Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Start menu icons disappear when I click on the start button

Started by JBow747 , Jun 01 2011 08:41 PM

  • This topic is locked This topic is locked

#1
JBow747
Posted 01 June 2011 - 08:41 PM

JBow747

    Member

  • Member
  • PipPip
  • 34 posts
I am using a Dell Inspiron 1545 with Windows 7 HP sometimes after I boot up my computer and click on the start button all of the icons will disappear and the search box will fill up with forward slashes.

Here is my OTL Log.
OTL logfile created on: 6/1/2011 7:23:33 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Debra\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 69.65% Memory free
7.92 Gb Paging File | 6.72 Gb Available in Paging File | 84.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.06 Gb Total Space | 67.52 Gb Free Space | 67.48% Space Free | Partition Type: NTFS
Drive D: | 100.17 Gb Total Space | 99.94 Gb Free Space | 99.77% Space Free | Partition Type: NTFS
Drive E: | 83.17 Gb Total Space | 79.55 Gb Free Space | 95.65% Space Free | Partition Type: NTFS

Computer Name: DEBRA-PC | User Name: Debra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/01 19:20:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
PRC - [2011/05/11 13:36:44 | 000,060,488 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2011/05/11 13:36:39 | 003,228,232 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/03/03 19:02:16 | 000,393,992 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
PRC - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe


========== Modules (SafeList) ==========

MOD - [2011/06/01 19:20:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/11 13:36:44 | 000,060,488 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/01 14:29:27 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 17:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/08/20 21:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/05/30 01:00:00 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110530.002\ex64.sys -- (NAVEX15)
DRV - [2011/05/30 01:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/30 01:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/30 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110530.002\eng64.sys -- (NAVENG)
DRV - [2011/05/18 00:36:02 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110518.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/14 11:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110527.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E F4 FC 38 3E 1F CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/06/01 16:14:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/06/01 14:28:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/01 19:20:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
[2011/06/01 14:29:25 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2011/06/01 14:29:25 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/06/01 14:29:25 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2011/06/01 14:29:25 | 000,382,584 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/06/01 14:29:25 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2011/06/01 14:29:25 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/06/01 14:28:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/05/30 21:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/05/30 20:58:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/05/30 20:58:48 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/30 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/30 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/30 20:58:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/05/30 20:58:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2011/05/30 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2011/05/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Users\Debra\Documents\Symantec
[2011/05/30 20:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/05/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/05/30 20:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/05/30 20:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/05/30 20:45:04 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\ID Vault
[2011/05/30 20:41:37 | 000,093,512 | ---- | C] (White Sky, Inc) -- C:\Users\Debra\Desktop\CGPSDiagnostics.exe
[2011/05/30 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Roaming\ID Vault
[2011/05/30 20:15:27 | 000,029,288 | ---- | C] (StrikeForce Technologies, Inc.) -- C:\Windows\SysNative\drivers\gidv2.sys
[2011/05/30 20:15:26 | 000,461,592 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDHOOK64.DLL
[2011/05/30 20:15:26 | 000,444,704 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDHookLogon64.dll
[2011/05/30 20:15:26 | 000,205,072 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDBIN1.DLL
[2011/05/30 20:15:26 | 000,100,624 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDBIN3.DLL
[2011/05/30 20:15:26 | 000,065,816 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDLogonCP64.dll
[2011/05/30 20:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\GID
[2011/05/30 20:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SFT
[2011/05/30 20:15:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/05/30 20:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2011/05/30 20:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2011/05/30 20:10:06 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/05/30 20:09:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2011/05/30 19:56:59 | 000,000,000 | ---D | C] -- C:\Windows.old
[2011/05/30 19:25:15 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/30 19:25:15 | 000,000,000 | R--D | C] -- C:\Users\Debra\Searches
[2011/05/30 19:25:15 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/30 19:25:15 | 000,000,000 | -H-D | C] -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/30 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Roaming\Identities
[2011/05/30 19:24:52 | 000,000,000 | R--D | C] -- C:\Users\Debra\Contacts
[2011/05/30 19:24:48 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\VirtualStore
[2011/05/30 19:24:32 | 000,000,000 | --SD | C] -- C:\Users\Debra\AppData\Roaming\Microsoft
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Videos
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Saved Games
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Pictures
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Music
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Links
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Favorites
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Downloads
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\My Documents
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Desktop
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\AppData\Local\Temporary Internet Files
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Templates
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Start Menu
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\SendTo
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Recent
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\PrintHood
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\NetHood
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Documents\My Videos
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Documents\My Pictures
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Documents\My Music
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\My Documents
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Local Settings
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\AppData\Local\History
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Cookies
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Application Data
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\AppData\Local\Application Data
[2011/05/30 19:24:32 | 000,000,000 | -H-D | C] -- C:\Users\Debra\AppData
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\Temp
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\Microsoft
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Roaming\Media Center Programs
[2011/05/30 19:24:20 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/05/30 19:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/05/30 19:12:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/05/26 20:50:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/05/26 19:49:14 | 000,000,000 | ---D | C] -- C:\Emergency

========== Files - Modified Within 30 Days ==========

[2011/06/01 19:22:12 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/01 19:22:12 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/01 19:20:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
[2011/06/01 19:19:17 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/01 19:19:17 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/01 19:19:17 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/01 19:14:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/01 19:14:07 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/01 16:13:59 | 000,002,511 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/06/01 16:13:28 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/01 16:13:08 | 001,181,966 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/01 14:29:27 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/01 14:29:27 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/01 14:29:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/30 20:41:38 | 000,093,512 | ---- | M] (White Sky, Inc) -- C:\Users\Debra\Desktop\CGPSDiagnostics.exe
[2011/05/30 20:15:10 | 000,002,311 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2011/05/30 19:55:34 | 000,001,443 | ---- | M] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 19:15:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/05/30 19:15:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/05/30 19:13:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/10 16:21:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini

========== Files Created - No Company Name ==========

[2011/06/01 16:13:59 | 000,002,511 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/06/01 16:12:51 | 001,181,966 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/01 14:29:25 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/06/01 14:29:25 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/06/01 14:29:25 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2011/06/01 14:29:25 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/06/01 14:29:25 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/06/01 14:29:25 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2011/06/01 14:29:25 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2011/06/01 14:29:25 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2011/06/01 14:29:25 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/06/01 14:29:25 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/06/01 14:29:25 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2011/06/01 14:28:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2011/06/01 14:28:54 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/05/30 20:58:48 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/30 20:58:48 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/30 20:15:26 | 000,109,064 | ---- | C] () -- C:\Windows\SysNative\EasyHook64.dll
[2011/05/30 20:15:10 | 000,002,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2011/05/30 20:15:10 | 000,002,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
[2011/05/30 20:09:37 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version
[2011/05/30 19:55:34 | 000,001,443 | ---- | C] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 19:25:30 | 000,001,415 | ---- | C] () -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/05/30 19:25:18 | 000,001,449 | ---- | C] () -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/30 19:24:32 | 000,000,290 | ---- | C] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/30 19:24:32 | 000,000,272 | ---- | C] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/30 19:15:06 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/05/30 19:15:02 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/05/30 19:13:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/26 20:50:43 | 3190,050,816 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/12 15:32:16 | 000,104,456 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/30 20:48:33 | 000,000,000 | ---D | M] -- C:\Users\Debra\AppData\Roaming\ID Vault
[2009/07/13 22:08:49 | 000,002,858 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Here is a report called Extras
OTL Extras logfile created on: 6/1/2011 7:23:33 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Debra\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 69.65% Memory free
7.92 Gb Paging File | 6.72 Gb Available in Paging File | 84.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.06 Gb Total Space | 67.52 Gb Free Space | 67.48% Space Free | Partition Type: NTFS
Drive D: | 100.17 Gb Total Space | 99.94 Gb Free Space | 99.77% Space Free | Partition Type: NTFS
Drive E: | 83.17 Gb Total Space | 79.55 Gb Free Space | 95.65% Space Free | Partition Type: NTFS

Computer Name: DEBRA-PC | User Name: Debra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9191979D-821C-4EA8-B021-2DA1D859A7C5}" = GuardedID
"ID Vault" = Constant Guard Protection Suite
"N360" = Norton Security Suite

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2011 12:26:31 AM | Computer Name = Debra-PC | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

Error - 6/1/2011 5:08:18 PM | Computer Name = Debra-PC | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

Error - 6/1/2011 5:08:52 PM | Computer Name = Debra-PC | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

Error - 6/1/2011 5:09:14 PM | Computer Name = Debra-PC | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

Error - 6/1/2011 5:11:14 PM | Computer Name = Debra-PC | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

Error - 6/1/2011 5:11:14 PM | Computer Name = Debra-PC | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

Error - 6/1/2011 9:09:29 PM | Computer Name = Debra-PC | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

Error - 6/1/2011 10:15:01 PM | Computer Name = Debra-PC | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

Error - 6/1/2011 10:15:59 PM | Computer Name = Debra-PC | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

Error - 6/1/2011 10:16:22 PM | Computer Name = Debra-PC | Source = IDVault | ID = 0
Description = Interaction with the desktop is required. Enable desktop interaction
flag in Properties->Log On.

[ System Events ]
Error - 5/30/2011 11:09:56 PM | Computer Name = Debra-PC | Source = BROWSER | ID = 8032
Description =

Error - 5/31/2011 12:02:12 AM | Computer Name = Debra-PC | Source = BROWSER | ID = 8032
Description =

Error - 6/1/2011 9:08:47 PM | Computer Name = Debra-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:06:39 PM on ?6/?1/?2011 was unexpected.

Error - 6/1/2011 9:10:04 PM | Computer Name = Debra-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the N360 service.

Error - 6/1/2011 9:10:36 PM | Computer Name = Debra-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the N360 service.

Error - 6/1/2011 9:11:06 PM | Computer Name = Debra-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the N360 service.

Error - 6/1/2011 10:15:40 PM | Computer Name = Debra-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the N360 service.

Error - 6/1/2011 10:16:10 PM | Computer Name = Debra-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the N360 service.

Error - 6/1/2011 10:16:40 PM | Computer Name = Debra-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the N360 service.


< End of report >

Thanks for all your great help on previous problems that I have had.

Jerry
  • 0

Advertisements

#2
Essexboy
Posted 07 June 2011 - 09:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay - could you run this quick fix first and then let me know the result

On completion please run a fresh OTL scan for me please selecting all users


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :files
    attrib -H c:\*.* /s /d /c
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • 0

#3
JBow747
Posted 07 June 2011 - 07:06 PM

JBow747

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Here is the report

OTL logfile created on: 6/7/2011 5:51:40 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Debra\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.91 Gb Available Physical Memory | 73.34% Memory free
7.92 Gb Paging File | 6.88 Gb Available in Paging File | 86.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.06 Gb Total Space | 67.22 Gb Free Space | 67.18% Space Free | Partition Type: NTFS
Drive D: | 100.17 Gb Total Space | 99.94 Gb Free Space | 99.77% Space Free | Partition Type: NTFS
Drive E: | 83.17 Gb Total Space | 79.55 Gb Free Space | 95.65% Space Free | Partition Type: NTFS

Computer Name: DEBRA-PC | User Name: Debra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 12:07:22 | 000,060,488 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2011/06/01 19:20:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/03/03 19:02:16 | 000,393,992 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
PRC - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe


========== Modules (SafeList) ==========

MOD - [2011/06/01 19:20:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/02 12:07:22 | 000,060,488 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/01 14:29:27 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 17:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/08/20 21:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/05/30 01:00:00 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110530.002\ex64.sys -- (NAVEX15)
DRV - [2011/05/30 01:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/30 01:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/30 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110530.002\eng64.sys -- (NAVENG)
DRV - [2011/05/18 00:36:02 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110518.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/14 11:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110527.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2096802238-3003698342-1757290977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2096802238-3003698342-1757290977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2096802238-3003698342-1757290977-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A BE 75 0D 72 25 CC 01 [binary data]
IE - HKU\S-1-5-21-2096802238-3003698342-1757290977-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/06/01 16:14:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/06/01 14:28:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/07 17:37:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2096802238-3003698342-1757290977-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 17:29:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/01 19:20:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
[2011/06/01 14:29:25 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2011/06/01 14:29:25 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/06/01 14:29:25 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2011/06/01 14:29:25 | 000,382,584 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/06/01 14:29:25 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2011/06/01 14:29:25 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/06/01 14:28:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/05/30 21:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/05/30 20:58:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/05/30 20:58:48 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/30 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/30 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/30 20:58:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/05/30 20:58:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2011/05/30 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2011/05/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Users\Debra\Documents\Symantec
[2011/05/30 20:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/05/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/05/30 20:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/05/30 20:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/05/30 20:45:04 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\ID Vault
[2011/05/30 20:41:37 | 000,093,512 | ---- | C] (White Sky, Inc) -- C:\Users\Debra\Desktop\CGPSDiagnostics.exe
[2011/05/30 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Roaming\ID Vault
[2011/05/30 20:15:27 | 000,029,288 | ---- | C] (StrikeForce Technologies, Inc.) -- C:\Windows\SysNative\drivers\gidv2.sys
[2011/05/30 20:15:26 | 000,461,592 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDHOOK64.DLL
[2011/05/30 20:15:26 | 000,444,704 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDHookLogon64.dll
[2011/05/30 20:15:26 | 000,205,072 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDBIN1.DLL
[2011/05/30 20:15:26 | 000,100,624 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDBIN3.DLL
[2011/05/30 20:15:26 | 000,065,816 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDLogonCP64.dll
[2011/05/30 20:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\GID
[2011/05/30 20:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SFT
[2011/05/30 20:15:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/05/30 20:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2011/05/30 20:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2011/05/30 20:10:06 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/05/30 20:09:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2011/05/30 19:56:59 | 000,000,000 | ---D | C] -- C:\Windows.old
[2011/05/30 19:25:15 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/30 19:25:15 | 000,000,000 | R--D | C] -- C:\Users\Debra\Searches
[2011/05/30 19:25:15 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/30 19:25:15 | 000,000,000 | ---D | C] -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/30 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Roaming\Identities
[2011/05/30 19:24:52 | 000,000,000 | R--D | C] -- C:\Users\Debra\Contacts
[2011/05/30 19:24:48 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\VirtualStore
[2011/05/30 19:24:32 | 000,000,000 | --SD | C] -- C:\Users\Debra\AppData\Roaming\Microsoft
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Videos
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Saved Games
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Pictures
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Music
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Links
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Favorites
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Downloads
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\My Documents
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Desktop
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\AppData\Local\Temporary Internet Files
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Templates
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Start Menu
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\SendTo
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Recent
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\PrintHood
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\NetHood
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Documents\My Videos
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Documents\My Pictures
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Documents\My Music
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\My Documents
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Local Settings
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\AppData\Local\History
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Cookies
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Application Data
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\AppData\Local\Application Data
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\Temp
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\Microsoft
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Roaming\Media Center Programs
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData
[2011/05/30 19:24:20 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/05/30 19:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/05/30 19:12:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/05/26 20:50:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/05/26 19:49:14 | 000,000,000 | ---D | C] -- C:\Emergency

========== Files - Modified Within 30 Days ==========

[2011/06/07 17:46:55 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 17:46:55 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 17:46:26 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/07 17:46:26 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/07 17:46:26 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/07 17:41:29 | 000,002,235 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2011/06/07 17:39:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/07 17:39:04 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 17:37:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/06/01 19:20:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
[2011/06/01 16:13:59 | 000,002,511 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/06/01 16:13:28 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/01 16:13:08 | 001,181,966 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/01 14:29:27 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/01 14:29:27 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/01 14:29:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/30 20:41:38 | 000,093,512 | ---- | M] (White Sky, Inc) -- C:\Users\Debra\Desktop\CGPSDiagnostics.exe
[2011/05/30 19:55:34 | 000,001,443 | ---- | M] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 19:15:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/05/30 19:15:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/05/30 19:13:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/10 16:21:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini

========== Files Created - No Company Name ==========

[2011/06/01 16:13:59 | 000,002,511 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/06/01 16:12:51 | 001,181,966 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/01 14:29:25 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/06/01 14:29:25 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/06/01 14:29:25 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2011/06/01 14:29:25 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/06/01 14:29:25 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/06/01 14:29:25 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2011/06/01 14:29:25 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2011/06/01 14:29:25 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2011/06/01 14:29:25 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/06/01 14:29:25 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/06/01 14:29:25 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2011/06/01 14:28:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2011/06/01 14:28:54 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/05/30 20:58:48 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/30 20:58:48 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/30 20:15:26 | 000,109,064 | ---- | C] () -- C:\Windows\SysNative\EasyHook64.dll
[2011/05/30 20:15:10 | 000,002,235 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2011/05/30 20:15:10 | 000,002,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
[2011/05/30 20:09:37 | 000,000,024 | R--- | C] () -- C:\Windows\DELL_version
[2011/05/30 19:55:34 | 000,001,443 | ---- | C] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 19:25:30 | 000,001,415 | ---- | C] () -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/05/30 19:25:18 | 000,001,449 | ---- | C] () -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/30 19:24:32 | 000,000,290 | ---- | C] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/30 19:24:32 | 000,000,272 | ---- | C] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/30 19:15:06 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/05/30 19:15:02 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/05/30 19:13:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/26 20:50:43 | 3190,050,816 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/12 15:32:16 | 000,104,456 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/30 20:48:33 | 000,000,000 | ---D | M] -- C:\Users\Debra\AppData\Roaming\ID Vault
[2009/07/13 22:08:49 | 000,003,354 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/23 22:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/23 22:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/02/23 22:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/02/23 22:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< >

< End of report >
  • 0

#4
Essexboy
Posted 08 June 2011 - 03:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Some folders are still hidden, so lets try this next. Let me know if they succeed

Download Unhide.exe to your desktop and run

THEN

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#5
JBow747
Posted 08 June 2011 - 12:40 PM

JBow747

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I was unable to save unhide.exe to the desktop because the file name in the save box was filling up with forward slashes, so I had to use another computer and save the unhide.exe and the rougekiller.exe to a USB drive and then move them to the other computer.

here is the RK report

RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Debra [Admin rights]
Mode: Scan -- Date : 06/08/2011 11:31:27

Bad processes: 0

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
ÿ₫1

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#6
Essexboy
Posted 08 June 2011 - 03:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run RogueKillere again please and select option 2

Rerun RogueKiller and select option 6

Could you then run a fresh OTL log please
  • 0

#7
JBow747
Posted 08 June 2011 - 09:42 PM

JBow747

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Here is the OTL log after running Rougekiller option 2 and then option 6.

OTL logfile created on: 6/8/2011 8:35:41 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Debra\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 73.08% Memory free
7.92 Gb Paging File | 6.82 Gb Available in Paging File | 86.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.06 Gb Total Space | 66.53 Gb Free Space | 66.49% Space Free | Partition Type: NTFS
Drive D: | 100.17 Gb Total Space | 99.94 Gb Free Space | 99.77% Space Free | Partition Type: NTFS
Drive E: | 83.17 Gb Total Space | 79.55 Gb Free Space | 95.65% Space Free | Partition Type: NTFS

Computer Name: DEBRA-PC | User Name: Debra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 12:07:22 | 000,060,488 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2011/06/02 12:07:16 | 003,231,816 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2011/06/01 19:20:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/03/03 19:02:16 | 000,393,992 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
PRC - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe


========== Modules (SafeList) ==========

MOD - [2011/06/01 19:20:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/02 12:07:22 | 000,060,488 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/01 14:29:27 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 17:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/08/20 21:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/06/07 18:02:25 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110608.002\EX64.SYS -- (NAVEX15)
DRV - [2011/06/07 18:02:25 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110608.002\ENG64.SYS -- (NAVENG)
DRV - [2011/05/30 01:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/30 01:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/18 00:36:02 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110518.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/14 11:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110603.003\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A BE 75 0D 72 25 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/06/01 16:14:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011/06/01 14:28:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/07 17:37:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll (WhiteSky)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{54494923-91f9-11e0-b20b-00256477308e}\Shell - "" = AutoRun
O33 - MountPoints2\{54494923-91f9-11e0-b20b-00256477308e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 11:31:27 | 000,000,000 | ---D | C] -- C:\Users\Debra\Desktop\RK_Quarantine
[2011/06/07 17:29:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/01 19:20:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
[2011/06/01 14:29:25 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2011/06/01 14:29:25 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/06/01 14:29:25 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2011/06/01 14:29:25 | 000,382,584 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/06/01 14:29:25 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2011/06/01 14:29:25 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/06/01 14:28:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/05/30 21:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/05/30 20:58:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/05/30 20:58:48 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/30 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/30 20:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/30 20:58:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/05/30 20:58:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2011/05/30 20:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2011/05/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Users\Debra\Documents\Symantec
[2011/05/30 20:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/05/30 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/05/30 20:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/05/30 20:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/05/30 20:45:04 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\ID Vault
[2011/05/30 20:41:37 | 000,093,512 | ---- | C] (White Sky, Inc) -- C:\Users\Debra\Desktop\CGPSDiagnostics.exe
[2011/05/30 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Roaming\ID Vault
[2011/05/30 20:15:27 | 000,029,288 | ---- | C] (StrikeForce Technologies, Inc.) -- C:\Windows\SysNative\drivers\gidv2.sys
[2011/05/30 20:15:26 | 000,461,592 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDHOOK64.DLL
[2011/05/30 20:15:26 | 000,444,704 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDHookLogon64.dll
[2011/05/30 20:15:26 | 000,205,072 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDBIN1.DLL
[2011/05/30 20:15:26 | 000,100,624 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDBIN3.DLL
[2011/05/30 20:15:26 | 000,065,816 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDLogonCP64.dll
[2011/05/30 20:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\GID
[2011/05/30 20:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SFT
[2011/05/30 20:15:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/05/30 20:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2011/05/30 20:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2011/05/30 20:10:06 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/05/30 20:09:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2011/05/30 19:56:59 | 000,000,000 | ---D | C] -- C:\Windows.old
[2011/05/30 19:25:15 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/30 19:25:15 | 000,000,000 | R--D | C] -- C:\Users\Debra\Searches
[2011/05/30 19:25:15 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/30 19:25:15 | 000,000,000 | ---D | C] -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/30 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Roaming\Identities
[2011/05/30 19:24:52 | 000,000,000 | R--D | C] -- C:\Users\Debra\Contacts
[2011/05/30 19:24:48 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\VirtualStore
[2011/05/30 19:24:32 | 000,000,000 | --SD | C] -- C:\Users\Debra\AppData\Roaming\Microsoft
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Videos
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Saved Games
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Pictures
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Music
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Links
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Favorites
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Downloads
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\My Documents
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\Desktop
[2011/05/30 19:24:32 | 000,000,000 | R--D | C] -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\AppData\Local\Temporary Internet Files
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Templates
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Start Menu
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\SendTo
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Recent
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\PrintHood
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\NetHood
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Documents\My Videos
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Documents\My Pictures
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Documents\My Music
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\My Documents
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Local Settings
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\AppData\Local\History
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Cookies
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\Application Data
[2011/05/30 19:24:32 | 000,000,000 | -HSD | C] -- C:\Users\Debra\AppData\Local\Application Data
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\Temp
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Local\Microsoft
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData\Roaming\Media Center Programs
[2011/05/30 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\Debra\AppData
[2011/05/30 19:24:20 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/05/30 19:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/05/30 19:12:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/05/26 20:50:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/05/26 19:49:14 | 000,000,000 | ---D | C] -- C:\Emergency

========== Files - Modified Within 30 Days ==========

[2011/06/08 20:35:35 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 20:35:35 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 20:32:22 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/08 20:32:22 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/08 20:32:22 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/08 20:26:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/08 20:26:43 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/08 11:13:38 | 000,511,488 | ---- | M] () -- C:\Users\Debra\Desktop\RogueKiller.exe
[2011/06/08 11:12:38 | 000,606,105 | ---- | M] () -- C:\Users\Debra\Desktop\unhide.exe
[2011/06/07 17:41:29 | 000,002,235 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2011/06/07 17:37:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/06/01 19:20:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Debra\Desktop\OTL.exe
[2011/06/01 16:13:59 | 000,002,511 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/06/01 16:13:28 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/01 16:13:08 | 001,181,966 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/01 14:29:27 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/06/01 14:29:27 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/06/01 14:29:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/30 20:41:38 | 000,093,512 | ---- | M] (White Sky, Inc) -- C:\Users\Debra\Desktop\CGPSDiagnostics.exe
[2011/05/30 19:55:34 | 000,001,443 | ---- | M] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 19:15:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/05/30 19:15:18 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/05/30 19:13:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/10 16:21:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini

========== Files Created - No Company Name ==========

[2011/06/08 11:21:13 | 000,511,488 | ---- | C] () -- C:\Users\Debra\Desktop\RogueKiller.exe
[2011/06/08 11:21:06 | 000,606,105 | ---- | C] () -- C:\Users\Debra\Desktop\unhide.exe
[2011/06/01 16:13:59 | 000,002,511 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2011/06/01 16:12:51 | 001,181,966 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/06/01 14:29:25 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/06/01 14:29:25 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/06/01 14:29:25 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2011/06/01 14:29:25 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/06/01 14:29:25 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/06/01 14:29:25 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2011/06/01 14:29:25 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2011/06/01 14:29:25 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2011/06/01 14:29:25 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/06/01 14:29:25 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/06/01 14:29:25 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2011/06/01 14:28:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2011/06/01 14:28:54 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/05/30 20:58:48 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/30 20:58:48 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/05/30 20:15:26 | 000,109,064 | ---- | C] () -- C:\Windows\SysNative\EasyHook64.dll
[2011/05/30 20:15:10 | 000,002,235 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2011/05/30 20:15:10 | 000,002,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
[2011/05/30 20:09:37 | 000,000,024 | R--- | C] () -- C:\Windows\DELL_version
[2011/05/30 19:55:34 | 000,001,443 | ---- | C] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 19:25:30 | 000,001,415 | ---- | C] () -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/05/30 19:25:18 | 000,001,449 | ---- | C] () -- C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/30 19:24:32 | 000,000,290 | ---- | C] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/30 19:24:32 | 000,000,272 | ---- | C] () -- C:\Users\Debra\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/30 19:15:06 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/05/30 19:15:02 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/05/30 19:13:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/05/26 20:50:43 | 3190,050,816 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/12 15:32:16 | 000,104,456 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/30 20:48:33 | 000,000,000 | ---D | M] -- C:\Users\Debra\AppData\Roaming\ID Vault
[2009/07/13 22:08:49 | 000,004,352 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#8
Essexboy
Posted 09 June 2011 - 04:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You look to have all your files and folders back now - could you confirm that please

Also what are your current problems

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
JBow747
Posted 10 June 2011 - 07:32 PM

JBow747

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Well it looks like all of the files are there.

Here is the Malware Report and as you can see when I opened the report to copy and paste to this reply the forward slashes started running across the first line.
Also when I turned on the computer tonight and clicked on the start button the same problem that I had has come back. The start menu is blank and the forward slashes are in the search box.

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\kMalwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6822

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/9/2011 7:30:06 PM
mbam-log-2011-06-09 (19-30-06).txt

Scan type: Quick scan
Objects scanned: 155738
Time elapsed: 1 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Essexboy
Posted 11 June 2011 - 05:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sounds like a stuck key to me :) Could you check it out

Re-run Rogue killer please - and select option 6 again

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements

#11
JBow747
Posted 13 June 2011 - 09:37 PM

JBow747

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
That ComboFix program took 8 hrs to complete.

I found out that if you stop the slashes from filling up the search box and then backspace
to remove the slashes the start menu returns to normal.

Also after the combofix program ended something happened to my internet connect. It looks like the network
adapter doesn't what to obtain the IP address automaticaly. The local area connection has a red x on it.

Here is the ComboFix report

ComboFix 11-06-11.01 - Debra 06/12/2011 12:47:01.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2828 [GMT -7:00]
Running from: c:\users\Debra\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-13 to 2011-06-13 )))))))))))))))))))))))))))))))
.
.
2011-06-13 02:35 . 2011-06-13 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-12 06:21 . 2011-06-12 06:21 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-06-11 03:11 . 2011-06-11 03:11 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-11 03:11 . 2011-06-11 03:11 -------- d-----w- c:\windows\system32\Wat
2011-06-11 03:08 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-06-11 03:08 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-06-11 03:07 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-06-11 03:07 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-06-11 03:04 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-06-11 02:20 . 2011-06-11 02:20 -------- d-----w- c:\windows\en
2011-06-11 02:19 . 2011-06-11 02:19 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-06-11 02:18 . 2011-06-11 02:19 -------- d-----w- c:\program files (x86)\Windows Live
2011-06-11 02:18 . 2011-06-11 02:18 -------- d-----w- c:\program files\Windows Live
2011-06-11 02:17 . 2011-06-11 02:17 -------- d-----w- c:\windows\PCHEALTH
2011-06-11 02:17 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-06-11 02:17 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-06-11 02:17 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-06-11 02:17 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-06-11 02:16 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-06-11 02:16 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-06-11 02:15 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-06-11 02:15 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-06-11 02:15 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-06-11 02:15 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-06-11 02:14 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2011-06-11 02:14 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-06-11 02:14 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-06-11 02:14 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-06-11 02:14 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-06-11 02:14 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2011-06-11 02:14 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-06-11 02:12 . 2011-06-11 02:12 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-06-10 02:24 . 2011-05-29 16:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-10 02:24 . 2011-06-10 02:24 -------- d-----w- c:\programdata\Malwarebytes
2011-06-10 02:24 . 2011-06-10 02:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-10 02:24 . 2011-05-29 16:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-08 00:29 . 2011-06-08 00:29 -------- d-----w- C:\_OTL
2011-06-01 22:52 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-06-01 22:52 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-06-01 22:43 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-06-01 22:43 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-06-01 22:43 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-06-01 22:43 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-06-01 22:43 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-06-01 22:43 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-01 22:43 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-06-01 22:43 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-01 22:43 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-06-01 22:43 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-01 21:33 . 2009-12-11 10:29 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-06-01 21:26 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-06-01 21:26 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-06-01 21:26 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-06-01 21:26 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-06-01 21:26 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-06-01 21:26 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-06-01 21:26 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-06-01 21:26 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-06-01 21:26 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-06-01 21:26 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-06-01 21:26 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-06-01 21:26 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-05-31 04:11 . 2011-05-31 04:11 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-05-31 03:58 . 2011-05-31 03:58 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-31 03:58 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-31 03:58 . 2011-06-01 21:29 -------- d-----w- c:\program files\Symantec
2011-05-31 03:58 . 2011-06-01 21:29 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-05-31 03:58 . 2011-05-31 03:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-05-31 03:58 . 2010-08-21 04:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-05-31 03:58 . 2010-08-21 04:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-05-31 03:58 . 2011-06-01 23:14 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-05-31 03:58 . 2011-05-31 03:58 -------- d-----w- c:\program files (x86)\Norton Security Suite
2011-05-31 03:58 . 2011-05-31 03:58 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-05-31 03:50 . 2011-05-31 03:58 -------- d-----w- c:\programdata\Norton
2011-05-31 03:45 . 2011-05-31 03:45 -------- d-----w- c:\programdata\IsolatedStorage
2011-05-31 03:15 . 2011-03-04 01:57 29288 ------w- c:\windows\system32\drivers\gidv2.sys
2011-05-31 03:15 . 2011-03-04 02:04 65816 ------w- c:\windows\system32\GIDLogonCP64.dll
2011-05-31 03:15 . 2011-03-04 02:03 461592 ------w- c:\windows\system32\GIDHOOK64.DLL
2011-05-31 03:15 . 2011-03-04 02:03 444704 ------w- c:\windows\system32\GIDHookLogon64.dll
2011-05-31 03:15 . 2011-03-04 02:02 100624 ------w- c:\windows\system32\GIDBIN3.DLL
2011-05-31 03:15 . 2011-03-04 02:01 205072 ------w- c:\windows\system32\GIDBIN1.DLL
2011-05-31 03:15 . 2009-06-12 22:32 109064 ------w- c:\windows\system32\EasyHook64.dll
2011-05-31 03:15 . 2011-05-31 03:15 -------- d-----w- c:\programdata\GID
2011-05-31 03:15 . 2011-05-31 03:15 -------- d-----w- c:\program files (x86)\SFT
2011-05-31 03:15 . 2011-06-12 06:27 -------- d-sh--w- c:\windows\Installer
2011-05-31 03:15 . 2011-06-08 00:41 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2011-05-31 03:14 . 2011-05-31 03:14 -------- d-----w- c:\programdata\White Sky, Inc
2011-05-31 03:10 . 2011-05-31 02:24 -------- d-----w- c:\windows\Panther
2011-05-31 03:09 . 2011-05-31 03:09 -------- d-----w- c:\windows\system32\oem
2011-05-31 02:56 . 2011-05-31 02:56 -------- d-----w- C:\Windows.old
2011-05-31 02:54 . 2011-05-25 02:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C3DDE10-8969-4FFB-B0BC-BFF416802CEC}\mpengine.dll
2011-05-31 02:24 . 2011-05-31 02:25 -------- d-----w- c:\users\Debra
2011-05-31 02:24 . 2011-05-31 02:24 -------- d-----w- C:\Recovery
2011-05-27 02:49 . 2011-05-27 02:49 -------- d-----w- C:\Emergency
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 02:17 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}]
2011-06-02 19:07 99912 ----a-w- c:\program files (x86)\Constant Guard Protection Suite\NativeBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-03-04 393992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-6-2 3231816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110518.001\BHDrvx64.sys [2011-05-18 1127032]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110604.001\IDSvia64.sys [2011-06-03 488056]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-06-02 60488]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-30 136824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-03-04 02:04 433416 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2096802238-3003698342-1757290977-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2096802238-3003698342-1757290977-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-12 19:46:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-13 02:46
.
Pre-Run: 66,799,480,832 bytes free
Post-Run: 66,346,524,672 bytes free
.
- - End Of File - - 5A390BF6EB686AC2673946B73251E00F

Thanks for all your help.
  • 0

#12
Essexboy
Posted 14 June 2011 - 11:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A reboot should clear the connection problem

I found out that if you stop the slashes from filling up the search box and then backspace
to remove the slashes the start menu returns to normal.

Could you check to ensure that the slash key is not being sticky

At the moment I can see no apparent malware

However, we can confirm that although this AV scan will take an hour or so

Download Dr Web from here Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
  • 0

#13
JBow747
Posted 15 June 2011 - 05:00 PM

JBow747

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
The slash key is not sticking.
I ran DrWeb it said there was no infected files and it did not create a report.
I still have that problem when I click on the start button.
A reboot did not cure my connection problem.
  • 0

#14
Essexboy
Posted 16 June 2011 - 10:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets check the network connection first

Download the attached zip file - extract and then run
[attachment=50841:MicrosoftFixit50199.zip]

NEXT

  • To open a command prompt, click Start > All Programs > Accessories and then right click command prompt and select run as administrator.
  • Copy and paste (or type) the following command in the command box box and then press ENTER:
    netsh winsock reset c:\resetlog.txt
  • Reboot the computer.
  • In next reply please post content of the file c:\resetlog.txt

THEN

Download aswMBR.exe ( 567KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#15
JBow747
Posted 18 June 2011 - 12:14 PM

JBow747

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Ok I ran the Microsoft Fit It program and put netsh winsock reset c:\resetlog.txt in the
command prompt, I rebooted the computer but no resetlog.txt showed up.

I then ran aswMBR. Here is the log file.
aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-17 16:34:08
-----------------------------
16:34:08.064 OS Version: Windows x64 6.1.7600
16:34:08.064 Number of processors: 2 586 0x170A
16:34:08.064 ComputerName: DEBRA-PC UserName: Debra
16:34:09.656 Initialize success
16:34:16.769 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:34:16.769 Disk 0 Vendor: TOSHIBA_MK3263GSX FG021D Size: 305245MB BusType: 11
16:34:18.828 Disk 0 MBR read successfully
16:34:18.828 Disk 0 MBR scan
16:34:18.828 Disk 0 Windows 7 default MBR code
16:34:18.828 Service scanning
16:34:22.245 Disk 0 trace - called modules:
16:34:22.260 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:34:22.276 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004464060]
16:34:22.276 3 CLASSPNP.SYS[fffff880011c643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800416b060]
16:34:22.276 Scan finished successfully
16:35:16.689 Disk 0 MBR has been saved successfully to "C:\Users\Debra\Desktop\MBR.dat"
16:35:16.689 The log file has been saved successfully to "C:\Users\Debra\Desktop\aswMBR.txt"

I still have no internet connection and the start menu is still doing the same thing.

I was thinking about formating the c drive and reloading windows from the disk that Dell sent with the computer.

Again thanks for all your help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP