Search similar:
|
uniqs 5414 |
|
|
|
|
[Malware] Can't find a virus, but Norton won't startFirst, I've performed all of the steps outlined at: » Security Cleanup FAQ » Mandatory Steps Before Requesting AssistanceI've attached all of the required logs; EXCEPT: I could not run the on-line scan. Something is interfering with/re-directing any browser I try (Firefox, IE, Opera). My basic problem is that One of our computer recently lost the ability to access the internet. When I examined the PC more closely, I found that the Norton Security suite wasn't running. When I try to start the program nothing happens. I've become concerned that I've got a virus that's blocking both Norton and access to the internet. Any assistance would be appreciated | actions · 2011-Nov-26 5:37 pm · (locked) | lilhurricaneCrunchin' For Cures Numquam oblita join:2003-01-11 Purple Zone |
Thank you..I'll get those logs opened for easier analysis We'd be happy to rule out any malware and review your logs Re: The ESET online scan... there is (in the FAQ) a downloadable file, did you try that? Also, renaming the .exe file might also be helpful before executing it. | actions · 2011-Nov-26 5:40 pm · (locked) | lilhurricane |
to jwoods1681
MBAMMalwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org
Database version: 7622
Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702
11/26/2011 2:40:45 PM mbam-log-2011-11-26 (14-40-45).txt
Scan type: Full scan (A:\|C:\|D:\|F:\|) Objects scanned: 280662 Time elapsed: 58 minute(s), 30 second(s)
Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0
Memory Processes Infected: (No malicious items detected)
Memory Modules Infected: (No malicious items detected)
Registry Keys Infected: (No malicious items detected)
Registry Values Infected: (No malicious items detected)
Registry Data Items Infected: (No malicious items detected)
Folders Infected: (No malicious items detected)
Files Infected: (No malicious items detected) | actions · 2011-Nov-26 5:40 pm · (locked) | lilhurricane |
to jwoods1681
OTLOTL logfile created on: 11/26/2011 2:54:25 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lia\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 510.78 Mb Available Physical Memory | 49.91% Memory free 2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.67% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 146.36 Gb Total Space | 87.28 Gb Free Space | 59.63% Space Free | Partition Type: NTFS Drive D: | 495.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: WFHOMEMBW | User Name: Lia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011/11/26 13:43:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lia\Desktop\OTL.exe PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2009/11/17 11:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009/11/13 11:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe PRC - [2009/11/13 11:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009/10/24 02:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe PRC - [2009/09/10 16:50:16 | 001,368,064 | ---- | M] (U3 LLC) -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/03/21 18:30:00 | 001,191,936 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2006/03/16 14:47:04 | 000,061,440 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011/10/13 02:16:39 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll MOD - [2011/10/13 02:16:38 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll MOD - [2011/10/13 02:13:55 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011/10/13 02:13:41 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll MOD - [2011/10/13 02:13:31 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll MOD - [2011/10/13 02:13:28 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll MOD - [2011/10/13 02:12:47 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011/10/13 02:12:38 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011/10/13 02:12:03 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011/10/13 02:11:58 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011/10/13 02:11:48 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011/10/13 02:11:26 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011/10/13 02:09:35 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2011/10/13 02:09:35 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2011/10/13 02:09:31 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2011/10/13 02:09:30 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2011/10/13 02:09:17 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2011/10/13 02:09:16 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011/10/13 02:09:13 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2011/10/13 02:09:11 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2011/10/13 02:09:03 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2011/10/13 02:08:46 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/04/03 07:58:15 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2011/04/03 07:58:14 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2011/04/03 07:58:12 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2011/04/03 07:58:12 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll MOD - [2011/04/03 07:58:12 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2011/04/03 07:58:12 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll MOD - [2011/04/03 07:58:11 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2011/04/03 07:58:10 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2011/04/03 07:58:10 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2011/04/03 07:58:10 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2011/04/03 07:58:10 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2010/04/10 11:08:23 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/04/10 11:08:21 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll MOD - [2010/04/10 11:08:19 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2010/04/10 11:08:18 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2010/04/10 11:08:09 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2010/04/10 11:08:09 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2010/04/10 11:08:09 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2010/04/10 11:08:09 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2010/04/10 11:08:08 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2010/04/10 11:08:08 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2010/04/10 11:08:08 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2009/11/17 11:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll MOD - [2009/08/19 15:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll MOD - [2009/07/29 15:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007/12/04 23:41:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360) SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2009/11/17 11:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2011/11/13 03:36:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111113.005\NAVEX15.SYS -- (NAVEX15) DRV - [2011/11/13 03:36:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011/11/13 03:36:04 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/11/13 03:36:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111113.005\NAVENG.SYS -- (NAVENG) DRV - [2011/11/12 10:41:56 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011/11/11 16:47:24 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111111.030\IDSXpx86.sys -- (IDSxpx86) DRV - [2011/10/27 23:14:16 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP) DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2011/03/21 17:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI) DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA) DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS) DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON) DRV - [2009/11/17 11:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2008/07/12 13:45:52 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2008/07/12 08:16:05 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2007/11/14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2007/07/18 04:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005/10/27 14:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61) DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005/02/01 17:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY) DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 4C 74 DB 1D 8B CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6 FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Virtools SA)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/11/13 03:20:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/11/13 03:20:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/15 07:52:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/15 07:47:44 | 000,000,000 | ---D | M]
[2010/01/17 09:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lia\Application Data\Mozilla\Extensions [2011/11/15 06:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lia\Application Data\Mozilla\Firefox\Profiles\zc44vxde.default\extensions [2011/01/10 20:10:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Lia\Application Data\Mozilla\Firefox\Profiles\zc44vxde.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/11/15 07:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/04 23:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/04 20:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/04 20:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2006/02/28 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.0.0.125\coIEPlg.dll File not found O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.0.0.125\IPS\IPSBHO.DLL File not found O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.0.0.125\coIEPlg.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.34.14/ttinst.cab (Toontown Installer ActiveX Control) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe (Virtools WebPlayer Class) O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5473/mcfscan.cab (McFreeScan Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{087F053B-40E6-4659-ABC5-253CBA7EFC94}: DhcpNameServer = 75.75.75.75 75.75.76.76 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Lia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/12 12:36:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/12/30 18:30:34 | 000,000,129 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{3ab9a840-f700-11de-9edc-001ee52788f9}\Shell - "" = AutoRun O33 - MountPoints2\{3ab9a840-f700-11de-9edc-001ee52788f9}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3ab9a840-f700-11de-9edc-001ee52788f9}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{b1b3e50f-5040-11dd-b08b-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{b1b3e50f-5040-11dd-b08b-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b1b3e50f-5040-11dd-b08b-806d6172696f}\Shell\AutoRun\command - "" = D:\NBRTSTRT.EXE -- [2011/08/09 07:19:15 | 000,127,960 | R--- | M] (Symantec Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2055/01/03 06:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2055/01/03 06:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com [2011/11/26 14:53:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lia\Desktop\OTL.exe [2011/11/26 13:41:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/11/26 13:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Temp File Cleaner [2011/11/26 13:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lia\Start Menu\Programs\Temp File Cleaner [2011/11/20 10:45:39 | 000,000,000 | ---D | C] -- C:\NBRT [2011/11/19 16:42:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard [2011/11/19 16:42:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0401000.00F [2011/11/19 16:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard [2011/11/19 16:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard [2011/11/19 16:29:34 | 000,815,312 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Lia\Desktop\NBRT-Retail-Downloader.exe [2011/11/19 14:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lia\Start Menu\Programs\Norton [2011/11/19 14:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton [2011/11/19 13:35:45 | 002,562,040 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Lia\Desktop\bs.exe [2011/11/19 13:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lia\Local Settings\Application Data\NPE [2011/11/19 12:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lia\Start Menu\Programs\HiJackThis [2011/11/15 08:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lia\Application Data\Malwarebytes [2011/11/04 18:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer [2011/11/03 17:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2011/11/03 17:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/11/03 17:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011/11/03 17:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/11/03 17:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/11/03 17:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer [2011/11/03 17:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/11/26 14:32:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-492894223-839522115-1005UA.job [2011/11/26 13:43:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lia\Desktop\OTL.exe [2011/11/26 13:36:32 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Lia\Desktop\Temp File Cleaner.lnk [2011/11/26 13:31:36 | 001,785,905 | ---- | M] () -- C:\Documents and Settings\Lia\Desktop\TempFileCleaner_3.1.1_Setup.exe [2011/11/26 07:47:56 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk [2011/11/26 07:47:56 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2011/11/26 07:47:54 | 000,013,744 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/11/26 07:47:54 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2011/11/26 07:47:54 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job [2011/11/26 07:47:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/11/19 16:43:13 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK [2011/11/19 16:42:19 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\Lia\Desktop\Norton Installation Files.lnk [2011/11/19 16:25:00 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Lia\Application Data\SMRResults210.dat [2011/11/19 14:51:36 | 000,815,312 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Lia\Desktop\NBRT-Retail-Downloader.exe [2011/11/19 13:40:37 | 000,000,223 | ---- | M] () -- C:\boot.ini [2011/11/19 13:27:04 | 002,562,040 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Lia\Desktop\bs.exe [2011/11/19 13:08:50 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Lia\Desktop\HiJackThis.lnk [2011/11/15 08:12:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/15 07:52:42 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Lia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/11/15 07:52:42 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/11/15 04:54:27 | 000,436,678 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/11/15 04:54:27 | 000,069,130 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/11/13 10:32:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-492894223-839522115-1005Core.job [2011/11/13 03:19:53 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK [2011/11/13 03:19:16 | 000,701,768 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\Cat.DB [2011/11/13 03:16:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job [2011/11/13 03:00:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/11/12 10:41:56 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2011/11/12 10:41:56 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2011/11/12 10:41:56 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2011/11/12 10:41:56 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2011/11/05 08:39:04 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/11/03 17:56:56 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2011/11/03 17:51:04 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2011/11/03 17:51:04 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Lia\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/11/03 17:47:08 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/11/03 16:59:35 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Lia\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/11/02 16:44:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/11/26 13:36:32 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Lia\Desktop\Temp File Cleaner.lnk [2011/11/26 13:36:14 | 001,785,905 | ---- | C] () -- C:\Documents and Settings\Lia\Desktop\TempFileCleaner_3.1.1_Setup.exe [2011/11/19 16:43:13 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK [2011/11/19 16:42:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0401000.00F\isolate.ini [2011/11/19 16:24:59 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Lia\Application Data\SMRResults210.dat [2011/11/19 14:42:00 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Lia\Desktop\Norton Installation Files.lnk [2011/11/19 12:40:33 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Lia\Desktop\HiJackThis.lnk [2011/11/15 08:12:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/15 07:52:42 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Lia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/11/15 07:52:42 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2011/11/15 07:52:42 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/11/03 17:56:56 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2011/11/03 17:47:08 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/09/20 13:38:23 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/05/12 11:40:29 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Lia\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/04/04 20:35:53 | 001,169,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/06/07 07:54:43 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI [2010/04/04 14:48:51 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Lia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/15 19:09:12 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin [2010/01/10 11:02:02 | 000,011,421 | ---- | C] () -- C:\Documents and Settings\Lia\Application Data\Comma Separated Values (DOS).TSK [2010/01/10 11:01:18 | 000,038,440 | ---- | C] () -- C:\Documents and Settings\Lia\Application Data\Comma Separated Values (DOS).ADR [2010/01/10 11:00:14 | 000,012,972 | ---- | C] () -- C:\Documents and Settings\Lia\Application Data\Comma Separated Values (DOS).CAL [2010/01/10 10:33:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/01/03 14:35:22 | 000,000,100 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI [2010/01/03 14:25:07 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL [2010/01/03 12:40:04 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll [2010/01/01 13:07:59 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2010/01/01 13:07:59 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2010/01/01 13:07:59 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2010/01/01 13:07:59 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2010/01/01 13:07:59 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2010/01/01 13:07:59 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2010/01/01 13:07:59 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2010/01/01 13:07:59 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2010/01/01 13:07:59 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2010/01/01 13:07:59 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2010/01/01 13:07:59 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2010/01/01 13:07:59 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2010/01/01 13:07:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2010/01/01 13:07:58 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2010/01/01 13:07:58 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2010/01/01 13:07:58 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2010/01/01 13:07:58 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2010/01/01 13:07:58 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2010/01/01 13:07:58 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2010/01/01 12:52:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/12/26 21:12:19 | 000,024,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/11/17 11:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2009/11/17 11:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2008/12/16 20:51:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008/11/16 17:07:25 | 000,000,527 | ---- | C] () -- C:\WINDOWS\System32\TDSSmtve.dat [2008/11/16 13:53:47 | 000,000,349 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/07/23 21:24:26 | 000,001,211 | ---- | C] () -- C:\WINDOWS\ARCADE2.INI [2008/07/23 10:03:42 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\TTSServer.dll [2008/07/23 10:01:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2008/07/23 09:55:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\EReg515.dat [2008/07/23 09:51:41 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini [2008/07/23 09:51:33 | 000,000,203 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2008/07/21 19:16:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2008/07/12 13:51:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008/07/12 13:43:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/07/12 12:48:49 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2008/07/12 12:37:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/07/12 12:34:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/07/12 12:22:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/07/12 12:20:02 | 000,147,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/12/04 23:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/12/04 23:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2007/12/04 23:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/12/04 23:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2007/12/04 23:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/12/04 23:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/12/04 23:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2007/12/04 23:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2007/12/04 23:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 05:00:00 | 000,436,678 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 05:00:00 | 000,069,130 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[color=#E56717]========== LOP Check ==========[/color]
[2010/01/01 13:02:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2009/06/05 19:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2009/09/19 11:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2010/08/13 07:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion [2009/05/16 11:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2010/01/01 11:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital [2009/03/21 16:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010/04/25 06:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/19 16:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/07 17:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2011/08/13 05:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lia\Application Data\.oit [2010/01/02 16:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lia\Application Data\ICAClient [2010/01/01 13:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lia\Application Data\Panasonic [2010/02/15 19:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lia\Application Data\Research In Motion [2010/01/03 13:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lia\Application Data\University of New Mexico Hospitals [2010/01/01 11:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lia\Application Data\Western Digital [2011/11/26 07:47:54 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2011/11/26 07:47:54 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job [2011/11/13 03:16:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[color=#E56717]========== Purity Check ==========[/color] | actions · 2011-Nov-26 5:41 pm · (locked) | lilhurricane |
to jwoods1681
EXTRASOTL Extras logfile created on: 11/26/2011 2:54:25 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lia\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 510.78 Mb Available Physical Memory | 49.91% Memory free 2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.67% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 146.36 Gb Total Space | 87.28 Gb Free Space | 59.63% Space Free | Partition Type: NTFS Drive D: | 495.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: WFHOMEMBW | User Name: Lia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "C:\Documents and Settings\Marco\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Marco\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin "C:\Documents and Settings\Marco\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Marco\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin "C:\Program Files\Novell\GroupWise\grpwise.exe" = C:\Program Files\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise -- (Novell, Inc.) "C:\Program Files\Novell\GroupWise\notify.exe" = C:\Program Files\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify -- (Novell, Inc.) "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion) "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D "{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160 "{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 19 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4 "{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer "{2D946698-40BE-47D0-85AA-D30D0E1CD5EA}" = GroupWise "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{3B4ABF80-EAA2-012B-AE5C-000000000000}" = TurboTax 2009 wnmiper "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter "{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA Player 4.1 "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari "{653BB2E2-267F-4AB3-9B56-2BF76922B041}" = Petz Sports "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{82503EA7-7E08-4AA8-90E9-BE4D0A6D453F}" = Adobe Setup "{83B48E1F-F38A-4169-A83A-71C7814512F9}" = TurboTax 2010 wnmiper "{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe "{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin "{ABBEB1E5-1636-4437-BF15-4ACAD36488BE}" = Nicktoons Slimeball Multiplayer "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0 "{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Adobe_b2b4b1546e74314f8131ded43e4bd9d" = Adobe Flash CS3 Professional "Ask Toolbar_is1" = Ask Toolbar "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0 "Canon iP6700D User Registration" = Canon iP6700D User Registration "CanonMyPrinter" = Canon My Printer "ClueFinders 6th Grade Adventures" = ClueFinders 6th Grade Adventures "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Comcast Rhapsody" = Comcast Rhapsody "Disney Toontown Online" = Disney Toontown Online "Disney's Toontown Online" = Disney's Toontown Online "EADM" = EA Download Manager "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-WebPrint" = Easy-WebPrint "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Kid Pix Deluxe 3" = Kid Pix Deluxe 3 "Launchpad_is1" = Launchpad 1.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover "MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English) "N360" = Norton Security Suite "NBRTWizard" = Norton Bootable Recovery Tool Wizard "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Port Royale 2" = Port Royale 2 "RegCure" = RegCure 2.0.0.0 "Return of Arcade 2.0" = Return of Arcade Anniversary Edition "Scooby-Doo(TM), Showdown in Ghost Town(TM)" = Scooby-Doo(TM), Showdown in Ghost Town(TM) "SystemRequirementsLab" = System Requirements Lab "Temp File Cleaner" = Temp File Cleaner "TurboTax 2009" = TurboTax 2009 "TurboTax 2010" = TurboTax 2010 "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine "UnityWebPlayer" = Unity Web Player "Wii Max Media Manager Pro_is1" = Wii Max Media Manager Pro "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ] Error - 11/3/2011 8:32:22 PM | Computer Name = WFHOMEMBW | Source = Bonjour Service | ID = 100 Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Error - 11/3/2011 8:32:22 PM | Computer Name = WFHOMEMBW | Source = Bonjour Service | ID = 100 Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Error - 11/4/2011 9:35:31 PM | Computer Name = WFHOMEMBW | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error - 11/4/2011 9:35:31 PM | Computer Name = WFHOMEMBW | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error - 11/12/2011 1:29:33 PM | Computer Name = WFHOMEMBW | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/15/2011 7:54:24 AM | Computer Name = WFHOMEMBW | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 12026, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section.
Error - 11/15/2011 7:54:24 AM | Computer Name = WFHOMEMBW | Source = LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The Error code is the first DWORD in Data section.
Error - 11/15/2011 7:54:27 AM | Computer Name = WFHOMEMBW | Source = LoadPerf | ID = 3001 Description = The performance counter name string value in the registry is incorrectly formatted. The bogus string is 12026, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section.
Error - 11/19/2011 4:32:56 PM | Computer Name = WFHOMEMBW | Source = Application Error | ID = 1005 Description = Windows cannot access the file F:\mbam-setup-1.51.2.1300.exe for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program mbam-setup-1.51.2.1300.exe because of this error. Program: mbam-setup-1.51.2.1300.exe File: F:\mbam-setup-1.51.2.1300.exe
The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000000E Disk type: 2
Error - 11/19/2011 4:33:40 PM | Computer Name = WFHOMEMBW | Source = Application Error | ID = 1000 Description = Faulting application bs.exe, version 0.0.0.0, faulting module bs.exe, version 0.0.0.0, fault address 0x003ff743.
[ System Events ] Error - 11/20/2011 2:33:32 PM | Computer Name = WFHOMEMBW | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2
Error - 11/20/2011 2:33:32 PM | Computer Name = WFHOMEMBW | Source = Service Control Manager | ID = 7024 Description = The Norton Security Suite service terminated with service-specific error 4294967295 (0xFFFFFFFF).
Error - 11/20/2011 6:16:55 PM | Computer Name = WFHOMEMBW | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2
Error - 11/20/2011 6:16:55 PM | Computer Name = WFHOMEMBW | Source = Service Control Manager | ID = 7024 Description = The Norton Security Suite service terminated with service-specific error 4294967295 (0xFFFFFFFF).
Error - 11/26/2011 10:47:48 AM | Computer Name = WFHOMEMBW | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2
Error - 11/26/2011 10:47:48 AM | Computer Name = WFHOMEMBW | Source = Service Control Manager | ID = 7024 Description = The Norton Security Suite service terminated with service-specific error 4294967295 (0xFFFFFFFF).
Error - 11/26/2011 4:18:21 PM | Computer Name = WFHOMEMBW | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Error - 11/26/2011 4:18:21 PM | Computer Name = WFHOMEMBW | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.
Error - 11/26/2011 4:18:21 PM | Computer Name = WFHOMEMBW | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Error - 11/26/2011 4:18:21 PM | Computer Name = WFHOMEMBW | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. | actions · 2011-Nov-26 5:41 pm · (locked) | lilhurricane |
to jwoods1681
CheckupResults of screen317's Security Check version 0.99.28 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] Windows Firewall Disabled! ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Malwarebytes' Anti-Malware Temp File Cleaner Java(TM) 6 Update 19 Java(TM) 6 Update 4 Java(TM) 6 Update 7 [color=red]Java version out of date![/color] Adobe Flash Player 11.0.1.152 Adobe Reader 9 [color=red](Adobe Reader out of date![/color] Mozilla Firefox (8.0.) ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] ``````````End of Log```````````` | actions · 2011-Nov-26 5:42 pm · (locked) | |
to lilhurricane
Re: [Malware] Can't find a virus, but Norton won't startYes I did. The problem wasn't executing the program. It tries to get an update and can't. It gave me a warning and asked if my proxy was properly configured. | actions · 2011-Nov-26 6:48 pm · (locked) |
1 recommendation |
to jwoods1681
The is no major exploit showing in the logs, but you do have problems. There are leftovers from a previous McAfee installation. They should have been removed before Norton was installed. What I am going to do is scan your computer with Microsoft's System Sweeper (it runs from it's own CD) to make sure you system is clean. Then we'll clean up the McAfee leftovers, and finally remove and re-install Norton. Be sure to follow the steps in order, and if issues arise, stop and post. First:Using another computer with the ability to create a CD. Download Microsoft System Sweeper from the this link: » connect.microsoft.com/sy ··· msweeperFollow the instructions there to download and create the bootable CD, then boot the computer in question from the CD and let the program run. Second:Download and run the McAfee removal tool from here: » service.mcafee.com/FAQDo ··· TS100507Restart your computer after running the tool, unless the tool does it for you. Third:Download the Norton Installer for the program and version you use. Save it where it is easily accesssible on the computer in question. Also download the Norton Removal Tool from here: » www-secure.symantec.com/ ··· t_pubwebSave it where it is easily accesssible on the computer in question Fourth:Use the Add/Remove Programs to uninstall Norton. Restart your computer is the removal process does not. Run the Norton Removal Tool you previously downloaded. Restart after if the removal tool does not. Fifth:Post back and let me know the status of Norton, as well as the computer itself. | actions · 2011-Nov-26 7:50 pm · (locked) | |
Well, I created the CD with no problem. The CD boots just fine, but I get an error message:
Microsoft Standalone System Sweeper cannot be started. Please contact support.
Error Code: 0x8004cc05
Should I proceed with the other steps or is something fundamentally wrong? | actions · 2011-Nov-27 6:04 pm · (locked) | |
to jwoods1681
That error has been reported and there are a few work arounds, but no definitive answer. In this case, let's skip that step.
Make sure you have all the downloads done before proceeding.
Post back after Norton is installed. If it installs and runs, then do a complete scan with it,. | actions · 2011-Nov-27 7:38 pm · (locked) | |
Well, I've followed steps 3-5 and the situation has improved significantly. I no longer seem to be blocked from the internet and the PC appears to operate just time. I downloaded the Comcast's Norton-Based security solution. It first downloads something call ConstantGuard, which appears to be some type of gatekeeper for your browser. You then use constant guard to download the security suite which includes the anti-virus protection. The download goes fine, but then the installer tells me it's encountered a problem and has to quit. I've tried several times and I can't get the security suite to install. I've got a help request out to Comcast, but if you have any suggestions, I'd love to hear them.
Regardless, I'd like to thank you for your help. This felt pretty hopeless, but you've been incredibly helpful and patient. | actions · 2011-Nov-30 10:29 pm · (locked) | |
to jwoods1681
CGPS (Constant Guard Protection System) is garbageware. Too many problems for a marginal product. My standard recommendation in the Comcast Support Forums is to use Add/Remove Programs and uninstall CGPS. Note that this will NOT remove Norton.
After removing CGPS, reboot, and post back to let me know the status. | actions · 2011-Dec-1 10:39 am · (locked) | |
Tried your suggestions and still on-go. NSS just won't install. At this point, I punted and installed the free version of Avast. I use the Enterprise version at work and I've heard good things about the freeware version. I think I'll stick with it for a while and see how things go.
Thanks again for your help and patience. | actions · 2011-Dec-4 10:12 am · (locked) |
1 recommendation |
to jwoods1681
Thanks for letting me know. There are some quirks with the Comast version of Norton Security Suite. If you decide to try it again in the future. Post in the Comcast forums and I can alert one of the experts more familiar with the problem. We still need to cleanup from here... Cleaning Up:Delete TFC: - Delete the TFC icon on your Desktop
Delete OTL: - Double click the OTL icon on your Desktop
- Press the 'Cleanup' button
Delete Security Check: - Delete the SecurityCheck icon on your Desktop
Delete Malware Bytes: - We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.
Other Programs: - If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.
| actions · 2011-Dec-4 6:33 pm · (locked) |
|