Jump to content

odb

Members
 View Profile  See their activity

  • Posts

    39

  • Joined

  • Last visited

Tech Info

  • Experience
    some_experience
  • System: windows_7_home_premium

odb's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. odb
    i have not tried safe mode but right now the cpu mem usage is around 70/80% see attached pic screenshot.doc
  2. odb
    msmpeng uses a lot its not one particular process.
  3. odb
    ran the scan again and removed the infected files. computer is running OK but every now and then cpu is still showing 100%. may b its just getting old.
  4. odb
    9 infected and 0 removed. do i run it again?
  5. odb
    scan took over 3 hours cpu memory was at 100% most of the time. here is the report: C:\Documents and Settings\Owner\My Documents\Downloads\cbbleepingregistrybooster.exe a variant of Win32/RegistryBooster application C:\Documents and Settings\Owner\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029101.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029126.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029127.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029128.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029129.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029130.rbf Win32/RegistryBooster application C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP399\A0029158.rbf Win32/RegistryBooster application
  6. odb
    as i was doing the eset scan. avira picked up 2 viruses. this is the report of avira: Avira AntiVir Personal Report file date: 27 May 2011 23:36 Scanning for 2770518 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : YOUR-Q7FWQX3NCP Version information: BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00 AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/1/2011 16:07:43 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2011 16:07:57 LUKE.DLL : 10.0.3.2 104296 Bytes 4/1/2011 16:07:53 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 15:15:47 VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 15:15:47 VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 19:25:32 VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 19:25:32 VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 19:25:32 VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 19:25:32 VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 19:25:32 VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 19:25:32 VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 19:25:32 VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 19:25:32 VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 19:25:32 VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 19:25:33 VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 19:25:33 VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 19:25:33 VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 19:25:34 VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 19:25:34 VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 19:25:35 VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 19:25:35 VBASE019.VDF : 7.11.7.45 427520 Bytes 4/27/2011 19:25:36 VBASE020.VDF : 7.11.7.64 192000 Bytes 4/28/2011 19:25:37 VBASE021.VDF : 7.11.7.97 182272 Bytes 5/2/2011 19:25:37 VBASE022.VDF : 7.11.7.127 467968 Bytes 5/4/2011 19:25:38 VBASE023.VDF : 7.11.7.183 185856 Bytes 5/9/2011 19:25:39 VBASE024.VDF : 7.11.7.218 133120 Bytes 5/11/2011 19:25:39 VBASE025.VDF : 7.11.7.234 139776 Bytes 5/11/2011 19:25:39 VBASE026.VDF : 7.11.8.16 147456 Bytes 5/13/2011 19:25:40 VBASE027.VDF : 7.11.8.46 169472 Bytes 5/17/2011 19:25:40 VBASE028.VDF : 7.11.8.109 181760 Bytes 5/24/2011 19:03:40 VBASE029.VDF : 7.11.8.158 191488 Bytes 5/27/2011 17:13:46 VBASE030.VDF : 7.11.8.159 2048 Bytes 5/27/2011 17:13:46 VBASE031.VDF : 7.11.8.160 2048 Bytes 5/27/2011 17:13:46 Engineversion : 8.2.5.6 AEVDF.DLL : 8.1.2.1 106868 Bytes 3/28/2011 15:15:27 AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 5/27/2011 17:14:49 AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 15:15:27 AESBX.DLL : 8.2.1.33 323956 Bytes 5/24/2011 19:04:33 AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 11:21:38 AEPACK.DLL : 8.2.6.8 557430 Bytes 5/18/2011 19:25:47 AEOFFICE.DLL : 8.1.1.23 205178 Bytes 5/27/2011 17:14:40 AEHEUR.DLL : 8.1.2.122 3494263 Bytes 5/27/2011 17:14:37 AEHELP.DLL : 8.1.17.2 246135 Bytes 5/20/2011 18:20:14 AEGEN.DLL : 8.1.5.6 401780 Bytes 5/20/2011 18:20:14 AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 15:15:19 AECORE.DLL : 8.1.21.1 196983 Bytes 5/24/2011 19:03:45 AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 15:15:19 AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 15:15:31 AVPREF.DLL : 10.0.0.0 44904 Bytes 4/1/2011 16:07:42 AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 19:25:50 AVREG.DLL : 10.0.3.2 53096 Bytes 4/1/2011 16:07:42 AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/1/2011 16:07:43 AVARKT.DLL : 10.0.22.6 231784 Bytes 4/1/2011 16:07:38 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 4/1/2011 16:07:41 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 14:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 15:15:30 NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 15:15:39 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 4/1/2011 16:07:58 RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/28/2011 15:15:52 Configuration settings for the scan: Jobname.............................: avguard_async_scan Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4e19b462\guard_slideup.avp Logging.............................: low Primary action......................: repair Secondary action....................: quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: high Start of the scan: 27 May 2011 23:36 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'taskmgr.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP401\A0029186.dll' C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP401\A0029186.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4c0986c9.qua'. Begin scan in 'C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP401\A0029187.exe' C:\System Volume Information\_restore{69EE390C-99FC-4477-AB84-45CF4B9BFD7E}\RP401\A0029187.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '549ea96e.qua'. End of the scan: 27 May 2011 23:36 Used time: 00:30 Minute(s) The scan has been done completely. 0 Scanned directories 34 Files were scanned 2 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 32 Files not concerned 0 Archives were scanned 0 Warnings 2 Notes The scan results will be transferred to the Guard.
  7. odb
    sorry for the delay in response. Right-click on wuacult.exe and select Open File Location (note, let me know if you don't have that option...I do with Windows 7) i dont have this option but it seems to be ok now :) even youtube is working fine again. have not been on my pc this weekend but i dont think wuacult comes on everytime i switch on now. i wil check again when i go home tonight. Etavares thank you very much for your help your time and efforts. let me know if i can buy you a drink :))))))
  8. odb
    it is wuauclt.exe which is the updater. but does this procees run all time? or everytime you turn pc on? it takes up a lot of memory and slows the pc down.
  9. odb
    its with youtube. very strange. i will try a different brwoser. maybe its chrome.
  10. odb
    also wuacult.exe is still using a lot of memory when i turn on my pc. anyway we can get rid of this?
  11. odb
    thanks for the help so far. you have been great the issues with YouTube are: on the search box when you type something it should give suggestions/option for your subject. this does not happen when i search the search comes back but the search options does not work ( where it gives you ) some of the videos do not even load hard to explain but they are minor things but still annoying that i can’t have the normal use of youtube.
  12. odb
    right we are getting there man thankssssssssssss i removed norton in one go as the firewall was also removed. installed avira and turned on win firewall. yahoo seems to be working as normal again and browsing feels faster and better so thank you very much for your help. this bloody youtube is still laying up. i cant search, cant use search options, does not auto fill/suggest and etc
  13. odb
    should i just download the norton removal tool and take it from there or do i need a CD ?
  14. odb
    2nd OTL log: OTL logfile created on: 17/05/2011 23:51:34 - Run 4 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 511.00 Mb Total Physical Memory | 97.00 Mb Available Physical Memory | 19.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.60 Gb Total Space | 34.58 Gb Free Space | 48.29% Space Free | Partition Type: NTFS Drive D: | 4.71 Gb Total Space | 1.17 Gb Free Space | 24.72% Space Free | Partition Type: FAT32 Computer Name: YOUR-Q7FWQX3NCP | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/05/14 15:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe PRC - [2011/05/07 12:57:16 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe PRC - [2002/11/15 10:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton AntiVirus\Navapsvc.exe PRC - [2002/11/15 10:29:06 | 000,054,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2002/11/14 19:31:24 | 000,140,992 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\NISUM.EXE PRC - [2002/11/14 19:30:06 | 000,034,496 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe PRC - [2002/11/14 07:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe ========== Modules (SafeList) ========== MOD - [2011/05/14 15:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/05/16 22:07:29 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai) SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC) SRV - [2002/11/15 10:41:26 | 000,116,336 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Norton AntiVirus\Navapsvc.exe -- (navapsvc) SRV - [2002/11/15 10:30:02 | 000,100,032 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc) SRV - [2002/11/14 19:31:24 | 000,140,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\NISUM.EXE -- (NISUM) SRV - [2002/11/14 19:30:06 | 000,034,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe -- (ccPxySvc) SRV - [2002/11/14 07:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) ========== Driver Services (SafeList) ========== DRV - [2010/07/21 09:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVEX15.SYS -- (NAVEX15) DRV - [2010/07/21 09:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVENG.SYS -- (NAVENG) DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/08/04 06:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr) DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2003/09/18 13:47:56 | 000,035,552 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SAVRTPEL.SYS -- (SAVRTPEL) DRV - [2003/09/18 13:47:48 | 000,235,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SAVRT.SYS -- (SAVRT) DRV - [2003/03/01 14:38:56 | 000,576,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003/02/27 03:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2002/12/27 19:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1) DRV - [2002/12/25 06:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP) DRV - [2002/11/14 07:46:50 | 000,073,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2002/11/07 13:07:14 | 000,233,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI) DRV - [2002/11/07 13:07:10 | 000,015,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2002/11/07 13:06:58 | 000,094,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIDSCo.sys -- (SYMIDSCO) DRV - [2002/11/07 13:06:54 | 000,039,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS) DRV - [2002/11/07 13:06:48 | 000,050,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS) DRV - [2002/11/07 13:06:42 | 000,138,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW) DRV - [2002/11/07 13:06:38 | 000,011,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS) DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2002/09/07 02:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2002/07/11 14:39:34 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2001/08/18 03:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) DRV - [2001/06/04 22:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/29 23:39:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 19:21:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/17 20:48:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/29 23:39:06 | 000,000,000 | ---D | M] [2011/03/27 11:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2011/05/17 20:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/05/17 20:49:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} File not found (No name found) -- [2010/07/11 23:17:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/08/08 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/04/29 19:20:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/05/09 00:38:42 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation) O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) O3 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ccRegVfy] c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275863542500 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/01/02 09:43:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-3771520934-3417903565-3085154701-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011/05/17 23:44:50 | 000,000,000 | ---D | C] -- C:\_OTL [2011/05/17 20:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/05/17 20:48:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011/05/17 20:48:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011/05/17 20:48:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011/05/17 20:46:31 | 000,887,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\chromeinstall-6u25.exe [2011/05/16 22:12:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/05/14 21:02:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/05/14 21:02:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/05/14 21:02:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/05/14 21:02:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/05/14 21:01:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/05/14 21:00:31 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/05/12 23:52:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent [2011/05/12 23:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner [2011/05/12 23:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware [2011/05/09 00:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo [2011/05/04 21:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/17 23:56:15 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe [2011/05/17 23:51:47 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/05/17 23:48:32 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/05/17 23:48:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/05/17 23:48:23 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2011/05/17 22:33:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/05/17 22:11:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003UA.job [2011/05/17 20:46:23 | 000,887,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\Desktop\chromeinstall-6u25.exe [2011/05/16 00:12:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/16 00:11:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771520934-3417903565-3085154701-1003Core.job [2011/05/15 13:25:46 | 004,348,448 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\etavaresCF.exe [2011/05/14 20:12:53 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk [2011/05/14 20:12:53 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/05/14 18:08:57 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/14 15:44:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable [2011/05/09 20:42:11 | 000,026,415 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hejazi.jpg [2011/05/09 00:38:42 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/04/29 22:58:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/04/29 20:01:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job [2011/04/24 02:01:12 | 000,333,332 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Project1.png [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/17 23:54:58 | 052,676,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe [2011/05/14 21:02:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/05/14 21:02:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/05/14 21:02:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/05/14 21:02:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/05/14 21:02:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/05/14 20:58:17 | 004,348,448 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\etavaresCF.exe [2011/05/14 15:44:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable [2011/05/09 20:42:19 | 000,026,415 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hejazi.jpg [2011/04/24 02:01:11 | 000,333,332 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Project1.png [2011/01/30 18:50:52 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2010/11/01 22:42:46 | 000,047,836 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/09/04 03:04:15 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/06 22:56:24 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2010/08/06 22:56:24 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2010/08/06 22:56:24 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2010/08/06 22:56:24 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2010/08/06 22:56:24 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2010/08/06 22:56:24 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2010/08/06 22:56:24 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2010/08/06 22:56:24 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2010/08/06 22:56:24 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2010/08/06 22:56:24 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2010/08/06 22:56:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2010/08/06 22:56:24 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2010/08/06 22:56:24 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2010/08/06 22:56:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2010/08/06 22:56:24 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2010/08/06 22:56:24 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2010/08/06 22:56:24 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2010/08/06 22:56:24 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2010/08/06 22:56:24 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2010/06/12 21:14:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\WNMHINDR.EXE [2010/06/12 21:14:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NMH040A.DLL [2010/06/12 14:02:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/06/07 00:19:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2010/06/06 23:38:11 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{D3BB659E-119D-49C0-AF14-6126292918E1}.dat [2010/06/06 23:38:11 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{C7C32029-BF24-4C40-BAC0-E79142AD897F}.dat [2010/06/06 23:21:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2003/03/20 00:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2003/01/02 16:32:39 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/01/02 16:32:13 | 000,434,138 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003/01/02 16:32:13 | 000,068,042 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003/01/02 16:31:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003/01/02 12:53:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/01/02 12:53:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll [2003/01/02 12:41:28 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{FB87616A-9CEE-411F-8EC4-E9C6E419DF82}.dat [2003/01/02 12:41:28 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{E71BF92A-8764-401B-8F93-576AD165DB73}.dat [2003/01/02 12:41:22 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SR2.dat [2003/01/02 10:38:33 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll [2003/01/02 10:38:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2003/01/02 10:22:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003/01/02 10:16:05 | 000,184,405 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [2003/01/02 10:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin [2003/01/02 10:12:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin [2003/01/02 10:02:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/01/02 09:53:19 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll [2003/01/02 09:53:19 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll [2003/01/02 09:53:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2003/01/02 09:47:22 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/01/02 09:45:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2003/01/02 09:41:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2003/01/02 09:36:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2003/01/02 09:35:36 | 000,259,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2003/01/02 02:43:25 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini [2003/01/02 02:43:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini [2003/01/01 10:26:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2003/01/01 09:42:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003/01/01 09:42:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003/01/01 09:41:36 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003/01/01 09:13:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003/01/01 09:13:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003/01/01 09:13:05 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003/01/01 09:12:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003/01/01 09:12:52 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/05/24 16:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll [2002/05/24 16:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 364 bytes -> C:\Documents and Settings\Owner\Desktop\Vietnam 009.Spp:�SummaryInformation < End of report > trying remove norton but i do not have the cd as it came built in. the instructions say i need to upgrade my norton. what should i do?
  15. odb
    run fix log: ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully. File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found. Starting removal of ActiveX control DirectAnimation Java Classes Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found. File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. OTL by OldTimer - Version 3.2.22.3 log created on 05172011_234450
×
×
  • Create New...