# Solved: Norton Recycle Bin "Cannot Access Drive C:" Error



## golddave (Mar 5, 2003)

I recently installed Norton Systemworks 2004 Pro on a Win XP Home machine and now every time I reboot I get an error saying "Cannot Access Drive C:". According to Symantec's support site this is an error with the Norton Protected Recycle Bin. They suggested booting into Safe Mode and being sure the permissions on the c: drive were set properly for the System and Admin users. They were. They said if this didn't work I should disable and re-enable the Norton Protected Recycle Bin. This didn't work either. Anybody have any other ideas?

Thanks,
Dave


----------



## eddie5659 (Mar 19, 2001)

Hiya

Found this:

Cannot access drive C after using Rescue Disk 

Did you have this problem after creating the rescue disk?

Also, have you tried going to SafeMode, uninstalling then resinstalling the program, as it may be a corrupt installation.

Regards

eddie


----------



## golddave (Mar 5, 2003)

Thank you very much for your reply.

This problem is not related to a rescue disk. I have not even created a rescue disk yet. I also am not using an overlay as the link you included suggested. I will try your suggestion of uninstalling and reinstalling in Safe Mode and reply back here with the results.

Thanks,
Dave


----------



## golddave (Mar 5, 2003)

Safe Mode did not allow me to uninstall and/or reinstall. I uninstalled and reinstalled from my normal account which has admin rights and still have this problem.

- Dave


----------



## eddie5659 (Mar 19, 2001)

When you removed the Recycle bin, did you try these methods:

How to remove the Norton Protected Recycle Bin and/or the Windows Recycle Bin 

Also, you may want to take a look at this:

How to install Norton Utilities without the Norton Protected Recycle Bin 

It says Utilites, but that was a search under SystemWorks.

Troubleshooting problems with the Recycle Bin 

Ah, were these what you've tried already:

Error: "Attention: Access Denied, Drive C:" after installing Norton SystemWorks or Norton Utilities 

Error: "Attention: Access Denied, Drive C:" after installing Norton SystemWorks or Norton Utilities 

eddie


----------



## golddave (Mar 5, 2003)

I have tried everything in those articles and nothing has worked. Additionally, when I try to enable the protected recycle bin it doesn't stay enabled. WHat I mean is that if I enable it and click OK and then go back into properties enable is no longer checked.

- Dave

PS - The 2 articles entitled 'Error: "Attention: Access Denied, Drive C:" after installing Norton SystemWorks or Norton Utilities ' were the ones I tried previously.


----------



## eddie5659 (Mar 19, 2001)

Sorry for the late reply, its been a long week 

Can we see if anything is causing the problems:

go to http://www.spychecker.com/program/hijackthis.html , and download 'Hijack This!'. 
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button. 
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet. 
Someone here will be happy to help you analyze the results.

Also, are you logging in as the Admin or just a user? Plus, when you go to SafeMode, does the error appear then?

eddie


----------



## golddave (Mar 5, 2003)

I'm logging in as a user in the admin group. I get the same error in safe mode.

Here is the HijackThis log:
Logfile of HijackThis v1.97.5
Scan saved at 7:33:05 PM, on 3/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\ggviewer67-89.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\[email protected]\[email protected]
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton SystemWorks\WinFax\WFXMOD32.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\David\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [seticlient] C:\Program Files\[email protected]\[email protected] -min
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nutafun4.dll' missing
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {058025FC-4416-436B-ACFD-03E6224C901C} (FileInfo Class) - http://diagnostics.support.hp.com/motivedocs/ces/aw/ipgaxctrl.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1269/ftp.coupons.com/v6/brix6ie.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://www.officeupdate.com/productupdates/content/opuc.cab
O16 - DPF: {4BF7A372-9004-4CD5-9E91-1FDCC03CA8A9} (Eyeball Video Messaging Control) - http://imlive.com/chatsource/vmcontrol.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productupdates/content/opuc.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37883.3561226852
O16 - DPF: {BE877024-30D8-4361-A7C4-A83D93143967} (Eyeball Video Chat Control) - http://imlive.com/EyeballSdk.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312


----------



## eddie5659 (Mar 19, 2001)

Go here and download LspFix:

http://www.cexx.org/LSPFix.exe

Launch the application, and click the "I know what I'm doing" checkbox. (DON'T DO ANYTHING ELSE!)

Click Finish.

Then, re-run HT, and tick these:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

Close all IE and OE windows, and fix the above

eddie


----------



## golddave (Mar 5, 2003)

Before I do that can you explain to me what exactly it is that you're instructing me to do? What files/registry enteries are involved? Etc. (I don't like to make changes to the system unless I understand what they are.)

Thanks,
Dave


----------



## eddie5659 (Mar 19, 2001)

They're just the files that are installed when you're browsing the web, which is called spyware. It'll speed things up online, and clean your pc.

It may/may not solve this problem, but its just one of the many steps involved.

If you pop into the Security forum here, they deal with logs every minute, but there are some interesting threads pinned at the top 

eddie


----------



## golddave (Mar 5, 2003)

I understand the HT part. What I don't understand is the LspFix part. Also, how will any of this solve the problem with Norton Protected Recycle Bin?


----------



## Flrman1 (Jul 26, 2002)

Running LspFix will fix this:

*O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nutafun4.dll' missing*

I'm afraid it probably has nothing to do with your Norton problem, nevertheless it needs to be fixed.


----------



## golddave (Mar 5, 2003)

Thanks for the explanation. I'll have to do some research on nutafun4.dll to see what it does. That's not a discussion for this thread.)

I ran LspFix and did the HT fix but the Norton problem still remains. (Yes, I rebooted after applying the fixes.)

Thanks,
Dave


----------



## PCvirgin (Aug 18, 2003)

Golddave:

You are in for a good ride. Hang in there because Symantec is a royal pain to get rid off.


----------



## golddave (Mar 5, 2003)

Thanks for the words of encouragement. I'm not trying to get rid of it. I'm trying to get the Norton Protected Rcycle Bin to work. See the first post in the thread for more info.


----------



## eddie5659 (Mar 19, 2001)

Now, you say that you get the same problem in SafeMode. Lets look at the full startup list.

Start Hijackthis. Go to Config | Misc Tools | Tick both boxes under Generate startup List, then click on the button to generate the list. Copy/paste the log here

eddie


----------



## golddave (Mar 5, 2003)

I tried to enable Norton Protected Recycle Bin fromSafe mode again and this time I was successful. The box did not stay checked but when I rebooted it was checked and I got the original error again.

The following is the full startup list from HT:
StartupList report, 3/25/2004, 10:07:31 PM
StartupList version: 1.52
Started from : C:\Test\hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\ggviewer67-89.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\[email protected]\[email protected]
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton SystemWorks\WinFax\WFXMOD32.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
C:\Test\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\David\Start Menu\Programs\Startup]
HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
PowerReg Scheduler.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

WinFaxAppPortStarter = wfxsnt40.exe
WFXSwtch = C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
DVDSentry = C:\WINDOWS\System32\DSentry.exe
CoolSwitch = C:\WINDOWS\System32\taskswitch.exe
ATIModeChange = Ati2mdxx.exe
DeadAIM = rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
RoxioEngineUtility = "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

seticlient = C:\Program Files\[email protected]\[email protected] -min

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}] *
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",HideIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Microsoft Money\System\mnyside.dll - {243B17DE-77C7-46BF-B94B-0B5F309A0E64}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

FRU Task #Hewlett-Packard#hp psc 2200 series#1079409118.job
Norton AntiVirus - Scan my computer.job
Norton SystemWorks One Button Checkup.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[symsupportutil]
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
OSD = C:\WINDOWS\Downloaded Program Files\OSD4A.OSD

[{00000075-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/voxacm.CAB

[SysProWmi Class]
InProcServer32 = C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx
CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[FileInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ipgaxctrl.dll
CODEBASE = http://diagnostics.support.hp.com/motivedocs/ces/aw/ipgaxctrl.cab

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBin\Shared\MGBrwFld.dll
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[Brix6ie Control]
InProcServer32 = C:\WINDOWS\brix6ie.ocx
CODEBASE = http://a19.g.akamai.net/7/19/7125/1269/ftp.coupons.com/v6/brix6ie.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yahoo.com/dl/installs/yinst0309.cab

[{3334504D-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab

[{33363249-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/i263_32.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe

[SysData Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SysInfo.dll
CODEBASE = http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = http://www.officeupdate.com/productupdates/content/opuc.cab

[Eyeball Video Messaging Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\VideoMessaging.dll
CODEBASE = http://imlive.com/chatsource/vmcontrol.cab

[EARTPatchX Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EARTPX.dll
CODEBASE = http://www.ea.com/downloads/rtpatch/v2/EARTPX.cab

[OPUCatalog Class]
InProcServer32 = C:\WINDOWS\System32\opuc.dll
CODEBASE = http://www.officeupdate.com/productupdates/content/opuc.cab

[ParallelGraphics Cortona Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\cortona_control.dll
CODEBASE = http://www.parallelgraphics.com/bin/cortvrml.cab

[Java Plug-in 1.4.0_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab

[{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}]
CODEBASE = http://toolbar.google.com/data/GoogleActivate.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37883.3561226852

[Eyeball Video Chat Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EyeballSdk2.ocx
CODEBASE = http://imlive.com/EyeballSdk.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[Java Plug-in 1.4.0_03]
InProcServer32 = C:\Program Files\Java\j2re1.4.0_03\bin\npjpi140_03.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/SymAData.dll

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\OUTC.DLL
CODEBASE = http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

[Live Collaboration]
InProcServer32 = C:\WINDOWS\DOWNLO~1\RntX.dll
CODEBASE = https://rr.esecurecare.net/rnt/rnl/java/RntX.cab

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx
CODEBASE = http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AEC671X: \SystemRoot\System32\drivers\AEC671X.SYS (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\System32\drivers\ASC.SYS (system)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
Belarc SMBios Access: \SystemRoot\System32\Drivers\BANTExt.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (disabled)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
Creative Service for CDROM Access: C:\WINDOWS\System32\CTsvcCDA.exe (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative SoundFont Management Device Driver: System32\DRIVERS\ctsfm2k.sys (manual start)
dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Diskeeper: C:\Program Files\Executive Software\Diskeeper\DkService.exe (autostart)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DMX3191: \SystemRoot\System32\drivers\DMX3191.SYS (system)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GhostStartService: C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE (autostart)
GhostPciScanner: \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
HSFHWBS2: System32\DRIVERS\HSFHWBS2.sys (manual start)
HSF_DP: System32\DRIVERS\HSF_DP.sys (manual start)
i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
IdeBusDr: System32\DRIVERS\IdeBusDr.sys (system)
Intel(R) Ultra ATA Controller: System32\DRIVERS\IdeChnDr.sys (system)
CD-Burning Filter Driver: system32\drivers\Imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)
Iomega Activity Disk2: "" (disabled)
Iomega App Services: "C:\PROGRA~1\Iomega\System32\AppServices.exe" (manual start)
IPv6 Firewall Driver: System32\DRIVERS\Ip6Fw.sys (manual start)
IPv6 Internet Connection Firewall: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040324.019\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040324.019\NavEx15.Sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NIC Management Service Configuration Driver: \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS (manual start)
Intel(R) NMS: C:\WINDOWS\System32\NMSSvc.exe (manual start)
Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start)
Norton Unerase Protection: C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
Creative OS Services Driver: System32\DRIVERS\ctoss2k.sys (manual start)
Creative SB Live! Series (WDM): system32\drivers\P16X.sys (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
PalmUSBD: system32\drivers\PalmUSBD.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: \SystemRoot\System32\DRIVERS\pciide.sys (disabled)
perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
Iomega Parallel Port Legacy Filter Driver: System32\DRIVERS\ppa3.sys (system)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT.SYS (system)
SAVRTPEL: \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRTPEL.SYS (system)
SAVScan: C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe (autostart)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SDdriver: \??\C:\WINDOWS\System32\Drivers\sddriver.sys (manual start)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIODRV: \??\C:\WINDOWS\System32\drivers\SIODRV.SYS (autostart)
SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
Intel (R) System Management BIOS Service: System32\DRIVERS\SMBios.sys (manual start)
Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
Speed Disk service: C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{0351DDAC-20C7-4696-ABF9-E189C1B1F79C} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)
SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
3Com HomeConnect USB Camera: system32\drivers\vicamusb.sys (manual start)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
WinFax Basic Edition: C:\WINDOWS\System32\WFXSVC.EXE (autostart)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
ATI Wireless Remote Receiver V2.36: System32\Drivers\x10uif.sys (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 43,375 bytes
Report generated in 0.250 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## eddie5659 (Mar 19, 2001)

Noticed this was in your HT log. Didn't see it before, but have now:

O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/1.../v6/brix6ie.cab

Also, I see you have Seti running. I know there are no known conflicts, but if you disable this, will that help?

If not, we'll have a look at trimming your startup programs, as one may be conflicting. Its interesting that you say it was enabled in SafeMode. When you rebooted, was the error in normal Windows or SafeMode?

If Normal, it may be interesting to see if SafeMode will allow the reboot

eddie


----------



## golddave (Mar 5, 2003)

I got rid of the HT log issue that you found and disabled [email protected] The problem still exists.

The error message does not appear in Safe Mode but the Norton Recycle Bin does not appear to be enabled there either (even though I have not changed the setting). If I boot into normal mode again it appears as enabled.


----------



## Kazrath (Sep 29, 2003)

Bah,

Just disable the Norton Unerase service.

If this is NTFS Unerase doesnt do anything anyway.


----------



## eddie5659 (Mar 19, 2001)

Have you tried this part:



> Setting Norton Protection to Configure drives independently:
> 
> Right-click the Norton Protected Recycle Bin and click Properties.
> Click the Global tab.
> ...


http://service1.symantec.com/SUPPORT/nunt.nsf/docid/2002032015290909

eddie


----------



## jameso321 (Jun 26, 2002)

I love Systemworks 2004 but I always remove that Unerase service.

The service is a pest IMO


jameso321


----------



## golddave (Mar 5, 2003)

I haven't heard anything on this issue in a while. It is still unresolved. I was hoping maybe someone has another idea for me.

Thanks,
Dave


----------



## eddie5659 (Mar 19, 2001)

Dave

Have you tried the last post that I did?

eddie


----------



## golddave (Mar 5, 2003)

Yes. I have tried it and it did not help.


----------



## eddie5659 (Mar 19, 2001)

Kazrath said:


> Bah,
> 
> Just disable the Norton Unerase service.
> 
> If this is NTFS Unerase doesnt do anything anyway.


Just reading the above bit. Are you using a NTFS drive?

eddie


----------



## golddave (Mar 5, 2003)

Yes, I'm using an NTFS drive but the poster is incorrect. I had been using the previous version (2003) on this machine before upgrading to this version (2004). The 2003 version worked properly. I do not know where that poster got his information but it is incorrect.


----------



## eddie5659 (Mar 19, 2001)

If you go to Start | Run, and type MSCONFIG, startup tab.

Do you have ccApp ticked?

eddie


----------



## golddave (Mar 5, 2003)

Yes, ccApp is checked.

- Dave


----------



## eddie5659 (Mar 19, 2001)

Lets see the boot.ini

Go to Start | Find Files and Folders.

Tools | Options. View tab.

Tick Show Hidden Files and Foders, and UNtick Hide Protected files...Apply and OK.

Now, search for boot.ini in all of the C drive. When its found, rightclick, and open with Notepad. Make sure that the box Always Open Files of this Type is not ticked.

Copy/paste the contents here.

Then, after if all posted, go back and tick Hide Protected Files and Folders, to be on the safe side.

eddie


----------



## golddave (Mar 5, 2003)

Here's the boot.ini:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect


----------



## eddie5659 (Mar 19, 2001)

That looks okay. Try this:

Click the Start button, and then choose Control Panel. 
Double-click the Administrative Tools icon, then double-click the Services icon. 
Locate and double-click Norton Unerase Protection from the list of services. 
In the Startup Type area, click the drop-down menu button and select Automatic. 
Click OK

eddie


----------



## golddave (Mar 5, 2003)

Sorry for my delayed reply. The Startup Type setting for this service is already set to Automatic. No change needed.

Thanks,
Dave


----------



## eddie5659 (Mar 19, 2001)

That's okay, trying to figure this one out myself.

Now, I see in your startup list, you have AVG as well as Norton Antivirus. Just to make sure that the two aren't conflicting, can you untick the references in MSCONFIG. You can retick them if still no difference.

eddie


----------



## golddave (Mar 5, 2003)

Finally a step in the right direction! Disabling AVG with MSCONFIG made the error message go away. So I went into Services and changed the setting for these services to manual. Now there is no error message. Then I tested it by deleting a few files (after I had gotten rid of the error message) and trying to recover them. The Unerase Wizard could not find them.

To sum up - the error message is gone but the Unerase Wizard will not recover anything.

Thanks,
Dave


----------



## golddave (Mar 5, 2003)

I spoke too soon. It turns out that disabling AVG also disabled Norton Recycle Bin. Once I re-enabled the Norton Recycle Bin the error re-appeared. So we're back to square one.

Thanks,
Dave


----------



## eddie5659 (Mar 19, 2001)

Nuts 

So, AVG isn't running at startup anymore? I'll do a spot more reading, and get back to you. Also, does the Unerase Wizard work, and are the services set to Manual in the Services?

eddie


----------



## golddave (Mar 5, 2003)

AVG is NOT running at startup anymore. The Unerase Wizard does NOT work. The Norton services are set to Automatic.

- Dave
PS - Sorry for the extraneous caps. I'm just adding emphasis, not shouting.


----------



## eddie5659 (Mar 19, 2001)

Hiya

If you change the Norton Services back to manual, what happens?

As for the Unerase Wizard, does it produce any error's, or does it just not appear?

I know this may be a cop out, but have you looked at this:

If Norton Utilities is already installed, the easiest solution is disable Norton Protection:

Installing Norton Utilities without the Norton Protected Recycle Bin 

Ah, this one may be more suited to NSW:

How to install or uninstall individual components when Norton SystemWorks 2004 is already installed 

eddie


----------



## golddave (Mar 5, 2003)

Thanks for sticking with me on this.

Same thing happens if I have the service set to manual. It just happens in a different place. When set to manual I get the error when I try to launch the Unerase Wizard (as opposed to when I boot).

The Unerase Wizard just does not appear.

I've looked at the knowpedgebase articles you've referenced. The first one (Installing Norton UtilitiesT without the Norton Protected Recycle Bin) doesn't help because it tells how NOT to use the porotected recycle bin. But I want to try to get it to work. The second one was a good thing to try. I modified the installation to remove Unerase then I modified it again to bring it back so I could have a 'fresh' install of Unerase. Unfortunately that didn't work.

Thanks,
Dave


----------



## eddie5659 (Mar 19, 2001)

Its a tricky one is this, but I want, nay, need to solve it 


Now, I'm wondering if its the Unerase thats causing it. If you remove it as you did before, then reboot, does the error come up again?

eddie


----------



## golddave (Mar 5, 2003)

This one just got a step more odd. I don't know what I did but I'm no longer getting the error message. I am now able to launch the UnErase Wizard but the only files it sees are what's currently in the Recycle Bin. If I empty the Recycle Bin the files I just got rid of are not found (hence not protected). So it's just a glorified Recycle Bin without the additional UnErase functionality. This is a result of the actions I took before my last post.


----------



## VailGeek (Jul 3, 2004)

golddave, you might want to check this out.

Norton UnErase does not recover files that you delete from the Windows Recycle Bin
http://service1.symantec.com/suppor...s 2000/Me/98/XP&src=sg&pcode=nsys&svy=&csm=no

I realize that link is enormous, so if it doesn't work, search the Symantec KB for article/document ID 2003042215041407.


----------



## eddie5659 (Mar 19, 2001)

Well, we're nearly getting closer to solving this one, I hope 

Thanks for the link, VailGeek. It does work, so lets hope its the missing piece of the puzzle 

eddie


----------



## golddave (Mar 5, 2003)

Thanks for the KB link, VailGeek. I've been using the NPRB forever. It used to protect files dumped from the recycle bin by default. In fact, if memory serves me correctly, that was the original intention of NPRB. You'd think they would do a better job of publicising such an important functionality change. Here I am almost 2 years later and I'm first learning about it now.

Anyway, the reason the error stopped coming up anymore is because the NPRN got disabled. (The Enable Protection checkbox got unchecked.) Also, the re-install somehow killed Live Update.

This is really getting annoying.


----------



## eddie5659 (Mar 19, 2001)

Hmmm, so where are we now? 

The error isn't there any more, but the Recycle bin is disabled, is that right?
Live Update is dead
Unerase won't work, if the bin is disabled, or enabled.

Are all those above right?


----------



## golddave (Mar 5, 2003)

Where are we now? A little place known as square one.

The LiveUpdate issue turned out to be unrelated and fixed via the steps on this page:
http://service1.symantec.com/SUPPOR...8256e310005abd9?OpenDocument&Src=sg#_Section1

I then remembered that previously I could only enable the NPRB from Safe Mode. So I booted into Safe Mode, enabled it and rebooted into Normal Mode. The original error re-appeared. All that brings us back to where we started.

Argh!


----------



## eddie5659 (Mar 19, 2001)

Nooooo 

I though we were getting closer to the end 

Does the Unerase wizard still not work?

Also, I know we have run HT in normal mode, but as the error happens in SafeMode, can you run the full Startup list in safeMode as well. You'll have to save the log to a folder, then post it in Normal mode.

eddie


----------



## eddie5659 (Mar 19, 2001)

Ah, there is an update to HT. If you open the program, then go to Config | Misc Tools | Update

eddie


----------



## golddave (Mar 5, 2003)

The error DOES NOT happen in Sfae Mode, it happens in Normal Mode. Safe Mode is the only place I can enable the Norton Protected Recycle Bin.

Just the same, here's the HT log from Safe Mode:
Logfile of HijackThis v1.98.0
Scan saved at 7:49:43 AM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\ggviewer67-89.exe
C:\Test\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\u8zgyz9a.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink Toolbar\Pnel.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Toolbar\Pnel.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [seticlient] C:\Program Files\[email protected]\[email protected] -min
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {058025FC-4416-436B-ACFD-03E6224C901C} (FileInfo Class) - http://diagnostics.support.hp.com/motivedocs/ces/aw/ipgaxctrl.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://www.officeupdate.com/productupdates/content/opuc.cab
O16 - DPF: {4BF7A372-9004-4CD5-9E91-1FDCC03CA8A9} (Eyeball Video Messaging Control) - http://imlive.com/chatsource/vmcontrol.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://www.officeupdate.com/productupdates/content/opuc.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {BE877024-30D8-4361-A7C4-A83D93143967} (Eyeball Video Chat Control) - http://imlive.com/EyeballSdk.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?312

- Dave


----------



## golddave (Mar 5, 2003)

Anything new?


----------



## eddie5659 (Mar 19, 2001)

Sorry Dave, didn't get a reply for some reason 

Also, my video card has gone at home, where all my bookmarks are, so trying my best at work 


Re-run HT, and tick the following:

O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

Close all Internet windows, and fix the above.

eddie


----------



## ~Candy~ (Jan 27, 2001)

Well, guys, I hate to be the bearer of really, really bad news here. BUT, I've had similar problems with not being able to do live update, and to turn my email scanning option on. It would go on, but not STAY on.

I had to manually remove Norton, find every trace of it in my registry, remove those entries too and reinstall.

I believe on Norton's site you will find an uninstall download. I had to run it at least 5 times then reinstall. Of course I didn't figure this out until I had reinstalled and STILL could not enable email scanning after running the tool only one or two times. This was about a week long project for me


----------



## golddave (Mar 5, 2003)

Eddie -

I followed your instructions to eliminate the LimeShop preferences. This didn't really help anything (I didn't figure it would). Waiting for new ideas.

- Dave


----------



## golddave (Mar 5, 2003)

My problem has nothing to do with live update or email scanning. How is your problem similar to mine?

Also, where is the uninstall download you refer to? I've already done an uninstall and re-install as instructed by the Norton Knowledgebase but have never seen a reference to a downloadable uninstall tool.

- Dave


----------



## ~Candy~ (Jan 27, 2001)

The problem being similar in the fact that you don't have control to turn something on or off 

Let me see if I can find some links for you. BTW, Eddie asked me to reply to your problem


----------



## ~Candy~ (Jan 27, 2001)

http://service1.symantec.com/SUPPOR...415405206?OpenDocument&ExpandSection=3.2&Src=

To run the Rnav2003.exe removal utility to remove previous versions of Norton AntiVirus

That is the tool I had to use, I ran thru it at least 4 or 5 times finally in the end to get rid of everything, then I did a fresh install.


----------



## parsec (Aug 20, 2004)

Hello everyone,
I have been watching this post with interest since a computer on my network has (HAD!!!) the same problem and none of the symantec fixes worked--your posts helped me narrow down what it WASN'T and made me feel better that I wasn't the only one having the problem.
What fixed it for me was a variation of the symantec fix--
start>my computer
tools menu-- folder options
view tab-- "restore defaults"

when I rebooted, the "denied access" message was GONE and has not returned.!!
I don't know what got changed, but at least it is fixed.
Hope it works for you.
parsec


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome, parsec 

Thanks for replying, lets see if it helps Dave with his

eddie


----------



## golddave (Mar 5, 2003)

Parsec - I just tried your default suggestion and it didn't work. Thanks for the suggestions, though.

AcaCandy - Before I go off on your route I'm still trying to understand how it is supposed to help me. My problem is with a component of Norton Utilities, not NAV. So it doesn't make sense to me to go through such lengths to be sure NAV is removed. (Just as an aside - I've already done an uninstall of Norton Utilities using the steps outlined here: http://service1.symantec.com/suppor... SystemWorks 2004&src=sg&pcode=nu&svy=&csm=no
There doesn't seem to be an automated utility like the one you pointed out for NAV.)

- Dave


----------



## parsec (Aug 20, 2004)

I am sorry it wasn't an easy fix. My problem computer is on a network, so maybe that was the difference. We had just changed a sharing setting and I guess that is what it turned out to be. I did go to the website and download the updates from there, thinking that maybe a virus had done something. After that I could at least ask it to scan C and it would in spite of the message. Have you been able to make it scan C? 
I hate to leave a problem unsolved. 
parsec


----------



## golddave (Mar 5, 2003)

No need to be sorry. You had a suggestion that was worth trying so you offered it up. That's what forums are all about. People trying to help each other based on their own knowledge and experiences. Thanks.


----------



## ~Candy~ (Jan 27, 2001)

golddave said:


> AcaCandy - Before I go off on your route I'm still trying to understand how it is supposed to help me. My problem is with a component of Norton Utilities, not NAV. So it doesn't make sense to me to go through such lengths to be sure NAV is removed. (Just as an aside - I've already done an uninstall of Norton Utilities using the steps outlined here: http://service1.symantec.com/suppor... SystemWorks 2004&src=sg&pcode=nu&svy=&csm=no
> There doesn't seem to be an automated utility like the one you pointed out for NAV.)
> 
> - Dave


You are speaking of Norton Systemworks Pro, correct? It is my understanding that they are closely intertwined.....I had to uninstall Norton Ghost too in my mission to fix everything.......Anything and EVERYTHING relating to Norton had to be zapped from my registry.

One sure thing that will work, is a format and reinstall, but THAT is a bit drastic


----------



## eddie5659 (Mar 19, 2001)

Dave

I'm keeping an eye on this thread, but this pc at home is nearly dead, so I can only really look at work. Hopefully, it'll be working in a week


----------



## TOGG (Apr 2, 2002)

I hesitate to add any further confusion to this topic as it is all too easy to go off at an unhelpful or inappropriate angle.

Having said that, I have learned over time that the eventual 'solution' for many Symantec problems is a complete uninstall/reinstall and Aca Candy has already referred to the Rnav tool etc.

I have checked most of the links to the Symantec Knowledgebase posted here and I didn't see this one;http://service1.symantec.com/SUPPORT/nsw.nsf/docid/2001100212100807

I'm not sure what the effect of an uninstall would be on the product activation requirements but there is a KB article about that as well if needed!

Apologies if this link has been posted and tried already.


----------



## ~Candy~ (Jan 27, 2001)

At this point Togg, we are open for any and all suggestions 

Thanks!


----------



## golddave (Mar 5, 2003)

I finally had the time to go through a complete un-install using all of the information available on manually un-installing, using rnave, etc. After re-installing I'm still experiencing the same issue. Grrrr. This is getting very frustrating.


----------



## OldWolf (Sep 10, 2004)

Here... Lemme give you my story, maybe it will help you Gurus figure out what is going on with NPRB.

I've NEVER had a problem with Norton Systemworks 2004 Pro ever - before this...

During the recent Hurricane Frances here in Tampa, I networked my computer to my friend's computer to kill some time and to transfer some files back and forth from each other. He created a Network Setup Disk to do this. After I ran the file and rebooted, the ill-fated "Access Denied, Drive C:" message appeared and was never to leave my computer.

I tried everything... All of Symantec's fixes, all the fixes on here, I even removed my hard drive and hooked it up to a different computer to delete all the files and perform a fresh install of XP PRo and Norton.

Guess what happened when I hooked up my hard drive to the second computer??? When I installed it as the secondary (Drive D I got the message "Access Denied, Drive C:" on the SECOND COMPUTER. I deleted all Windows directories, Program Files directories, all files in the RECYCLER directory and even in the System Volume Information directory and ALL files in the ROOT Directory on *my* hard drive (D. I did not delete my zipped files directory, or my movies directory as these were never a part of any of the windows directories, and contained no files that were ever run in Windows. I erased every file associated with Windows everywhere.

After the deletion of everything, I removed my hard drive from the second computer and rebooted. 

Guess what??? NPRB works fine now on the second computer!! It's saving all the files that it's supposed to in the Protected Bin like nothing ever happened, and NO ERROR MESSAGE. However, every time I hook my hard drive back up, the error message comes back and NPRB doesn't work, yet works perfectly once removed!

I installed my hard drive *BACK* into my computer, did a completely fresh, clean install of Windows XP Pro, ran ALL the updates, and this time *ONLY* installed NAV 2004 Pro rather than Systemworks 2004 Pro. Guess what? Message reappears, even with a totally fresh clean install of EVERYTHING.

Here's some ideas for you Gurus...

This makes me think that the NTFS File System itself has changed or the system has changed something on the hard drive???

Some kind of drive security through NTFS setting security or permissions?

Root or Boot sector security or info?

What exactly is being read by NPRB?

A hidden folder that you just can't see, no matter what you do? They do exist, even if you enable the settings... there's whole forums devoted to these hidden Windows folders.

A folder that just does not get erased until you reboot because you can't see it?

Tiny configuration files like "desktop.ini" that contains info that's causing this error - left behind in the old directories? Are there little NAV configuration files hidden somewhere? In a hidden folder? Boot Sector? ? ?

Just ideas, but this is the most in-depth info I can give you concerning what's causing these messages. For the record, I have no viruses period... multiple virus scanners can't be wrong, and I have NO Spyware... I use Spy Sweeper, Ad-Aware Pro SE, Spybot, etc. Remember, this was from a clean install with nothing else installed yet except XP Pro and NAV 2004 Pro alone. Trust me, I know my computer inside and out... Except for this infernal NPRB glitch...

My computer: AMD Athlon XP 64-bit 3200+, 1 gig PC3200 ram, ATI Radeon 9600XT vid card, 120gb HD, Windows XP Pro, etc. etc. etc.

Remember, everything (all software, NPRB, etc.) was working fine until the Network setup at my friend's place. Now I'm home and it's still screwed up.

Hopefully, this in-depth info will jog someone's mind into an idea that may help shed some light on the issue that's affecting NPRB.

Thanks in advance for at least looking this over!


----------



## finwood (May 10, 2004)

After noticing how many people had viewed this thread, I decided to read it.
I had this same problem! It started when I uninstalled my Norton System Works 2002 Antivirus, and Live Update. I did this because my AV update subscription expired, and I didn't want to pay to extend it. So, I installed AVG, and have it scheduled to update once a week. As far as I'm concerned AVG is much better than Norton. It has saved me from 5 or 6 viruses (Trogens & Worms) Norton never did anything. I also changed my Recycle Bin to just regular one...I didn't like all of those protected files hanging around.

It never bothered me, and until I read your post and all the things you've tried to correct it, I just realize...It doesn't do that anymore.

About a month ago, I upgraded to Norton SW 04, but I did not install the anti-virus program, and my trash is still just regular old trash.

So, I guess my advice would be just don't worry so much about. I also think you should just use AVG. I have mine scheduled to run in the early morning hours and to update every week. When there is a problem, it immediately alerts me to it.


----------



## ppollock (Jan 7, 2003)

I have also been receiving the "Access Drive C denied..." and after I unchecked the "Enable" in Norton Recycle Bin, the error message disappeared on rebooting. If I leave that unchecked...no more "Enabled", will it affect anything? Is it safe just to leave well enough alone?
Thanksfor the good advice.


----------



## golddave (Mar 5, 2003)

If "enable" is left uncehcked then the rror will go away but then you are left with a non-functioning Norton Protected Recycle Bin. The trick we are trying to figure out is how to have it enabled without giving the error.


----------



## finwood (May 10, 2004)

When I was having trouble with my network settings I went to the C: Drive properties and changed my sharing of the c drive to not sharing. I think that in order for Norton AV & the Protected Recycle Bin to work it must have complete access to the root of drive C: I don't get the message anymore because I did not install Norton AV, nor do I have the Trash Bin enabled.


----------



## golddave (Mar 5, 2003)

My c: drive is not being shared so that's probably not the issue here.


----------



## theentwives (Sep 23, 2004)

Hi! Found this forum in a search for this error message and I'm not encouraged!  

If it helps anyone, the Cannot Access Drive C: error appeared for me after tweeking the network because it suddenly wasn't there. To fix the network problem, I had to go back into NSW and have it find the computers on the network (there are only 2) to allow traffic to the ip addresses. 

I did not change anything on the computer with the error prior to its occurrance.. I did install Ad-Aware SE onto the networked machine. I haven't installed it on the machine with the error yet.

I don't know if this helps.. but more info can't hurt.
I'll keep watching for the solution.
Thanks!

OH -- Question --- Is it really hurting anything other than being annoying??


----------



## SteveSud (Oct 3, 2004)

I've just been trawling the net for a solution to this problem as I have it as well. I have 2 computers at home on a network through a Dlink router, shared Internet access etc. Three days ago I decided to sell the motherboard from one machine and use that as an excuse to upgrade to P4 775 PCI-E etc, which I did. When I plugged the machine back into the network alsorts of problems started happening.

The first was having trouble just getting the two machines to see each other. I turned off all Firewalls etc. Eventually by removing Norton Internet Security Professional this new machine would see the old machine. Yet when I went to the old machine, which I had done nothing to apart from run the set up home network wizard several times, I could not access the new machine. The situation I am now in is that when I try to 'View workgroup computers' I get the message 'Workgroup is not accessible. You might not have permission to use network resource.' I also get the Norton Protection message Drive C access denied.

I have removed Norton and put it back on again and tried umpteen other things all with no joy. I personally do not believe that this problem is Norton related I think its to do with File permissions and Networking - I agree with OldWolf's thread.

Also if I turn my machines off and on again the whole lot appears to reset to a problem network. e.g. I had the new machine networking and printing via the old machine this morning. Turned the lot off and cannot print any more.

I really do not know what to do. I hope one of you clever types can play detective and put this lot together.


----------



## theentwives (Sep 23, 2004)

Well. I've been playing around with this for a while as well, though I didn't uninstall norton -- I'm either stubborn or lazy.. lol.

In any case, I did find a solution. I ran ipconfig on the machine without the error and got the new infor. Then in my network settings, I put in the new ip address. Its working. I don't get the error anymore.. PLUS... my network is running a lot better than it used to. (ie: faster). 

I figure my problem was because my computer-computer access is Ethernet and my internet is wireless. Dedicating the ip address makes it less confusing for my machine.

My second theory is it may be the new windows update that is the culpret because the error message was on the machine I updated first.

Hope this helps.


----------



## SteveSud (Oct 3, 2004)

Here's an update to my earlier post. I've come home tonight and switched on both machines. I didn't get the Norton Protection message. I checked the Network situation and hey I can now get into Workgroups, but when I click on the icon for the second computer on the network I get \\Zippy is not accesible. Beats me!


----------



## Clouseau (Oct 5, 2004)

I had a similar problem on an xp home system that I was able to fix by coming up in *safe * mode as the administrator and taking ownership of all folders and files on Drive C and D. (from my computer right click on hard drive, click properties, click security, click advanced, click owner, select administrators, select replace owner on subcontainers and objects, click apply. Hope it works for you.)


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome, Clouseau

Lets hope it works in this case, thanks for replying 

eddie


----------



## golddave (Mar 5, 2003)

If the admin takes ownership of all files what repurcussions does that have on other users of the machine? I have this nightmare of trying this solution and then not being able to do anything when I log on with a different account. Also, if the user who is experiencing this issue has admin privileges does changing ownership to the admin actually do anything?


----------



## Clouseau (Oct 5, 2004)

The only other user on the machine had administrator rights and it cleared up the access problem. I don't know what would have happened if the user did not administrator rights.I will add another user on the machine without administrator rights and get back to you.


----------



## Clouseau (Oct 5, 2004)

Unfortunately this fix will not work for limited user accounts  It will only work for user accounts with administrative rights. Sorry.


----------



## golddave (Mar 5, 2003)

This solution didn't even work on my accounts with admin privileges.


----------



## golddave (Mar 5, 2003)

Been quiet here lately. Anyone else have any ideas?


----------



## eddie5659 (Mar 19, 2001)

Sorry about not replying, I have no email notifications at the moment, and have to look at the Subscribed list in my User Panel at the top. This one being an old reply, got pushed to the bottom 

I'll have a detailed look tomorrow, as off out tonight. I've emailed myself about you reply, as well


----------



## bockzilla (Nov 20, 2004)

golddave said:


> Been quiet here lately. Anyone else have any ideas?


I am running Windows XP Pro and this is what I did to fix this nasty "bug" from Norton utilities.

1) Go into the properties for the Norton protected recycle bin. On the Recycle Bin tab set the button back to Standard Recycle Bin. Now go to the Norton Protection tab and uncheck the Enable protection for each drive that has the problem.

2) Open a command prompt.

3) Change to the drive in question.

4) Run the following command to remove the system and hidden status of the recycle bin folder:

attrib -s -h recycler

5) Now use explorer to rename the recycler folder to something like dummy.

6) Repeat steps 3 through 5 for each drive with the problem.

7) And as with anything to do with Microsoft products -- Reboot! This will allow windows to rebuild the recycler folder(s) correcting the permissions.

8) Now go back into properties for the Norton protected recycle bin. On the Recycle Bin tab set the button back to All protected files. Now go to the Norton Protection tab and check Enable protection for each drive you changed. Now click OK and you should get a popup window showing Norton Protection being setup for each drive.

9) Reboot again!

10) Now you can delete the dummy folder(s).


----------



## golddave (Mar 5, 2003)

Has anybody else tried this? Before I do it I just want to get an idea of what the risks are.


----------



## eddie5659 (Mar 19, 2001)

This is about the Attrib command:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/waguide/htm/utilities_9.asp

However, you may want to try this anyway, but create a restore point before, just to be safe:

http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx

As it looks like its just the Recycler folder that you're changing, it shouldn't cause any problems to the system files. If it does, then using the above link, go back to the restore point you just created.

eddie


----------



## golddave (Mar 5, 2003)

I tried the steps outlined by bockzilla (making a restore point before stating anything, as I usually do) and it worked!! After months of this thread and other searches the error is finally gone!!!

Thank you, bockzilla (for the solution) and eddie5659 (for not giving up) and everyone else who contributed to this thread. It was definitely a learning experience.


----------



## bockzilla (Nov 20, 2004)

golddave said:


> I tried the steps outlined by bockzilla (making a restore point before stating anything, as I usually do) and it worked!! After months of this thread and other searches the error is finally gone!!!
> 
> Thank you, bockzilla (for the solution) and eddie5659 (for not giving up) and everyone else who contributed to this thread. It was definitely a learning experience.


I am glad to hear that the problem is solved and that I could help you. I got this solution a long while back from a Symantec tech support person when Symantec cared about customer support and allowed you to e-mail tech support with questions. I am glad I saved a paper copy of the email.


----------



## eddie5659 (Mar 19, 2001)

Fantastic 

Thanks for comming to the forum and posting the solution, bockzilla. Its certainly been a long and interesting thread, learnt many things myself along the way 

I'll gladly mark this one as Solved

eddie


----------



## ~Candy~ (Jan 27, 2001)

Nice solution. Must print that one out myself


----------



## btreloar (Feb 14, 2005)

Thanks to everyone who contributed, especially Bockzilla. It solved my problem, too.

The only issue I have that's unresolved is the last step in Bockzilla's solution: delete the dummy folder. No dice. Windows won't hear of it. Not even in Safe Mode/Command Prompt after resetting the attributes. Norton Wipeinfo failed on over 1400 files in there.

Any ideas anyone? TIA!
Bill


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome, btreloar

If you rightclick on the folder, and choose Properties, is Read Only ticked?

eddie


----------

