# PC freezing and high disk usage warning, what is going on?



## liketolearn (Sep 25, 2008)

I am on windows 7 64 bit 4 GB intel core i7 870 and it was pretty fast, but now very sporadic and freezes/not responding. Also getting an alert from norton of high disk usagefrom windows host process Rundll32 when not even doing anything. Was not sure about the hijackthis for the 64bit so not sure what to do about giving more info. Any ideas would be much appreciated. Thanks.


----------



## kevinf80 (Mar 21, 2006)

We need to see some additional information about what is happening in your machine.* 
Please perform the following scan:

Download *DDS* by sUBs from one of the following links.* Save it to your desktop.
*DDS.com*
*DDS.scr*
*DDS.pif*

Double click on the *DDS* icon, allow it to run.
A small box will open, with an explanation about the tool.* *
When done, DDS will open two (2) logs
* * * * *1. DDS.txt
* * * * *2. Attach.txt
 Save both reports to your desktop.
 The instructions here ask you to attach the Attach.txt.








*
*Instead of attaching, please copy/past both logs into your next reply.*
Close the program window, and delete the program from your desktop.
Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection. 
Run the scan, enable your A/V and reconnect to the internet.* 
Information on A/V control *HERE*

Kevin


----------



## liketolearn (Sep 25, 2008)

Thanks for your reply, here are the logs. I have NIS 2011 if that matters.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514
Run by Family at 6:45:32 on 2011-08-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.3053 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Simple Star\PhotoShow 5\data\Xtras\mssysmgr.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Simple Star PhotoShow Media Manager] C:\PROGRA~2\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STATUS~1.LNK - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
Trusted Zone: facebook.com\www
Trusted Zone: google.com\maps
Trusted Zone: standardlife.ca
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{03715117-1B1B-46A2-9FBA-8A7F9641F6B8} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-15 1151096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110824.030\IDSviA64.sys [2011-8-25 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-5-2 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-8 2533400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-25 136824]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-22 136176]
.
=============== Created Last 30 ================
.
2011-08-26 13:08:01 -------- d-----w- C:\Users\Family\AppData\Local\ElevatedDiagnostics
2011-08-26 02:02:06 -------- d-----w- C:\Program Files (x86)\ESET
2011-08-25 22:12:39 73728 ------w- C:\Windows\SysWow64\BrDctF2.dll
2011-08-25 22:12:39 5120 ------w- C:\Windows\SysWow64\BrDctF2L.dll
2011-08-25 22:12:39 3072 ------w- C:\Windows\SysWow64\BrDctF2S.dll
2011-08-25 22:12:39 176128 ------w- C:\Windows\SysWow64\BroSNMP.dll
2011-08-24 15:07:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-24 15:07:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-23 19:28:02 -------- d-----w- C:\Users\Family\AppData\Roaming\GetRightToGo
2011-08-23 18:52:40 -------- d-----w- C:\Users\Family\AppData\Roaming\WinAVI
2011-08-23 18:52:40 -------- d-----w- C:\Users\Family\AppData\Local\WinAVI
2011-08-23 18:52:32 -------- d-----w- C:\Program Files (x86)\WinAVI
2011-08-12 16:40:18 -------- d-----w- C:\Users\Family\.frostwire5
2011-08-10 15:57:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
.
==================== Find3M ====================
.
2011-08-16 00:34:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 405570 ----a-w- C:\Windows\SysWow64\ipboot.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-09 00:45:12 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys
2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-22 18:51:24 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2011-06-22 18:51:18 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-13 19:22:49 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-06-13 19:01:19 127034 ----a-w- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 6:45:57.25 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 1/12/2011 5:22:24 PM
System Uptime: 8/26/2011 6:12:43 AM (0 hours ago)
.
Motherboard: MSI | | H55M-P33(MS-7636) 
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | CPU 1 | 2787/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 879.834 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76361462&REV_03\4&285C8AE2&0&00E0
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_76361462&REV_03\4&285C8AE2&0&00E0
Service: RTL8167
.
==== System Restore Points ===================
.
RP113: 8/24/2011 10:59:58 PM - Windows Update
RP114: 8/25/2011 3:07:26 PM - Removed MFL-Pro Suite
RP115: 8/25/2011 3:11:54 PM - Installed MFL-Pro Suite
RP116: 8/25/2011 3:40:01 PM - Revo Uninstaller's restore point - Logitech Desktop Messenger
RP117: 8/25/2011 4:38:20 PM - Revo Uninstaller's restore point - Logitech Desktop Messenger
RP118: 8/25/2011 4:38:56 PM - Removed Logitech Desktop Messenger
RP119: 8/25/2011 4:41:22 PM - Revo Uninstaller's restore point - Click to Call with Skype
RP120: 8/25/2011 4:48:20 PM - Windows Update
RP121: 8/25/2011 5:02:56 PM - Windows Update
RP122: 8/25/2011 6:33:19 PM - Restore Operation
RP123: 8/25/2011 9:29:28 PM - Installed HiJackThis
RP124: 8/25/2011 10:57:17 PM - Revo Uninstaller's restore point - Ask Toolbar
RP125: 8/25/2011 10:59:38 PM - Revo Uninstaller's restore point - HiJackThis
RP126: 8/25/2011 11:00:23 PM - Removed HiJackThis
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Software Update
ArcSoft MediaImpression for Kodak
Brother MFL-Pro Suite MFC-440CN
Compatibility Pack for the 2007 Office system
eReg
ESET Online Scanner v3
FrostWire 4.21.8
Google Earth
Google Update Helper
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 24
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG ODD Auto Firmware Update
LG Power Tools
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Norton Internet Security
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PaperPort
PhotoShow 5
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Revo Uninstaller 1.92
Roxio PhotoShow
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Skype™ 5.5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VirtualDJ Home FREE
.
==== Event Viewer Messages From Past Week ========
.
8/26/2011 6:43:34 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
8/25/2011 8:22:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CYDTHEKID-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{03715117-1B1B-46A2-9FBA-8A7F9641F6B8}. The master browser is stopping or an election is being forced.
8/25/2011 6:37:54 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
8/25/2011 5:30:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/24/2011 6:35:53 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.143. The computer with the IP address 192.168.0.102 did not allow the name to be claimed by this computer.
8/23/2011 7:44:51 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
8/21/2011 9:04:29 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on E: cannot be read.
8/21/2011 9:03:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================


----------



## kevinf80 (Mar 21, 2006)

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

Before saving Combofix to the Desktop re-name to Gotcha.exe as below:










 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## liketolearn (Sep 25, 2008)

Ok so I tried everything to get Combofix to run a full scan but it froze/stalled at stage 4 even after 1 hour. I have been guided to use it before and have not had any problems but not on this computer. I followed your instructions exact. I tried deleting the first download link and tried the second, and it still froze at stage 4 after 1 1/2 hours. Is there something else I should try or is it just that I never let it run long enough. I know it goes to 50 or so and at that rate, my norton would come back on in 5 hrs and it still would be running. Thanks again!


----------



## kevinf80 (Mar 21, 2006)

Reboot to safe mode with networking, delete old version of cf, d/l again and give another try


----------



## liketolearn (Sep 25, 2008)

OK that worked. I forgot to disable norton before rebooting in safemode and had to go back and forth to safe mode, but, all done.
Here is the log
ComboFix 11-08-27.01 - Family 08/27/2011 12:18:36.5.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4055.2769 [GMT -7:00]
Running from: c:\users\Family\Desktop\Gotcha.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rob\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-07-27 to 2011-08-27 )))))))))))))))))))))))))))))))
.
.
2011-08-26 22:16 . 2011-08-26 22:16 -------- d-----w- C:\gotcha
2011-08-26 02:02 . 2011-08-26 02:02 -------- d-----w- c:\program files (x86)\ESET
2011-08-26 00:07 . 2011-08-26 01:37 -------- d-----w- c:\users\UpdatusUser
2011-08-25 22:12 . 2009-01-16 02:20 3072 ------w- c:\windows\SysWow64\BrDctF2S.dll
2011-08-25 22:12 . 2007-12-14 05:16 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2011-08-25 22:12 . 2007-12-14 05:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2011-08-25 22:12 . 2006-12-28 20:39 176128 ------w- c:\windows\SysWow64\BroSNMP.dll
2011-08-24 15:07 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 15:07 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 19:28 . 2011-08-23 19:29 -------- d-----w- c:\users\Family\AppData\Roaming\GetRightToGo
2011-08-23 18:52 . 2011-08-23 18:52 -------- d-----w- c:\users\Family\AppData\Roaming\WinAVI
2011-08-23 18:52 . 2011-08-23 18:52 -------- d-----w- c:\users\Family\AppData\Local\WinAVI
2011-08-23 18:52 . 2011-08-23 18:55 -------- d-----w- c:\program files (x86)\WinAVI
2011-08-12 16:40 . 2011-08-12 16:48 -------- d-----w- c:\users\Family\.frostwire5
2011-08-10 15:57 . 2011-07-16 05:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 00:34 . 2011-05-17 03:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 04:26 . 2011-08-10 15:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-09 00:45 . 2011-05-02 22:36 386168 ----a-w- c:\windows\system32\drivers\NISx64\1206000.01D\symnets.sys
2011-07-07 02:52 . 2011-01-12 16:43 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-01-12 16:43 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 14:14 . 2011-06-28 14:14 53248 ----a-r- c:\users\Family\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-06-22 18:51 . 2011-07-21 21:22 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2011-06-22 18:51 . 2010-12-08 23:23 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-06-13 19:22 . 2011-06-13 19:22 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-06-13 19:01 . 2011-06-13 19:01 127034 ----a-w- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2011-06-11 03:07 . 2011-07-13 08:56 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-07-01 112152]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-30 210216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-23 1151096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110826.030\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-26 136824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 02:00]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-23 02:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-22 2327952]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: facebook.com\www
Trusted Zone: google.com\maps
Trusted Zone: standardlife.ca
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_2420"="{0D09DEE2-B34C-4DB7-BFB0-79C106E3146D}"
"ccSvcHst_UserSession_976"="{3EA3FA1F-0FAA-483E-AEB9-EA90C6374BBB}"
"g_coUserCommandChannel"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"ccSvcHst_UserSession_4624"="{11FB431B-0BBD-4F37-AF7C-13B1219AA8EF}"
"ccSvcHst_UserSession_2472"="{3FDBBEDF-F6FE-4EEC-BF56-C2C9ACA7AB92}"
"ccSvcHst_UserSession_3376"="{4EAD08EA-CED6-40B3-907A-E836935198E5}"
"ccSvcHst_UserSession_4884"="{BBCA56E5-0D44-4488-A588-99CB8D1595BC}"
"ccSvcHst_UserSession_3732"="{265C9C14-023C-430B-B752-DAC1FC8EE8BB}"
"ccSvcHst_UserSession_2512"="{A6D2FCAA-7B05-4BAF-A73C-C7CF6BB54FE6}"
"ccSvcHst_UserSession_2284"="{DEA847D0-FA1D-40EB-AF95-661642538ACD}"
"ccSvcHst_UserSession_3584"="{3559B847-593F-471B-8CA6-8FF1F79902E1}"
"ccSvcHst_UserSession_1892"="{72DCA061-9A7B-469B-9F62-10FFE7AA453C}"
"ccSvcHst_UserSession_2500"="{3A46AAAF-4053-4146-A159-CFEFC803EC25}"
"ccSvcHst_UserSession_5552"="{4EC9E9CA-94D4-4EAE-A865-23C6F41B25C1}"
"ccSvcHst_UserSession_4060"="{F11ABEE8-4D91-4D11-82D3-788D695CEDA6}"
"ccSvcHst_UserSession_1680"="{0AFC1297-B00F-4559-A435-4A5B2E854D34}"
"ccSvcHst_UserSession_2348"="{80091674-1503-488E-8B2D-3DBF8593A2C9}"
"ccSvcHst_UserSession_2900"="{6EEDB765-018F-4CC5-8D8B-D5707471BEA3}"
"ccSvcHst_UserSession_1936"="{609F0FE4-F383-48C8-BDA5-2A19156E5B30}"
"ccSvcHst_UserSession_5976"="{4511055F-1880-45D3-A8EB-208D3E6F6CAE}"
"ccSvcHst_UserSession_1564"="{C9E5C189-2BF2-4A62-A274-8BB08A7C74E1}"
"ccSvcHst_UserSession_2676"="{C3FD07D2-CA6A-4471-AE8E-BB7F54887301}"
"ccSvcHst_UserSession_3308"="{67F898AA-8E50-4667-B2F7-B382FD4E58E3}"
"ccSvcHst_UserSession_1756"="{F7AFA130-EDB2-46EC-958B-F2394A58D15D}"
"ccSvcHst_UserSession_2944"="{56C2B74B-5D6B-4B15-8E97-4595580B7055}"
"ccSvcHst_UserSession_2988"="{B38671DC-1C56-4B7D-883E-24D3F5F62F1B}"
"ccSvcHst_UserSession_3460"="{B4EE676F-2503-44D6-9E89-5A2204AAF9EE}"
"ccSvcHst_UserSession_2004"="{764A0659-EDCE-410A-A5DB-092DD105F4CA}"
"ccSvcHst_UserSession_3868"="{E2C0ECB8-DA55-420E-91DE-4655FB39BB1D}"
"ccSvcHst_UserSession_6072"="{5C2D8DBC-28A9-4BE9-AF44-F9BFEE602361}"
"ccSvcHst_UserSession_2968"="{FE23C336-11B1-4FFE-A338-E70911A52A03}"
"ccSvcHst_UserSession_6280"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"clt::AlertChannel2_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_Options_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_MessageCenter_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_Scanless_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_IPUA_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AvProdSession_CanIRun_07"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"SDKCHANNEL7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"ToasterNotify\\SessionID_7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"AccountServices_7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"FormHandler_7"="{B7DFAC23-6065-4B9F-AC66-36724978D001}"
"ccSvcHst_UserSession_3124"="{9D720CC1-E24E-4D44-9953-1CCA1FD2B43C}"
"ccSvcHst_UserSession_1180"="{2E37C7D8-7286-4192-805A-8906E94872DE}"
"ccSvcHst_UserSession_3180"="{79D9E1BE-BC1C-4B64-A00B-A744E3C7A406}"
"ccSvcHst_UserSession_3136"="{BD1B8171-CBCC-4146-8EF3-70E60294FA90}"
"ccSvcHst_UserSession_1708"="{DC49AB09-1FD2-4051-A336-F321963827A7}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_Options_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"clt::AlertChannel2_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_MessageCenter_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_Scanless_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_IPUA_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AvProdSession_CanIRun_02"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"SDKCHANNEL2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"ToasterNotify\\SessionID_2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"AccountServices_2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"FormHandler_2"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"ccSvcHst_UserSession_1988"="{3B1DDE8D-F546-42B2-99BC-3DDB21152C70}"
"ccSvcHst_UserSession_2864"="{215CC422-CDB0-45C0-A2CB-A341A21CC090}"
"ccSvcHst_UserSession_3552"="{CD718E69-1AF7-4070-89F2-4575F793D888}"
"ccSvcHst_UserSession_3696"="{DAE7523A-0AA9-42E2-BC6A-55E890BC4846}"
"ccSvcHst_UserSession_2084"="{1578653E-C730-4355-8529-79DC938152A1}"
"ccSvcHst_NIS"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccSettingsService"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccGenericEvent_Global_EM"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccGenericEvent_Global_LM"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccGenericLog_Manager"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"SNDServiceRequestChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"SNDLocationChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"SymRedirSvcRequestChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"NortonNetServiceIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"NetMapServiceIPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"_isDataPrComm_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ncw_performance_IPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"_ProcessDetection_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"isError_Service_IPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"BashIPCChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"_HSPlayerCommand_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"IPS_COMMAND_CHANNEL"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"_AvProdSvcComm_"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"FWAlert"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"g_coVistaProxyChannel"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ipcChannel_ShastaServer"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ccSvcHst_UserSession_3340"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"clt::AlertChannel2_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_Options_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_MessageCenter_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_Scanless_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_IPUA_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AvProdSession_CanIRun_01"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"TRUSTCHANNEL"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"SDKCHANNEL1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"ToasterNotify\\SessionID_1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"AccountServices_1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"FormHandler_1"="{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"
"_ReputationSvcComm_ReputationPublisher"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
"ncw_reputation_scan_server_IPC"="{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{0D09DEE2-B34C-4DB7-BFB0-79C106E3146D}"=""
"{334107A1-43F4-459F-BAD6-1C2AF46F2B18}"=""
"{A3E6FE8D-4AC3-44E2-B347-25FEE1FF263A}"=""
"{F58DFDF6-CD86-4C27-8AA7-A84DC567FB37}"=""
"{F1D37CAB-A025-409C-802A-123F6FEF86AD}"=""
"{3B0FCE9A-12B9-4576-82AE-E8917986E090}"=""
"{D32D9C27-2CE0-4F44-9558-10F70CF6F8DF}"=""
"{1A489693-1629-4343-832E-FF403809242F}"=""
"{456F62CA-BA60-407B-8CF4-9A13C1BB2DBE}"=""
"{A527D1FD-E6A6-4669-AA01-AD565E6B1926}"=""
"{48CDF554-3176-4146-A715-8282EA57ABF5}"=""
"{9C44C587-8CC0-4301-97CB-3D452E21D3FC}"=""
"{E5084997-0BB0-4176-923A-6D05F490F890}"=""
"{3EA3FA1F-0FAA-483E-AEB9-EA90C6374BBB}"=""
"{F45F4866-DAFE-4199-8DCB-D6AFB2399945}"=""
"{EADC872A-DDFE-4EDA-88A6-18D623B13ACD}"=""
"{DFE5EE58-973B-4889-9550-EACFB77115D3}"=""
"{BB2B0333-67EB-4E63-9B72-86840A6A7F42}"=""
"{11FB431B-0BBD-4F37-AF7C-13B1219AA8EF}"=""
"{7031705B-2B60-4E7A-9B05-6903896D231A}"=""
"{F44F3E34-7F03-44F7-9B5D-8720A063FB4A}"=""
"{231FF422-0C87-4D1F-8620-5F7CF29E5F8F}"=""
"{3FDBBEDF-F6FE-4EEC-BF56-C2C9ACA7AB92}"=""
"{B31DFA15-E2D5-4628-9BF7-1CC8DFAB00C9}"=""
"{417EAA35-2C14-4CC6-BBAF-4B8EC64C36CA}"=""
"{C469DC2F-7105-4CCB-8EEE-1B29DADBC00A}"=""
"{28E4DDD8-5CF0-4C49-BCE6-8F395C42F1F1}"=""
"{42797616-EFC6-4540-885B-6EFB7EF9A5E7}"=""
"{0D95BF94-E02C-4999-A868-49A18F61BB80}"=""
"{D69FCA69-1038-45AA-8A83-CB56C348FFA5}"=""
"{93A45EF9-6852-431C-88F7-8D7D4C929BC2}"=""
"{EF4C3668-F97C-4486-B8AC-2DBBCC22AF79}"=""
"{AD8358E8-DA7E-457F-A3D7-DB927EFC6802}"=""
"{F549FD05-B161-4633-9662-25502B90A73C}"=""
"{4607E9E8-3427-4F92-A5D6-72F4DC41F337}"=""
"{9543AD80-244A-4E20-90C9-379848D57360}"=""
"{59C065E5-A04E-4450-9AF3-E821F6152DF7}"=""
"{13BC438E-2359-4211-9F63-A8AF1D86C5F3}"=""
"{90F1DEFD-59AE-4BFE-99F5-C495976CACB8}"=""
"{866A463F-8FF5-4AC3-932C-B8DF22A4EE57}"=""
"{A04C1D2F-18F9-49AF-B307-C3178B97D41E}"=""
"{79C00894-34D9-400F-BF16-76756F6A9039}"=""
"{926E2715-B662-45DB-9E2B-D20C0D2591C8}"=""
"{621F8424-71F8-4DE5-81A0-CDA2867FF4D6}"=""
"{24EAF720-C208-4264-835B-4E11C0718DF0}"=""
"{06B9EF93-6EFB-4C80-8A83-3B4BD8923AB5}"=""
"{797A998D-E84C-4241-A131-E0270CD371CC}"=""
"{F83A8CA8-9E82-456F-828D-A737089CEA1E}"=""
"{FF1399E1-B2CD-4F33-B653-8C08BC3BF902}"=""
"{F1B2B3CF-00D8-4DCD-AEBC-EC3F25165CD8}"=""
"{09A5A1D2-01FB-42BA-B3DF-85E78E4D4277}"=""
"{255C7C2F-C68C-44F4-83F3-90DA0D3326AE}"=""
"{E862F1BE-ECD2-48FE-8C8E-55AF84535672}"=""
"{30A3B4DC-B795-4FC1-A235-61171CA40764}"=""
"{BC271677-A40A-4F04-A323-1EDCE289C5DE}"=""
"{812D3444-0991-4E89-80FF-5C3E8695C99F}"=""
"{F8BB5FAA-FE50-4D29-9A92-201CE2D42701}"=""
"{E2E423A0-E126-4CD6-9ED6-ADBEAE2A64CA}"=""
"{719A154A-CDB9-4757-8F02-CE8D0A3163F1}"=""
"{DD3A6E20-86E5-4CAA-8E51-39BE3351475A}"=""
"{4EAD08EA-CED6-40B3-907A-E836935198E5}"=""
"{BBCA56E5-0D44-4488-A588-99CB8D1595BC}"=""
"{6BE8DAEC-3C89-4171-97FE-6ADDB9CECFDA}"=""
"{C7337F93-0FE6-4A0A-A8D7-8EA26A2BA6D3}"=""
"{1BF7152F-A406-4294-BD60-7ED4882748A6}"=""
"{EDC03C04-7FF0-4323-ACF3-19239BEA6610}"=""
"{81A9A990-0596-4311-8360-4757BD5C333B}"=""
"{F271028F-4EF5-40BE-B16C-537CB2782BC7}"=""
"{1CEAB620-1BCC-4A2E-B8E2-0C6B1DC368B8}"=""
"{F178B38B-C8C9-42F9-B319-12C8E31BFE96}"=""
"{265C9C14-023C-430B-B752-DAC1FC8EE8BB}"=""
"{A6D2FCAA-7B05-4BAF-A73C-C7CF6BB54FE6}"=""
"{C65C0374-3A0E-46D7-937E-69126BDE652E}"=""
"{0F0B24C2-B4DD-4133-956E-EE9E695A6AC2}"=""
"{3E804682-4283-4C1D-932C-2222F8633271}"=""
"{DEA847D0-FA1D-40EB-AF95-661642538ACD}"=""
"{2CA881D0-F2F5-4CE0-8B47-F4EB36F5602D}"=""
"{52A6D3A3-4536-4E13-A94C-A0564E76C218}"=""
"{4186A025-A0FF-4A0B-BBF9-DFDB81F67492}"=""
"{7B044A37-9053-4F87-869A-EDDFD56F5ADF}"=""
"{C0EED198-9BC5-4960-B57A-9824F4141F9F}"=""
"{9F49D034-3BE9-4F29-9CBA-ABFA633BD9F8}"=""
"{AD559B7C-C818-4AD3-BEC5-4155C05BB08C}"=""
"{7ACD7CE2-1612-4916-8718-B9105C1129E6}"=""
"{3559B847-593F-471B-8CA6-8FF1F79902E1}"=""
"{72DCA061-9A7B-469B-9F62-10FFE7AA453C}"=""
"{944955E2-8CE3-46C6-ABB7-49A60D1B62D4}"=""
"{C2AE5977-4360-49A0-9E4B-C1A44190FDFA}"=""
"{AB8283A1-E692-49DB-8BD5-AA0F7C9B4950}"=""
"{C5EAB144-3616-4009-B2A9-89B80000E773}"=""
"{C7244556-3535-4161-AB2A-7384ECA5232D}"=""
"{087D4208-2AFB-47CA-8808-0D5272D594E2}"=""
"{F216F799-3347-496D-8270-CDF5F75D9B4D}"=""
"{6DE2D977-B8E3-4D0C-AD53-8A387C0E433B}"=""
"{E6365B8E-57DF-4641-8C6E-E8638E807395}"=""
"{C7FA5AEC-553F-4D07-AB59-4400BC4F2596}"=""
"{F32B6FA7-672A-4E22-8D13-7CF1553E10DD}"=""
"{0655FD23-BCF7-48DD-8967-1D323A65B092}"=""
"{9B46DD8E-80AB-48CF-B4F0-CAAD4CDD7D36}"=""
"{41B39639-E2C9-4AC7-A75E-2FF725BF09D3}"=""
"{C95F8E84-5844-44BB-A6DD-298E36DA1087}"=""
"{10038422-0436-44DF-B890-08914B4CE751}"=""
"{8604010B-05C0-41EC-8798-948C25CF36E6}"=""
"{C0E97210-BEE3-4232-9499-A5C01569D4EE}"=""
"{5E5C0E19-0116-4F07-845E-E2BE98208686}"=""
"{699BD23C-3EA3-44A6-9ED5-320283F2BB11}"=""
"{04B8517E-190E-4B66-94DF-8DB874EF540F}"=""
"{3A46AAAF-4053-4146-A159-CFEFC803EC25}"=""
"{4EC9E9CA-94D4-4EAE-A865-23C6F41B25C1}"=""
"{8A988E86-A8E0-4D31-BFBA-5258E9C5DEDB}"=""
"{47D72049-8670-4514-A8EB-7AEF05BAEFB1}"=""
"{116B8AF4-5AFF-4621-BFFF-F21372E0B099}"=""
"{967552C5-B84A-4279-AD02-8342BAFB0B60}"=""
"{8EAA8F83-8D5B-492A-86BD-AA71805D0DC5}"=""
"{A026D6F4-6733-49B5-9BBC-E7578A003F8D}"=""
"{F11ABEE8-4D91-4D11-82D3-788D695CEDA6}"=""
"{5F09D7E6-0A4E-42B7-9D63-8B8A55999F95}"=""
"{BA272269-E1FB-4851-BC38-3952DB63F147}"=""
"{2C8FDA85-0A7F-46F9-80DF-CBC13109DB24}"=""
"{61E56D99-A1E3-4D81-8B61-0EAEA5389D98}"=""
"{9DC01170-E9E9-422A-9EFD-1D435D7FAFE8}"=""
"{23B73D5F-A7D7-4711-B5D6-99C0E3E72E67}"=""
"{0AFC1297-B00F-4559-A435-4A5B2E854D34}"=""
"{E89F06AE-9591-43F2-91B5-2D0C2B60615B}"=""
"{80091674-1503-488E-8B2D-3DBF8593A2C9}"=""
"{6EEDB765-018F-4CC5-8D8B-D5707471BEA3}"=""
"{FD4D0088-9FC3-4A3F-A855-9B2BF471D04B}"=""
"{609F0FE4-F383-48C8-BDA5-2A19156E5B30}"=""
"{4511055F-1880-45D3-A8EB-208D3E6F6CAE}"=""
"{E7B4A712-CE37-4238-9DDC-CF21A0B5CF99}"=""
"{525FCBA7-13DC-442A-A419-5A8E03A65E0E}"=""
"{3DF232C3-CFDB-4FD0-AC2B-7A0D0F504B0A}"=""
"{A19DFB2C-37EB-4166-B007-D78FD0C46D1B}"=""
"{7D47BC7B-CCEC-4476-A316-8E96A95A3E74}"=""
"{C9E5C189-2BF2-4A62-A274-8BB08A7C74E1}"=""
"{4249CE54-BEA1-4B47-B878-164F7EDE97C2}"=""
"{2197FA12-C5C8-4B39-A374-D4FCF4DDE8B1}"=""
"{878FD86F-CC0D-444A-A144-69525A680C90}"=""
"{E02B6983-9151-4D56-A9CB-1E6F90DB7184}"=""
"{03ACF25F-4608-48FD-9EA1-0AEC459C35E4}"=""
"{7CFB9259-340A-4E6E-B35C-D1528FAFA7CE}"=""
"{E1E11BEF-2C1C-4A10-AC87-2B8CDD7202A6}"=""
"{C3FD07D2-CA6A-4471-AE8E-BB7F54887301}"=""
"{67F898AA-8E50-4667-B2F7-B382FD4E58E3}"=""
"{8DAB9CA4-160F-4AC9-87A4-263B848A8DE1}"=""
"{45CCF494-3408-49FE-8008-FEB7C6B92357}"=""
"{104505B1-28D2-49EF-914C-A522E5BB0723}"=""
"{AD90BDB9-6CF7-402D-8D99-E36A61B29D06}"=""
"{F7AFA130-EDB2-46EC-958B-F2394A58D15D}"=""
"{5192857E-6B40-43B4-BF66-AC98EE6F1CDF}"=""
"{56C2B74B-5D6B-4B15-8E97-4595580B7055}"=""
"{138477FD-4BBF-45D7-ADDA-2EA6B891202E}"=""
"{B38671DC-1C56-4B7D-883E-24D3F5F62F1B}"=""
"{01F538AC-9919-4E3C-A6B1-1DFB8466927C}"=""
"{A386C740-E3FB-4A16-AECE-4B8071F5AE17}"=""
"{3F76AD84-C598-4C4F-BAAE-9AB944B3AE49}"=""
"{1BA15CE7-905E-4086-9398-DB380339ACE2}"=""
"{D3C39C4A-CA61-492A-9F69-4ED56C9A7387}"=""
"{C0928F02-E591-452B-89AE-2CB85CEB9987}"=""
"{EF81767C-5025-4BF3-BE0C-B9D21861D72F}"=""
"{66531C5A-9C27-474D-9A10-EFB1B35E47D0}"=""
"{DE310AB0-0BCE-4086-AB01-1394527E5560}"=""
"{896B161F-EB65-45EE-8F56-9575151F8294}"=""
"{65722FD5-76E3-4AC4-AB8F-8552A725D639}"=""
"{AC2A66B6-428A-4744-9150-BF491DC7B686}"=""
"{475F5FF6-4741-408B-B601-CC297CAFC0FA}"=""
"{2B411686-CE3D-4CFD-B1E2-7DB5DAF1B4FD}"=""
"{5D6E3C72-3CB7-42F2-A9F5-2244B4A94BBE}"=""
"{134761DE-698F-4D09-89AC-EDBA22D72521}"=""
"{8841916F-4D8D-4C6B-AA23-38FB95AC31C9}"=""
"{E3465A3F-C21D-434B-B771-F8C68A766CA7}"=""
"{591EEED2-CF01-43C4-A4C7-16C830230CDF}"=""
"{D971A2AB-AEB8-48B7-9AC2-086210F9B896}"=""
"{DD77B5A2-1CA0-478E-B2F7-43559AD1824E}"=""
"{4615FFF4-7782-4CA3-8E3C-246FB1DE147F}"=""
"{026262E3-C540-4758-8387-61C8657CA34C}"=""
"{39FB057F-3185-4667-9E31-155C253CC74F}"=""
"{ACBED2EF-6484-418A-8572-3DF8B7AD7DEF}"=""
"{4CEF23E2-A7FC-4B24-96C4-CE8EC6FA0F3E}"=""
"{8D5D6E23-5626-403B-B029-EF2898786ED9}"=""
"{FEE40CC8-3D98-44FE-A2B1-833E563C5AB5}"=""
"{52BBA090-13EE-461F-BE21-3D3E03055B2B}"=""
"{87D922FA-A884-4454-B0E8-0BA63953B703}"=""
"{DFCAADBD-4718-4CB3-8448-B1B3AECC6F29}"=""
"{220E7BC9-7B05-4D42-A75A-BF6DE32D48DB}"=""
"{F7339600-6765-430A-9DF1-7E52E7D939D8}"=""
"{B4EE676F-2503-44D6-9E89-5A2204AAF9EE}"=""
"{42C6E96A-141D-4A7D-A46B-F7026663969C}"=""
"{764A0659-EDCE-410A-A5DB-092DD105F4CA}"=""
"{FBC66D9B-EA1B-4BBA-8F44-31DAF22BAFCF}"=""
"{FEA48F18-DEDC-49AE-8C26-E20AB168EA0E}"=""
"{0C2B846D-CA4A-47E5-9E3A-40F2F75C4AB8}"=""
"{83E76CF5-6031-4038-91FD-6899E8EF76B9}"=""
"{DC3984CD-168E-4F6E-9A53-B510B31DD7E0}"=""
"{90592A06-0E86-42C5-A601-F1884EE70965}"=""
"{D27C23FB-79E2-4570-A688-98C7FE466D43}"=""
"{6697095D-B764-40E3-B266-B2FAE49497EF}"=""
"{988E6850-1E4D-4558-91AF-794DE8D6C532}"=""
"{FF0416BD-3923-4E29-80DB-F1ED8881DD0E}"=""
"{39461C36-D129-498B-B2A3-F469E6418375}"=""
"{2AA8985C-B5F4-4D7A-99A7-833B88545B53}"=""
"{1EB12C13-23DB-4258-9FEA-CF199C8990FA}"=""
"{7B7DDF50-A801-492A-AD96-760E98851318}"=""
"{E2C0ECB8-DA55-420E-91DE-4655FB39BB1D}"=""
"{2E416CDE-68A3-4F11-B8CF-D3D0B0A219AF}"=""
"{557F2CF9-FBB5-4FDB-BB62-3FA95634F71E}"=""
"{381AC5A0-411D-45C4-A5B4-C078AC958420}"=""
"{C2DF556F-CDFB-4DC2-B5D8-8184B4A2A786}"=""
"{E2A80BCB-8670-4BF8-93F4-7CDDDEA53768}"=""
"{5C2D8DBC-28A9-4BE9-AF44-F9BFEE602361}"=""
"{CB26DA7B-8FFA-4799-8E7E-EF4C206D8DC5}"=""
"{5A0E5F3F-6506-4354-B52B-9B9B5180A9D3}"=""
"{25A13A4A-01AD-4F21-837C-5700248348A8}"=""
"{5E590033-F532-4E22-83ED-4B9800A26FC7}"=""
"{7F87AF53-1BF5-4203-86B2-8FCA00FAAED1}"=""
"{7B45986F-25CA-4F75-8273-6ADF6FEDDB9C}"=""
"{316075CE-DFF9-4A6A-ACE9-AC96079EA687}"=""
"{456D4025-A625-43C3-97D6-9523AB33BCDD}"=""
"{278CFB38-410E-43F6-91D8-52766FB59128}"=""
"{E1829972-98DA-47F8-86B3-EBD8A668B259}"=""
"{2CF5C7CA-43B9-4F2E-80E4-FAED8A6B551A}"=""
"{22EA5E25-5B6F-48DE-96BD-09D5C57B15A6}"=""
"{E21F2C77-B6E2-4D41-B170-30F39FDA80EF}"=""
"{F7DC96A8-875F-489E-93F9-DCE6E1CD0215}"=""
"{F15B20B5-11E0-48C0-99BB-A75F4BD05552}"=""
"{72138ECB-1EDF-4A98-AA04-B10CADACB997}"=""
"{49F6AB37-3BDC-4B7F-B6C3-B0CDE02D4254}"=""
"{6E99CCEE-CC0B-4174-92FD-B0B133E811DD}"=""
"{B57BDDA6-697D-4CD8-B035-9B89C82CD60D}"=""
"{EE39852F-6F24-4546-9DD1-E260978A82A9}"=""
"{28543CA6-CFEA-4B98-839E-A110932B9ED2}"=""
"{87AD65EE-5A4A-48B3-B5E2-A83C2DC5D77A}"=""
"{0EFD6857-435D-40BE-874C-D8B30FBFC4F3}"=""
"{76835805-5EE8-42FD-8BC0-88EABE6B5221}"=""
"{4EBA3986-2A5D-4E75-AB54-78194BD1817C}"=""
"{B7EC8B18-CC95-4007-881A-F42C912B4717}"=""
"{2F863126-5E1C-4738-B6AC-21C291EB8BDC}"=""
"{742199D9-2AE1-45A6-97EF-F35A6E777FC1}"=""
"{51A11188-3B93-4B2D-8E18-A96058226D46}"=""
"{C766FB15-8D48-4B9B-9462-76D1CADD6CD3}"=""
"{61F72C35-6AE8-45E9-BFAD-CD712C488B07}"=""
"{0E0D17F1-15AC-411D-821A-CA58F085014F}"=""
"{35969881-9898-4EEE-8CE3-798D1D0E1488}"=""
"{348F6188-F6C6-45B1-B174-7D4A915C968E}"=""
"{B6F6791E-EDBF-4175-8018-022D272FE860}"=""
"{DC082D97-042B-4C78-92F5-1DB98B5A38E5}"=""
"{F317CA28-83E5-456B-9B45-D8A5C8F6D6CA}"=""
"{E5559D7B-551F-42F9-BCDE-87AE2A9E2A8F}"=""
"{21F9A910-1735-4901-9155-5D47A3BD1F8A}"=""
"{3037A8A8-9297-4A9B-991F-C6805A4D74A1}"=""
"{8881828F-0718-4D04-8E2D-9BAB99F42A68}"=""
"{22827BD3-297A-4A5A-ACD3-4AA56306C6B2}"=""
"{AB466F01-8834-4C42-8711-121822183228}"=""
"{B0E4F8EB-71B1-4B30-BD3F-48C3FAF582E8}"=""
"{C5DEB543-692E-4CD9-B069-857FC9FF26D0}"=""
"{43332A67-4FD7-46DF-B6B5-CE1B744BCBC4}"=""
"{FE23C336-11B1-4FFE-A338-E70911A52A03}"=""
"{049FAD6F-79BE-4614-BB5C-C3073D450315}"=""
"{52F3B6DD-1E1E-4D61-A8CB-F1A7960C878F}"=""
"{681D23E2-F8CC-44AF-9D0C-616B0078C9C3}"=""
"{E3CCFFA6-7312-4CCE-AAA2-E27B678886D0}"=""
"{E886A398-E087-4629-AB07-C147AC37AE82}"=""
"{750E8799-DE97-41AC-9F32-05339538DB68}"=""
"{C6C78876-1E8C-4A42-AF73-7577155712CF}"=""
"{48EC48C2-F240-490E-8FD2-B27C506E4E51}"=""
"{CF53B28D-20E7-44F4-AF1D-21D28F75C116}"=""
"{481A2508-365C-436E-ACF9-CE7B1C3ED44A}"=""
"{B85002A6-829C-482B-B394-377800B904D0}"=""
"{1A7C5C1F-3C54-42F0-973D-8EED900683AF}"=""
"{8B6A1FE4-1DC6-4249-A46E-1F1FEEA392D5}"=""
"{15DDB78B-516A-45C1-89F9-0F88DFEE98DB}"=""
"{B71C749F-57D5-48B9-B27C-D6EB7D858DC3}"=""
"{BB9A426C-9C91-4130-946E-316F862697A9}"=""
"{5B713E37-6995-43CE-AC8C-F52F24EEB2BE}"=""
"{1C1CAEBD-5006-40DA-A5DF-A1A5E4AD4E81}"=""
"{013E1C21-234D-4ADC-B7DA-5E0D2D42BE61}"=""
"{A0C419A4-4026-4C4A-9520-892BA4EA4EFE}"=""
"{5F8E2EE7-5159-48BD-84EF-95A6B4548C66}"=""
"{4BF2DA07-8AE1-44D8-9E8B-12069E5817F4}"=""
"{3BCF7FEC-BA37-4CBD-9CC5-23BCD8DF713D}"=""
"{7B690751-BE74-4975-B4F4-97557CBD335B}"=""
"{77AC26DA-F6CB-4D95-8969-8E408B0A9A11}"=""
"{FBD15F94-4C2A-4144-8643-BD18C6BBDF56}"=""
"{09F7FB02-FE6F-47E7-A507-2BADFCEA3EAE}"=""
"{3BA6857C-C928-4583-922C-140DA59B1951}"=""
"{51AF8568-1FCE-4526-A5FB-D39A83D1CA63}"=""
"{CCFA988E-3148-40C7-B969-6582CAB97E17}"=""
"{87B1FDB0-CD96-4841-8836-34B10648C67E}"=""
"{75C71241-2324-49E0-BB54-E4EFF90F8850}"=""
"{A5F0EAA7-1278-42F6-BC69-6E3D5E7DECD8}"=""
"{E4A69C55-1A31-4238-AD45-D088962DF1A7}"=""
"{0D8EE81F-B7FD-47F3-BDC0-0E2C079F2799}"=""
"{729C3E28-69D1-4380-A1A3-3F40BF525194}"=""
"{5C5CD5ED-D436-49F5-ACA6-61CA9E01CDEE}"=""
"{3F95F73F-3AF0-4665-80DB-BCF3F43BEA83}"=""
"{3F04E07C-DFF4-43D9-805B-D47CEDB2852D}"=""
"{DB1653B7-FFA3-49AA-84BB-A376A1C733E5}"=""
"{C146FAFC-1862-4AA2-B6CC-8578A46B85F2}"=""
"{D3F8EA12-2EF4-41E2-A20A-1A7E30955322}"=""
"{A121205E-DC7F-4888-B3B3-F42D667F35DB}"=""
"{7FDD4F46-2BF8-455C-AF61-E672CEA5D2FE}"=""
"{C488FA40-51CB-459A-A89D-0781720DFBB0}"=""
"{6D796824-EC5E-4906-8943-C8BB1CAB2A30}"=""
"{E0DC724E-5CF8-45DA-89D1-CC7ECE3CBF07}"=""
"{EB351F31-D0CE-4798-982B-481DB88C386C}"=""
"{B0C9A88E-3640-44ED-9E81-3AFB737E546B}"=""
"{F0EA5D24-FAA3-4619-9B3D-2E76EFE47597}"=""
"{CA916EFD-E9E1-4AB5-A448-5AACC27DBA77}"=""
"{18BEBAF0-E57A-4D53-B9A9-1F23DF08BE0F}"=""
"{E6618D36-3795-4240-8085-E51A28BCFDD9}"=""
"{0CBDC7E0-4B82-4EDE-B776-845A6A5374FE}"=""
"{431EA7FC-4611-4959-94EF-FCC97ACF1D77}"=""
"{44D1B697-362E-4EBD-9854-359470ADA71D}"=""
"{302F8F5E-9A15-4CDD-B3D2-8460885B98EB}"=""
"{F6BFF0D2-56B3-46D3-96F4-90EDFBEE65D5}"=""
"{22F0B307-A00D-44A9-8F6F-AD7302ABDB75}"=""
"{4D4E78D4-A681-4347-92DD-389835389371}"=""
"{605FD607-4C05-4D6A-BC7B-8F828ADC7C0B}"=""
"{B73BFF1C-0C0A-4E11-9A9C-B885026D2404}"=""
"{4C1F09AF-00D4-401C-ABBA-26F2120D3B29}"=""
"{E1125C04-4839-4B55-92F5-FA6DEA990EFB}"=""
"{5E39664D-7074-4FF9-9EFE-857B509DE290}"=""
"{4F5637A2-F981-4353-8B3E-44E156DEF934}"=""
"{FBC4BCCC-0119-46A3-A5B3-79C4D0FCBA20}"=""
"{0093262E-3032-48A5-9E0B-B0690C623307}"=""
"{D00CD13E-8725-4BE6-819F-0D3255F65BE6}"=""
"{770E72E3-B147-4493-B699-023DD1DEA1C0}"=""
"{F68797BB-BEC5-4A61-90A8-9DA8C15AA99E}"=""
"{CFD24CCF-39AF-4B42-882D-4160BE4CB82B}"=""
"{D1E839DE-CB1C-4B16-A7BE-BEF0DF08511F}"=""
"{D2065170-5B5C-48C4-8F46-D2146125EFB3}"=""
"{9DDC4B3D-0F96-4244-B864-417982F566B4}"=""
"{7E064615-BF51-4981-B6CA-07BA39C20809}"=""
"{29195242-E35F-46A5-8A2F-C97A8A0619B6}"=""
"{ACA4E181-2050-4E91-B98C-6A0FF2D5037D}"=""
"{1716D8EB-2D4D-46A6-9578-7DBE0253287E}"=""
"{EE204283-6B0C-4C8E-B146-1406D55638A7}"=""
"{BB4689F4-9565-47DD-932C-A176D5A2CF64}"=""
"{E99CC81A-DC9B-4E6E-A0C8-E5AB87296E75}"=""
"{4040EDDC-2A84-4E31-B28C-60D6698596F4}"=""
"{F2911F39-D403-46A2-A174-F8F40DA567E4}"=""
"{2E04AC56-C8A6-4C57-9076-E616ABF16467}"=""
"{C6A6273E-3DB2-431A-8D46-602CA7874CBD}"=""
"{24B8CFDA-7CF4-4B3E-8957-9F5E18A0CD58}"=""
"{B6921103-3357-469F-B64C-D0B7664E0408}"=""
"{AC59942D-C54E-44F0-B65D-ADD4BE83B7B2}"=""
"{8CB38945-EA37-47D7-84E0-A2E9219F52D1}"=""
"{AE9E3A8C-ABCF-47D7-908A-DED0FC479826}"=""
"{DB36CD5A-5500-4A4F-9F98-92035973B019}"=""
"{C1AE82E0-1FDD-457D-8DEA-707EF67B4918}"=""
"{A8C9310E-4809-46B9-B111-1DD81AAF8DD5}"=""
"{7D88E462-2ECB-4157-A552-4EBA63574D6B}"=""
"{5F8E4421-5243-4DA9-A990-4F690729C804}"=""
"{5BEDAC2B-0F9B-4925-8363-CC35AB005F36}"=""
"{34A9B94C-BC8C-4C62-BCB4-CCD3904FF25E}"=""
"{6985F6ED-0E0A-4626-9F37-A5A1E0122BC3}"=""
"{633B21B8-FCB3-4DB2-9A9C-AB67DAA92E9F}"=""
"{48500D14-B93E-4BE6-A4A7-AA2A39CD92F7}"=""
"{B7DFAC23-6065-4B9F-AC66-36724978D001}"=""
"{AAD132E1-9400-4659-B7EA-23670A41E4DC}"=""
"{99F1C6D4-F40F-4D9F-BEEC-630FB7BADBD6}"=""
"{94A8658D-2BAA-46B4-9B67-0B9CB9DCF08F}"=""
"{86E619B3-1398-4344-ACF1-5033D3C5B728}"=""
"{7C7033F1-7C54-4FAC-8E11-DC578ECE9334}"=""
"{DC346B3A-24B6-47D8-8B4D-8A156F50AE15}"=""
"{C2F44976-2553-48AE-94CA-F2789FC00C63}"=""
"{D5CACC3B-6E28-4E76-8DBE-C78DDE372ADF}"=""
"{BADAD400-0D9B-455F-BA53-59A66E597F2C}"=""
"{9D720CC1-E24E-4D44-9953-1CCA1FD2B43C}"=""
"{FF839E50-99BB-4185-A181-FC0C0D776BC9}"=""
"{2E37C7D8-7286-4192-805A-8906E94872DE}"=""
"{3F8E3433-334A-4E15-8A61-13F3F50A10AA}"=""
"{79D9E1BE-BC1C-4B64-A00B-A744E3C7A406}"=""
"{9E5836DA-ABB1-4ACC-B9DF-669B8FDA28EB}"=""
"{D0880ABC-DDF6-4350-8A1C-30FBBC98EF37}"=""
"{12C657CA-BADE-41D4-8CD5-C3319ECAAC0B}"=""
"{AA464F21-12F0-4569-916A-A0807541C979}"=""
"{9903D159-B08D-4712-B66C-5BA9CBFF9F20}"=""
"{B5D3AEDE-8070-495C-AEEB-FEE4CEE62808}"=""
"{F3B741CD-485F-4010-83D5-4E5112EDF91A}"=""
"{47E9D54D-00B3-480B-9E72-5F9DC919615C}"=""
"{6FF1520D-FB38-429F-9646-D1CE957409AF}"=""
"{A2B55C96-5FDC-4624-852E-FE32DEB0D8F4}"=""
"{69216B98-E67A-49D6-AEAE-884C73D60D25}"=""
"{A2876EB9-000D-423E-8951-78E6BF129336}"=""
"{BD1B8171-CBCC-4146-8EF3-70E60294FA90}"=""
"{130E9FE8-F633-457E-8BF3-D36DC25A65DD}"=""
"{6B5554AF-15EF-46BA-AE65-CD8D32944C9F}"=""
"{19E5F19D-7A90-4FBB-A3CF-9057826015AE}"=""
"{93F04B93-BBCA-4BB6-B8CB-1F8EB862E7EB}"=""
"{DC49AB09-1FD2-4051-A336-F321963827A7}"=""
"{36EA6AFD-970F-4008-A475-6D5D8F2C9E9F}"=""
"{3B1DDE8D-F546-42B2-99BC-3DDB21152C70}"=""
"{80517A95-38D5-4AD0-B3A1-6E5E7CCD8279}"=""
"{00BF5234-BB29-48D7-B16D-D4C5984DB60B}"=""
"{F9133435-76A6-4D34-BD87-94F16C8E5C99}"=""
"{215CC422-CDB0-45C0-A2CB-A341A21CC090}"=""
"{675F6951-9D14-4F21-A90C-A35EE71331C3}"=""
"{63CFADA0-5D18-449F-A56D-3B6AFD0179BC}"=""
"{CD718E69-1AF7-4070-89F2-4575F793D888}"=""
"{F0B56F3C-7647-48B8-AEFA-3DA4F257F4D4}"=""
"{DAE7523A-0AA9-42E2-BC6A-55E890BC4846}"=""
"{538952BE-87AA-4FF5-AD4A-54B9D75F8936}"=""
"{1578653E-C730-4355-8529-79DC938152A1}"=""
"{F7E86A5E-AD26-49B6-A00F-679AE06E05B9}"=""
"{2ED7532C-A4EA-45A0-B559-7DE5CBA8A107}"=""
"{9F227B6F-0064-4548-AD4D-227815EFFF06}"=""
"{7D696A07-6D1C-4FDE-81A5-D31D6AD4C33F}"=""
"{7ACBA33A-ABA4-499D-9243-4A2A209EF093}"=""
"{319257A4-9C2F-4BF8-BE8F-B3B55E91D654}"=""
"{BC891F07-8B10-4E90-B0E0-44B816CDA705}"=""
"{BE655385-62AF-4C49-88F2-EF9E1D8E40A4}"=""
"{34D23715-F5F3-413E-8AA0-1A6D5FC36970}"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-08-27 12:27:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-27 19:27
.
Pre-Run: 943,953,911,808 bytes free
Post-Run: 943,803,301,888 bytes free
.
- - End Of File - - EC0EF154002A6D4F67BC54CA1F5622B9


----------



## liketolearn (Sep 25, 2008)

Also from the quaratined file
2011-08-27 19:27:01 . 2011-08-27 19:27:01 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2011-08-27 19:26:54 . 2011-08-27 19:26:54 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2011-08-27 19:21:45 . 2011-08-27 19:21:45 5,829 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-08-26 22:16:19 . 2011-08-27 19:18:01 459 ----a-w- C:\Qoobox\Quarantine\catchme.log


----------



## kevinf80 (Mar 21, 2006)

How is your system responding, are you still having issues...


----------



## liketolearn (Sep 25, 2008)

well it was still freezing and a couple of norton alerts about high disk usage so I looked into it more. Not sure if this is/was the problem logitech setpoint software for lx 310 wireless keyboard and mouse seemed to be causing some issues with norton etc. I uninstalled the software and so far so good but have not been doing much though. Did you see anything that also could have been an issue?


----------



## kevinf80 (Mar 21, 2006)

Logs look ok, nothing obvious. Use your system for a day or so and post back how your system is responding


----------



## liketolearn (Sep 25, 2008)

Seems to be good. I have noticed that since deleting the keyboard program no issues with high disk usage alerts also. Could this cordless mouse combo have been the whole problem? occasionally I notice the mouse doesn't respond so I move the receiver a bit and then all good again but annoying. I have used it for a couple of months with no issues until now, not like the microsoft combo I took back. Thanks for your help and time!


----------



## kevinf80 (Mar 21, 2006)

OK do the following :-

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.
*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself. *Any tools/logs remaining on the Desktop can be deleted*.

*Step 3*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
 If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run*

*Step 4*

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by *Secunia*, available *Here* Before clicking the *Start* scan button, please check the box for the option *Enable thorough system inspection*. Just below the "Scan Options:" section, you'll see the status of what's currently processing....








...when the scan completes, the message "Detection completed successfully" will appear in the *Programs/Result* section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia

Let me know if those steps complete OK, also if any issues or concerns...

Kevin


----------



## liketolearn (Sep 25, 2008)

Ok so I deleted Combofix earlier after I ran it. So windows says it cannot find it when trying to do above uninstall. I notice there is a Qoobox file that will not delete says needs to be administrator, which I am! I guess I screwed that up! Now what? I will wait before I try the others!
Thanks


----------



## kevinf80 (Mar 21, 2006)

OTC will remove Combofix folders, it will not reset system restore so that will have to be done when you finish the other steps.
Complete steps 2, 3, and 4. then do the following:

Create a new restore point:

1. Right-click on Computer and go to Properties.
2. Next click on the System Protection link.
3. The System Properties dialog screen opens up and you will want to click on Create.
4. Type in a description for the restore point which will help you remember the point at which is was created. Click on create.
5. You should see the message "The restore point was created successfully

To remove all but the most recent restore point do the following:

1. Open Disk Cleanup by clicking the Start button







. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
2. If prompted, select the drive that you want to clean up, and then click OK.
3. In the Disk Cleanup for (drive letter) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
4. If prompted, select the drive that you want to clean up, and then click OK.
5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
6. In the Disk Cleanup dialog box, click Delete.
7. Click Delete Files, and then click OK.

Let me know how you get on...

Kevin


----------



## liketolearn (Sep 25, 2008)

I have completed all the steps above. I have noticed that the folder Qoobox is still there and will not let me delete it. When I open it the file BackEnv says I do not have permission to access it when I click on it or try to delete it. It says to gain access you will need to use the security tab. I have no idea what to do there!! Any way to remove this? Thanks again


----------



## liketolearn (Sep 25, 2008)

OK so I managed to delete that folder! found some info on changing security permissions. Not quite sure what I did but it worked! Is there any programs like TFC you use often? I was using CCleaner and Revo but are there better ones now that I should use instead. Thanks again for your time.


----------



## kevinf80 (Mar 21, 2006)

I prefer TFC to CCleaner simply because Cleaner has a registry cleaner component, there is no proven benefit from running a registry cleaner. However, there is every chance of causing problems for yourself if you let a tool run without guidance on your reistry.

I do not use or even know what Revo is so cannot comment.

Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.

Here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

The best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the "Mark Solved" tab at the top of the thread,

Take care,

Kevin


----------



## kevinf80 (Mar 21, 2006)

I prefer TFC to CCleaner simply because Cleaner has a registry cleaner component, there is no proven benefit from running a registry cleaner. However, there is every chance of causing problems for yourself if you let a tool run without guidance on your reistry.

I do not use or even know what Revo is so cannot comment.

Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.

Here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

The best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the "Mark Solved" tab at the top of the thread,

Take care,

Kevin


----------



## liketolearn (Sep 25, 2008)

Thanks for your time and knowledge!! Much appreciated. My norton is always updating and scanning weekly but I am not very happy with it. So you say the free online antivirus/etc is good?? But only 1 should be installed correct?
Thanks again!


----------



## liketolearn (Sep 25, 2008)

I should mention I posted a new thread in the windows 7 part here about a problem with printing certain pages. Not sure now if this is related to any of this. Only certain things will print in a weird code instead of what is on the page like in credit card sites. The statements print fine in pdf but now when I want to print latest transactions clicking the printable version, I get alot of pages of other stuff. Shall I just wait for an answer in the other area or is this related?


----------



## kevinf80 (Mar 21, 2006)

Do not install and use more than one AV program with realtime protection running, if you use two it will cause issues.

Regarding your printer, uninstall/reinstall the software, yep post back when you get a reply at the W7 forum, let me know how you get on....

Kevin


----------



## liketolearn (Sep 25, 2008)

I am taking your advice and I now have google chrome, must faster and I tried to print the documents I had issues with and received a message saying I needed to enable the chrome pdf viewer from the chrome plugin list. I did and all is working fine now so far! I was thinking the printing problem was something in IE that some how was changed but I have no idea how to fix it. Now with Chrome its all good, just a bit to get use to. Thanks for all your help and advice....I am so thankful for this site and all you people that help


----------



## kevinf80 (Mar 21, 2006)

Good to hear all is well for you, Regarding Internet Explorer, if you are using version 8 it will be more beneficial to update to version 9.
Don`t hesitate to come back if you have any more problems... Mark this one solved when you`re ready.

Take care,

Kevin


----------

