Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Boot.Tidserv


  • This topic is locked This topic is locked

#1
mewsician

mewsician

    Member

  • Member
  • PipPip
  • 19 posts
You guys are the best! That's why I'm here. You've solved every computer problem I've had so far.

I use Windows XP, IE7, Firefox 3+ (the version right before 4.0), Norton Internet Security 2011 and the Windows firewall. Why do I use that Windows firewall? Because I'm SICK and tired of futsing around with virus removal, and I figure two firewalls are better than one.

This morning while reading a news article from a reputable news organization, a Firefox box popped up that said Add-ons. In the box were four Java downloads (I did not request these). Two seconds later, a Norton box popped up that said YOUR COMPUTER IS INFECTED.

I did a full scan, then went to Norton support, blah, blah, blah. After two hours I got info that my virus was Boot.Tidserv and Backdoor.Tidserv. More blah, blah, blah and finally Norton's Power Eraser announced the following:

Risk Result
PhysicalDriveO removed
dledve.dll failed
idabubovidogosix.dll removed

I copied Norton's bootable recovery tool because everywhere I read today about these trojans people could not boot their computers.

Finally, here's my question. My computer DOES boot and seems to be running okay. What are the odds that that file that failed to be removed, dledve.dll, is still infected? Every Norton scan I did, even with both trojans on my computer, said there was no infection. The only way I knew that there WAS an infection was that the Norton box stayed on the bottom right of my computer. It's gone now, but the power eraser scan says one file failed to be cleaned or removed.

Thoughts? I want to download IE8 tonight, but not if my computer might be infected.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One way to find out :) Lets have a look

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
mewsician

mewsician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you, Essexboy! I'm going to try this. I have two problems though: 1) I've had cataract surgery recently and don't see all that well yet, so it will take me a while; 2) I used to be an intermediate user, but haven't had a computer class in so long that I may have dropped back to advanced beginner.

Will it be obvious how to post those logs when I'm done?
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes aswMBR will have a text file on the desktop, and once OTL has completed it will open two text files

If it is easier for you then just attach the logs using the Browse then Attach keys at the bottom left of the posting page

[attachment=49885:Capture.GIF]
[attachment=49886:Capture1.GIF]
  • 0

#5
mewsician

mewsician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hell0 again, Essexboy!

Downloaded the information you provided yesterday, and realizing I could not see well enough (yes, this is a PROBLEM) to do the actual tasks, I called a geek friend who is going to come over today and do the work for me. My computer boots and is not slow, so I thought I could use it in the meantime. I was visiting what I thought were innocuous sites looking for a tree to plant.

Low and behold, a few minutes ago, a Norton box popped up saying I was INFECTED by that same nasty little .dll file we spoke about yesterday. Apparently a trojan actually places the file on your computer. Norton, this time, decided to remove it. I think we will still run the stuff you sent me, though.

Hard to tell where I'm getting these trojans from, but I'm beginning to suspect Firefox. So here are today's questions:

1. Have you had any experience with Firefox not being safe with Norton?
2. How can I send you guys a donation?

Thanks, again.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

1. Have you had any experience with Firefox not being safe with Norton?

I can not give a realistic answer to that as I use neither. However the method of infection could well be a hacked page with a java redirect in it - this is becoming very commonplace nowadays. To protect yourself within Firefox I would recommend that you get the following add on - NOScript

2. How can I send you guys a donation?

The majority of malware staff have a paypal link in their signature


There are ways I can make this easier for you, any fixes I have for you will be in a downloadable text file that can be dragged and dropped into the tool we are using, thereby negating the need for you to copy or try to read the text for pasting. You can attach all the logs I will open them from this end so it will be just a matter of you attaching the logs as discussed previously. Also is there any colour type that would make it easier for you to read ? Like green or blue or red

From your description there is something on your computer that is evading Norton, so I would recommend that you do the scans for analysis

If you have any questions at any stage then do not hesitate to ask :)
  • 0

#7
mewsician

mewsician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I have added NOScripts. Thanks for that. My geek friend will be here shortly to assist me. Colors are not a problem.

[Wow. . . you're in Cornwall. . ., a place I've always wanted to visit. I was thinking Essex, NJ or Essex County, MA.]
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope all the way from Cornwall, although I was born in Essex (England) :)
  • 0

#9
mewsician

mewsician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Geek friend again. I was wrong. Here's the second notepad file:

OTL Extras logfile created on: 5/9/2011 5:15:28 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Carol\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 332.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 455.60 Gb Free Space | 97.82% Space Free | Partition Type: NTFS

Computer Name: CAROL-OSX60OO65 | User Name: Carol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1454471165-861567501-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 3100 Series\lxbraiox.exe" = C:\Program Files\Lexmark 3100 Series\lxbraiox.exe:*:Enabled:Lexmark All-In-One Center -- (Lexmark International Inc.)
"C:\Program Files\Lexmark 3100 Series\lxbrvb.exe" = C:\Program Files\Lexmark 3100 Series\lxbrvb.exe:*:Enabled:Lexmark Photo Editor -- (Lexmark International, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Norton Internet Security\Engine\18.5.0.125\uistub.exe" = C:\Program Files\Norton Internet Security\Engine\18.5.0.125\uistub.exe:*:Enabled:Norton Internet Security
"C:\Program Files\Roxio\PhotoSuite\RoxioPhotoSuite.exe" = C:\Program Files\Roxio\PhotoSuite\RoxioPhotoSuite.exe:*:Enabled:Roxio PhotoSuite 5 -- (Roxio Inc.)
"C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe" = C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe:*:Enabled:ZoomBrowser EX -- ()
"C:\Program Files\Adobe\Acrobat_com\Acrobat_com.exe" = C:\Program Files\Adobe\Acrobat_com\Acrobat_com.exe:*:Enabled:Acrobat_com -- ()
"C:\Program Files\Canon\ZoomBrowser EX MCU\MCULauncher.exe" = C:\Program Files\Canon\ZoomBrowser EX MCU\MCULauncher.exe:*:Enabled:Canon ZoomBrowser EX Memory Card Utility -- ()
"C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\CameraLauncher.exe" = C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\CameraLauncher.exe:*:Enabled:CameraWindow -- (Canon Inc.)
"C:\WINDOWS\system32\sol.exe" = C:\WINDOWS\system32\sol.exe:*:Enabled:Solitaire -- (Microsoft Corporation)
"C:\Program Files\ABBYY FineReader 5.0 Sprint\Sprint.exe" = C:\Program Files\ABBYY FineReader 5.0 Sprint\Sprint.exe:*:Enabled:ABBYY FineReader 5.0 Sprint -- (ABBYY (BIT Software))


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"CSCLIB" = Canon Camera Support Core Library
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DirectPrintUserGuide" = Canon Direct Print User Guide
"EOS Utility" = Canon Utilities EOS Utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark 3100 Series" = Lexmark 3100 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2011 9:50:25 AM | Computer Name = CAROL-OSX60OO65 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2011 9:50:30 AM | Computer Name = CAROL-OSX60OO65 | Source = Application Hang | ID = 1001
Description = Fault bucket 337816799.

Error - 4/13/2011 9:50:35 AM | Computer Name = CAROL-OSX60OO65 | Source = Application Hang | ID = 1001
Description = Fault bucket 337816799.

Error - 4/13/2011 9:50:40 AM | Computer Name = CAROL-OSX60OO65 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2011 9:50:42 AM | Computer Name = CAROL-OSX60OO65 | Source = Application Hang | ID = 1001
Description = Fault bucket 337816799.

Error - 4/13/2011 10:31:31 AM | Computer Name = CAROL-OSX60OO65 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 5/3/2011 9:26:38 AM | Computer Name = CAROL-OSX60OO65 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.5604.0, stamp 3f314a2f,
faulting module mso.dll, version 11.0.5606.0, stamp 3f334cce, debug? 0, fault address
0x000368c0.

Error - 5/7/2011 12:22:04 PM | Computer Name = CAROL-OSX60OO65 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/7/2011 1:20:58 PM | Computer Name = CAROL-OSX60OO65 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00022235.

Error - 5/7/2011 1:21:52 PM | Computer Name = CAROL-OSX60OO65 | Source = Application Error | ID = 1001
Description = Fault bucket -1992079901.

[ System Events ]
Error - 4/18/2011 9:02:50 AM | Computer Name = CAROL-OSX60OO65 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.123.2 for the Network Card with network
address 001731C6245D has been denied by the DHCP server 192.168.123.1 (The DHCP
Server sent a DHCPNACK message).

Error - 5/7/2011 8:09:04 AM | Computer Name = CAROL-OSX60OO65 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/7/2011 12:04:52 PM | Computer Name = CAROL-OSX60OO65 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.123.2 for the Network Card with network
address 001731C6245D has been denied by the DHCP server 192.168.123.1 (The DHCP
Server sent a DHCPNACK message).

Error - 5/7/2011 1:20:58 PM | Computer Name = CAROL-OSX60OO65 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.


< End of report >
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The main information will come from the aswMBR log and the first OTL one so lets see what they tell me
  • 0

Advertisements


#11
mewsician

mewsician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
This is my third attempt to add the first log.

OTL logfile created on: 5/9/2011 5:15:28 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Carol\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 332.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 455.60 Gb Free Space | 97.82% Space Free | Partition Type: NTFS

Computer Name: CAROL-OSX60OO65 | User Name: Carol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 17:14:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carol\My Documents\Downloads\OTL.exe
PRC - [2011/04/30 06:06:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/09/03 22:33:54 | 000,106,496 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
PRC - [2003/09/03 22:12:12 | 000,016,384 | ---- | M] () -- C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
PRC - [2003/09/03 22:11:50 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
PRC - [2003/06/13 10:57:18 | 000,294,912 | ---- | M] ( ) -- C:\Program Files\Lexmark 3100 Series\lxbrksk.exe
PRC - [1997/08/08 04:00:00 | 000,200,192 | ---- | M] (Corel Corporation Limited) -- C:\Corel\Suite8\Programs\DAD8.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/09 17:14:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carol\My Documents\Downloads\OTL.exe
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/05/02 19:19:30 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 09:07:16 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110509.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 09:07:16 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110509.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110506.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/08/13 20:50:18 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2010/08/13 20:50:18 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2010/06/29 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/29 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/12/02 16:47:38 | 004,954,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-861567501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKU\S-1-5-21-1454471165-861567501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.dogpile.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACADF497-6CEB-41E5-8601-C0D476C9C838}:1.9.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/05/03 07:32:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/05/02 19:19:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ACADF497-6CEB-41E5-8601-C0D476C9C838}: C:\Documents and Settings\Carol\Local Settings\Application Data\{ACADF497-6CEB-41E5-8601-C0D476C9C838} [2011/05/07 12:06:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 21:54:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 06:06:07 | 000,000,000 | ---D | M]

[2010/06/29 19:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carol\Application Data\Mozilla\Extensions
[2011/05/09 16:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\qv8otjz4.default\extensions
[2010/08/21 10:01:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\qv8otjz4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/09 16:45:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\qv8otjz4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/05/07 12:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/24 18:09:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 06:34:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/23 20:53:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/02 19:19:12 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/05/03 07:32:08 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011/05/07 12:06:44 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\CAROL\LOCAL SETTINGS\APPLICATION DATA\{ACADF497-6CEB-41E5-8601-C0D476C9C838}
[2010/09/10 13:23:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1454471165-861567501-839522115-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Lexmark 3100 Series] C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBRKsk] C:\Program Files\Lexmark 3100 Series\lxbrksk.exe ( )
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE (Corel Corporation Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-861567501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-861567501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 00 01 00 00 [binary data]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/29 03:05:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/07 15:09:50 | 000,000,000 | ---D | C] -- C:\aaa old j files
[2011/05/07 14:13:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/05/07 14:12:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard
[2011/05/07 14:12:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0305000.017
[2011/05/07 14:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/05/07 14:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/05/07 13:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol\Start Menu\Programs\Norton
[2011/05/07 13:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/05/07 12:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/07 12:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/07 12:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol\Local Settings\Application Data\{ACADF497-6CEB-41E5-8601-C0D476C9C838}
[2010/06/30 19:05:49 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\flashshl.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Carol\My Documents\*.tmp files -> C:\Documents and Settings\Carol\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 17:12:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Carol\Desktop\MBR.dat
[2011/05/09 16:59:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Carol\Desktop\Microsoft Office Word 2003.lnk
[2011/05/09 09:00:33 | 000,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2011/05/09 09:00:28 | 000,003,206 | ---- | M] () -- C:\WINDOWS\LXBRCAH.ini
[2011/05/09 09:00:27 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/09 09:00:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/08 13:06:12 | 000,000,359 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2011/05/07 14:13:38 | 000,640,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/05/07 14:13:24 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/05/07 13:40:11 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Carol\Desktop\Norton Installation Files.lnk
[2011/05/07 13:24:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/07 13:24:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 12:43:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/07 12:06:45 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dvologaxeyuva.dat
[2011/05/07 12:06:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dgoxucudiro.bin
[2011/05/07 08:47:17 | 000,133,591 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\S2100 final summary.pdf
[2011/05/06 23:01:35 | 001,017,859 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\SB 2100 final 5 6 11.pdf
[2011/05/05 19:56:29 | 001,017,829 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\SB 2100 2011 conference report.pdf
[2011/05/03 09:26:23 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Carol\My Documents\~$aire 4 26 11 word.htm
[2011/05/03 07:31:37 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/05/02 19:19:30 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/02 19:19:30 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/02 19:19:30 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/02 19:19:30 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/02 09:03:00 | 000,638,751 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\DROP 1099 Magnusen.pdf
[2011/04/29 12:05:20 | 002,298,637 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\Royal Wedding programme 4 29 11 see music.pdf
[2011/04/28 23:29:05 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/04/27 12:24:14 | 000,111,461 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\claire 4 26 11 word.htm
[2011/04/26 17:34:32 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/15 12:27:22 | 001,323,520 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\2010 tax booklet instructions.pdf
[2011/04/14 17:47:09 | 000,051,273 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 3 8 10.pdf
[2011/04/14 17:45:54 | 000,051,171 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 2 26 10.pdf
[2011/04/14 17:45:09 | 000,051,167 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 2 12 10.pdf
[2011/04/14 17:44:33 | 000,051,171 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 1 29 10.pdf
[2011/04/14 17:43:17 | 000,051,117 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 1 15 10.pdf
[2011/04/13 10:29:53 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 10:28:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 10:27:16 | 000,493,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/13 10:27:16 | 000,083,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Carol\My Documents\*.tmp files -> C:\Documents and Settings\Carol\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 17:12:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Carol\Desktop\MBR.dat
[2011/05/07 14:13:24 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/05/07 14:12:43 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0305000.017\isolate.ini
[2011/05/07 13:40:11 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Carol\Desktop\Norton Installation Files.lnk
[2011/05/07 12:25:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/07 12:06:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dvologaxeyuva.dat
[2011/05/07 12:06:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dgoxucudiro.bin
[2011/05/07 08:47:17 | 000,133,591 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\S2100 final summary.pdf
[2011/05/06 23:01:35 | 001,017,859 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\SB 2100 final 5 6 11.pdf
[2011/05/05 19:56:29 | 001,017,829 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\SB 2100 2011 conference report.pdf
[2011/05/03 09:26:23 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Carol\My Documents\~$aire 4 26 11 word.htm
[2011/05/02 09:03:00 | 000,638,751 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\DROP 1099 Magnusen.pdf
[2011/04/29 12:05:20 | 002,298,637 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\Royal Wedding programme 4 29 11 see music.pdf
[2011/04/27 12:24:12 | 000,111,461 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\claire 4 26 11 word.htm
[2011/04/15 12:27:22 | 001,323,520 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\2010 tax booklet instructions.pdf
[2011/04/14 17:47:09 | 000,051,273 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 3 8 10.pdf
[2011/04/14 17:45:54 | 000,051,171 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 2 26 10.pdf
[2011/04/14 17:45:09 | 000,051,167 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 2 12 10.pdf
[2011/04/14 17:44:33 | 000,051,171 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 1 29 10.pdf
[2011/04/14 17:43:17 | 000,051,117 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 1 15 10.pdf
[2010/10/27 17:14:24 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/13 22:18:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\evypaths.bin
[2010/08/13 22:12:23 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2010/08/13 22:12:23 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2010/08/13 22:10:12 | 000,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2010/08/13 22:09:36 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2010/08/13 22:09:14 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2010/08/13 22:08:58 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2010/08/13 22:08:58 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2010/06/30 19:05:49 | 000,000,468 | ---- | C] () -- C:\WINDOWS\LXBRFMT.INI
[2010/06/30 19:05:49 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2010/06/30 19:05:48 | 000,021,504 | ---- | C] () -- C:\WINDOWS\LXBRSET.EXE
[2010/06/30 19:05:48 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2010/06/30 19:05:48 | 000,003,206 | ---- | C] () -- C:\WINDOWS\LXBRCAH.ini
[2010/06/30 19:05:46 | 000,002,178 | ---- | C] () -- C:\WINDOWS\System32\LXBRSET.INI
[2010/06/30 19:04:17 | 000,000,359 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/06/29 19:09:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/29 18:58:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/29 03:08:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/29 03:03:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/28 19:44:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/28 19:43:49 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/09 18:50:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/09 18:50:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/09 18:50:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/09 18:50:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/05/09 18:50:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/09 18:50:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/09 18:50:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/09 18:50:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/05/09 18:50:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/05/09 18:50:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/09 18:50:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/02 17:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,493,054 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,083,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/02/12 10:12:54 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System32\lxbrcoin.ini
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 10:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbrvs.dll

========== LOP Check ==========

[2011/03/28 20:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/03/28 20:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/03/12 18:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\Tific
[2010/06/29 19:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\WinBatch

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 06:06:05 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 06:06:05 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 06:06:05 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 06:06:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 06:06:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 06:06:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 08:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/16 16:36:18 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 06:06:05 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 06:06:05 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 06:06:05 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 06:06:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 06:06:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 06:06:03 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 07:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 08:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/07/16 16:36:18 | 000,094,208 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the aswMBR log please

Meanwhile lets clear some that I can see

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/05/07 12:06:44 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\CAROL\LOCAL SETTINGS\APPLICATION DATA\{ACADF497-6CEB-41E5-8601-C0D476C9C838}
    [2011/05/07 12:06:45 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dvologaxeyuva.dat
    [2011/05/07 12:06:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dgoxucudiro.bin

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#13
mewsician

mewsician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Quick scan log:

OTL logfile created on: 5/9/2011 6:04:54 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Carol\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 421.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 455.72 Gb Free Space | 97.85% Space Free | Partition Type: NTFS

Computer Name: CAROL-OSX60OO65 | User Name: Carol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 18:04:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carol\My Documents\Downloads\OTL(2).exe
PRC - [2011/04/30 06:06:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/09/03 22:33:54 | 000,106,496 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
PRC - [2003/09/03 22:12:12 | 000,016,384 | ---- | M] () -- C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
PRC - [2003/09/03 22:11:50 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
PRC - [2003/06/13 10:57:18 | 000,294,912 | ---- | M] ( ) -- C:\Program Files\Lexmark 3100 Series\lxbrksk.exe
PRC - [1997/08/08 04:00:00 | 000,200,192 | ---- | M] (Corel Corporation Limited) -- C:\Corel\Suite8\Programs\DAD8.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/09 18:04:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carol\My Documents\Downloads\OTL(2).exe
MOD - [2011/04/28 20:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/05/02 19:19:30 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 09:07:16 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110509.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 09:07:16 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110509.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/03/30 23:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/03/14 14:58:34 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110506.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/08/13 20:50:18 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2010/08/13 20:50:18 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2010/06/29 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/29 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/12/02 16:47:38 | 004,954,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.dogpile.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/05/03 07:32:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/05/02 19:19:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ACADF497-6CEB-41E5-8601-C0D476C9C838}: C:\Documents and Settings\Carol\Local Settings\Application Data\{ACADF497-6CEB-41E5-8601-C0D476C9C838}
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 21:54:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 06:06:07 | 000,000,000 | ---D | M]

[2010/06/29 19:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carol\Application Data\Mozilla\Extensions
[2011/05/09 16:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\qv8otjz4.default\extensions
[2010/08/21 10:01:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\qv8otjz4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/09 16:45:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\qv8otjz4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/05/09 16:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/24 18:09:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 06:34:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/23 20:53:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/02 19:19:12 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/05/03 07:32:08 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2010/09/10 13:23:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/09 17:58:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Lexmark 3100 Series] C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBRKsk] C:\Program Files\Lexmark 3100 Series\lxbrksk.exe ( )
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE (Corel Corporation Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 00 01 00 00 [binary data]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/29 03:05:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 17:58:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/07 15:09:50 | 000,000,000 | ---D | C] -- C:\aaa old j files
[2011/05/07 14:13:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/05/07 14:12:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard
[2011/05/07 14:12:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NBRTWizard\0305000.017
[2011/05/07 14:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/05/07 14:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2011/05/07 13:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carol\Start Menu\Programs\Norton
[2011/05/07 13:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/05/07 12:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/07 12:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/30 19:05:49 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\flashshl.dll
[2 C:\Documents and Settings\Carol\My Documents\*.tmp files -> C:\Documents and Settings\Carol\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 18:01:21 | 000,000,022 | ---- | M] () -- C:\WINDOWS\FLASHKSK.INI
[2011/05/09 18:01:16 | 000,003,206 | ---- | M] () -- C:\WINDOWS\LXBRCAH.ini
[2011/05/09 18:01:15 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/09 18:00:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 17:58:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/09 17:54:43 | 000,000,359 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2011/05/09 17:54:19 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Carol\Desktop\Microsoft Office Word 2003.lnk
[2011/05/09 17:12:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Carol\Desktop\MBR.dat
[2011/05/07 14:13:38 | 000,640,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\Cat.DB
[2011/05/07 14:13:24 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/05/07 13:40:11 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Carol\Desktop\Norton Installation Files.lnk
[2011/05/07 13:24:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/07 13:24:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/07 12:43:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/07 08:47:17 | 000,133,591 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\S2100 final summary.pdf
[2011/05/06 23:01:35 | 001,017,859 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\SB 2100 final 5 6 11.pdf
[2011/05/05 19:56:29 | 001,017,829 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\SB 2100 2011 conference report.pdf
[2011/05/03 09:26:23 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Carol\My Documents\~$aire 4 26 11 word.htm
[2011/05/03 07:31:37 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/05/02 19:19:30 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/02 19:19:30 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/02 19:19:30 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/05/02 19:19:30 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/05/02 09:03:00 | 000,638,751 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\DROP 1099 Magnusen.pdf
[2011/04/29 12:05:20 | 002,298,637 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\Royal Wedding programme 4 29 11 see music.pdf
[2011/04/28 23:29:05 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1206000.01D\isolate.ini
[2011/04/27 12:24:14 | 000,111,461 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\claire 4 26 11 word.htm
[2011/04/26 17:34:32 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/15 12:27:22 | 001,323,520 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\2010 tax booklet instructions.pdf
[2011/04/14 17:47:09 | 000,051,273 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 3 8 10.pdf
[2011/04/14 17:45:54 | 000,051,171 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 2 26 10.pdf
[2011/04/14 17:45:09 | 000,051,167 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 2 12 10.pdf
[2011/04/14 17:44:33 | 000,051,171 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 1 29 10.pdf
[2011/04/14 17:43:17 | 000,051,117 | ---- | M] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 1 15 10.pdf
[2011/04/13 10:29:53 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 10:28:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 10:27:16 | 000,493,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/13 10:27:16 | 000,083,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\Documents and Settings\Carol\My Documents\*.tmp files -> C:\Documents and Settings\Carol\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 17:12:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Carol\Desktop\MBR.dat
[2011/05/07 14:13:24 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Bootable Recovery Tool Wizard.LNK
[2011/05/07 14:12:43 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NBRTWizard\0305000.017\isolate.ini
[2011/05/07 13:40:11 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Carol\Desktop\Norton Installation Files.lnk
[2011/05/07 12:25:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/07 08:47:17 | 000,133,591 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\S2100 final summary.pdf
[2011/05/06 23:01:35 | 001,017,859 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\SB 2100 final 5 6 11.pdf
[2011/05/05 19:56:29 | 001,017,829 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\SB 2100 2011 conference report.pdf
[2011/05/03 09:26:23 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Carol\My Documents\~$aire 4 26 11 word.htm
[2011/05/02 09:03:00 | 000,638,751 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\DROP 1099 Magnusen.pdf
[2011/04/29 12:05:20 | 002,298,637 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\Royal Wedding programme 4 29 11 see music.pdf
[2011/04/27 12:24:12 | 000,111,461 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\claire 4 26 11 word.htm
[2011/04/15 12:27:22 | 001,323,520 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\2010 tax booklet instructions.pdf
[2011/04/14 17:47:09 | 000,051,273 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 3 8 10.pdf
[2011/04/14 17:45:54 | 000,051,171 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 2 26 10.pdf
[2011/04/14 17:45:09 | 000,051,167 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 2 12 10.pdf
[2011/04/14 17:44:33 | 000,051,171 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 1 29 10.pdf
[2011/04/14 17:43:17 | 000,051,117 | ---- | C] () -- C:\Documents and Settings\Carol\My Documents\FLAIR 1 15 10.pdf
[2010/10/27 17:14:24 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/13 22:18:36 | 000,000,010 | ---- | C] () -- C:\WINDOWS\evypaths.bin
[2010/08/13 22:12:23 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2010/08/13 22:12:23 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2010/08/13 22:10:12 | 000,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2010/08/13 22:09:36 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2010/08/13 22:09:14 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\NCSPI8EN.DLL
[2010/08/13 22:08:58 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2010/08/13 22:08:58 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2010/06/30 19:05:49 | 000,000,468 | ---- | C] () -- C:\WINDOWS\LXBRFMT.INI
[2010/06/30 19:05:49 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2010/06/30 19:05:48 | 000,021,504 | ---- | C] () -- C:\WINDOWS\LXBRSET.EXE
[2010/06/30 19:05:48 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2010/06/30 19:05:48 | 000,003,206 | ---- | C] () -- C:\WINDOWS\LXBRCAH.ini
[2010/06/30 19:05:46 | 000,002,178 | ---- | C] () -- C:\WINDOWS\System32\LXBRSET.INI
[2010/06/30 19:04:17 | 000,000,359 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/06/29 19:09:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/29 18:58:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/29 03:08:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/29 03:03:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/28 19:44:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/28 19:43:49 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/09 18:50:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/09 18:50:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/09 18:50:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/09 18:50:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/05/09 18:50:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/09 18:50:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/09 18:50:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/09 18:50:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/05/09 18:50:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/05/09 18:50:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/09 18:50:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/02 17:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,493,054 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,083,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/02/12 10:12:54 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System32\lxbrcoin.ini
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 10:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbrvs.dll

========== LOP Check ==========

[2011/03/28 20:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/03/28 20:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/03/12 18:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\Tific
[2010/06/29 19:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carol\Application Data\WinBatch

========== Purity Check ==========



< End of report >
  • 0

#14
mewsician

mewsician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Both bogs and quick scan now posted. I believe it may be past your bedtime, though. Mewsician can finish up with you tomorrow.
  • 0

#15
mewsician

mewsician

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Both "bogs" was logs, of course.

1st log is message 11
2d log is message 9
quick scan is message 13
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP