Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what I'm infected with - Symantec problem?


  • This topic is locked This topic is locked
24 replies to this topic

#1 PearlIzumi

PearlIzumi

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 15 November 2010 - 01:35 PM

Hi - when I turn my PC on, a window pops up and started counting up all the warnings and "infections" I have. It's a Symantec Antivirus window. I haven't had symantec turned on on this computer in years. If you close it, it immediately pops open again and starts over counting at 1. It will go continuously like that forever. Thanks in advance for your help.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-27 15:58:01
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\PEARLI~1\LOCALS~1\Temp\kwdyrpow.sys


---- System - GMER 1.0.15 ----

SSDT E197C9F8 ZwConnectPort
SSDT F7CB7DA6 ZwCreateKey
SSDT F7CB7D9C ZwCreateThread
SSDT F7CB7DAB ZwDeleteKey
SSDT F7CB7DB5 ZwDeleteValueKey
SSDT F7CB7DBA ZwLoadKey
SSDT F7CB7D88 ZwOpenProcess
SSDT F7CB7D8D ZwOpenThread
SSDT F7CB7DC4 ZwReplaceKey
SSDT F7CB7DBF ZwRestoreKey
SSDT F7CB7DB0 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAAB72620]

Code \??\C:\DOCUME~1\PEARLI~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF704CF80]
? C:\DOCUME~1\PEARLI~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\PEARLI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ1F15.tmp 401780 bytes executable
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0270043F.VBN 405456 bytes
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02700451.VBN 405456 bytes
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02700463.VBN 405456 bytes
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02700475.VBN 405456 bytes
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02700487.VBN 405456 bytes
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02700499.VBN 405456 bytes
File C:\WINDOWS\temp\qef3435.tmp 0 bytes
File C:\WINDOWS\temp\qsp3436.tmp 0 bytes

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-03-17.01) - NTFSx86
Run by Pearl Izumi at 13:48:44.98 on Mon 09/27/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.513 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pearl Izumi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.pearlizumi.com/
uInternet Settings,ProxyServer = 172.23.136.11:8080
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_07\bin\jusched.exe
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe"
mRun: [Client Access PC5250 Sound] "c:\program files\ibm\client access\emulator\pcssnd.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {C30CCC1A-F095-412F-ABFB-B14386595929} = 172.23.136.10,172.23.136.12
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 10.10.0.130 009aws1
Hosts: 10.10.0.132 ao4-reg2

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pearli~1\applic~1\mozilla\firefox\profiles\kljtf774.default\
FF - prefs.js: network.proxy.ftp - 172.23.136.11
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 172.23.136.11
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 172.23.136.11
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 172.23.136.11
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 172.23.136.11
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-2 11608]
R1 oxpar;OX16PCI95x Parallel port driver;c:\windows\system32\drivers\oxpar.sys [2006-12-13 75904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-2 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-2 60936]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-10 255600]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2004-12-10 292464]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-10 243312]
R2 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2004-12-30 153416]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2004-12-30 1107784]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070328.019\naveng.sys [2007-3-28 80472]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070328.019\navex15.sys [2007-3-28 852600]
R3 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2004-2-9 301200]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-10 87664]

=============== Created Last 30 ================

2010-09-27 20:15:55 77312 ----a-w- c:\windows\MBR.exe
2010-09-27 20:15:54 256512 ----a-w- c:\windows\PEV.exe
2010-09-27 20:15:53 161792 ----a-w- c:\windows\SWREG.exe
2010-09-27 20:15:52 98816 ----a-w- c:\windows\sed.exe
2010-09-27 20:15:27 0 d-----w- C:\ComboFix

==================== Find3M ====================


============= FINISH: 13:49:12.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 23 November 2010 - 06:44 PM

Hello PearlIzumi

Welcome to BleepingComputer :)
Are you still in need of assistance?
If so let me know the names of the infections that Symantec is detecting.
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 26 November 2010 - 11:59 AM

Um, it just counts infections up into the thousands. You want me to list them? I do still need help. I think the Symantec is a virus?

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 26 November 2010 - 01:47 PM

Symantec is an antivirus product.
I just want to know a few of the names it detects and file path's to what it detects.
For example C:\Documents and settings\threat name.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 26 November 2010 - 01:56 PM

Yeah, but I'm saying, it shouldn't be acting like this AND I've never had Symantec turned on OR used on this computer. Ever. I use Avira and the Symantec "detection" is C:\DocumentsandSettings\allusers\ApplicationData\Avira\Antivirus and then I can't see the rest of the file because it won't let me scroll over. It counts up into the thousands like this.

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 26 November 2010 - 02:15 PM

It was more than likely installed on the system as a trial and has expired probably many years ago.
Either way it is detecting items in Avira's quarantine nothing to worry about.
Goto start > Control Panel > add\remove programs then uninstall Norton or Symantec.
They are the same thing just may be named differently.

Do that then reboot and post the OTL log please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 26 November 2010 - 02:32 PM

What do I do if the add/remove program won't let me? It gives me an internal error.

#8 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 26 November 2010 - 04:25 PM

Look, I went through and manually tried to delete as many of the Symantec files as I could and Windows installer just keeps trying to reinstall it every 10 seconds now and the file alert keeps running. This is NOT right.

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 26 November 2010 - 05:50 PM

Please do not manually delete files yourself this will only cause more issues.
Use the removal tool found here > http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&selected_nav=&pvid=&docurl=20080710132259EN
Download and save the file to your desktop then double click to run it.
Reboot when prompted then post the OTL log please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 26 November 2010 - 06:12 PM

Hi... thanks for your continued help.

When I run the removal tool you asked me to, it tells me that it can't do anything until i manually remove the following programs using my computers add/remove programs tool: Symantec Antivirus 9, Symantec Client Firewall.

Which my computer won't let me do... back to square one.

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 26 November 2010 - 06:49 PM

Please download the Windows installer cleanup utility from here:
http://majorgeeks.com/download.php?det=4459

Install it then go to start > all programs> Windows installer cleanup.
Double click on it to run.
Then scroll down until you see Norton or symantec highlight then click on remove do the same for each symantec\norton entry until they are all gone.
Then rerun the Norton removal tool to remove any leftovers.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 26 November 2010 - 06:57 PM

I dl'ed and ran the windows installer cleanup, but it's still giving me the same error when I run the norton removal tool. That being said, I no longer have a symantic warning that won't close on my desktop, so that's a bonus. :)

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 26 November 2010 - 07:18 PM

Ok good some progress.
Let's remove it manually then.
Please run the OTL program and post it 's log.
The directions are here> http://www.bleepingcomputer.com/forums/topic360736.html/page__view__findpost__p__2030156
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 PearlIzumi

PearlIzumi
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 26 November 2010 - 07:42 PM

OTL logfile created on: 11/26/2010 4:32:22 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Pearl Izumi\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 507.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 50.91 Gb Free Space | 68.38% Space Free | Partition Type: NTFS
Drive R: | 74.47 Gb Total Space | 49.21 Gb Free Space | 66.08% Space Free | Partition Type: NTFS

Computer Name: AO9-REG2 | User Name: Pearl Izumi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/26 16:32:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pearl Izumi\Desktop\OTL.exe
PRC - [2010/06/29 09:48:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/05 18:44:16 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 12:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2006/05/03 00:56:56 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
PRC - [2004/12/30 12:19:40 | 000,120,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2004/12/30 12:19:36 | 000,153,416 | ---- | M] (symantec) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
PRC - [2004/12/30 12:19:32 | 001,107,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/12/30 12:19:26 | 000,030,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2004/12/30 10:17:56 | 000,259,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2004/12/23 17:19:40 | 000,202,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/12/10 16:02:34 | 000,243,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/12/10 16:02:30 | 000,292,464 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2004/12/10 16:02:28 | 000,255,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/12/10 16:02:26 | 000,067,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/10/14 12:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/26 16:32:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pearl Izumi\Desktop\OTL.exe
MOD - [2004/08/04 04:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/01 12:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2004/12/30 12:19:36 | 000,153,416 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/12/30 12:19:32 | 001,107,784 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/12/30 12:19:26 | 000,030,528 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/12/30 10:17:56 | 000,259,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2004/12/23 17:19:40 | 000,202,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/12/10 16:02:34 | 000,243,312 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/12/10 16:02:32 | 000,087,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/12/10 16:02:30 | 000,292,464 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2004/12/10 16:02:28 | 000,255,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PEARLI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/01/22 19:02:37 | 000,080,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070328.019\NAVENG.SYS -- (NAVENG)
DRV - [2007/01/22 19:02:18 | 000,852,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070328.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2005/12/14 06:42:18 | 000,228,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/03/17 14:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/12/23 17:19:18 | 000,264,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/12/23 17:19:16 | 000,016,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/12/23 17:19:14 | 000,047,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2004/12/23 17:19:12 | 000,052,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2004/12/23 17:19:10 | 000,166,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2004/12/23 17:19:08 | 000,011,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/05/31 02:00:50 | 000,075,904 | ---- | M] (SIIG, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oxpar.sys -- (oxpar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pearlizumi.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.23.136.11:8080

========== FireFox ==========

FF - prefs.js..network.proxy.backup.ftp: "172.23.136.11"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "172.23.136.11"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "172.23.136.11"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "172.23.136.11"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "172.23.136.11"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.23.136.11"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.23.136.11"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.23.136.11"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "172.23.136.11"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/13 15:31:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/05 18:44:23 | 000,000,000 | ---D | M]

[2009/05/31 13:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pearl Izumi\Application Data\Mozilla\Extensions
[2009/05/31 13:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pearl Izumi\Application Data\Mozilla\Firefox\Profiles\kljtf774.default\extensions
[2009/05/31 13:29:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/05/29 11:38:09 | 000,000,787 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.10.0.130 009aws1
O1 - Hosts: 10.10.0.132 ao4-reg2
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access PC5250 Sound] C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe (IBM)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\NPJPI150_07.dll (Sun Microsystems, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/23 11:25:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/14 20:37:46 | 009,818,624 | ---- | M] (RTI) - R:\Auto.exe -- [ NTFS ]
O32 - AutoRun File - [2005/03/22 17:05:42 | 000,227,356 | ---- | M] () - R:\Auto.mld -- [ NTFS ]
O32 - AutoRun File - [2005/05/25 12:33:20 | 000,000,967 | ---- | M] () - R:\AutoUtils.sec -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/26 16:31:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pearl Izumi\Desktop\OTL.exe
[2010/11/26 15:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/11/26 15:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/11/26 15:47:58 | 000,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Pearl Izumi\Desktop\msicuu2.exe
[2010/11/26 12:54:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/26 16:32:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pearl Izumi\Desktop\OTL.exe
[2010/11/26 15:48:08 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Pearl Izumi\Desktop\msicuu2.exe
[2010/11/26 14:55:35 | 000,924,816 | ---- | M] () -- C:\Documents and Settings\Pearl Izumi\Desktop\Norton_Removal_Tool.exe
[2010/11/26 13:20:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/26 10:50:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/15 10:19:17 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/15 10:19:17 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/26 14:55:12 | 000,924,816 | ---- | C] () -- C:\Documents and Settings\Pearl Izumi\Desktop\Norton_Removal_Tool.exe
[2006/12/14 16:23:56 | 000,000,043 | ---- | C] () -- C:\WINDOWS\RPROschd.INI
[2006/12/14 16:23:07 | 000,000,034 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/10/27 13:28:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/27 11:43:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/10/27 10:36:15 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2006/10/27 10:36:04 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2006/10/27 10:36:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2006/10/27 10:36:04 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2006/10/27 10:36:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2006/10/27 10:36:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2006/10/27 10:36:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2006/10/27 10:36:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2006/10/27 10:36:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2006/10/27 09:31:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/23 05:15:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/20 07:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/08/04 04:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========


========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 11/26/2010 4:32:24 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Pearl Izumi\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 507.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 50.91 Gb Free Space | 68.38% Space Free | Partition Type: NTFS
Drive R: | 74.47 Gb Total Space | 49.21 Gb Free Space | 66.08% Space Free | Partition Type: NTFS

Computer Name: AO9-REG2 | User Name: Pearl Izumi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FIREWALLDISABLENOTIFY" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ClientAccessExpress" = IBM iSeries Access for Windows
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2010 2:53:48 PM | Computer Name = AO9-REG2 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Jeefo in File: C:\Documents and Settings\All
Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_171f23da\000000C5-FF5BB521.av$
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/26/2010 2:53:48 PM | Computer Name = AO9-REG2 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Jeefo in File: C:\Documents and Settings\All
Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_16e0ef64\00000B2E-BBE9F06C.av$
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/26/2010 2:53:49 PM | Computer Name = AO9-REG2 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Jeefo in File: C:\Documents and Settings\All
Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_171f23da\000000C6-0F8CEA88.av$
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/26/2010 2:53:49 PM | Computer Name = AO9-REG2 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Jeefo in File: C:\Documents and Settings\All
Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_16e0ef64\00000B30-4A165355.av$
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/26/2010 2:53:49 PM | Computer Name = AO9-REG2 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Jeefo in File: C:\Documents and Settings\All
Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_16e0ef64\00000B32-0497D8F0.av$
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/26/2010 2:53:50 PM | Computer Name = AO9-REG2 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Jeefo in File: C:\Documents and Settings\All
Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_171f23da\000000C7-5D1A5DE3.av$
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/26/2010 2:53:50 PM | Computer Name = AO9-REG2 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Jeefo in File: C:\Documents and Settings\All
Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_16e0ef64\00000B33-AE8CD67C.av$
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/26/2010 2:53:50 PM | Computer Name = AO9-REG2 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Jeefo in File: C:\Documents and Settings\All
Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_171f23da\000000C7-7110A5CC.av$
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/26/2010 2:53:50 PM | Computer Name = AO9-REG2 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Jeefo in File: C:\Documents and Settings\All
Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_16e0ef64\00000C95-23D9EA76.av$
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 11/26/2010 2:53:51 PM | Computer Name = AO9-REG2 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: W32.Jeefo in File: C:\Documents and Settings\All
Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_16e0ef64\00000B37-F3AE56F7.av$
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ System Events ]
Error - 11/26/2010 5:20:19 PM | Computer Name = AO9-REG2 | Source = Service Control Manager | ID = 7000
Description = The SAVRTPEL service failed to start due to the following error: %%2

Error - 11/26/2010 5:20:19 PM | Computer Name = AO9-REG2 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 11/26/2010 5:20:21 PM | Computer Name = AO9-REG2 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {72C2714F-4478-11D3-B537-00902771A435}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
-Embedding

Error - 11/26/2010 5:20:25 PM | Computer Name = AO9-REG2 | Source = ParVdm | ID = 458754
Description = Unable to get device object pointer for port object.

Error - 11/26/2010 5:20:42 PM | Computer Name = AO9-REG2 | Source = Service Control Manager | ID = 7000
Description = The SAVRTPEL service failed to start due to the following error: %%2

Error - 11/26/2010 5:20:42 PM | Computer Name = AO9-REG2 | Source = Service Control Manager | ID = 7001
Description = The SAVRT service depends on the SAVRTPEL service which failed to
start because of the following error: %%2

Error - 11/26/2010 5:21:09 PM | Computer Name = AO9-REG2 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {72C2714F-4478-11D3-B537-00902771A435}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
-Embedding

Error - 11/26/2010 5:21:23 PM | Computer Name = AO9-REG2 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {72C2714F-4478-11D3-B537-00902771A435}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
-Embedding

Error - 11/26/2010 5:21:40 PM | Computer Name = AO9-REG2 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {72C2714F-4478-11D3-B537-00902771A435}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
-Embedding

Error - 11/26/2010 6:54:53 PM | Computer Name = AO9-REG2 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {72C2714F-4478-11D3-B537-00902771A435}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
-Embedding


< End of report >

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:48 PM

Posted 26 November 2010 - 07:54 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - [2004/12/30 12:19:40 | 000,120,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
    PRC - [2004/12/30 12:19:36 | 000,153,416 | ---- | M] (symantec) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    PRC - [2004/12/30 12:19:32 | 001,107,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    PRC - [2004/12/30 12:19:26 | 000,030,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    PRC - [2004/12/30 10:17:56 | 000,259,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    PRC - [2004/12/23 17:19:40 | 000,202,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    PRC - [2004/12/10 16:02:34 | 000,243,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2004/12/10 16:02:30 | 000,292,464 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    PRC - [2004/12/10 16:02:28 | 000,255,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2004/12/10 16:02:26 | 000,067,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    SRV - [2004/12/30 12:19:36 | 000,153,416 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2004/12/30 12:19:32 | 001,107,784 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2004/12/30 12:19:26 | 000,030,528 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2004/12/30 10:17:56 | 000,259,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
    SRV - [2004/12/23 17:19:40 | 000,202,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2004/12/10 16:02:34 | 000,243,312 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2004/12/10 16:02:32 | 000,087,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
    SRV - [2004/12/10 16:02:30 | 000,292,464 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
    SRV - [2004/12/10 16:02:28 | 000,255,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PEARLI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2007/01/22 19:02:37 | 000,080,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070328.019\NAVENG.SYS -- (NAVENG)
    DRV - [2007/01/22 19:02:18 | 000,852,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070328.019\NAVEX15.SYS -- (NAVEX15)
    DRV - [2005/12/14 06:42:18 | 000,228,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS -- (SYMIDSCO)
    DRV - [2004/12/23 17:19:18 | 000,264,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2004/12/23 17:19:16 | 000,016,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2004/12/23 17:19:14 | 000,047,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2004/12/23 17:19:12 | 000,052,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
    DRV - [2004/12/23 17:19:10 | 000,166,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2004/12/23 17:19:08 | 000,011,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    
    
    :Commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users