1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PC freezing and high disk usage warning, what is going on?

Discussion in 'Virus & Other Malware Removal' started by liketolearn, Aug 26, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. liketolearn

    liketolearn Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    202
    I am on windows 7 64 bit 4 GB intel core i7 870 and it was pretty fast, but now very sporadic and freezes/not responding. Also getting an alert from norton of high disk usagefrom windows host process Rundll32 when not even doing anything. Was not sure about the hijackthis for the 64bit so not sure what to do about giving more info. Any ideas would be much appreciated. Thanks.
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    We need to see some additional information about what is happening in your machine.*
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE

    Kevin
     
  3. liketolearn

    liketolearn Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    202
    Thanks for your reply, here are the logs. I have NIS 2011 if that matters.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Family at 6:45:32 on 2011-08-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.3053 [GMT -7:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files (x86)\Simple Star\PhotoShow 5\data\Xtras\mssysmgr.exe
    C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Simple Star PhotoShow Media Manager] C:\PROGRA~2\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STATUS~1.LNK - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
    Trusted Zone: facebook.com\www
    Trusted Zone: google.com\maps
    Trusted Zone: standardlife.ca
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{03715117-1B1B-46A2-9FBA-8A7F9641F6B8} : DhcpNameServer = 192.168.0.1
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-15 1151096]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110824.030\IDSviA64.sys [2011-8-25 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-8 2533400]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-25 136824]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
    S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]
    S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]
    .
    =============== Created Last 30 ================
    .
    2011-08-26 13:08:01 -------- d-----w- C:\Users\Family\AppData\Local\ElevatedDiagnostics
    2011-08-26 02:02:06 -------- d-----w- C:\Program Files (x86)\ESET
    2011-08-25 22:12:39 73728 ------w- C:\Windows\SysWow64\BrDctF2.dll
    2011-08-25 22:12:39 5120 ------w- C:\Windows\SysWow64\BrDctF2L.dll
    2011-08-25 22:12:39 3072 ------w- C:\Windows\SysWow64\BrDctF2S.dll
    2011-08-25 22:12:39 176128 ------w- C:\Windows\SysWow64\BroSNMP.dll
    2011-08-24 15:07:31 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-08-24 15:07:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-08-23 19:28:02 -------- d-----w- C:\Users\Family\AppData\Roaming\GetRightToGo
    2011-08-23 18:52:40 -------- d-----w- C:\Users\Family\AppData\Roaming\WinAVI
    2011-08-23 18:52:40 -------- d-----w- C:\Users\Family\AppData\Local\WinAVI
    2011-08-23 18:52:32 -------- d-----w- C:\Program Files (x86)\WinAVI
    2011-08-12 16:40:18 -------- d-----w- C:\Users\Family\.frostwire5
    2011-08-10 15:57:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    .
    ==================== Find3M ====================
    .
    2011-08-16 00:34:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 405570 ----a-w- C:\Windows\SysWow64\ipboot.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-07-09 00:45:12 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys
    2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-22 18:51:24 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
    2011-06-22 18:51:18 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    2011-06-13 19:22:49 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2011-06-13 19:01:19 127034 ----a-w- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
    2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 6:45:57.25 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/12/2011 5:22:24 PM
    System Uptime: 8/26/2011 6:12:43 AM (0 hours ago)
    .
    Motherboard: MSI | | H55M-P33(MS-7636)
    Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | CPU 1 | 2787/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 879.834 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76361462&REV_03\4&285C8AE2&0&00E0
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76361462&REV_03\4&285C8AE2&0&00E0
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    RP113: 8/24/2011 10:59:58 PM - Windows Update
    RP114: 8/25/2011 3:07:26 PM - Removed MFL-Pro Suite
    RP115: 8/25/2011 3:11:54 PM - Installed MFL-Pro Suite
    RP116: 8/25/2011 3:40:01 PM - Revo Uninstaller's restore point - Logitech Desktop Messenger
    RP117: 8/25/2011 4:38:20 PM - Revo Uninstaller's restore point - Logitech Desktop Messenger
    RP118: 8/25/2011 4:38:56 PM - Removed Logitech Desktop Messenger
    RP119: 8/25/2011 4:41:22 PM - Revo Uninstaller's restore point - Click to Call with Skype
    RP120: 8/25/2011 4:48:20 PM - Windows Update
    RP121: 8/25/2011 5:02:56 PM - Windows Update
    RP122: 8/25/2011 6:33:19 PM - Restore Operation
    RP123: 8/25/2011 9:29:28 PM - Installed HiJackThis
    RP124: 8/25/2011 10:57:17 PM - Revo Uninstaller's restore point - Ask Toolbar
    RP125: 8/25/2011 10:59:38 PM - Revo Uninstaller's restore point - HiJackThis
    RP126: 8/25/2011 11:00:23 PM - Removed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Apple Application Support
    Apple Software Update
    ArcSoft MediaImpression for Kodak
    Brother MFL-Pro Suite MFC-440CN
    Compatibility Pack for the 2007 Office system
    eReg
    ESET Online Scanner v3
    FrostWire 4.21.8
    Google Earth
    Google Update Helper
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 24
    LG CyberLink LabelPrint
    LG CyberLink Power2Go
    LG CyberLink PowerBackup
    LG CyberLink PowerDVD
    LG CyberLink PowerProducer
    LG ODD Auto Firmware Update
    LG Power Tools
    LightScribe System Software
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft Office File Validation Add-In
    Microsoft Office Standard Edition 2003
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Norton Internet Security
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    PaperPort
    PhotoShow 5
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.92
    Roxio PhotoShow
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Skype™ 5.5
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VirtualDJ Home FREE
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/26/2011 6:43:34 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    8/25/2011 8:22:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CYDTHEKID-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{03715117-1B1B-46A2-9FBA-8A7F9641F6B8}. The master browser is stopping or an election is being forced.
    8/25/2011 6:37:54 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    8/25/2011 5:30:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    8/24/2011 6:35:53 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.143. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.
    8/23/2011 7:44:51 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
    8/21/2011 9:04:29 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on E: cannot be read.
    8/21/2011 9:03:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    .
    ==== End Of File ===========================
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important

      Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

      [​IMG]

    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  5. liketolearn

    liketolearn Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    202
    Ok so I tried everything to get Combofix to run a full scan but it froze/stalled at stage 4 even after 1 hour. I have been guided to use it before and have not had any problems but not on this computer. I followed your instructions exact. I tried deleting the first download link and tried the second, and it still froze at stage 4 after 1 1/2 hours. Is there something else I should try or is it just that I never let it run long enough. I know it goes to 50 or so and at that rate, my norton would come back on in 5 hrs and it still would be running. Thanks again!
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    Reboot to safe mode with networking, delete old version of cf, d/l again and give another try
     
  7. liketolearn

    liketolearn Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    202
    OK that worked. I forgot to disable norton before rebooting in safemode and had to go back and forth to safe mode, but, all done.
    Here is the log
    ComboFix 11-08-27.01 - Family 08/27/2011 12:18:36.5.8 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.2769 [GMT -7:00]
    Running from: c:\users\Family\Desktop\Gotcha.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Rob\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-27 to 2011-08-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-26 22:16 . 2011-08-26 22:16 -------- d-----w- C:\gotcha
    2011-08-26 02:02 . 2011-08-26 02:02 -------- d-----w- c:\program files (x86)\ESET
    2011-08-26 00:07 . 2011-08-26 01:37 -------- d-----w- c:\users\UpdatusUser
    2011-08-25 22:12 . 2009-01-16 02:20 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll
    2011-08-25 22:12 . 2007-12-14 05:16 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
    2011-08-25 22:12 . 2007-12-14 05:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
    2011-08-25 22:12 . 2006-12-28 20:39 176128 ------w- c:\windows\SysWow64\BroSNMP.dll
    2011-08-24 15:07 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-24 15:07 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-23 19:28 . 2011-08-23 19:29 -------- d-----w- c:\users\Family\AppData\Roaming\GetRightToGo
    2011-08-23 18:52 . 2011-08-23 18:52 -------- d-----w- c:\users\Family\AppData\Roaming\WinAVI
    2011-08-23 18:52 . 2011-08-23 18:52 -------- d-----w- c:\users\Family\AppData\Local\WinAVI
    2011-08-23 18:52 . 2011-08-23 18:55 -------- d-----w- c:\program files (x86)\WinAVI
    2011-08-12 16:40 . 2011-08-12 16:48 -------- d-----w- c:\users\Family\.frostwire5
    2011-08-10 15:57 . 2011-07-16 05:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-16 00:34 . 2011-05-17 03:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-07-16 04:26 . 2011-08-10 15:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-09 00:45 . 2011-05-02 22:36 386168 ----a-w- c:\windows\system32\drivers\NISx64\1206000.01D\symnets.sys
    2011-07-07 02:52 . 2011-01-12 16:43 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-07 02:52 . 2011-01-12 16:43 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-28 14:14 . 2011-06-28 14:14 53248 ----a-r- c:\users\Family\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-06-22 18:51 . 2011-07-21 21:22 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
    2011-06-22 18:51 . 2010-12-08 23:23 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2011-06-13 19:22 . 2011-06-13 19:22 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-06-13 19:01 . 2011-06-13 19:01 127034 ----a-w- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
    2011-06-11 03:07 . 2011-07-13 08:56 3137536 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-07-01 112152]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-30 210216]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
    R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-23 1151096]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110826.030\IDSvia64.sys [2011-08-23 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-26 136824]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
    S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 02:00]
    .
    2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 02:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 2327952]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ca/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    Trusted Zone: facebook.com\www
    Trusted Zone: google.com\maps
    Trusted Zone: standardlife.ca
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
    @Denied: (C D) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
    @Denied: (C D) (Everyone)
    "ccSvcHst_UserSession_2420"="{0D09DEE2-B34C-4DB7-BFB0-79C106E3146D}"
    "ccSvcHst_UserSession_976"="{3EA3FA1F-0FAA-483E-AEB9-EA90C6374BBB}"
    "g_coUserCommandChannel"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "ccSvcHst_UserSession_4624"="{11FB431B-0BBD-4F37-AF7C-13B1219AA8EF}"
    "ccSvcHst_UserSession_2472"="{3FDBBEDF-F6FE-4EEC-BF56-C2C9ACA7AB92}"
    "ccSvcHst_UserSession_3376"="{4EAD08EA-CED6-40B3-907A-E836935198E5}"
    "ccSvcHst_UserSession_4884"="{BBCA56E5-0D44-4488-A588-99CB8D1595BC}"
    "ccSvcHst_UserSession_3732"="{265C9C14-023C-430B-B752-DAC1FC8EE8BB}"
    "ccSvcHst_UserSession_2512"="{A6D2FCAA-7B05-4BAF-A73C-C7CF6BB54FE6}"
    "ccSvcHst_UserSession_2284"="{DEA847D0-FA1D-40EB-AF95-661642538ACD}"
    "ccSvcHst_UserSession_3584"="{3559B847-593F-471B-8CA6-8FF1F79902E1}"
    "ccSvcHst_UserSession_1892"="{72DCA061-9A7B-469B-9F62-10FFE7AA453C}"
    "ccSvcHst_UserSession_2500"="{3A46AAAF-4053-4146-A159-CFEFC803EC25}"
    "ccSvcHst_UserSession_5552"="{4EC9E9CA-94D4-4EAE-A865-23C6F41B25C1}"
    "ccSvcHst_UserSession_4060"="{F11ABEE8-4D91-4D11-82D3-788D695CEDA6}"
    "ccSvcHst_UserSession_1680"="{0AFC1297-B00F-4559-A435-4A5B2E854D34}"
    "ccSvcHst_UserSession_2348"="{80091674-1503-488E-8B2D-3DBF8593A2C9}"
    "ccSvcHst_UserSession_2900"="{6EEDB765-018F-4CC5-8D8B-D5707471BEA3}"
    "ccSvcHst_UserSession_1936"="{609F0FE4-F383-48C8-BDA5-2A19156E5B30}"
    "ccSvcHst_UserSession_5976"="{4511055F-1880-45D3-A8EB-208D3E6F6CAE}"
    "ccSvcHst_UserSession_1564"="{C9E5C189-2BF2-4A62-A274-8BB08A7C74E1}"
    "ccSvcHst_UserSession_2676"="{C3FD07D2-CA6A-4471-AE8E-BB7F54887301}"
    "ccSvcHst_UserSession_3308"="{67F898AA-8E50-4667-B2F7-B382FD4E58E3}"
    "ccSvcHst_UserSession_1756"="{F7AFA130-EDB2-46EC-958B-F2394A58D15D}"
    "ccSvcHst_UserSession_2944"="{56C2B74B-5D6B-4B15-8E97-4595580B7055}"
    "ccSvcHst_UserSession_2988"="{B38671DC-1C56-4B7D-883E-24D3F5F62F1B}"
    "ccSvcHst_UserSession_3460"="{B4EE676F-2503-44D6-9E89-5A2204AAF9EE}"
    "ccSvcHst_UserSession_2004"="{764A0659-EDCE-410A-A5DB-092DD105F4CA}"
    "ccSvcHst_UserSession_3868"="{E2C0ECB8-DA55-420E-91DE-4655FB39BB1D}"
    "ccSvcHst_UserSession_6072"="{5C2D8DBC-28A9-4BE9-AF44-F9BFEE602361}"
    "ccSvcHst_UserSession_2968"="{FE23C336-11B1-4FFE-A338-E70911A52A03}"
    "ccSvcHst_UserSession_6280"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "{B44E7D73-F081-414B-ADD2-CD66675A190D}7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "{436E95FE-192E-469f-8F34-5038FBA89BF4}7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "clt::AlertChannel2_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "AvProdSession_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "AvProdSession_Options_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "AvProdSession_MessageCenter_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "AvProdSession_Scanless_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "AvProdSession_IPUA_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "AvProdSession_CanIRun_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "SDKCHANNEL7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "ToasterNotify\\SessionID_7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "AccountServices_7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "FormHandler_7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
    "ccSvcHst_UserSession_3124"="{9D720CC1-E24E-4D44-9953-1CCA1FD2B43C}"
    "ccSvcHst_UserSession_1180"="{2E37C7D8-7286-4192-805A-8906E94872DE}"
    "ccSvcHst_UserSession_3180"="{79D9E1BE-BC1C-4B64-A00B-A744E3C7A406}"
    "ccSvcHst_UserSession_3136"="{BD1B8171-CBCC-4146-8EF3-70E60294FA90}"
    "ccSvcHst_UserSession_1708"="{DC49AB09-1FD2-4051-A336-F321963827A7}"
    "{B44E7D73-F081-414B-ADD2-CD66675A190D}2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "{436E95FE-192E-469f-8F34-5038FBA89BF4}2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "AvProdSession_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "AvProdSession_Options_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "clt::AlertChannel2_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "AvProdSession_MessageCenter_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "AvProdSession_Scanless_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "AvProdSession_IPUA_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "AvProdSession_CanIRun_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "SDKCHANNEL2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "ToasterNotify\\SessionID_2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "AccountServices_2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "FormHandler_2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "ccSvcHst_UserSession_1988"="{3B1DDE8D-F546-42B2-99BC-3DDB21152C70}"
    "ccSvcHst_UserSession_2864"="{215CC422-CDB0-45C0-A2CB-A341A21CC090}"
    "ccSvcHst_UserSession_3552"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
    "ccSvcHst_UserSession_3696"="{DAE7523A-0AA9-42E2-BC6A-55E890BC4846}"
    "ccSvcHst_UserSession_2084"="{1578653E-C730-4355-8529-79DC938152A1}"
    "ccSvcHst_NIS"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "ccSettingsService"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "ccGenericEvent_Global_EM"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "ccGenericEvent_Global_LM"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "ccGenericLog_Manager"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "SNDServiceRequestChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "SNDLocationChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "SymRedirSvcRequestChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "NortonNetServiceIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "NetMapServiceIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "_isDataPrComm_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "ncw_performance_IPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "_NCWSvcComm_NortonCommunityWatchConfiguration"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "_ProcessDetection_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "isError_Service_IPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "BashIPCChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "_HSPlayerCommand_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "IPS_COMMAND_CHANNEL"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "_AvProdSvcComm_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "FWAlert"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "g_coVistaProxyChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "ipcChannel_ShastaServer"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "ccSvcHst_UserSession_3340"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "AvProdSession_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "clt::AlertChannel2_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "AvProdSession_Options_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "AvProdSession_MessageCenter_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "AvProdSession_Scanless_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "AvProdSession_IPUA_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "AvProdSession_CanIRun_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "TRUSTCHANNEL"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "SDKCHANNEL1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "ToasterNotify\\SessionID_1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "AccountServices_1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "FormHandler_1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
    "_ReputationSvcComm_ReputationPublisher"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    "ncw_reputation_scan_server_IPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
    @Denied: (C D) (Everyone)
    "{0D09DEE2-B34C-4DB7-BFB0-79C106E3146D}"=""
    "{334107A1-43F4-459F-BAD6-1C2AF46F2B18}"=""
    "{A3E6FE8D-4AC3-44E2-B347-25FEE1FF263A}"=""
    "{F58DFDF6-CD86-4C27-8AA7-A84DC567FB37}"=""
    "{F1D37CAB-A025-409C-802A-123F6FEF86AD}"=""
    "{3B0FCE9A-12B9-4576-82AE-E8917986E090}"=""
    "{D32D9C27-2CE0-4F44-9558-10F70CF6F8DF}"=""
    "{1A489693-1629-4343-832E-FF403809242F}"=""
    "{456F62CA-BA60-407B-8CF4-9A13C1BB2DBE}"=""
    "{A527D1FD-E6A6-4669-AA01-AD565E6B1926}"=""
    "{48CDF554-3176-4146-A715-8282EA57ABF5}"=""
    "{9C44C587-8CC0-4301-97CB-3D452E21D3FC}"=""
    "{E5084997-0BB0-4176-923A-6D05F490F890}"=""
    "{3EA3FA1F-0FAA-483E-AEB9-EA90C6374BBB}"=""
    "{F45F4866-DAFE-4199-8DCB-D6AFB2399945}"=""
    "{EADC872A-DDFE-4EDA-88A6-18D623B13ACD}"=""
    "{DFE5EE58-973B-4889-9550-EACFB77115D3}"=""
    "{BB2B0333-67EB-4E63-9B72-86840A6A7F42}"=""
    "{11FB431B-0BBD-4F37-AF7C-13B1219AA8EF}"=""
    "{7031705B-2B60-4E7A-9B05-6903896D231A}"=""
    "{F44F3E34-7F03-44F7-9B5D-8720A063FB4A}"=""
    "{231FF422-0C87-4D1F-8620-5F7CF29E5F8F}"=""
    "{3FDBBEDF-F6FE-4EEC-BF56-C2C9ACA7AB92}"=""
    "{B31DFA15-E2D5-4628-9BF7-1CC8DFAB00C9}"=""
    "{417EAA35-2C14-4CC6-BBAF-4B8EC64C36CA}"=""
    "{C469DC2F-7105-4CCB-8EEE-1B29DADBC00A}"=""
    "{28E4DDD8-5CF0-4C49-BCE6-8F395C42F1F1}"=""
    "{42797616-EFC6-4540-885B-6EFB7EF9A5E7}"=""
    "{0D95BF94-E02C-4999-A868-49A18F61BB80}"=""
    "{D69FCA69-1038-45AA-8A83-CB56C348FFA5}"=""
    "{93A45EF9-6852-431C-88F7-8D7D4C929BC2}"=""
    "{EF4C3668-F97C-4486-B8AC-2DBBCC22AF79}"=""
    "{AD8358E8-DA7E-457F-A3D7-DB927EFC6802}"=""
    "{F549FD05-B161-4633-9662-25502B90A73C}"=""
    "{4607E9E8-3427-4F92-A5D6-72F4DC41F337}"=""
    "{9543AD80-244A-4E20-90C9-379848D57360}"=""
    "{59C065E5-A04E-4450-9AF3-E821F6152DF7}"=""
    "{13BC438E-2359-4211-9F63-A8AF1D86C5F3}"=""
    "{90F1DEFD-59AE-4BFE-99F5-C495976CACB8}"=""
    "{866A463F-8FF5-4AC3-932C-B8DF22A4EE57}"=""
    "{A04C1D2F-18F9-49AF-B307-C3178B97D41E}"=""
    "{79C00894-34D9-400F-BF16-76756F6A9039}"=""
    "{926E2715-B662-45DB-9E2B-D20C0D2591C8}"=""
    "{621F8424-71F8-4DE5-81A0-CDA2867FF4D6}"=""
    "{24EAF720-C208-4264-835B-4E11C0718DF0}"=""
    "{06B9EF93-6EFB-4C80-8A83-3B4BD8923AB5}"=""
    "{797A998D-E84C-4241-A131-E0270CD371CC}"=""
    "{F83A8CA8-9E82-456F-828D-A737089CEA1E}"=""
    "{FF1399E1-B2CD-4F33-B653-8C08BC3BF902}"=""
    "{F1B2B3CF-00D8-4DCD-AEBC-EC3F25165CD8}"=""
    "{09A5A1D2-01FB-42BA-B3DF-85E78E4D4277}"=""
    "{255C7C2F-C68C-44F4-83F3-90DA0D3326AE}"=""
    "{E862F1BE-ECD2-48FE-8C8E-55AF84535672}"=""
    "{30A3B4DC-B795-4FC1-A235-61171CA40764}"=""
    "{BC271677-A40A-4F04-A323-1EDCE289C5DE}"=""
    "{812D3444-0991-4E89-80FF-5C3E8695C99F}"=""
    "{F8BB5FAA-FE50-4D29-9A92-201CE2D42701}"=""
    "{E2E423A0-E126-4CD6-9ED6-ADBEAE2A64CA}"=""
    "{719A154A-CDB9-4757-8F02-CE8D0A3163F1}"=""
    "{DD3A6E20-86E5-4CAA-8E51-39BE3351475A}"=""
    "{4EAD08EA-CED6-40B3-907A-E836935198E5}"=""
    "{BBCA56E5-0D44-4488-A588-99CB8D1595BC}"=""
    "{6BE8DAEC-3C89-4171-97FE-6ADDB9CECFDA}"=""
    "{C7337F93-0FE6-4A0A-A8D7-8EA26A2BA6D3}"=""
    "{1BF7152F-A406-4294-BD60-7ED4882748A6}"=""
    "{EDC03C04-7FF0-4323-ACF3-19239BEA6610}"=""
    "{81A9A990-0596-4311-8360-4757BD5C333B}"=""
    "{F271028F-4EF5-40BE-B16C-537CB2782BC7}"=""
    "{1CEAB620-1BCC-4A2E-B8E2-0C6B1DC368B8}"=""
    "{F178B38B-C8C9-42F9-B319-12C8E31BFE96}"=""
    "{265C9C14-023C-430B-B752-DAC1FC8EE8BB}"=""
    "{A6D2FCAA-7B05-4BAF-A73C-C7CF6BB54FE6}"=""
    "{C65C0374-3A0E-46D7-937E-69126BDE652E}"=""
    "{0F0B24C2-B4DD-4133-956E-EE9E695A6AC2}"=""
    "{3E804682-4283-4C1D-932C-2222F8633271}"=""
    "{DEA847D0-FA1D-40EB-AF95-661642538ACD}"=""
    "{2CA881D0-F2F5-4CE0-8B47-F4EB36F5602D}"=""
    "{52A6D3A3-4536-4E13-A94C-A0564E76C218}"=""
    "{4186A025-A0FF-4A0B-BBF9-DFDB81F67492}"=""
    "{7B044A37-9053-4F87-869A-EDDFD56F5ADF}"=""
    "{C0EED198-9BC5-4960-B57A-9824F4141F9F}"=""
    "{9F49D034-3BE9-4F29-9CBA-ABFA633BD9F8}"=""
    "{AD559B7C-C818-4AD3-BEC5-4155C05BB08C}"=""
    "{7ACD7CE2-1612-4916-8718-B9105C1129E6}"=""
    "{3559B847-593F-471B-8CA6-8FF1F79902E1}"=""
    "{72DCA061-9A7B-469B-9F62-10FFE7AA453C}"=""
    "{944955E2-8CE3-46C6-ABB7-49A60D1B62D4}"=""
    "{C2AE5977-4360-49A0-9E4B-C1A44190FDFA}"=""
    "{AB8283A1-E692-49DB-8BD5-AA0F7C9B4950}"=""
    "{C5EAB144-3616-4009-B2A9-89B80000E773}"=""
    "{C7244556-3535-4161-AB2A-7384ECA5232D}"=""
    "{087D4208-2AFB-47CA-8808-0D5272D594E2}"=""
    "{F216F799-3347-496D-8270-CDF5F75D9B4D}"=""
    "{6DE2D977-B8E3-4D0C-AD53-8A387C0E433B}"=""
    "{E6365B8E-57DF-4641-8C6E-E8638E807395}"=""
    "{C7FA5AEC-553F-4D07-AB59-4400BC4F2596}"=""
    "{F32B6FA7-672A-4E22-8D13-7CF1553E10DD}"=""
    "{0655FD23-BCF7-48DD-8967-1D323A65B092}"=""
    "{9B46DD8E-80AB-48CF-B4F0-CAAD4CDD7D36}"=""
    "{41B39639-E2C9-4AC7-A75E-2FF725BF09D3}"=""
    "{C95F8E84-5844-44BB-A6DD-298E36DA1087}"=""
    "{10038422-0436-44DF-B890-08914B4CE751}"=""
    "{8604010B-05C0-41EC-8798-948C25CF36E6}"=""
    "{C0E97210-BEE3-4232-9499-A5C01569D4EE}"=""
    "{5E5C0E19-0116-4F07-845E-E2BE98208686}"=""
    "{699BD23C-3EA3-44A6-9ED5-320283F2BB11}"=""
    "{04B8517E-190E-4B66-94DF-8DB874EF540F}"=""
    "{3A46AAAF-4053-4146-A159-CFEFC803EC25}"=""
    "{4EC9E9CA-94D4-4EAE-A865-23C6F41B25C1}"=""
    "{8A988E86-A8E0-4D31-BFBA-5258E9C5DEDB}"=""
    "{47D72049-8670-4514-A8EB-7AEF05BAEFB1}"=""
    "{116B8AF4-5AFF-4621-BFFF-F21372E0B099}"=""
    "{967552C5-B84A-4279-AD02-8342BAFB0B60}"=""
    "{8EAA8F83-8D5B-492A-86BD-AA71805D0DC5}"=""
    "{A026D6F4-6733-49B5-9BBC-E7578A003F8D}"=""
    "{F11ABEE8-4D91-4D11-82D3-788D695CEDA6}"=""
    "{5F09D7E6-0A4E-42B7-9D63-8B8A55999F95}"=""
    "{BA272269-E1FB-4851-BC38-3952DB63F147}"=""
    "{2C8FDA85-0A7F-46F9-80DF-CBC13109DB24}"=""
    "{61E56D99-A1E3-4D81-8B61-0EAEA5389D98}"=""
    "{9DC01170-E9E9-422A-9EFD-1D435D7FAFE8}"=""
    "{23B73D5F-A7D7-4711-B5D6-99C0E3E72E67}"=""
    "{0AFC1297-B00F-4559-A435-4A5B2E854D34}"=""
    "{E89F06AE-9591-43F2-91B5-2D0C2B60615B}"=""
    "{80091674-1503-488E-8B2D-3DBF8593A2C9}"=""
    "{6EEDB765-018F-4CC5-8D8B-D5707471BEA3}"=""
    "{FD4D0088-9FC3-4A3F-A855-9B2BF471D04B}"=""
    "{609F0FE4-F383-48C8-BDA5-2A19156E5B30}"=""
    "{4511055F-1880-45D3-A8EB-208D3E6F6CAE}"=""
    "{E7B4A712-CE37-4238-9DDC-CF21A0B5CF99}"=""
    "{525FCBA7-13DC-442A-A419-5A8E03A65E0E}"=""
    "{3DF232C3-CFDB-4FD0-AC2B-7A0D0F504B0A}"=""
    "{A19DFB2C-37EB-4166-B007-D78FD0C46D1B}"=""
    "{7D47BC7B-CCEC-4476-A316-8E96A95A3E74}"=""
    "{C9E5C189-2BF2-4A62-A274-8BB08A7C74E1}"=""
    "{4249CE54-BEA1-4B47-B878-164F7EDE97C2}"=""
    "{2197FA12-C5C8-4B39-A374-D4FCF4DDE8B1}"=""
    "{878FD86F-CC0D-444A-A144-69525A680C90}"=""
    "{E02B6983-9151-4D56-A9CB-1E6F90DB7184}"=""
    "{03ACF25F-4608-48FD-9EA1-0AEC459C35E4}"=""
    "{7CFB9259-340A-4E6E-B35C-D1528FAFA7CE}"=""
    "{E1E11BEF-2C1C-4A10-AC87-2B8CDD7202A6}"=""
    "{C3FD07D2-CA6A-4471-AE8E-BB7F54887301}"=""
    "{67F898AA-8E50-4667-B2F7-B382FD4E58E3}"=""
    "{8DAB9CA4-160F-4AC9-87A4-263B848A8DE1}"=""
    "{45CCF494-3408-49FE-8008-FEB7C6B92357}"=""
    "{104505B1-28D2-49EF-914C-A522E5BB0723}"=""
    "{AD90BDB9-6CF7-402D-8D99-E36A61B29D06}"=""
    "{F7AFA130-EDB2-46EC-958B-F2394A58D15D}"=""
    "{5192857E-6B40-43B4-BF66-AC98EE6F1CDF}"=""
    "{56C2B74B-5D6B-4B15-8E97-4595580B7055}"=""
    "{138477FD-4BBF-45D7-ADDA-2EA6B891202E}"=""
    "{B38671DC-1C56-4B7D-883E-24D3F5F62F1B}"=""
    "{01F538AC-9919-4E3C-A6B1-1DFB8466927C}"=""
    "{A386C740-E3FB-4A16-AECE-4B8071F5AE17}"=""
    "{3F76AD84-C598-4C4F-BAAE-9AB944B3AE49}"=""
    "{1BA15CE7-905E-4086-9398-DB380339ACE2}"=""
    "{D3C39C4A-CA61-492A-9F69-4ED56C9A7387}"=""
    "{C0928F02-E591-452B-89AE-2CB85CEB9987}"=""
    "{EF81767C-5025-4BF3-BE0C-B9D21861D72F}"=""
    "{66531C5A-9C27-474D-9A10-EFB1B35E47D0}"=""
    "{DE310AB0-0BCE-4086-AB01-1394527E5560}"=""
    "{896B161F-EB65-45EE-8F56-9575151F8294}"=""
    "{65722FD5-76E3-4AC4-AB8F-8552A725D639}"=""
    "{AC2A66B6-428A-4744-9150-BF491DC7B686}"=""
    "{475F5FF6-4741-408B-B601-CC297CAFC0FA}"=""
    "{2B411686-CE3D-4CFD-B1E2-7DB5DAF1B4FD}"=""
    "{5D6E3C72-3CB7-42F2-A9F5-2244B4A94BBE}"=""
    "{134761DE-698F-4D09-89AC-EDBA22D72521}"=""
    "{8841916F-4D8D-4C6B-AA23-38FB95AC31C9}"=""
    "{E3465A3F-C21D-434B-B771-F8C68A766CA7}"=""
    "{591EEED2-CF01-43C4-A4C7-16C830230CDF}"=""
    "{D971A2AB-AEB8-48B7-9AC2-086210F9B896}"=""
    "{DD77B5A2-1CA0-478E-B2F7-43559AD1824E}"=""
    "{4615FFF4-7782-4CA3-8E3C-246FB1DE147F}"=""
    "{026262E3-C540-4758-8387-61C8657CA34C}"=""
    "{39FB057F-3185-4667-9E31-155C253CC74F}"=""
    "{ACBED2EF-6484-418A-8572-3DF8B7AD7DEF}"=""
    "{4CEF23E2-A7FC-4B24-96C4-CE8EC6FA0F3E}"=""
    "{8D5D6E23-5626-403B-B029-EF2898786ED9}"=""
    "{FEE40CC8-3D98-44FE-A2B1-833E563C5AB5}"=""
    "{52BBA090-13EE-461F-BE21-3D3E03055B2B}"=""
    "{87D922FA-A884-4454-B0E8-0BA63953B703}"=""
    "{DFCAADBD-4718-4CB3-8448-B1B3AECC6F29}"=""
    "{220E7BC9-7B05-4D42-A75A-BF6DE32D48DB}"=""
    "{F7339600-6765-430A-9DF1-7E52E7D939D8}"=""
    "{B4EE676F-2503-44D6-9E89-5A2204AAF9EE}"=""
    "{42C6E96A-141D-4A7D-A46B-F7026663969C}"=""
    "{764A0659-EDCE-410A-A5DB-092DD105F4CA}"=""
    "{FBC66D9B-EA1B-4BBA-8F44-31DAF22BAFCF}"=""
    "{FEA48F18-DEDC-49AE-8C26-E20AB168EA0E}"=""
    "{0C2B846D-CA4A-47E5-9E3A-40F2F75C4AB8}"=""
    "{83E76CF5-6031-4038-91FD-6899E8EF76B9}"=""
    "{DC3984CD-168E-4F6E-9A53-B510B31DD7E0}"=""
    "{90592A06-0E86-42C5-A601-F1884EE70965}"=""
    "{D27C23FB-79E2-4570-A688-98C7FE466D43}"=""
    "{6697095D-B764-40E3-B266-B2FAE49497EF}"=""
    "{988E6850-1E4D-4558-91AF-794DE8D6C532}"=""
    "{FF0416BD-3923-4E29-80DB-F1ED8881DD0E}"=""
    "{39461C36-D129-498B-B2A3-F469E6418375}"=""
    "{2AA8985C-B5F4-4D7A-99A7-833B88545B53}"=""
    "{1EB12C13-23DB-4258-9FEA-CF199C8990FA}"=""
    "{7B7DDF50-A801-492A-AD96-760E98851318}"=""
    "{E2C0ECB8-DA55-420E-91DE-4655FB39BB1D}"=""
    "{2E416CDE-68A3-4F11-B8CF-D3D0B0A219AF}"=""
    "{557F2CF9-FBB5-4FDB-BB62-3FA95634F71E}"=""
    "{381AC5A0-411D-45C4-A5B4-C078AC958420}"=""
    "{C2DF556F-CDFB-4DC2-B5D8-8184B4A2A786}"=""
    "{E2A80BCB-8670-4BF8-93F4-7CDDDEA53768}"=""
    "{5C2D8DBC-28A9-4BE9-AF44-F9BFEE602361}"=""
    "{CB26DA7B-8FFA-4799-8E7E-EF4C206D8DC5}"=""
    "{5A0E5F3F-6506-4354-B52B-9B9B5180A9D3}"=""
    "{25A13A4A-01AD-4F21-837C-5700248348A8}"=""
    "{5E590033-F532-4E22-83ED-4B9800A26FC7}"=""
    "{7F87AF53-1BF5-4203-86B2-8FCA00FAAED1}"=""
    "{7B45986F-25CA-4F75-8273-6ADF6FEDDB9C}"=""
    "{316075CE-DFF9-4A6A-ACE9-AC96079EA687}"=""
    "{456D4025-A625-43C3-97D6-9523AB33BCDD}"=""
    "{278CFB38-410E-43F6-91D8-52766FB59128}"=""
    "{E1829972-98DA-47F8-86B3-EBD8A668B259}"=""
    "{2CF5C7CA-43B9-4F2E-80E4-FAED8A6B551A}"=""
    "{22EA5E25-5B6F-48DE-96BD-09D5C57B15A6}"=""
    "{E21F2C77-B6E2-4D41-B170-30F39FDA80EF}"=""
    "{F7DC96A8-875F-489E-93F9-DCE6E1CD0215}"=""
    "{F15B20B5-11E0-48C0-99BB-A75F4BD05552}"=""
    "{72138ECB-1EDF-4A98-AA04-B10CADACB997}"=""
    "{49F6AB37-3BDC-4B7F-B6C3-B0CDE02D4254}"=""
    "{6E99CCEE-CC0B-4174-92FD-B0B133E811DD}"=""
    "{B57BDDA6-697D-4CD8-B035-9B89C82CD60D}"=""
    "{EE39852F-6F24-4546-9DD1-E260978A82A9}"=""
    "{28543CA6-CFEA-4B98-839E-A110932B9ED2}"=""
    "{87AD65EE-5A4A-48B3-B5E2-A83C2DC5D77A}"=""
    "{0EFD6857-435D-40BE-874C-D8B30FBFC4F3}"=""
    "{76835805-5EE8-42FD-8BC0-88EABE6B5221}"=""
    "{4EBA3986-2A5D-4E75-AB54-78194BD1817C}"=""
    "{B7EC8B18-CC95-4007-881A-F42C912B4717}"=""
    "{2F863126-5E1C-4738-B6AC-21C291EB8BDC}"=""
    "{742199D9-2AE1-45A6-97EF-F35A6E777FC1}"=""
    "{51A11188-3B93-4B2D-8E18-A96058226D46}"=""
    "{C766FB15-8D48-4B9B-9462-76D1CADD6CD3}"=""
    "{61F72C35-6AE8-45E9-BFAD-CD712C488B07}"=""
    "{0E0D17F1-15AC-411D-821A-CA58F085014F}"=""
    "{35969881-9898-4EEE-8CE3-798D1D0E1488}"=""
    "{348F6188-F6C6-45B1-B174-7D4A915C968E}"=""
    "{B6F6791E-EDBF-4175-8018-022D272FE860}"=""
    "{DC082D97-042B-4C78-92F5-1DB98B5A38E5}"=""
    "{F317CA28-83E5-456B-9B45-D8A5C8F6D6CA}"=""
    "{E5559D7B-551F-42F9-BCDE-87AE2A9E2A8F}"=""
    "{21F9A910-1735-4901-9155-5D47A3BD1F8A}"=""
    "{3037A8A8-9297-4A9B-991F-C6805A4D74A1}"=""
    "{8881828F-0718-4D04-8E2D-9BAB99F42A68}"=""
    "{22827BD3-297A-4A5A-ACD3-4AA56306C6B2}"=""
    "{AB466F01-8834-4C42-8711-121822183228}"=""
    "{B0E4F8EB-71B1-4B30-BD3F-48C3FAF582E8}"=""
    "{C5DEB543-692E-4CD9-B069-857FC9FF26D0}"=""
    "{43332A67-4FD7-46DF-B6B5-CE1B744BCBC4}"=""
    "{FE23C336-11B1-4FFE-A338-E70911A52A03}"=""
    "{049FAD6F-79BE-4614-BB5C-C3073D450315}"=""
    "{52F3B6DD-1E1E-4D61-A8CB-F1A7960C878F}"=""
    "{681D23E2-F8CC-44AF-9D0C-616B0078C9C3}"=""
    "{E3CCFFA6-7312-4CCE-AAA2-E27B678886D0}"=""
    "{E886A398-E087-4629-AB07-C147AC37AE82}"=""
    "{750E8799-DE97-41AC-9F32-05339538DB68}"=""
    "{C6C78876-1E8C-4A42-AF73-7577155712CF}"=""
    "{48EC48C2-F240-490E-8FD2-B27C506E4E51}"=""
    "{CF53B28D-20E7-44F4-AF1D-21D28F75C116}"=""
    "{481A2508-365C-436E-ACF9-CE7B1C3ED44A}"=""
    "{B85002A6-829C-482B-B394-377800B904D0}"=""
    "{1A7C5C1F-3C54-42F0-973D-8EED900683AF}"=""
    "{8B6A1FE4-1DC6-4249-A46E-1F1FEEA392D5}"=""
    "{15DDB78B-516A-45C1-89F9-0F88DFEE98DB}"=""
    "{B71C749F-57D5-48B9-B27C-D6EB7D858DC3}"=""
    "{BB9A426C-9C91-4130-946E-316F862697A9}"=""
    "{5B713E37-6995-43CE-AC8C-F52F24EEB2BE}"=""
    "{1C1CAEBD-5006-40DA-A5DF-A1A5E4AD4E81}"=""
    "{013E1C21-234D-4ADC-B7DA-5E0D2D42BE61}"=""
    "{A0C419A4-4026-4C4A-9520-892BA4EA4EFE}"=""
    "{5F8E2EE7-5159-48BD-84EF-95A6B4548C66}"=""
    "{4BF2DA07-8AE1-44D8-9E8B-12069E5817F4}"=""
    "{3BCF7FEC-BA37-4CBD-9CC5-23BCD8DF713D}"=""
    "{7B690751-BE74-4975-B4F4-97557CBD335B}"=""
    "{77AC26DA-F6CB-4D95-8969-8E408B0A9A11}"=""
    "{FBD15F94-4C2A-4144-8643-BD18C6BBDF56}"=""
    "{09F7FB02-FE6F-47E7-A507-2BADFCEA3EAE}"=""
    "{3BA6857C-C928-4583-922C-140DA59B1951}"=""
    "{51AF8568-1FCE-4526-A5FB-D39A83D1CA63}"=""
    "{CCFA988E-3148-40C7-B969-6582CAB97E17}"=""
    "{87B1FDB0-CD96-4841-8836-34B10648C67E}"=""
    "{75C71241-2324-49E0-BB54-E4EFF90F8850}"=""
    "{A5F0EAA7-1278-42F6-BC69-6E3D5E7DECD8}"=""
    "{E4A69C55-1A31-4238-AD45-D088962DF1A7}"=""
    "{0D8EE81F-B7FD-47F3-BDC0-0E2C079F2799}"=""
    "{729C3E28-69D1-4380-A1A3-3F40BF525194}"=""
    "{5C5CD5ED-D436-49F5-ACA6-61CA9E01CDEE}"=""
    "{3F95F73F-3AF0-4665-80DB-BCF3F43BEA83}"=""
    "{3F04E07C-DFF4-43D9-805B-D47CEDB2852D}"=""
    "{DB1653B7-FFA3-49AA-84BB-A376A1C733E5}"=""
    "{C146FAFC-1862-4AA2-B6CC-8578A46B85F2}"=""
    "{D3F8EA12-2EF4-41E2-A20A-1A7E30955322}"=""
    "{A121205E-DC7F-4888-B3B3-F42D667F35DB}"=""
    "{7FDD4F46-2BF8-455C-AF61-E672CEA5D2FE}"=""
    "{C488FA40-51CB-459A-A89D-0781720DFBB0}"=""
    "{6D796824-EC5E-4906-8943-C8BB1CAB2A30}"=""
    "{E0DC724E-5CF8-45DA-89D1-CC7ECE3CBF07}"=""
    "{EB351F31-D0CE-4798-982B-481DB88C386C}"=""
    "{B0C9A88E-3640-44ED-9E81-3AFB737E546B}"=""
    "{F0EA5D24-FAA3-4619-9B3D-2E76EFE47597}"=""
    "{CA916EFD-E9E1-4AB5-A448-5AACC27DBA77}"=""
    "{18BEBAF0-E57A-4D53-B9A9-1F23DF08BE0F}"=""
    "{E6618D36-3795-4240-8085-E51A28BCFDD9}"=""
    "{0CBDC7E0-4B82-4EDE-B776-845A6A5374FE}"=""
    "{431EA7FC-4611-4959-94EF-FCC97ACF1D77}"=""
    "{44D1B697-362E-4EBD-9854-359470ADA71D}"=""
    "{302F8F5E-9A15-4CDD-B3D2-8460885B98EB}"=""
    "{F6BFF0D2-56B3-46D3-96F4-90EDFBEE65D5}"=""
    "{22F0B307-A00D-44A9-8F6F-AD7302ABDB75}"=""
    "{4D4E78D4-A681-4347-92DD-389835389371}"=""
    "{605FD607-4C05-4D6A-BC7B-8F828ADC7C0B}"=""
    "{B73BFF1C-0C0A-4E11-9A9C-B885026D2404}"=""
    "{4C1F09AF-00D4-401C-ABBA-26F2120D3B29}"=""
    "{E1125C04-4839-4B55-92F5-FA6DEA990EFB}"=""
    "{5E39664D-7074-4FF9-9EFE-857B509DE290}"=""
    "{4F5637A2-F981-4353-8B3E-44E156DEF934}"=""
    "{FBC4BCCC-0119-46A3-A5B3-79C4D0FCBA20}"=""
    "{0093262E-3032-48A5-9E0B-B0690C623307}"=""
    "{D00CD13E-8725-4BE6-819F-0D3255F65BE6}"=""
    "{770E72E3-B147-4493-B699-023DD1DEA1C0}"=""
    "{F68797BB-BEC5-4A61-90A8-9DA8C15AA99E}"=""
    "{CFD24CCF-39AF-4B42-882D-4160BE4CB82B}"=""
    "{D1E839DE-CB1C-4B16-A7BE-BEF0DF08511F}"=""
    "{D2065170-5B5C-48C4-8F46-D2146125EFB3}"=""
    "{9DDC4B3D-0F96-4244-B864-417982F566B4}"=""
    "{7E064615-BF51-4981-B6CA-07BA39C20809}"=""
    "{29195242-E35F-46A5-8A2F-C97A8A0619B6}"=""
    "{ACA4E181-2050-4E91-B98C-6A0FF2D5037D}"=""
    "{1716D8EB-2D4D-46A6-9578-7DBE0253287E}"=""
    "{EE204283-6B0C-4C8E-B146-1406D55638A7}"=""
    "{BB4689F4-9565-47DD-932C-A176D5A2CF64}"=""
    "{E99CC81A-DC9B-4E6E-A0C8-E5AB87296E75}"=""
    "{4040EDDC-2A84-4E31-B28C-60D6698596F4}"=""
    "{F2911F39-D403-46A2-A174-F8F40DA567E4}"=""
    "{2E04AC56-C8A6-4C57-9076-E616ABF16467}"=""
    "{C6A6273E-3DB2-431A-8D46-602CA7874CBD}"=""
    "{24B8CFDA-7CF4-4B3E-8957-9F5E18A0CD58}"=""
    "{B6921103-3357-469F-B64C-D0B7664E0408}"=""
    "{AC59942D-C54E-44F0-B65D-ADD4BE83B7B2}"=""
    "{8CB38945-EA37-47D7-84E0-A2E9219F52D1}"=""
    "{AE9E3A8C-ABCF-47D7-908A-DED0FC479826}"=""
    "{DB36CD5A-5500-4A4F-9F98-92035973B019}"=""
    "{C1AE82E0-1FDD-457D-8DEA-707EF67B4918}"=""
    "{A8C9310E-4809-46B9-B111-1DD81AAF8DD5}"=""
    "{7D88E462-2ECB-4157-A552-4EBA63574D6B}"=""
    "{5F8E4421-5243-4DA9-A990-4F690729C804}"=""
    "{5BEDAC2B-0F9B-4925-8363-CC35AB005F36}"=""
    "{34A9B94C-BC8C-4C62-BCB4-CCD3904FF25E}"=""
    "{6985F6ED-0E0A-4626-9F37-A5A1E0122BC3}"=""
    "{633B21B8-FCB3-4DB2-9A9C-AB67DAA92E9F}"=""
    "{48500D14-B93E-4BE6-A4A7-AA2A39CD92F7}"=""
    "{B7DFAC23-6065-4B9F-AC66-36724978D001}"=""
    "{AAD132E1-9400-4659-B7EA-23670A41E4DC}"=""
    "{99F1C6D4-F40F-4D9F-BEEC-630FB7BADBD6}"=""
    "{94A8658D-2BAA-46B4-9B67-0B9CB9DCF08F}"=""
    "{86E619B3-1398-4344-ACF1-5033D3C5B728}"=""
    "{7C7033F1-7C54-4FAC-8E11-DC578ECE9334}"=""
    "{DC346B3A-24B6-47D8-8B4D-8A156F50AE15}"=""
    "{C2F44976-2553-48AE-94CA-F2789FC00C63}"=""
    "{D5CACC3B-6E28-4E76-8DBE-C78DDE372ADF}"=""
    "{BADAD400-0D9B-455F-BA53-59A66E597F2C}"=""
    "{9D720CC1-E24E-4D44-9953-1CCA1FD2B43C}"=""
    "{FF839E50-99BB-4185-A181-FC0C0D776BC9}"=""
    "{2E37C7D8-7286-4192-805A-8906E94872DE}"=""
    "{3F8E3433-334A-4E15-8A61-13F3F50A10AA}"=""
    "{79D9E1BE-BC1C-4B64-A00B-A744E3C7A406}"=""
    "{9E5836DA-ABB1-4ACC-B9DF-669B8FDA28EB}"=""
    "{D0880ABC-DDF6-4350-8A1C-30FBBC98EF37}"=""
    "{12C657CA-BADE-41D4-8CD5-C3319ECAAC0B}"=""
    "{AA464F21-12F0-4569-916A-A0807541C979}"=""
    "{9903D159-B08D-4712-B66C-5BA9CBFF9F20}"=""
    "{B5D3AEDE-8070-495C-AEEB-FEE4CEE62808}"=""
    "{F3B741CD-485F-4010-83D5-4E5112EDF91A}"=""
    "{47E9D54D-00B3-480B-9E72-5F9DC919615C}"=""
    "{6FF1520D-FB38-429F-9646-D1CE957409AF}"=""
    "{A2B55C96-5FDC-4624-852E-FE32DEB0D8F4}"=""
    "{69216B98-E67A-49D6-AEAE-884C73D60D25}"=""
    "{A2876EB9-000D-423E-8951-78E6BF129336}"=""
    "{BD1B8171-CBCC-4146-8EF3-70E60294FA90}"=""
    "{130E9FE8-F633-457E-8BF3-D36DC25A65DD}"=""
    "{6B5554AF-15EF-46BA-AE65-CD8D32944C9F}"=""
    "{19E5F19D-7A90-4FBB-A3CF-9057826015AE}"=""
    "{93F04B93-BBCA-4BB6-B8CB-1F8EB862E7EB}"=""
    "{DC49AB09-1FD2-4051-A336-F321963827A7}"=""
    "{36EA6AFD-970F-4008-A475-6D5D8F2C9E9F}"=""
    "{3B1DDE8D-F546-42B2-99BC-3DDB21152C70}"=""
    "{80517A95-38D5-4AD0-B3A1-6E5E7CCD8279}"=""
    "{00BF5234-BB29-48D7-B16D-D4C5984DB60B}"=""
    "{F9133435-76A6-4D34-BD87-94F16C8E5C99}"=""
    "{215CC422-CDB0-45C0-A2CB-A341A21CC090}"=""
    "{675F6951-9D14-4F21-A90C-A35EE71331C3}"=""
    "{63CFADA0-5D18-449F-A56D-3B6AFD0179BC}"=""
    "{CD718E69-1AF7-4070-89F2-4575F793D888}"=""
    "{F0B56F3C-7647-48B8-AEFA-3DA4F257F4D4}"=""
    "{DAE7523A-0AA9-42E2-BC6A-55E890BC4846}"=""
    "{538952BE-87AA-4FF5-AD4A-54B9D75F8936}"=""
    "{1578653E-C730-4355-8529-79DC938152A1}"=""
    "{F7E86A5E-AD26-49B6-A00F-679AE06E05B9}"=""
    "{2ED7532C-A4EA-45A0-B559-7DE5CBA8A107}"=""
    "{9F227B6F-0064-4548-AD4D-227815EFFF06}"=""
    "{7D696A07-6D1C-4FDE-81A5-D31D6AD4C33F}"=""
    "{7ACBA33A-ABA4-499D-9243-4A2A209EF093}"=""
    "{319257A4-9C2F-4BF8-BE8F-B3B55E91D654}"=""
    "{BC891F07-8B10-4E90-B0E0-44B816CDA705}"=""
    "{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"=""
    "{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-27 12:27:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-27 19:27
    .
    Pre-Run: 943,953,911,808 bytes free
    Post-Run: 943,803,301,888 bytes free
    .
    - - End Of File - - EC0EF154002A6D4F67BC54CA1F5622B9
     
  8. liketolearn

    liketolearn Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    202
    Also from the quaratined file
    2011-08-27 19:27:01 . 2011-08-27 19:27:01 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
    2011-08-27 19:26:54 . 2011-08-27 19:26:54 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
    2011-08-27 19:21:45 . 2011-08-27 19:21:45 5,829 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2011-08-26 22:16:19 . 2011-08-27 19:18:01 459 ----a-w- C:\Qoobox\Quarantine\catchme.log
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    How is your system responding, are you still having issues...
     
  10. liketolearn

    liketolearn Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    202
    well it was still freezing and a couple of norton alerts about high disk usage so I looked into it more. Not sure if this is/was the problem logitech setpoint software for lx 310 wireless keyboard and mouse seemed to be causing some issues with norton etc. I uninstalled the software and so far so good but have not been doing much though. Did you see anything that also could have been an issue?
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    Logs look ok, nothing obvious. Use your system for a day or so and post back how your system is responding
     
  12. liketolearn

    liketolearn Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    202
    Seems to be good. I have noticed that since deleting the keyboard program no issues with high disk usage alerts also. Could this cordless mouse combo have been the whole problem? occasionally I notice the mouse doesn't respond so I move the receiver a bit and then all good again but annoying. I have used it for a couple of months with no issues until now, not like the microsoft combo I took back. Thanks for your help and time!
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    OK do the following :-

    Step 1

    Remove Combofix now that we're done with it
    • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
      [​IMG]
    • Please follow the prompts to uninstall Combofix.
    • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
    The above procedure will delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:_OtMoveIt folder, if present
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.
    It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

    Step 2

    • Download OTC by OldTimer and save it to your desktop. Alternative mirror
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose run as administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
    • Restart your computer when prompted.
    • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

    Step 3

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select &#8220;Run as Administartor&#8221;
    • If prompted, click "Yes" to reboot.
    Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run

    Step 4

    You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... [​IMG]
    ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia

    Let me know if those steps complete OK, also if any issues or concerns...

    Kevin
     
  14. liketolearn

    liketolearn Thread Starter

    Joined:
    Sep 25, 2008
    Messages:
    202
    Ok so I deleted Combofix earlier after I ran it. So windows says it cannot find it when trying to do above uninstall. I notice there is a Qoobox file that will not delete says needs to be administrator, which I am! I guess I screwed that up! Now what? I will wait before I try the others!
    Thanks
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,162
    OTC will remove Combofix folders, it will not reset system restore so that will have to be done when you finish the other steps.
    Complete steps 2, 3, and 4. then do the following:

    Create a new restore point:

    1. Right-click on Computer and go to Properties.
    2. Next click on the System Protection link.
    3. The System Properties dialog screen opens up and you will want to click on Create.
    4. Type in a description for the restore point which will help you remember the point at which is was created. Click on create.
    5. You should see the message "The restore point was created successfully

    To remove all but the most recent restore point do the following:

    1. Open Disk Cleanup by clicking the Start button [​IMG]. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
    2. If prompted, select the drive that you want to clean up, and then click OK.
    3. In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
    4. If prompted, select the drive that you want to clean up, and then click OK.
    5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
    6. In the Disk Cleanup dialog box, click Delete.
    7. Click Delete Files, and then click OK.

    Let me know how you get on...

    Kevin
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1014450