Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijacked and Crashed Norton


  • Please log in to reply

#1
silver moma

silver moma

    New Member

  • Member
  • Pip
  • 8 posts
Hi- I am back again. Something hijacked my computer and crashed Norton. :)

I was installing new software which required activation but I was not able to connect to my internet browser. Then something was downloading and Norton crashed. The big red x came up. I had to shut down and go off line to reinstall Norton. Two things: C:\Program Files\google\update\googleupdate.exe and C:\windows\explorer.exe keeps targeting C:\Program Files\NortonAntivirus\NortonAntiVirus Engine\16.7.2.11\MCUI32.exe and C:\Program Files\Symantec\LiveUpdate\AluSchdulerSve.exe

I ran TFC, System Restore, ERUNT, Malwarebytes'Anti-Malware, Norton, Rootkit and OTL. Here are the logs:

OTL logfile created on: 12/6/2009 3:43:55 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Elaine Soo Hoo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.48% Memory free
2.60 Gb Paging File | 2.14 Gb Available in Paging File | 82.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 12.40 Gb Free Space | 32.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.05 Gb Total Space | 125.81 Gb Free Space | 84.41% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 644.60 Gb Free Space | 69.22% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELAINE
Current User Name: Elaine Soo Hoo
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/06 15:42:46 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine Soo Hoo\Desktop\OTL.exe
PRC - [2009/10/03 03:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/08/25 18:34:37 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/04/04 16:04:25 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/06/19 06:09:18 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/11/16 10:00:00 | 00,122,880 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2005/02/15 17:36:52 | 00,106,496 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
PRC - [2004/05/14 17:53:26 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2003/09/15 16:53:06 | 00,503,869 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (SafeList) ==========

MOD - [2009/12/06 15:42:46 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine Soo Hoo\Desktop\OTL.exe
MOD - [2005/02/15 17:36:36 | 00,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\SYSTEM32\TabHook.dll


========== Win32 Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 72 3E 65 8A 72 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/04 16:06:18 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...ector/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} http://install.wildt...mix/install.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.co...,15/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://usgbc.webex....bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/25 10:49:57 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/25 10:49:57 | 00,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/08/08 22:59:20 | 00,000,000 | ---D | M] - F:\Autodesk -- [ FAT32 ]
O32 - AutoRun File - [2009/10/25 11:50:06 | 00,000,000 | R--D | M] - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{389bb920-d9a8-11de-b77d-000bdbbef275}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{389bb920-d9a8-11de-b77d-000bdbbef275}\Shell\Install\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/10/07 09:38:42 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\SYSTEM32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/12/06 15:42:42 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elaine Soo Hoo\Desktop\OTL.exe
[2009/12/06 14:51:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Elaine Soo Hoo\Desktop\12-6 Logs
[2009/12/06 09:00:18 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\symtdi.sys
[2009/12/06 09:00:17 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\symfw.sys
[2009/12/06 09:00:17 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\symndisv.sys
[2009/12/06 09:00:17 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\symndis.sys
[2009/12/06 09:00:17 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\symids.sys
[2009/12/06 09:00:16 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\SymEFA.sys
[2009/12/06 09:00:16 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\srtsp.sys
[2009/12/06 09:00:16 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\srtspx.sys
[2009/12/06 09:00:15 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\BHDrvx86.sys
[2009/12/06 08:59:32 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\cchpx86.sys
[2009/12/06 08:59:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1007020.00B
[2009/12/05 21:54:30 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/12/05 21:53:50 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/05 21:53:49 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/05 21:52:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2009/12/05 21:52:25 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/12/05 21:36:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/12/05 21:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/12/05 16:42:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Elaine Soo Hoo\Desktop\12-5 Logs
[2009/12/01 22:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\WinUndelete
[2009/12/01 15:43:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/12/01 11:33:16 | 00,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[35 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/06 15:42:46 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine Soo Hoo\Desktop\OTL.exe
[2009/12/06 15:40:30 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/06 15:37:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/06 15:33:38 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/12/06 15:33:34 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/06 15:33:06 | 16,252,928 | -H-- | M] () -- C:\Documents and Settings\Elaine Soo Hoo\NTUSER.DAT
[2009/12/06 15:33:06 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Elaine Soo Hoo\NTUSER.INI
[2009/12/06 15:03:55 | 00,000,365 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2009/12/06 15:03:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/06 15:03:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/12/06 15:03:09 | 21,454,56128 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/06 14:33:55 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Elaine Soo Hoo\Desktop\Microsoft Office Outlook 2003.lnk
[2009/12/06 09:05:01 | 00,756,174 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\Cat.DB
[2009/12/06 09:04:05 | 00,002,084 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/12/06 09:00:20 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/06 09:00:20 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/06 09:00:20 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/06 09:00:20 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/06 08:59:32 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\cchpx86.sys
[2009/12/06 08:59:27 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\symnetv.cat
[2009/12/06 08:59:27 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\SymNetV.inf
[2009/12/06 08:59:27 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\isolate.ini
[2009/12/05 08:59:56 | 00,064,664 | ---- | M] () -- C:\Documents and Settings\Elaine Soo Hoo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/05 08:57:24 | 00,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/04 18:00:09 | 00,000,460 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/12/03 10:09:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/01 21:41:11 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Elaine Soo Hoo\Desktop\Microsoft Office Word 2003.lnk
[2009/12/01 21:37:48 | 00,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf
[2009/12/01 08:34:30 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Elaine Soo Hoo\Desktop\~$asing Strategy-Route128.doc
[2009/11/25 04:39:45 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 06:38:34 | 00,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk

========== Files Created - No Company Name ==========

[2009/12/06 09:04:43 | 00,756,174 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\Cat.DB
[2009/12/06 09:00:17 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\SymNet.cat
[2009/12/06 09:00:17 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\SymNet.inf
[2009/12/06 09:00:16 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\SymEFA.cat
[2009/12/06 09:00:16 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\srtspx.cat
[2009/12/06 09:00:16 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\SymEFA.inf
[2009/12/06 09:00:16 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\srtspx.inf
[2009/12/06 09:00:15 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\srtsp.cat
[2009/12/06 09:00:15 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\ccHPx86.cat
[2009/12/06 09:00:15 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\ccHPx86.inf
[2009/12/06 09:00:15 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\srtsp.inf
[2009/12/06 09:00:14 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\bhdrvx86.cat
[2009/12/06 09:00:14 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\BHDrvx86.inf
[2009/12/06 08:59:27 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\symnetv.cat
[2009/12/06 08:59:27 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\SymNetV.inf
[2009/12/06 08:59:27 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1007020.00B\isolate.ini
[2009/12/05 21:53:50 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/05 21:53:49 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/05 21:53:30 | 00,002,084 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/12/01 21:37:48 | 00,000,224 | ---- | C] () -- C:\WINDOWS\System32\9B13A86D.plf
[2009/12/01 15:50:21 | 00,000,460 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/12/01 15:11:02 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Elaine Soo Hoo\Desktop\~$asing Strategy-Route128.doc
[2009/11/23 06:38:33 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2008/05/11 10:25:39 | 00,010,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/11 07:55:30 | 00,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/03 15:36:26 | 00,000,077 | ---- | C] () -- C:\WINDOWS\m2khd.ini
[2006/04/11 22:13:40 | 00,005,896 | ---- | C] () -- C:\Documents and Settings\Elaine Soo Hoo\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/04/11 22:13:40 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/01/08 20:57:13 | 00,000,271 | ---- | C] () -- C:\WINDOWS\hpqgrcpy.INI
[2006/01/08 20:10:02 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/24 14:43:00 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2005/11/10 11:53:52 | 00,000,166 | ---- | C] () -- C:\WINDOWS\RmFile.ini
[2005/11/10 11:53:46 | 00,000,012 | ---- | C] () -- C:\WINDOWS\PROGMAN.INI
[2005/11/10 11:52:42 | 00,026,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\pen.drv
[2005/11/10 11:52:42 | 00,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpad.drv
[2005/11/10 11:52:42 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\yesmouse.drv
[2005/11/10 11:52:42 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\Fine.ini
[2005/11/10 11:52:42 | 00,000,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\fine.ini
[2005/11/10 11:52:42 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\drivers\fineps2.ini
[2004/12/04 21:25:44 | 00,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2004/11/27 09:36:05 | 00,000,045 | ---- | C] () -- C:\WINDOWS\BKKDHIHP.ini
[2004/04/06 19:31:31 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Elaine Soo Hoo\Local Settings\Application Data\fusioncache.dat
[2004/03/12 19:33:50 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/01/11 15:24:15 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Elaine Soo Hoo.ini
[2004/01/11 11:38:05 | 00,000,050 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2004/01/03 10:23:09 | 00,000,022 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2003/11/09 12:25:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Elaine Soo Hoo\Application Data\dm.ini
[2003/10/22 21:14:04 | 00,000,115 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2003/10/22 21:06:42 | 00,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/10/22 21:06:21 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/10/19 13:04:09 | 00,025,365 | ---- | C] () -- C:\Documents and Settings\Elaine Soo Hoo\Application Data\Comma Separated Values (Windows).ADR
[2003/10/19 10:59:33 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Elaine Soo Hoo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/10/19 10:01:02 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/10/07 10:17:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/07 10:15:34 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/07 09:52:29 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/07 09:42:48 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/09/15 16:41:56 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/09/15 16:41:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/09/15 16:36:40 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/09/15 16:27:04 | 00,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2003/08/13 22:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2007/09/30 18:43:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Advanced Chemistry Development
[2009/10/09 14:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/12/01 15:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/06/06 11:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/10/25 18:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/05 21:36:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/12/06 07:07:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/05/17 20:24:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/06/11 21:11:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/09 14:25:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Soo Hoo\Application Data\Autodesk
[2009/03/03 07:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Soo Hoo\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/27 05:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Soo Hoo\Application Data\Foxit
[2009/10/25 16:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Soo Hoo\Application Data\GetRightToGo
[2003/11/02 22:12:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Soo Hoo\Application Data\Leadertech
[2009/09/23 11:29:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Elaine Soo Hoo\Application Data\webex
[2009/12/04 18:00:09 | 00,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2001/08/17 13:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2003/01/31 15:43:30 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=3C33F5479520844A186C2D43ECFFD477 -- C:\I386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2002/08/29 05:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 05:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2002/08/29 05:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 12/6/2009 3:43:55 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Elaine Soo Hoo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.48% Memory free
2.60 Gb Paging File | 2.14 Gb Available in Paging File | 82.31% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 12.40 Gb Free Space | 32.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.05 Gb Total Space | 125.81 Gb Free Space | 84.41% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 644.60 Gb Free Space | 69.22% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ELAINE
Current User Name: Elaine Soo Hoo
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028814FB-D05F-495E-81D7-636A87321025}" = CreativeProjectsTemplates
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11680998-6792-4DE9-8DE1-D6D041418B26}" = SkinsHP1
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{25B03E5B-6406-46EC-89C8-819FC2A5EF79}" = ArcSoft Panorama Maker 3.5
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3662AF19-6E4B-4F6D-A61C-F3CB6D67097D}" = QuickProjects
"{3C216C29-D74B-4ACF-852A-82C4F3EED2F7}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5329AD26-1D03-B437-263A-6DF49A433366}" = Acrobat.com
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{572FBF5D-3BAA-42FF-A468-A54C2C0A17C3}" = Autodesk Revit Architecture 2010
"{5783F2D7-0131-0409-0001-0060B0CE6BBA}" = Autodesk i-drop Indicator
"{5783F2D7-4009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2006 - English
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{60BC5454-0DC9-413a-9241-BAE4231FCD26}" = HP Scanjet 4600
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{696C94BC-44BC-4B8E-ABAA-6FFC0F11A6D3}" = PhotoGallery
"{7107A761-B2F7-4BB0-84DA-CD90B562A72D}" = Director
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{827ECAB7-3F8E-4A66-A663-67A8F678536C}" = CreativeProjects
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90180409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{A10A14F5-DF18-4151-9EB0-B79ABBFE6863}" = WebReg
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3A77A42-DCF7-4830-AE0E-8CEE34A76200}" = CueTour
"{B6D4C963-742C-46BF-BC7A-16ADD39FF3B7}" = Destinations
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3502B86-FAC7-43AA-82D8-AB30EC51596A}" = PrintScreen
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E09FA6F2-FC66-4AA5-AE52-F37C6EAACC81}" = hpg4600
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E889F95A-B9E3-4580-B3D7-43DBC9C9CD43}" = TrayApp
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FE90E9E7-A158-4687-8853-DF677A939A61}" = WIDCOMM Bluetooth Software
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Autodesk Revit Architecture 2010" = Autodesk Revit Architecture 2010
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP CD Writer" = dBpowerAMP CD Writer
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DellSupport" = Dell Support 5.0.0 (766)
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"GMAT POWERPREP" = GMAT POWERPREP
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"Home Improvement 1-2-3" = Home Improvement 1-2-3
"HP Photo & Imaging" = HP Image Zone 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MemoriesOnTV Mpeg2 Plugin_is1" = Uninstall MPEG2 Plugin
"MemoriesOnTV_is1" = MemoriesOnTV 2.1.7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PRJSTDR" = Microsoft Office Project Standard 2007
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Tablet Driver" = Tablet
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinUndelete" = WinUndelete
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >

Malwarebytes' Anti-Malware 1.41
Database version: 3046
Windows 5.1.2600 Service Pack 3

12/6/2009 2:51:21 PM
mbam-log-2009-12-06 (14-51-21).txt

Scan type: Quick Scan
Objects scanned: 109685
Time elapsed: 14 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/06 14:55
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0473000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79D9000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAF7F5000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF743F000 Size: 323584 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x89e57318

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x89e6fe50

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x89ec1b98

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x89e1a050

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89da51e8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb0813130

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x89d02eb0

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x89e74890

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a203120

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x89ebf050

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb08133b0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb0813910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8a1d68c0

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a0b05f8

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x89cfe050

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x89d05050

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8a196dc8

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a121fb0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x89e1f050

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x89cff618

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a0795c8

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8a1dc1e8

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x89cf7058

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x89e74960

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x89df8d08

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a09fe50

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a10ee08

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x89e4a050

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb0813b60

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a1b9208

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x89e6ce50

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x89ecf868

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x89e2c9e0

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x89e2de50

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a1adda0

==EOF==

Please let me know if you need other information. Thank you for your help!!!

Silver Moma
  • 0

Advertisements


#2
silver moma

silver moma

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
:) After reinstalling Norton and running the malwarebyte, tfc and norton, I have not found any culprits and my computer is running fairly normally. (Knock on wood). I just could not understand what made norton crashed and if it was going to happen again.
Thanks for your time and if you find anything that is odd, please let me know.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP