151096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110826.030\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-26 136824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 02:00]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 02:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 2327952]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: facebook.com\www
Trusted Zone: google.com\maps
Trusted Zone: standardlife.ca
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_2420"="{0D09DEE2-B34C-4DB7-BFB0-79C106E3146D}"
"ccSvcHst_UserSession_976"="{3EA3FA1F-0FAA-483E-AEB9-EA90C6374BBB}"
"g_coUserCommandChannel"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"ccSvcHst_UserSession_4624"="{11FB431B-0BBD-4F37-AF7C-13B1219AA8EF}"
"ccSvcHst_UserSession_2472"="{3FDBBEDF-F6FE-4EEC-BF56-C2C9ACA7AB92}"
"ccSvcHst_UserSession_3376"="{4EAD08EA-CED6-40B3-907A-E836935198E5}"
"ccSvcHst_UserSession_4884"="{BBCA56E5-0D44-4488-A588-99CB8D1595BC}"
"ccSvcHst_UserSession_3732"="{265C9C14-023C-430B-B752-DAC1FC8EE8BB}"
"ccSvcHst_UserSession_2512"="{A6D2FCAA-7B05-4BAF-A73C-C7CF6BB54FE6}"
"ccSvcHst_UserSession_2284"="{DEA847D0-FA1D-40EB-AF95-661642538ACD}"
"ccSvcHst_UserSession_3584"="{3559B847-593F-471B-8CA6-8FF1F79902E1}"
"ccSvcHst_UserSession_1892"="{72DCA061-9A7B-469B-9F62-10FFE7AA453C}"
"ccSvcHst_UserSession_2500"="{3A46AAAF-4053-4146-A159-CFEFC803EC25}"
"ccSvcHst_UserSession_5552"="{4EC9E9CA-94D4-4EAE-A865-23C6F41B25C1}"
"ccSvcHst_UserSession_4060"="{F11ABEE8-4D91-4D11-82D3-788D695CEDA6}"
"ccSvcHst_UserSession_1680"="{0AFC1297-B00F-4559-A435-4A5B2E854D34}"
"ccSvcHst_UserSession_2348"="{80091674-1503-488E-8B2D-3DBF8593A2C9}"
"ccSvcHst_UserSession_2900"="{6EEDB765-018F-4CC5-8D8B-D5707471BEA3}"
"ccSvcHst_UserSession_1936"="{609F0FE4-F383-48C8-BDA5-2A19156E5B30}"
"ccSvcHst_UserSession_5976"="{4511055F-1880-45D3-A8EB-208D3E6F6CAE}"
"ccSvcHst_UserSession_1564"="{C9E5C189-2BF2-4A62-A274-8BB08A7C74E1}"
"ccSvcHst_UserSession_2676"="{C3FD07D2-CA6A-4471-AE8E-BB7F54887301}"
"ccSvcHst_UserSession_3308"="{67F898AA-8E50-4667-B2F7-B382FD4E58E3}"
"ccSvcHst_UserSession_1756"="{F7AFA130-EDB2-46EC-958B-F2394A58D15D}"
"ccSvcHst_UserSession_2944"="{56C2B74B-5D6B-4B15-8E97-4595580B7055}"
"ccSvcHst_UserSession_2988"="{B38671DC-1C56-4B7D-883E-24D3F5F62F1B}"
"ccSvcHst_UserSession_3460"="{B4EE676F-2503-44D6-9E89-5A2204AAF9EE}"
"ccSvcHst_UserSession_2004"="{764A0659-EDCE-410A-A5DB-092DD105F4CA}"
"ccSvcHst_UserSession_3868"="{E2C0ECB8-DA55-420E-91DE-4655FB39BB1D}"
"ccSvcHst_UserSession_6072"="{5C2D8DBC-28A9-4BE9-AF44-F9BFEE602361}"
"ccSvcHst_UserSession_2968"="{FE23C336-11B1-4FFE-A338-E70911A52A03}"
"ccSvcHst_UserSession_6280"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"clt::AlertChannel2_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_Options_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_MessageCenter_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_Scanless_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_IPUA_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_CanIRun_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"SDKCHANNEL7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"ToasterNotify\\SessionID_7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AccountServices_7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"FormHandler_7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"ccSvcHst_UserSession_3124"="{9D720CC1-E24E-4D44-9953-1CCA1FD2B43C}"
"ccSvcHst_UserSession_1180"="{2E37C7D8-7286-4192-805A-8906E94872DE}"
"ccSvcHst_UserSession_3180"="{79D9E1BE-BC1C-4B64-A00B-A744E3C7A406}"
"ccSvcHst_UserSession_3136"="{BD1B8171-CBCC-4146-8EF3-70E60294FA90}"
"ccSvcHst_UserSession_1708"="{DC49AB09-1FD2-4051-A336-F321963827A7}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_Options_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"clt::AlertChannel2_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_MessageCenter_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_Scanless_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_IPUA_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_CanIRun_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"SDKCHANNEL2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"ToasterNotify\\SessionID_2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AccountServices_2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"FormHandler_2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"ccSvcHst_UserSession_1988"="{3B1DDE8D-F546-42B2-99BC-3DDB21152C70}"
"ccSvcHst_UserSession_2864"="{215CC422-CDB0-45C0-A2CB-A341A21CC090}"
"ccSvcHst_UserSession_3552"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"ccSvcHst_UserSession_3696"="{DAE7523A-0AA9-42E2-BC6A-55E890BC4846}"
"ccSvcHst_UserSession_2084"="{1578653E-C730-4355-8529-79DC938152A1}"
"ccSvcHst_NIS"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccSettingsService"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccGenericEvent_Global_EM"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccGenericEvent_Global_LM"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccGenericLog_Manager"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"SNDServiceRequestChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"SNDLocationChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"SymRedirSvcRequestChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"NortonNetServiceIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"NetMapServiceIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"_isDataPrComm_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ncw_performance_IPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"_ProcessDetection_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"isError_Service_IPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"BashIPCChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"_HSPlayerCommand_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"IPS_COMMAND_CHANNEL"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"_AvProdSvcComm_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"FWAlert"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"g_coVistaProxyChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ipcChannel_ShastaServer"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccSvcHst_UserSession_3340"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"clt::AlertChannel2_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_Options_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_MessageCenter_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_Scanless_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_IPUA_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_CanIRun_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"TRUSTCHANNEL"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"SDKCHANNEL1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"ToasterNotify\\SessionID_1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AccountServices_1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"FormHandler_1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"_ReputationSvcComm_ReputationPublisher"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ncw_reputation_scan_server_IPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{0D09DEE2-B34C-4DB7-BFB0-79C106E3146D}"=""
"{334107A1-43F4-459F-BAD6-1C2AF46F2B18}"=""
"{A3E6FE8D-4AC3-44E2-B347-25FEE1FF263A}"=""
"{F58DFDF6-CD86-4C27-8AA7-A84DC567FB37}"=""
"{F1D37CAB-A025-409C-802A-123F6FEF86AD}"=""
"{3B0FCE9A-12B9-4576-82AE-E8917986E090}"=""
"{D32D9C27-2CE0-4F44-9558-10F70CF6F8DF}"=""
"{1A489693-1629-4343-832E-FF403809242F}"=""
"{456F62CA-BA60-407B-8CF4-9A13C1BB2DBE}"=""
"{A527D1FD-E6A6-4669-AA01-AD565E6B1926}"=""
"{48CDF554-3176-4146-A715-8282EA57ABF5}"=""
"{9C44C587-8CC0-4301-97CB-3D452E21D3FC}"=""
"{E5084997-0BB0-4176-923A-6D05F490F890}"=""
"{3EA3FA1F-0FAA-483E-AEB9-EA90C6374BBB}"=""
"{F45F4866-DAFE-4199-8DCB-D6AFB2399945}"=""
"{EADC872A-DDFE-4EDA-88A6-18D623B13ACD}"=""
"{DFE5EE58-973B-4889-9550-EACFB77115D3}"=""
"{BB2B0333-67EB-4E63-9B72-86840A6A7F42}"=""
"{11FB431B-0BBD-4F37-AF7C-13B1219AA8EF}"=""
"{7031705B-2B60-4E7A-9B05-6903896D231A}"=""
"{F44F3E34-7F03-44F7-9B5D-8720A063FB4A}"=""
"{231FF422-0C87-4D1F-8620-5F7CF29E5F8F}"=""
"{3FDBBEDF-F6FE-4EEC-BF56-C2C9ACA7AB92}"=""
"{B31DFA15-E2D5-4628-9BF7-1CC8DFAB00C9}"=""
"{417EAA35-2C14-4CC6-BBAF-4B8EC64C36CA}"=""
"{C469DC2F-7105-4CCB-8EEE-1B29DADBC00A}"=""
"{28E4DDD8-5CF0-4C49-BCE6-8F395C42F1F1}"=""
"{42797616-EFC6-4540-885B-6EFB7EF9A5E7}"=""
"{0D95BF94-E02C-4999-A868-49A18F61BB80}"=""
"{D69FCA69-1038-45AA-8A83-CB56C348FFA5}"=""
"{93A45EF9-6852-431C-88F7-8D7D4C929BC2}"=""
"{EF4C3668-F97C-4486-B8AC-2DBBCC22AF79}"=""
"{AD8358E8-DA7E-457F-A3D7-DB927EFC6802}"=""
"{F549FD05-B161-4633-9662-25502B90A73C}"=""
"{4607E9E8-3427-4F92-A5D6-72F4DC41F337}"=""
"{9543AD80-244A-4E20-90C9-379848D57360}"=""
"{59C065E5-A04E-4450-9AF3-E821F6152DF7}"=""
"{13BC438E-2359-4211-9F63-A8AF1D86C5F3}"=""
"{90F1DEFD-59AE-4BFE-99F5-C495976CACB8}"=""
"{866A463F-8FF5-4AC3-932C-B8DF22A4EE57}"=""
"{A04C1D2F-18F9-49AF-B307-C3178B97D41E}"=""
"{79C00894-34D9-400F-BF16-76756F6A9039}"=""
"{926E2715-B662-45DB-9E2B-D20C0D2591C8}"=""
"{621F8424-71F8-4DE5-81A0-CDA2867FF4D6}"=""
"{24EAF720-C208-4264-835B-4E11C0718DF0}"=""
"{06B9EF93-6EFB-4C80-8A83-3B4BD8923AB5}"=""
"{797A998D-E84C-4241-A131-E0270CD371CC}"=""
"{F83A8CA8-9E82-456F-828D-A737089CEA1E}"=""
"{FF1399E1-B2CD-4F33-B653-8C08BC3BF902}"=""
"{F1B2B3CF-00D8-4DCD-AEBC-EC3F25165CD8}"=""
"{09A5A1D2-01FB-42BA-B3DF-85E78E4D4277}"=""
"{255C7C2F-C68C-44F4-83F3-90DA0D3326AE}"=""
"{E862F1BE-ECD2-48FE-8C8E-55AF84535672}"=""
"{30A3B4DC-B795-4FC1-A235-61171CA40764}"=""
"{BC271677-A40A-4F04-A323-1EDCE289C5DE}"=""
"{812D3444-0991-4E89-80FF-5C3E8695C99F}"=""
"{F8BB5FAA-FE50-4D29-9A92-201CE2D42701}"=""
"{E2E423A0-E126-4CD6-9ED6-ADBEAE2A64CA}"=""
"{719A154A-CDB9-4757-8F02-CE8D0A3163F1}"=""
"{DD3A6E20-86E5-4CAA-8E51-39BE3351475A}"=""
"{4EAD08EA-CED6-40B3-907A-E836935198E5}"=""
"{BBCA56E5-0D44-4488-A588-99CB8D1595BC}"=""
"{6BE8DAEC-3C89-4171-97FE-6ADDB9CECFDA}"=""
"{C7337F93-0FE6-4A0A-A8D7-8EA26A2BA6D3}"=""
"{1BF7152F-A406-4294-BD60-7ED4882748A6}"=""
"{EDC03C04-7FF0-4323-ACF3-19239BEA6610}"=""
"{81A9A990-0596-4311-8360-4757BD5C333B}"=""
"{F271028F-4EF5-40BE-B16C-537CB2782BC7}"=""
"{1CEAB620-1BCC-4A2E-B8E2-0C6B1DC368B8}"=""
"{F178B38B-C8C9-42F9-B319-12C8E31BFE96}"=""
"{265C9C14-023C-430B-B752-DAC1FC8EE8BB}"=""
"{A6D2FCAA-7B05-4BAF-A73C-C7CF6BB54FE6}"=""
"{C65C0374-3A0E-46D7-937E-69126BDE652E}"=""
"{0F0B24C2-B4DD-4133-956E-EE9E695A6AC2}"=""
"{3E804682-4283-4C1D-932C-2222F8633271}"=""
"{DEA847D0-FA1D-40EB-AF95-661642538ACD}"=""
"{2CA881D0-F2F5-4CE0-8B47-F4EB36F5602D}"=""
"{52A6D3A3-4536-4E13-A94C-A0564E76C218}"=""
"{4186A025-A0FF-4A0B-BBF9-DFDB81F67492}"=""
"{7B044A37-9053-4F87-869A-EDDFD56F5ADF}"=""
"{C0EED198-9BC5-4960-B57A-9824F4141F9F}"=""
"{9F49D034-3BE9-4F29-9CBA-ABFA633BD9F8}"=""
"{AD559B7C-C818-4AD3-BEC5-4155C05BB08C}"=""
"{7ACD7CE2-1612-4916-8718-B9105C1129E6}"=""
"{3559B847-593F-471B-8CA6-8FF1F79902E1}"=""
"{72DCA061-9A7B-469B-9F62-10FFE7AA453C}"=""
"{944955E2-8CE3-46C6-ABB7-49A60D1B62D4}"=""
"{C2AE5977-4360-49A0-9E4B-C1A44190FDFA}"=""
"{AB8283A1-E692-49DB-8BD5-AA0F7C9B4950}"=""
"{C5EAB144-3616-4009-B2A9-89B80000E773}"=""
"{C7244556-3535-4161-AB2A-7384ECA5232D}"=""
"{087D4208-2AFB-47CA-8808-0D5272D594E2}"=""
"{F216F799-3347-496D-8270-CDF5F75D9B4D}"=""
"{6DE2D977-B8E3-4D0C-AD53-8A387C0E433B}"=""
"{E6365B8E-57DF-4641-8C6E-E8638E807395}"=""
"{C7FA5AEC-553F-4D07-AB59-4400BC4F2596}"=""
"{F32B6FA7-672A-4E22-8D13-7CF1553E10DD}"=""
"{0655FD23-BCF7-48DD-8967-1D323A65B092}"=""
"{9B46DD8E-80AB-48CF-B4F0-CAAD4CDD7D36}"=""
"{41B39639-E2C9-4AC7-A75E-2FF725BF09D3}"=""
"{C95F8E84-5844-44BB-A6DD-298E36DA1087}"=""
"{10038422-0436-44DF-B890-08914B4CE751}"=""
"{8604010B-05C0-41EC-8798-948C25CF36E6}"=""
"{C0E97210-BEE3-4232-9499-A5C01569D4EE}"=""
"{5E5C0E19-0116-4F07-845E-E2BE98208686}"=""
"{699BD23C-3EA3-44A6-9ED5-320283F2BB11}"=""
"{04B8517E-190E-4B66-94DF-8DB874EF540F}"=""
"{3A46AAAF-4053-4146-A159-CFEFC803EC25}"=""
"{4EC9E9CA-94D4-4EAE-A865-23C6F41B25C1}"=""
"{8A988E86-A8E0-4D31-BFBA-5258E9C5DEDB}"=""
"{47D72049-8670-4514-A8EB-7AEF05BAEFB1}"=""
"{116B8AF4-5AFF-4621-BFFF-F21372E0B099}"=""
"{967552C5-B84A-4279-AD02-8342BAFB0B60}"=""
"{8EAA8F83-8D5B-492A-86BD-AA71805D0DC5}"=""
"{A026D6F4-6733-49B5-9BBC-E7578A003F8D}"=""
"{F11ABEE8-4D91-4D11-82D3-788D695CEDA6}"=""
"{5F09D7E6-0A4E-42B7-9D63-8B8A55999F95}"=""
"{BA272269-E1FB-4851-BC38-3952DB63F147}"=""
"{2C8FDA85-0A7F-46F9-80DF-CBC13109DB24}"=""
"{61E56D99-A1E3-4D81-8B61-0EAEA5389D98}"=""
"{9DC01170-E9E9-422A-9EFD-1D435D7FAFE8}"=""
"{23B73D5F-A7D7-4711-B5D6-99C0E3E72E67}"=""
"{0AFC1297-B00F-4559-A435-4A5B2E854D34}"=""
"{E89F06AE-9591-43F2-91B5-2D0C2B60615B}"=""
"{80091674-1503-488E-8B2D-3DBF8593A2C9}"=""
"{6EEDB765-018F-4CC5-8D8B-D5707471BEA3}"=""
"{FD4D0088-9FC3-4A3F-A855-9B2BF471D04B}"=""
"{609F0FE4-F383-48C8-BDA5-2A19156E5B30}"=""
"{4511055F-1880-45D3-A8EB-208D3E6F6CAE}"=""
"{E7B4A712-CE37-4238-9DDC-CF21A0B5CF99}"=""
"{525FCBA7-13DC-442A-A419-5A8E03A65E0E}"=""
"{3DF232C3-CFDB-4FD0-AC2B-7A0D0F504B0A}"=""
"{A19DFB2C-37EB-4166-B007-D78FD0C46D1B}"=""
"{7D47BC7B-CCEC-4476-A316-8E96A95A3E74}"=""
"{C9E5C189-2BF2-4A62-A274-8BB08A7C74E1}"=""
"{4249CE54-BEA1-4B47-B878-164F7EDE97C2}"=""
"{2197FA12-C5C8-4B39-A374-D4FCF4DDE8B1}"=""
"{878FD86F-CC0D-444A-A144-69525A680C90}"=""
"{E02B6983-9151-4D56-A9CB-1E6F90DB7184}"=""
"{03ACF25F-4608-48FD-9EA1-0AEC459C35E4}"=""
"{7CFB9259-340A-4E6E-B35C-D1528FAFA7CE}"=""
"{E1E11BEF-2C1C-4A10-AC87-2B8CDD7202A6}"=""
"{C3FD07D2-CA6A-4471-AE8E-BB7F54887301}"=""
"{67F898AA-8E50-4667-B2F7-B382FD4E58E3}"=""
"{8DAB9CA4-160F-4AC9-87A4-263B848A8DE1}"=""
"{45CCF494-3408-49FE-8008-FEB7C6B92357}"=""
"{104505B1-28D2-49EF-914C-A522E5BB0723}"=""
"{AD90BDB9-6CF7-402D-8D99-E36A61B29D06}"=""
"{F7AFA130-EDB2-46EC-958B-F2394A58D15D}"=""
"{5192857E-6B40-43B4-BF66-AC98EE6F1CDF}"=""
"{56C2B74B-5D6B-4B15-8E97-4595580B7055}"=""
"{138477FD-4BBF-45D7-ADDA-2EA6B891202E}"=""
"{B38671DC-1C56-4B7D-883E-24D3F5F62F1B}"=""
"{01F538AC-9919-4E3C-A6B1-1DFB8466927C}"=""
"{A386C740-E3FB-4A16-AECE-4B8071F5AE17}"=""
"{3F76AD84-C598-4C4F-BAAE-9AB944B3AE49}"=""
"{1BA15CE7-905E-4086-9398-DB380339ACE2}"=""
"{D3C39C4A-CA61-492A-9F69-4ED56C9A7387}"=""
"{C0928F02-E591-452B-89AE-2CB85CEB9987}"=""
"{EF81767C-5025-4BF3-BE0C-B9D21861D72F}"=""
"{66531C5A-9C27-474D-9A10-EFB1B35E47D0}"=""
"{DE310AB0-0BCE-4086-AB01-1394527E5560}"=""
"{896B161F-EB65-45EE-8F56-9575151F8294}"=""
"{65722FD5-76E3-4AC4-AB8F-8552A725D639}"=""
"{AC2A66B6-428A-4744-9150-BF491DC7B686}"=""
"{475F5FF6-4741-408B-B601-CC297CAFC0FA}"=""
"{2B411686-CE3D-4CFD-B1E2-7DB5DAF1B4FD}"=""
"{5D6E3C72-3CB7-42F2-A9F5-2244B4A94BBE}"=""
"{134761DE-698F-4D09-89AC-EDBA22D72521}"=""
"{8841916F-4D8D-4C6B-AA23-38FB95AC31C9}"=""
"{E3465A3F-C21D-434B-B771-F8C68A766CA7}"=""
"{591EEED2-CF01-43C4-A4C7-16C830230CDF}"=""
"{D971A2AB-AEB8-48B7-9AC2-086210F9B896}"=""
"{DD77B5A2-1CA0-478E-B2F7-43559AD1824E}"=""
"{4615FFF4-7782-4CA3-8E3C-246FB1DE147F}"=""
"{026262E3-C540-4758-8387-61C8657CA34C}"=""
"{39FB057F-3185-4667-9E31-155C253CC74F}"=""
"{ACBED2EF-6484-418A-8572-3DF8B7AD7DEF}"=""
"{4CEF23E2-A7FC-4B24-96C4-CE8EC6FA0F3E}"=""
"{8D5D6E23-5626-403B-B029-EF2898786ED9}"=""
"{FEE40CC8-3D98-44FE-A2B1-833E563C5AB5}"=""
"{52BBA090-13EE-461F-BE21-3D3E03055B2B}"=""
"{87D922FA-A884-4454-B0E8-0BA63953B703}"=""
"{DFCAADBD-4718-4CB3-8448-B1B3AECC6F29}"=""
"{220E7BC9-7B05-4D42-A75A-BF6DE32D48DB}"=""
"{F7339600-6765-430A-9DF1-7E52E7D939D8}"=""
"{B4EE676F-2503-44D6-9E89-5A2204AAF9EE}"=""
"{42C6E96A-141D-4A7D-A46B-F7026663969C}"=""
"{764A0659-EDCE-410A-A5DB-092DD105F4CA}"=""
"{FBC66D9B-EA1B-4BBA-8F44-31DAF22BAFCF}"=""
"{FEA48F18-DEDC-49AE-8C26-E20AB168EA0E}"=""
"{0C2B846D-CA4A-47E5-9E3A-40F2F75C4AB8}"=""
"{83E76CF5-6031-4038-91FD-6899E8EF76B9}"=""
"{DC3984CD-168E-4F6E-9A53-B510B31DD7E0}"=""
"{90592A06-0E86-42C5-A601-F1884EE70965}"=""
"{D27C23FB-79E2-4570-A688-98C7FE466D43}"=""
"{6697095D-B764-40E3-B266-B2FAE49497EF}"=""
"{988E6850-1E4D-4558-91AF-794DE8D6C532}"=""
"{FF0416BD-3923-4E29-80DB-F1ED8881DD0E}"=""
"{39461C36-D129-498B-B2A3-F469E6418375}"=""
"{2AA8985C-B5F4-4D7A-99A7-833B88545B53}"=""
"{1EB12C13-23DB-4258-9FEA-CF199C8990FA}"=""
"{7B7DDF50-A801-492A-AD96-760E98851318}"=""
"{E2C0ECB8-DA55-420E-91DE-4655FB39BB1D}"=""
"{2E416CDE-68A3-4F11-B8CF-D3D0B0A219AF}"=""
"{557F2CF9-FBB5-4FDB-BB62-3FA95634F71E}"=""
"{381AC5A0-411D-45C4-A5B4-C078AC958420}"=""
"{C2DF556F-CDFB-4DC2-B5D8-8184B4A2A786}"=""
"{E2A80BCB-8670-4BF8-93F4-7CDDDEA53768}"=""
"{5C2D8DBC-28A9-4BE9-AF44-F9BFEE602361}"=""
"{CB26DA7B-8FFA-4799-8E7E-EF4C206D8DC5}"=""
"{5A0E5F3F-6506-4354-B52B-9B9B5180A9D3}"=""
"{25A13A4A-01AD-4F21-837C-5700248348A8}"=""
"{5E590033-F532-4E22-83ED-4B9800A26FC7}"=""
"{7F87AF53-1BF5-4203-86B2-8FCA00FAAED1}"=""
"{7B45986F-25CA-4F75-8273-6ADF6FEDDB9C}"=""
"{316075CE-DFF9-4A6A-ACE9-AC96079EA687}"=""
"{456D4025-A625-43C3-97D6-9523AB33BCDD}"=""
"{278CFB38-410E-43F6-91D8-52766FB59128}"=""
"{E1829972-98DA-47F8-86B3-EBD8A668B259}"=""
"{2CF5C7CA-43B9-4F2E-80E4-FAED8A6B551A}"=""
"{22EA5E25-5B6F-48DE-96BD-09D5C57B15A6}"=""
"{E21F2C77-B6E2-4D41-B170-30F39FDA80EF}"=""
"{F7DC96A8-875F-489E-93F9-DCE6E1CD0215}"=""
"{F15B20B5-11E0-48C0-99BB-A75F4BD05552}"=""
"{72138ECB-1EDF-4A98-AA04-B10CADACB997}"=""
"{49F6AB37-3BDC-4B7F-B6C3-B0CDE02D4254}"=""
"{6E99CCEE-CC0B-4174-92FD-B0B133E811DD}"=""
"{B57BDDA6-697D-4CD8-B035-9B89C82CD60D}"=""
"{EE39852F-6F24-4546-9DD1-E260978A82A9}"=""
"{28543CA6-CFEA-4B98-839E-A110932B9ED2}"=""
"{87AD65EE-5A4A-48B3-B5E2-A83C2DC5D77A}"=""
"{0EFD6857-435D-40BE-874C-D8B30FBFC4F3}"=""
"{76835805-5EE8-42FD-8BC0-88EABE6B5221}"=""
"{4EBA3986-2A5D-4E75-AB54-78194BD1817C}"=""
"{B7EC8B18-CC95-4007-881A-F42C912B4717}"=""
"{2F863126-5E1C-4738-B6AC-21C291EB8BDC}"=""
"{742199D9-2AE1-45A6-97EF-F35A6E777FC1}"=""
"{51A11188-3B93-4B2D-8E18-A96058226D46}"=""
"{C766FB15-8D48-4B9B-9462-76D1CADD6CD3}"=""
"{61F72C35-6AE8-45E9-BFAD-CD712C488B07}"=""
"{0E0D17F1-15AC-411D-821A-CA58F085014F}"=""
"{35969881-9898-4EEE-8CE3-798D1D0E1488}"=""
"{348F6188-F6C6-45B1-B174-7D4A915C968E}"=""
"{B6F6791E-EDBF-4175-8018-022D272FE860}"=""
"{DC082D97-042B-4C78-92F5-1DB98B5A38E5}"=""
"{F317CA28-83E5-456B-9B45-D8A5C8F6D6CA}"=""
"{E5559D7B-551F-42F9-BCDE-87AE2A9E2A8F}"=""
"{21F9A910-1735-4901-9155-5D47A3BD1F8A}"=""
"{3037A8A8-9297-4A9B-991F-C6805A4D74A1}"=""
"{8881828F-0718-4D04-8E2D-9BAB99F42A68}"=""
"{22827BD3-297A-4A5A-ACD3-4AA56306C6B2}"=""
"{AB466F01-8834-4C42-8711-121822183228}"=""
"{B0E4F8EB-71B1-4B30-BD3F-48C3FAF582E8}"=""
"{C5DEB543-692E-4CD9-B069-857FC9FF26D0}"=""
"{43332A67-4FD7-46DF-B6B5-CE1B744BCBC4}"=""
"{FE23C336-11B1-4FFE-A338-E70911A52A03}"=""
"{049FAD6F-79BE-4614-BB5C-C3073D450315}"=""
"{52F3B6DD-1E1E-4D61-A8CB-F1A7960C878F}"=""
"{681D23E2-F8CC-44AF-9D0C-616B0078C9C3}"=""
"{E3CCFFA6-7312-4CCE-AAA2-E27B678886D0}"=""
"{E886A398-E087-4629-AB07-C147AC37AE82}"=""
"{750E8799-DE97-41AC-9F32-05339538DB68}"=""
"{C6C78876-1E8C-4A42-AF73-7577155712CF}"=""
"{48EC48C2-F240-490E-8FD2-B27C506E4E51}"=""
"{CF53B28D-20E7-44F4-AF1D-21D28F75C116}"=""
"{481A2508-365C-436E-ACF9-CE7B1C3ED44A}"=""
"{B85002A6-829C-482B-B394-377800B904D0}"=""
"{1A7C5C1F-3C54-42F0-973D-8EED900683AF}"=""
"{8B6A1FE4-1DC6-4249-A46E-1F1FEEA392D5}"=""
"{15DDB78B-516A-45C1-89F9-0F88DFEE98DB}"=""
"{B71C749F-57D5-48B9-B27C-D6EB7D858DC3}"=""
"{BB9A426C-9C91-4130-946E-316F862697A9}"=""
"{5B713E37-6995-43CE-AC8C-F52F24EEB2BE}"=""
"{1C1CAEBD-5006-40DA-A5DF-A1A5E4AD4E81}"=""
"{013E1C21-234D-4ADC-B7DA-5E0D2D42BE61}"=""
"{A0C419A4-4026-4C4A-9520-892BA4EA4EFE}"=""
"{5F8E2EE7-5159-48BD-84EF-95A6B4548C66}"=""
"{4BF2DA07-8AE1-44D8-9E8B-12069E5817F4}"=""
"{3BCF7FEC-BA37-4CBD-9CC5-23BCD8DF713D}"=""
"{7B690751-BE74-4975-B4F4-97557CBD335B}"=""
"{77AC26DA-F6CB-4D95-8969-8E408B0A9A11}"=""
"{FBD15F94-4C2A-4144-8643-BD18C6BBDF56}"=""
"{09F7FB02-FE6F-47E7-A507-2BADFCEA3EAE}"=""
"{3BA6857C-C928-4583-922C-140DA59B1951}"=""
"{51AF8568-1FCE-4526-A5FB-D39A83D1CA63}"=""
"{CCFA988E-3148-40C7-B969-6582CAB97E17}"=""
"{87B1FDB0-CD96-4841-8836-34B10648C67E}"=""
"{75C71241-2324-49E0-BB54-E4EFF90F8850}"=""
"{A5F0EAA7-1278-42F6-BC69-6E3D5E7DECD8}"=""
"{E4A69C55-1A31-4238-AD45-D088962DF1A7}"=""
"{0D8EE81F-B7FD-47F3-BDC0-0E2C079F2799}"=""
"{729C3E28-69D1-4380-A1A3-3F40BF525194}"=""
"{5C5CD5ED-D436-49F5-ACA6-61CA9E01CDEE}"=""
"{3F95F73F-3AF0-4665-80DB-BCF3F43BEA83}"=""
"{3F04E07C-DFF4-43D9-805B-D47CEDB2852D}"=""
"{DB1653B7-FFA3-49AA-84BB-A376A1C733E5}"=""
"{C146FAFC-1862-4AA2-B6CC-8578A46B85F2}"=""
"{D3F8EA12-2EF4-41E2-A20A-1A7E30955322}"=""
"{A121205E-DC7F-4888-B3B3-F42D667F35DB}"=""
"{7FDD4F46-2BF8-455C-AF61-E672CEA5D2FE}"=""
"{C488FA40-51CB-459A-A89D-0781720DFBB0}"=""
"{6D796824-EC5E-4906-8943-C8BB1CAB2A30}"=""
"{E0DC724E-5CF8-45DA-89D1-CC7ECE3CBF07}"=""
"{EB351F31-D0CE-4798-982B-481DB88C386C}"=""
"{B0C9A88E-3640-44ED-9E81-3AFB737E546B}"=""
"{F0EA5D24-FAA3-4619-9B3D-2E76EFE47597}"=""
"{CA916EFD-E9E1-4AB5-A448-5AACC27DBA77}"=""
"{18BEBAF0-E57A-4D53-B9A9-1F23DF08BE0F}"=""
"{E6618D36-3795-4240-8085-E51A28BCFDD9}"=""
"{0CBDC7E0-4B82-4EDE-B776-845A6A5374FE}"=""
"{431EA7FC-4611-4959-94EF-FCC97ACF1D77}"=""
"{44D1B697-362E-4EBD-9854-359470ADA71D}"=""
"{302F8F5E-9A15-4CDD-B3D2-8460885B98EB}"=""
"{F6BFF0D2-56B3-46D3-96F4-90EDFBEE65D5}"=""
"{22F0B307-A00D-44A9-8F6F-AD7302ABDB75}"=""
"{4D4E78D4-A681-4347-92DD-389835389371}"=""
"{605FD607-4C05-4D6A-BC7B-8F828ADC7C0B}"=""
"{B73BFF1C-0C0A-4E11-9A9C-B885026D2404}"=""
"{4C1F09AF-00D4-401C-ABBA-26F2120D3B29}"=""
"{E1125C04-4839-4B55-92F5-FA6DEA990EFB}"=""
"{5E39664D-7074-4FF9-9EFE-857B509DE290}"=""
"{4F5637A2-F981-4353-8B3E-44E156DEF934}"=""
"{FBC4BCCC-0119-46A3-A5B3-79C4D0FCBA20}"=""
"{0093262E-3032-48A5-9E0B-B0690C623307}"=""
"{D00CD13E-8725-4BE6-819F-0D3255F65BE6}"=""
"{770E72E3-B147-4493-B699-023DD1DEA1C0}"=""
"{F68797BB-BEC5-4A61-90A8-9DA8C15AA99E}"=""
"{CFD24CCF-39AF-4B42-882D-4160BE4CB82B}"=""
"{D1E839DE-CB1C-4B16-A7BE-BEF0DF08511F}"=""
"{D2065170-5B5C-48C4-8F46-D2146125EFB3}"=""
"{9DDC4B3D-0F96-4244-B864-417982F566B4}"=""
"{7E064615-BF51-4981-B6CA-07BA39C20809}"=""
"{29195242-E35F-46A5-8A2F-C97A8A0619B6}"=""
"{ACA4E181-2050-4E91-B98C-6A0FF2D5037D}"=""
"{1716D8EB-2D4D-46A6-9578-7DBE0253287E}"=""
"{EE204283-6B0C-4C8E-B146-1406D55638A7}"=""
"{BB4689F4-9565-47DD-932C-A176D5A2CF64}"=""
"{E99CC81A-DC9B-4E6E-A0C8-E5AB87296E75}"=""
"{4040EDDC-2A84-4E31-B28C-60D6698596F4}"=""
"{F2911F39-D403-46A2-A174-F8F40DA567E4}"=""
"{2E04AC56-C8A6-4C57-9076-E616ABF16467}"=""
"{C6A6273E-3DB2-431A-8D46-602CA7874CBD}"=""
"{24B8CFDA-7CF4-4B3E-8957-9F5E18A0CD58}"=""
"{B6921103-3357-469F-B64C-D0B7664E0408}"=""
"{AC59942D-C54E-44F0-B65D-ADD4BE83B7B2}"=""
"{8CB38945-EA37-47D7-84E0-A2E9219F52D1}"=""
"{AE9E3A8C-ABCF-47D7-908A-DED0FC479826}"=""
"{DB36CD5A-5500-4A4F-9F98-92035973B019}"=""
"{C1AE82E0-1FDD-457D-8DEA-707EF67B4918}"=""
"{A8C9310E-4809-46B9-B111-1DD81AAF8DD5}"=""
"{7D88E462-2ECB-4157-A552-4EBA63574D6B}"=""
"{5F8E4421-5243-4DA9-A990-4F690729C804}"=""
"{5BEDAC2B-0F9B-4925-8363-CC35AB005F36}"=""
"{34A9B94C-BC8C-4C62-BCB4-CCD3904FF25E}"=""
"{6985F6ED-0E0A-4626-9F37-A5A1E0122BC3}"=""
"{633B21B8-FCB3-4DB2-9A9C-AB67DAA92E9F}"=""
"{48500D14-B93E-4BE6-A4A7-AA2A39CD92F7}"=""
"{B7DFAC23-6065-4B9F-AC66-36724978D001}"=""
"{AAD132E1-9400-4659-B7EA-23670A41E4DC}"=""
"{99F1C6D4-F40F-4D9F-BEEC-630FB7BADBD6}"=""
"{94A8658D-2BAA-46B4-9B67-0B9CB9DCF08F}"=""
"{86E619B3-1398-4344-ACF1-5033D3C5B728}"=""
"{7C7033F1-7C54-4FAC-8E11-DC578ECE9334}"=""
"{DC346B3A-24B6-47D8-8B4D-8A156F50AE15}"=""
"{C2F44976-2553-48AE-94CA-F2789FC00C63}"=""
"{D5CACC3B-6E28-4E76-8DBE-C78DDE372ADF}"=""
"{BADAD400-0D9B-455F-BA53-59A66E597F2C}"=""
"{9D720CC1-E24E-4D44-9953-1CCA1FD2B43C}"=""
"{FF839E50-99BB-4185-A181-FC0C0D776BC9}"=""
"{2E37C7D8-7286-4192-805A-8906E94872DE}"=""
"{3F8E3433-334A-4E15-8A61-13F3F50A10AA}"=""
"{79D9E1BE-BC1C-4B64-A00B-A744E3C7A406}"=""
"{9E5836DA-ABB1-4ACC-B9DF-669B8FDA28EB}"=""
"{D0880ABC-DDF6-4350-8A1C-30FBBC98EF37}"=""
"{12C657CA-BADE-41D4-8CD5-C3319ECAAC0B}"=""
"{AA464F21-12F0-4569-916A-A0807541C979}"=""
"{9903D159-B08D-4712-B66C-5BA9CBFF9F20}"=""
"{B5D3AEDE-8070-495C-AEEB-FEE4CEE62808}"=""
"{F3B741CD-485F-4010-83D5-4E5112EDF91A}"=""
"{47E9D54D-00B3-480B-9E72-5F9DC919615C}"=""
"{6FF1520D-FB38-429F-9646-D1CE957409AF}"=""
"{A2B55C96-5FDC-4624-852E-FE32DEB0D8F4}"=""
"{69216B98-E67A-49D6-AEAE-884C73D60D25}"=""
"{A2876EB9-000D-423E-8951-78E6BF129336}"=""
"{BD1B8171-CBCC-4146-8EF3-70E60294FA90}"=""
"{130E9FE8-F633-457E-8BF3-D36DC25A65DD}"=""
"{6B5554AF-15EF-46BA-AE65-CD8D32944C9F}"=""
"{19E5F19D-7A90-4FBB-A3CF-9057826015AE}"=""
"{93F04B93-BBCA-4BB6-B8CB-1F8EB862E7EB}"=""
"{DC49AB09-1FD2-4051-A336-F321963827A7}"=""
"{36EA6AFD-970F-4008-A475-6D5D8F2C9E9F}"=""
"{3B1DDE8D-F546-42B2-99BC-3DDB21152C70}"=""
"{80517A95-38D5-4AD0-B3A1-6E5E7CCD8279}"=""
"{00BF5234-BB29-48D7-B16D-D4C5984DB60B}"=""
"{F9133435-76A6-4D34-BD87-94F16C8E5C99}"=""
"{215CC422-CDB0-45C0-A2CB-A341A21CC090}"=""
"{675F6951-9D14-4F21-A90C-A35EE71331C3}"=""
"{63CFADA0-5D18-449F-A56D-3B6AFD0179BC}"=""
"{CD718E69-1AF7-4070-89F2-4575F793D888}"=""
"{F0B56F3C-7647-48B8-AEFA-3DA4F257F4D4}"=""
"{DAE7523A-0AA9-42E2-BC6A-55E890BC4846}"=""
"{538952BE-87AA-4FF5-AD4A-54B9D75F8936}"=""
"{1578653E-C730-4355-8529-79DC938152A1}"=""
"{F7E86A5E-AD26-49B6-A00F-679AE06E05B9}"=""
"{2ED7532C-A4EA-45A0-B559-7DE5CBA8A107}"=""
"{9F227B6F-0064-4548-AD4D-227815EFFF06}"=""
"{7D696A07-6D1C-4FDE-81A5-D31D6AD4C33F}"=""
"{7ACBA33A-ABA4-499D-9243-4A2A209EF093}"=""
"{319257A4-9C2F-4BF8-BE8F-B3B55E91D654}"=""
"{BC891F07-8B10-4E90-B0E0-44B816CDA705}"=""
"{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"=""
"{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-08-27 12:27:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-27 19:27
.
Pre-Run: 943,953,911,808 bytes free
Post-Run: 943,803,301,888 bytes free
.
- - End Of File - - EC0EF154002A6D4F67BC54CA1F5622B9
liketolearn's Avatar
liketolearn liketolearn is offline
Member with 202 posts.
THREAD STARTER
 
Join Date: Sep 2008
Location: westcoast Canada
Experience: Beginner
27-Aug-2011, 05:08 PM #8
Also from the quaratined file
2011-08-27 19:27:01 . 2011-08-27 19:27:01 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2011-08-27 19:26:54 . 2011-08-27 19:26:54 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2011-08-27 19:21:45 . 2011-08-27 19:21:45 5,829 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-08-26 22:16:19 . 2011-08-27 19:18:01 459 ----a-w- C:\Qoobox\Quarantine\catchme.log
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
27-Aug-2011, 05:29 PM #9
How is your system responding, are you still having issues...
liketolearn's Avatar
liketolearn liketolearn is offline
Member with 202 posts.
THREAD STARTER
 
Join Date: Sep 2008
Location: westcoast Canada
Experience: Beginner
27-Aug-2011, 10:55 PM #10
well it was still freezing and a couple of norton alerts about high disk usage so I looked into it more. Not sure if this is/was the problem logitech setpoint software for lx 310 wireless keyboard and mouse seemed to be causing some issues with norton etc. I uninstalled the software and so far so good but have not been doing much though. Did you see anything that also could have been an issue?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
28-Aug-2011, 02:48 AM #11
Logs look ok, nothing obvious. Use your system for a day or so and post back how your system is responding
liketolearn's Avatar
liketolearn liketolearn is offline
Member with 202 posts.
THREAD STARTER
 
Join Date: Sep 2008
Location: westcoast Canada
Experience: Beginner
30-Aug-2011, 12:57 PM #12
Seems to be good. I have noticed that since deleting the keyboard program no issues with high disk usage alerts also. Could this cordless mouse combo have been the whole problem? occasionally I notice the mouse doesn't respond so I move the receiver a bit and then all good again but annoying. I have used it for a couple of months with no issues until now, not like the microsoft combo I took back. Thanks for your help and time!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
30-Aug-2011, 07:29 PM #13
OK do the following :-

Step 1

Remove Combofix now that we're done with it
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")

  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Step 2
  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

Step 3

Download TFC to your desktop, from either of the following links
Link 1
Link 2
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
  • If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run

Step 4

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia

Let me know if those steps complete OK, also if any issues or concerns...

Kevin
liketolearn's Avatar
liketolearn liketolearn is offline
Member with 202 posts.
THREAD STARTER
 
Join Date: Sep 2008
Location: westcoast Canada
Experience: Beginner
30-Aug-2011, 08:00 PM #14
Ok so I deleted Combofix earlier after I ran it. So windows says it cannot find it when trying to do above uninstall. I notice there is a Qoobox file that will not delete says needs to be administrator, which I am! I guess I screwed that up! Now what? I will wait before I try the others!
Thanks
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,586 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
30-Aug-2011, 09:23 PM #15
OTC will remove Combofix folders, it will not reset system restore so that will have to be done when you finish the other steps.
Complete steps 2, 3, and 4. then do the following:

Create a new restore point:

1. Right-click on Computer and go to Properties.
2. Next click on the System Protection link.
3. The System Properties dialog screen opens up and you will want to click on Create.
4. Type in a description for the restore point which will help you remember the point at which is was created. Click on create.
5. You should see the message "The restore point was created successfully

To remove all but the most recent restore point do the following:

1. Open Disk Cleanup by clicking the Start button . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
2. If prompted, select the drive that you want to clean up, and then click OK.
3. In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
4. If prompted, select the drive that you want to clean up, and then click OK.
5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
6. In the Disk Cleanup dialog box, click Delete.
7. Click Delete Files, and then click OK.

Let me know how you get on...

Kevin
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑