unable to run an antivirus scan

View previous topic View next topic Go down

unable to run an antivirus scan

Post by marcalina on 15th December 2009, 7:21 pm

I need help with my laptop. I can not any scans on it. So I do not know what kind of virus I have

Thanks

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 15th December 2009, 8:20 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 15th December 2009, 11:39 pm

its telling me i do not have permission to access the file.
now what do i do?? please help

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 16th December 2009, 12:16 am

To the host file?
Don't worry, it's because you have Windows Vista/7.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 16th December 2009, 1:08 am

When I run hijack it shows the log then goes away. When I go to programs to open hijack it than tells me that i can not access the file. I have windows XP

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 16th December 2009, 1:25 am

Ah, I know what's wrong now.

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    scecli.dll
    netlogon.dll
    eventlog.dll
    cngaudit.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 16th December 2009, 2:55 am

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:52 on 15/12/2009 by Angelina Briganti (Administrator - Elevation successful)

No Context: Code:

========== filefind ==========

Searching for "scecli.dll"
C:\i386\scecli.dll --a--- 180224 bytes [04:33 26/12/2007] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [13:29 19/09/2008] [11:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [02:47 18/09/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 60928 bytes [18:51 10/08/2004] [00:12 14/04/2008] (Unable to calculate MD5)

Searching for "netlogon.dll"
C:\i386\netlogon.dll --a--- 407040 bytes [04:32 26/12/2007] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [13:29 19/09/2008] [11:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [02:47 18/09/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [18:51 10/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\i386\eventlog.dll --a--- 55808 bytes [04:29 26/12/2007] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [13:29 19/09/2008] [11:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [02:47 18/09/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 56320 bytes [18:51 10/08/2004] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

Did I do it right??

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 16th December 2009, 1:50 pm

Yep, I was right too, a little shocked that this is an older version of this infection though.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
C:\WINDOWS\system32\scecli.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 16th December 2009, 2:24 pm

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed Dec 16 09:19:11 2009

09:19:11: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\scecli.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 16th December 2009, 4:41 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 16th December 2009, 11:56 pm

I keep getting run-time errors when installing.

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 17th December 2009, 1:16 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 17th December 2009, 3:44 am

OTL logfile created on: 12/16/2009 10:38:47 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Angelina Briganti\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.48% Memory free
3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.21 Gb Total Space | 57.01 Gb Free Space | 53.68% Space Free | Partition Type: NTFS
Drive D: | 486.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Angelina Briganti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/16 22:38:30 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelina Briganti\Desktop\OTL.exe
PRC - [2009/12/15 14:36:10 | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Sun\SDK\jdk\bin\javaw.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/17 09:49:34 | 00,570,880 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/10/17 09:49:33 | 01,783,808 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/21 09:55:32 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 10:34:44 | 01,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/27 07:18:04 | 00,244,904 | R--- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/13 21:30:56 | 01,838,592 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2007/10/25 15:33:22 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/19 12:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/07/25 17:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:32:50 | 00,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 17:32:34 | 00,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 17:30:36 | 00,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 17:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 17:26:14 | 00,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/25 17:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/06/06 16:35:02 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/04/16 17:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2004/08/04 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
PRC - [2004/05/28 23:08:52 | 00,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/05/28 22:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2004/02/12 13:38:56 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe


========== Modules (SafeList) ==========

MOD - [2009/12/16 22:38:30 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelina Briganti\Desktop\OTL.exe
MOD - [2007/10/19 12:19:10 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SNMPTRAP)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/20 01:34:55 | 00,126,392 | R--- | M] () [Unknown | Stopped] -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009/10/17 09:49:34 | 00,570,880 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/23 12:45:24 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/27 07:18:04 | 00,244,904 | R--- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/12/13 21:30:56 | 01,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/10/19 12:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 12:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/07/25 17:41:42 | 00,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/07/25 17:32:34 | 00,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2007/07/25 17:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007/07/25 17:22:44 | 00,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/06/06 16:35:02 | 00,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/11/05 12:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/09/14 15:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/10 14:04:18 | 00,000,000 | ---D | M] [Auto | Stopped] -- C:\WINDOWS\system32\wbem\snmp -- (SNMP)
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/15 02:38:17 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091214.020\navex15.sys -- (NAVEX15)
DRV - [2009/12/15 02:38:17 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/15 02:38:17 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091214.020\naveng.sys -- (NAVENG)
DRV - [2009/12/15 02:16:21 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/14 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/05 17:06:13 | 00,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1101000.013\SYMDS.SYS -- (SymDS)
DRV - [2009/10/20 01:35:50 | 00,501,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1101000.013\ccHPx86.sys -- (ccHP)
DRV - [2009/10/17 09:49:33 | 00,141,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009/10/14 20:50:48 | 00,361,520 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1101000.013\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/08 21:55:01 | 00,171,056 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1101000.013\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/08 21:54:25 | 00,114,736 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1101000.013\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/08 21:54:19 | 00,329,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\IDSxpx86.sys -- (IDSxpx86)
DRV - [2009/10/08 21:54:10 | 00,508,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091013.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/10/08 21:54:10 | 00,325,168 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1101000.013\SRTSP.SYS -- (SRTSP)
DRV - [2009/10/08 21:54:10 | 00,043,696 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1101000.013\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/13 21:18:24 | 00,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/19 12:16:30 | 02,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 17:59:24 | 00,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 17:59:02 | 02,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/08/12 19:05:34 | 02,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/07/16 21:26:46 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/07/16 21:26:46 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/16 21:26:46 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/07/16 21:26:46 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2007/07/10 16:07:56 | 00,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/07/10 15:22:22 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 15:22:20 | 00,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 15:22:18 | 00,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/09 23:21:54 | 00,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/09 23:03:04 | 01,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/06 16:34:38 | 06,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/29 16:29:30 | 00,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/18 11:41:30 | 00,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/05/08 21:22:58 | 00,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/01/26 21:09:40 | 00,068,954 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2006/11/10 22:48:00 | 00,040,352 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/10 22:43:15 | 00,933,536 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2006/11/10 22:43:15 | 00,013,344 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/11/02 13:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2006/10/18 02:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/08/18 14:18:08 | 00,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 00,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 00,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 00,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 00,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 00,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 00,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 00,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 12:05:58 | 00,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 11:35:18 | 00,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 00,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 12:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 18:50:46 | 00,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/21 05:40:48 | 00,051,088 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2004/06/21 05:40:48 | 00,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/06/21 05:40:48 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,start page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60286&qkw="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2009/11/23 20:06:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2009/12/15 02:16:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2009/12/15 02:16:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/17 12:04:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/19 14:49:31 | 00,000,000 | ---D | M]

[2009/04/14 11:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Angelina Briganti\Application Data\Mozilla\Extensions
[2009/04/14 11:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Angelina Briganti\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/12/15 10:32:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Angelina Briganti\Application Data\Mozilla\Firefox\Profiles\f4csqlh9.default\extensions
[2009/06/02 10:56:55 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Angelina Briganti\Application Data\Mozilla\Firefox\Profiles\f4csqlh9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/17 12:04:11 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelina Briganti\Application Data\Mozilla\Firefox\Profiles\f4csqlh9.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/10/19 18:57:53 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Application Data\Mozilla\Firefox\Profiles\f4csqlh9.default\searchplugins\ask.xml
[2009/12/15 10:32:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/21 12:24:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: (148 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware1\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Angelina Briganti\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: nȯne = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: nȯne = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: nȯne = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoWorkgroupContents = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoEntireNetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSharingControl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} [You must be registered and logged in to see this link.] (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {2F5C9C6B-4117-4A42-A836-2735A8FCF5C6} [You must be registered and logged in to see this link.] (AreaSketch Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} [You must be registered and logged in to see this link.] (Symantec Script Runner Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} [You must be registered and logged in to see this link.] (Maid Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} [You must be registered and logged in to see this link.] (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} [You must be registered and logged in to see this link.] (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [You must be registered and logged in to see this link.] (Virtools WebPlayer Class)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} [You must be registered and logged in to see this link.] (Image Uploader Control)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [You must be registered and logged in to see this link.] (McFreeScan Class)
O16 - DPF: {F17A0E18-97B6-4C4D-9277-6832DB40EC61} [You must be registered and logged in to see this link.] (ToolPad Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\cru629.dat c:\windows\system32\lijuhidi.dll) - C:\WINDOWS\System32\cru629.dat File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {BD56A320-23F2-42AD-F4E4-00AAC39CAA53} - LKMSFOIVAMFOMSFVIOSVJASIUENFJNDJV - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/06/21 05:44:14 | 00,103,800 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f7c454b0-eef6-11dd-98fb-001d09a8a9f0}\Shell - "" = AutoRun
O33 - MountPoints2\{f7c454b0-eef6-11dd-98fb-001d09a8a9f0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f7c454b0-eef6-11dd-98fb-001d09a8a9f0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/16 22:38:27 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Angelina Briganti\Desktop\OTL.exe
[2009/12/16 18:54:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/16 18:54:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/16 18:54:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware1
[2009/12/16 11:22:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Angelina Briganti\My Documents\My Albums
[2009/12/16 11:22:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\IsolatedStorage
[2009/12/16 11:22:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Angelina Briganti\My Documents\My Scans
[2009/12/16 11:17:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\HP
[2009/12/16 11:13:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009/12/16 11:10:34 | 00,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2009/12/16 11:10:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/12/16 11:10:22 | 00,626,960 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvaut32.dll
[2009/12/16 11:10:22 | 00,487,424 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvcp70.dll
[2009/12/16 11:10:22 | 00,344,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvcr70.dll
[2009/12/16 11:08:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009/12/16 10:51:11 | 00,090,112 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst08.dll
[2009/12/16 09:52:58 | 00,278,584 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll
[2009/12/16 09:52:58 | 00,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2009/12/16 09:52:58 | 00,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2009/12/16 09:52:58 | 00,065,536 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2009/12/16 09:52:58 | 00,061,440 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2009/12/16 09:52:58 | 00,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2009/12/16 09:52:02 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/12/16 09:51:26 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/12/16 09:45:59 | 00,270,336 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPZc3212.dll
[2009/12/16 09:45:56 | 00,581,632 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl.dll
[2009/12/16 09:45:55 | 00,278,528 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpgwiamd.dll
[2009/12/16 09:20:55 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/12/15 22:26:59 | 01,296,288 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Angelina Briganti\Desktop\DMSetup-Serial.exe
[2009/12/15 20:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/12/15 18:33:06 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Angelina Briganti\My Documents\HijackThisInstaller.exe
[2009/12/15 14:45:30 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/15 14:35:05 | 00,000,000 | ---D | C] -- C:\Sun
[2009/12/15 13:26:47 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Angelina Briganti\Recent
[2009/12/15 13:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/12/15 10:17:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com
[2009/12/15 09:04:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\49FA793C785E47E993DFBD442B0B45D1.TMP
[2009/12/15 08:45:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\LMI16.tmp
[2009/12/15 08:45:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\LMI15.tmp
[2009/12/15 08:43:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\LMI14.tmp
[2009/12/15 08:43:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\LMI13.tmp
[2009/12/15 08:39:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\LMI12.tmp
[2009/12/15 08:28:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/12/15 02:46:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\Tific
[2009/12/15 02:46:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Angelina Briganti\Application Data\Tific
[2009/12/15 02:19:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Angelina Briganti\My Documents\Symantec
[2009/12/15 02:16:21 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/15 02:16:21 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/15 02:16:21 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/15 02:15:59 | 00,361,520 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symtdi.sys
[2009/12/15 02:15:59 | 00,339,504 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symtdiv.sys
[2009/12/15 02:15:58 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\cchpx86.sys
[2009/12/15 02:15:58 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.sys
[2009/12/15 02:15:58 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.sys
[2009/12/15 02:15:58 | 00,171,056 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.sys
[2009/12/15 02:15:58 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Ironx86.sys
[2009/12/15 02:15:58 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.sys
[2009/12/15 02:15:38 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/12/15 02:15:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/12/15 02:15:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1101000.013
[2009/12/15 02:15:35 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/12/15 02:15:25 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/12/15 01:51:23 | 00,793,200 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Angelina Briganti\Desktop\Norton_Removal_Tool.exe
[2009/12/15 01:49:22 | 88,449,480 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Angelina Briganti\Desktop\NIS-UPGRADE-ESD-17-1-0-19UPEN.exe
[2009/12/15 01:36:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\ICS
[2009/12/15 00:47:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/12/14 23:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/12/08 17:39:51 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/12/04 08:48:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/12/04 08:48:24 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/12/04 08:48:17 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/12/04 08:47:37 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/12/04 08:47:37 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/12/04 08:47:37 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/12/04 08:47:37 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/12/04 08:47:37 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/12/04 08:47:37 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/12/04 08:47:36 | 00,000,000 | ---D | C] -- C:\47fcd71bc3422d5d9847c5a8087dcdde
[2009/11/29 15:53:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2009/11/29 15:05:52 | 00,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2009/11/29 15:04:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2009/11/23 20:06:24 | 00,000,000 | ---D | C] -- C:\Program Files\Crawler
[2009/11/19 14:49:10 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/19 14:32:38 | 93,234,472 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Angelina Briganti\My Documents\iTunesSetup.exe
[2009/11/19 14:31:48 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Angelina Briganti\My Documents\mbam-setup.exe
[2009/10/16 09:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/04 22:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/08/02 21:06:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/08/02 21:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/08/01 07:40:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/08/01 07:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/07/31 07:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/09/11 10:21:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/13 21:36:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/12/13 21:18:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/12/13 21:18:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2004/08/10 13:57:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/16 22:38:30 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelina Briganti\Desktop\OTL.exe
[2009/12/16 22:30:58 | 00,053,855 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/12/16 19:00:00 | 00,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/12/16 18:54:34 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/16 18:18:05 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/16 18:18:05 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/16 18:18:04 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/16 18:14:54 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\tray.pid
[2009/12/16 18:13:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/16 18:13:41 | 21,454,27456 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 18:04:57 | 00,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A63E4EF7-77F1-4285-9B5B-B07D3C8DC896}.job
[2009/12/16 12:17:31 | 00,097,280 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/16 11:16:16 | 00,104,253 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2009/12/16 11:15:33 | 00,000,682 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/16 11:14:36 | 00,000,902 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2009/12/16 11:14:36 | 00,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2009/12/16 11:13:26 | 00,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2009/12/16 11:10:45 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/12/16 11:09:29 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2009/12/16 10:51:26 | 00,042,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2009/12/16 10:43:17 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\Angelina Briganti\NTUSER.DAT
[2009/12/16 09:14:01 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Desktop\avenger.zip
[2009/12/15 22:26:59 | 01,296,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Angelina Briganti\Desktop\DMSetup-Serial.exe
[2009/12/15 21:48:47 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Desktop\SystemLook.exe
[2009/12/15 21:41:40 | 00,053,855 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/12/15 18:36:10 | 00,001,638 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Desktop\HijackThis.lnk
[2009/12/15 18:33:08 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Angelina Briganti\My Documents\HijackThisInstaller.exe
[2009/12/15 18:23:55 | 01,401,344 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\My Documents\HijackThis.msi
[2009/12/15 14:41:03 | 00,023,180 | ---- | M] () -- C:\WINDOWS\System32\productregistry
[2009/12/15 14:41:03 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Start Menu\Programs\Startup\SDK Tray Menu.lnk
[2009/12/15 14:40:18 | 00,000,116 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\.asadminpass
[2009/12/15 14:39:42 | 00,000,807 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\.asadmintruststore
[2009/12/15 13:26:16 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Desktop\CCleaner.lnk
[2009/12/15 10:30:16 | 04,319,788 | -H-- | M] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\IconCache.db
[2009/12/15 09:37:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Angelina Briganti\ntuser.ini
[2009/12/15 09:14:34 | 00,000,148 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/15 07:34:31 | 56,714,640 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Desktop\20091214-041-v5i32.exe
[2009/12/15 02:16:21 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 17th December 2009, 3:44 am

[2009/12/15 02:16:21 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/15 02:16:21 | 00,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/15 02:16:21 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/15 02:16:07 | 00,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/12/15 01:51:27 | 00,793,200 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Angelina Briganti\Desktop\Norton_Removal_Tool.exe
[2009/12/15 01:49:22 | 88,449,480 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Angelina Briganti\Desktop\NIS-UPGRADE-ESD-17-1-0-19UPEN.exe
[2009/12/15 00:19:49 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Desktop\Microsoft Office Outlook 2003.lnk
[2009/12/15 00:07:00 | 00,068,840 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/14 23:43:41 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2009/12/09 15:06:06 | 00,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/09 12:00:00 | 00,000,432 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Angelina Briganti.job
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 15:21:27 | 00,001,192 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2009/11/29 15:05:53 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play My Games.lnk
[2009/11/28 15:17:47 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/20 17:21:10 | 00,113,664 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\My Documents\SIMPLE INTAKE PKT. in OldWordVersion.doc
[2009/11/19 18:00:33 | 00,050,328 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/19 14:49:23 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/19 14:32:38 | 93,234,472 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Angelina Briganti\My Documents\iTunesSetup.exe
[2009/11/19 14:31:48 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Angelina Briganti\My Documents\mbam-setup.exe
[2009/11/19 14:25:29 | 00,000,248 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Desktop\appleipod.bat
[2009/11/18 22:51:04 | 00,076,774 | ---- | M] () -- C:\Documents and Settings\Angelina Briganti\Desktop\handy.jpg
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/16 18:54:34 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/16 11:14:36 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2009/12/16 11:14:35 | 00,000,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2009/12/16 11:13:26 | 00,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2009/12/16 11:10:44 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/12/16 11:09:29 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2009/12/16 10:59:08 | 00,104,253 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2009/12/16 10:59:08 | 00,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2009/12/16 09:50:49 | 00,002,497 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/12/16 09:13:57 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Desktop\avenger.zip
[2009/12/15 21:51:44 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Desktop\SystemLook.exe
[2009/12/15 21:43:00 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\tray.pid
[2009/12/15 18:28:03 | 00,001,638 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Desktop\HijackThis.lnk
[2009/12/15 18:23:51 | 01,401,344 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\My Documents\HijackThis.msi
[2009/12/15 14:41:03 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Start Menu\Programs\Startup\SDK Tray Menu.lnk
[2009/12/15 14:40:18 | 00,000,116 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\.asadminpass
[2009/12/15 14:39:42 | 00,000,807 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\.asadmintruststore
[2009/12/15 14:37:00 | 00,023,180 | ---- | C] () -- C:\WINDOWS\System32\productregistry
[2009/12/15 09:38:28 | 21,454,27456 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/15 07:34:32 | 56,714,640 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Desktop\20091214-041-v5i32.exe
[2009/12/15 02:16:28 | 00,042,338 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2009/12/15 02:16:21 | 00,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/15 02:16:21 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/15 02:16:07 | 00,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/12/15 02:15:49 | 00,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.inf
[2009/12/15 02:15:49 | 00,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.inf
[2009/12/15 02:15:49 | 00,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\ccHPx86.inf
[2009/12/15 02:15:49 | 00,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNetV.inf
[2009/12/15 02:15:49 | 00,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNet.inf
[2009/12/15 02:15:49 | 00,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.inf
[2009/12/15 02:15:49 | 00,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.inf
[2009/12/15 02:15:49 | 00,000,743 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Iron.inf
[2009/12/15 02:15:38 | 00,007,774 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symnetv.cat
[2009/12/15 02:15:38 | 00,007,493 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.cat
[2009/12/15 02:15:38 | 00,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.cat
[2009/12/15 02:15:38 | 00,007,431 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.cat
[2009/12/15 02:15:38 | 00,007,429 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.cat
[2009/12/15 02:15:38 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\iron.cat
[2009/12/15 02:15:38 | 00,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\cchpx86.cat
[2009/12/15 02:15:38 | 00,007,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNet.cat
[2009/12/15 02:15:38 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\isolate.ini
[2009/12/14 23:43:41 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2009/11/29 15:05:53 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play My Games.lnk
[2009/11/29 15:05:53 | 00,001,192 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2009/11/20 17:21:10 | 00,113,664 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\My Documents\SIMPLE INTAKE PKT. in OldWordVersion.doc
[2009/11/19 14:51:48 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/19 14:49:23 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/18 22:54:10 | 00,076,774 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Desktop\handy.jpg
[2009/10/17 09:49:33 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/08/02 21:36:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/08/02 13:12:24 | 00,019,611 | ---- | C] () -- C:\Program Files\Common Files\asenyves.reg
[2009/08/02 13:12:24 | 00,018,601 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hycecyjy.reg
[2009/08/02 13:12:24 | 00,016,599 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\yqopadobe.dl
[2009/08/02 13:12:24 | 00,015,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ikygo.bin
[2009/08/02 13:12:24 | 00,013,521 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\wepacos.vbs
[2009/08/02 13:12:24 | 00,013,246 | ---- | C] () -- C:\Program Files\Common Files\vozo.bin
[2009/08/02 13:12:24 | 00,012,691 | ---- | C] () -- C:\Program Files\Common Files\xulykyv.reg
[2009/08/02 13:12:24 | 00,011,837 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bezik.pif
[2009/08/02 13:12:24 | 00,010,719 | ---- | C] () -- C:\WINDOWS\System32\amyci.sys
[2009/08/02 13:12:24 | 00,010,454 | ---- | C] () -- C:\Program Files\Common Files\fuvo.scr
[2009/08/02 13:12:24 | 00,010,310 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\ycys.bin
[2009/08/01 07:40:18 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\fusioncache.dat
[2009/08/01 06:51:05 | 00,010,699 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ajahezekij.dl
[2009/08/01 06:51:04 | 00,018,954 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\ypyr.dl
[2009/08/01 06:51:04 | 00,017,383 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\uqon.dl
[2009/08/01 06:51:04 | 00,017,291 | ---- | C] () -- C:\Program Files\Common Files\ylurypep.dll
[2009/08/01 06:51:04 | 00,017,065 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\miluta.bat
[2009/08/01 06:51:04 | 00,016,857 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\wihydosare.bin
[2009/08/01 06:51:04 | 00,014,779 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\wired.dll
[2009/08/01 06:51:04 | 00,013,496 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\utysuqykil.bat
[2009/08/01 06:51:04 | 00,013,386 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\erinicobe.pif
[2009/08/01 06:51:04 | 00,012,977 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\cetu.lib
[2009/08/01 06:51:04 | 00,012,355 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\asicys.pif
[2009/08/01 06:51:04 | 00,011,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jyzoxuhyry.pif
[2009/05/11 18:02:40 | 00,083,968 | -HS- | C] () -- C:\WINDOWS\System32\mizepiyu.dll
[2009/04/28 17:56:45 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/04/28 15:14:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/10/06 11:43:55 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\PTfile1.dll
[2008/05/09 11:18:55 | 00,000,212 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/01/06 21:59:24 | 00,042,594 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/01/01 12:21:31 | 00,097,280 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/28 09:55:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/27 15:15:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2007/12/27 15:05:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\PTTreeIcons.dll
[2007/12/13 21:37:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/13 21:28:38 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/12/13 21:25:52 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/12/13 21:25:52 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/13 20:56:07 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/12/13 20:55:55 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/13 20:55:55 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/13 20:55:55 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/13 20:55:54 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/13 20:54:46 | 00,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/10/11 17:59:24 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/01/03 12:48:24 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\dec_jl6.dll
[2006/11/07 05:25:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 14:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Unicode (All) ==========
[2009/08/03 22:34:47 | 00,000,000 | ---D | M](C:\WINDOWS\System32\CatR??t) -- C:\WINDOWS\System32\CatRооt
[2004/08/10 13:57:30 | 00,000,000 | ---D | C](C:\WINDOWS\System32\CatR??t) -- C:\WINDOWS\System32\CatRооt

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Angelina Briganti\Desktop\Report:Roxio EMC Stream
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:CB0FEE2B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1
< End of report >

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 17th December 2009, 3:47 am

OTL Extras logfile created on: 12/16/2009 10:38:47 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Angelina Briganti\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.48% Memory free
3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.21 Gb Total Space | 57.01 Gb Free Space | 53.68% Space Free | Partition Type: NTFS
Drive D: | 486.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Angelina Briganti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8085:TCP" = 8085:TCP:*:Enabled:sfx

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\McAfee\MPF\MpfSrv.exe" = C:\Program Files\McAfee\MPF\MpfSrv.exe:*:Enabled:MPFSrv -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zSF.tmp\SymNRT.exe" = C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zSF.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zS12.tmp\SymNRT.exe" = C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zS12.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zS14.tmp\SymNRT.exe" = C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zS14.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\LMI56.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI56.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zS62.tmp\SymNRT.exe" = C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zS62.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zS64.tmp\SymNRT.exe" = C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zS64.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
"C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zSBD.tmp\SymNRT.exe" = C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zSBD.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zSBF.tmp\SymNRT.exe" = C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\7zSBF.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
"C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\java_ee_sdk-5_08-jdk-6u17-windows[1].exe2\package\jre\bin\javaw.exe" = C:\Documents and Settings\Angelina Briganti\Local Settings\Temp\java_ee_sdk-5_08-jdk-6u17-windows[1].exe2\package\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09D4F215-8960-4E0E-A2CC-C5A062113503}" = Crazy Machines
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{183135A3-2CE8-43B5-BA5A-757EBAECB413}" = Disney Pix Micro Downloader
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{20ED157B-1A84-4DF7-945E-4951A38A9CBA}" = iPod Reset Utility
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BD4B0B5-3359-4932-BF94-C805EE83E710}" = 2350_Help
"{6CD27A25-D4A5-4e25-86B1-36EBBA2BA279}" = 2350Trb
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F2AC7B5-3DA8-45d3-B5E5-F36DCD9FDC6A}" = 2350
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3350D7C-9D1B-44B3-A5A1-EDADC0D66109}" = Kid Pix Deluxe 4
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}" = Disney Pix 2.2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Ask Toolbar_is1" = Ask Toolbar
"BFGC" = Big Fish Games Client
"Bricks of Egypt 2" = Bricks of Egypt 2
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"Disney Toontown Online" = Disney Toontown Online
"Disney's Toontown Online" = Disney's Toontown Online
"Dream Chronicles" = Dream Chronicles
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"Free Realms Installer" = Free Realms Installer
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"Juice Gallery Report 9.0" = Juice Gallery Report 9.0
"JumpStart Advanced Language Club" = JumpStart Advanced Language Club
"JumpStart Advanced Preschool" = JumpStart Advanced Preschool
"legacyqcam_10.40" = Logitech Legacy USB Camera Driver Package
"LimeWire" = LimeWire 5.3.6
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pencil-Pal Kindergarten" = Pencil-Pal Kindergarten
"Picturetrail Photo Editor version 1.9.0_is1" = Picturetrail Photo Editor 1.9.0
"Pirates of the Caribbean Pinball" = Pirates of the Caribbean Pinball
"ProInst" = Intel(R) PROSet/Wireless Software
"Puppy Grows & Knows Your Name_is1" = Puppy Grows & Knows Your Name 1.0
"SearchAssist" = SearchAssist
"SMPhNet" = Spider-Man Photo Net
"Spyware Terminator_is1" = Spyware Terminator
"SynTPDeinstKey" = Dell Touchpad
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"UnityWebPlayer" = Unity Web Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Zoombinis Logical Journey(TM)" = Zoombinis Logical Journey(TM)

========== HKEY_CURRENT_USER Uninstall List ==========

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 17th December 2009, 3:47 am

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2009 7:26:54 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe.

Error - 12/15/2009 7:26:54 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe.

Error - 12/15/2009 7:26:55 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe.

Error - 12/15/2009 7:26:57 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe.

Error - 12/15/2009 7:27:02 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe.

Error - 12/15/2009 7:27:02 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe.

Error - 12/15/2009 7:27:03 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe.

Error - 12/15/2009 7:27:04 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe.

Error - 12/15/2009 7:27:09 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe.

Error - 12/15/2009 7:27:47 PM | Computer Name = LAPTOP | Source = MsiInstaller | ID = 11321
Description = Product: HiJackThis -- Error 1321. The Installer has insufficient
privileges to modify this file: C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe.

[ System Events ]
Error - 12/16/2009 11:31:04 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/16/2009 11:31:04 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/16/2009 11:31:04 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/16/2009 11:31:05 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/16/2009 11:31:05 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/16/2009 11:31:05 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/16/2009 11:31:05 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/16/2009 11:31:05 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/16/2009 11:31:05 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 12/16/2009 11:31:05 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding


< End of report >

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 17th December 2009, 5:58 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    Crawler Toolbar with Web Security Guard
    Java(TM) 6 Update 15
    J2SE Runtime Environment 5.0 Update 6
    LimeWire 5.3.6

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying

    :OTL
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
    O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
    O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
    O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\cru629.dat c:\windows\system32\lijuhidi.dll) - C:\WINDOWS\System32\cru629.dat File not found
    [2009/12/16 19:00:00 | 00,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
    C:\Program Files\Common Files\asenyves.reg
    [2009/08/02 13:12:24 | 00,018,601 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hycecyjy.reg
    [2009/08/02 13:12:24 | 00,016,599 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\yqopadobe.dl
    [2009/08/02 13:12:24 | 00,015,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ikygo.bin
    [2009/08/02 13:12:24 | 00,013,521 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\wepacos.vbs
    [2009/08/02 13:12:24 | 00,013,246 | ---- | C] () -- C:\Program Files\Common Files\vozo.bin
    [2009/08/02 13:12:24 | 00,012,691 | ---- | C] () -- C:\Program Files\Common Files\xulykyv.reg
    [2009/08/02 13:12:24 | 00,011,837 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bezik.pif
    [2009/08/02 13:12:24 | 00,010,719 | ---- | C] () -- C:\WINDOWS\System32\amyci.sys
    [2009/08/02 13:12:24 | 00,010,454 | ---- | C] () -- C:\Program Files\Common Files\fuvo.scr
    [2009/08/02 13:12:24 | 00,010,310 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\ycys.bin
    [2009/08/01 07:40:18 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\fusioncache.dat
    [2009/08/01 06:51:05 | 00,010,699 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ajahezekij.dl
    [2009/08/01 06:51:04 | 00,018,954 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\ypyr.dl
    [2009/08/01 06:51:04 | 00,017,383 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\uqon.dl
    [2009/08/01 06:51:04 | 00,017,291 | ---- | C] () -- C:\Program Files\Common Files\ylurypep.dll
    [2009/08/01 06:51:04 | 00,017,065 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\miluta.bat
    [2009/08/01 06:51:04 | 00,016,857 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\wihydosare.bin
    [2009/08/01 06:51:04 | 00,014,779 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\wired.dll
    [2009/08/01 06:51:04 | 00,013,496 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\utysuqykil.bat
    [2009/08/01 06:51:04 | 00,013,386 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\erinicobe.pif
    [2009/08/01 06:51:04 | 00,012,977 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\cetu.lib
    [2009/08/01 06:51:04 | 00,012,355 | ---- | C] () -- C:\Documents and Settings\Angelina Briganti\Application Data\asicys.pif
    [2009/08/01 06:51:04 | 00,011,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jyzoxuhyry.pif
    [2009/05/11 18:02:40 | 00,083,968 | -HS- | C] () -- C:\WINDOWS\System32\mizepiyu.dll

    :files
    C:\Program Files\Crawler


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 18th December 2009, 11:49 pm

========== OTL ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
File C:\Program Files\Crawler\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\ctbr.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Program Files\Crawler\ctbr.dll not found.
File C:\Program Files\Crawler\ctbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr\ not found.
Invalid CLSID key: C:\Program Files\Crawler\ctbr.dll
File C:\Program Files\Crawler\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\cru629.dat c:\windows\system32\lijuhidi.dll deleted successfully.
C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job moved successfully.
C:\Documents and Settings\All Users\Application Data\hycecyjy.reg moved successfully.
C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\yqopadobe.dl moved successfully.
C:\Documents and Settings\All Users\Application Data\ikygo.bin moved successfully.
C:\Documents and Settings\Angelina Briganti\Application Data\wepacos.vbs moved successfully.
C:\Program Files\Common Files\vozo.bin moved successfully.
C:\Program Files\Common Files\xulykyv.reg moved successfully.
C:\Documents and Settings\All Users\Application Data\bezik.pif moved successfully.
C:\WINDOWS\system32\amyci.sys moved successfully.
C:\Program Files\Common Files\fuvo.scr moved successfully.
C:\Documents and Settings\Angelina Briganti\Application Data\ycys.bin moved successfully.
C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\fusioncache.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\ajahezekij.dl moved successfully.
C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\ypyr.dl moved successfully.
C:\Documents and Settings\Angelina Briganti\Application Data\uqon.dl moved successfully.
C:\Program Files\Common Files\ylurypep.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\miluta.bat moved successfully.
C:\Documents and Settings\Angelina Briganti\Application Data\wihydosare.bin moved successfully.
C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\wired.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\utysuqykil.bat moved successfully.
C:\Documents and Settings\Angelina Briganti\Application Data\erinicobe.pif moved successfully.
C:\Documents and Settings\Angelina Briganti\Local Settings\Application Data\cetu.lib moved successfully.
C:\Documents and Settings\Angelina Briganti\Application Data\asicys.pif moved successfully.
C:\Documents and Settings\All Users\Application Data\jyzoxuhyry.pif moved successfully.
C:\WINDOWS\system32\mizepiyu.dll moved successfully.
========== FILES ==========
C:\Program Files\Crawler\firefox\components folder moved successfully.
C:\Program Files\Crawler\firefox folder moved successfully.
C:\Program Files\Crawler folder moved successfully.

OTL by OldTimer - Version 3.1.17.0 log created on 12182009_184821

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 18th December 2009, 11:52 pm

Okay, lets finish this up.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 19th December 2009, 4:41 am

I downloaded the program and started the install and an error message shows insufficient privilages to modify this file.

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 19th December 2009, 3:34 pm

Just saw I had you download it before. I need you to uninstall/delete the files/folders related to Hijack This, because that first patched file has messed with them.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 19th December 2009, 10:42 pm

I'm unable to delete for the same reason

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 19th December 2009, 11:30 pm

Please download [You must be registered and logged in to see this link.] file.

  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 28th December 2009, 3:19 pm

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2007 Mark Russinovich
Systems Internals - [You must be registered and logged in to see this link.]


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


.
Failed to open \\?\c:\\Documents and Settings\All Users\Documents: Access is denied.


..
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp: Access is denied.




...

...

...


Failed to open \\?\c:\\Documents and Settings\Angelina Briganti\Desktop\HijackThis.exe: Access is denied.


...

...

...

.
Failed to open \\?\c:\\Documents and Settings\Angelina Briganti\Local Settings\Temporary Internet Files\Content.IE5\IZA4Z81T\winlogon[1].scr: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Program Files\Dell Support Center\HWDiag\bin\pcdrsysinfodirect.p5x: Access is denied.




...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Norton Internet Security\Engine\17.1.0.19\Navw32.exe: Access is denied.


.
Failed to open \\?\c:\\Program Files\Perfect Optimizertry452\Home.exe: Access is denied.


..

...

...


Failed to open \\?\c:\\Program Files\Symantec AntiVirus\VPC32.exe: Access is denied.


..
Failed to open \\?\c:\\Program Files\Trend Micro\logger\HijackThis.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Trend Microphone\Hilow\HijackThis.exe: Access is denied.



Failed to open \\?\c:\\Program Files\Uniblue\DriverScanner\DriverScanner.exe: Access is denied.


.

...
Failed to open \\?\c:\\RECYCLER\S-1-5-21-2911804556-3295839565-4153342445-1006\Dc62\HijackThis.exe: Access is denied.



Failed to open \\?\c:\\RECYCLER\S-1-5-21-2911804556-3295839565-4153342445-1006\Dc63\HijackThis.exe: Access is denied.



Failed to open \\?\c:\\RECYCLER\S-1-5-21-2911804556-3295839565-4153342445-1006\Dc64\HiJackThis.exe: Access is denied.




...

...

...

...

...

..\\?\c:\\WINDOWS\$NtServicePackUninstall$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}: MOUNT POINT
Substitute Name: \Device\__max++>\^

.

..\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

.

...

...

...

...

...

...

...
Failed to open \\?\c:\\WINDOWS\system32\dumprep.exe: Access is denied.





Failed to open \\?\c:\\WINDOWS\system32\MRT.exe: Access is denied.


...

...

.
Failed to open \\?\c:\\WINDOWS\system32\wbem\SET12.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET14.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET15.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET1D.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET24.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET3A.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET3D.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET51.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET57.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET5E.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET6.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET6A.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET7.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET8.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET85C.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SET9.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SETA.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SETB.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SETC.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SETC9A.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SETD.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SETDBB.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SETEB.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\SETF.tmp: Access is denied.



Failed to open \\?\c:\\WINDOWS\system32\wbem\wmiprvse.exe: Access is denied.


.

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 28th December 2009, 3:29 pm

Hello.

Please download [You must be registered and logged in to see this link.] file.

Like you did with juntion.exe, place inherit.exe into the Windows folder.

Now open a new notepad file.
Input this into the notepad file:

@echo off
"inherit.exe" "c:\\Documents and Settings\Angelina Briganti\Desktop\HijackThis.exe"
"inherit.exe" "c:\\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe"
"inherit.exe" "c:\\Program Files\Norton Internet Security\Engine\17.1.0.19\Navw32.exe"
"inherit.exe" "c:\\Program Files\Perfect Optimizertry452\Home.exe"
"inherit.exe" "c:\\Program Files\Symantec AntiVirus\VPC32.exe"
"inherit.exe" "c:\\Program Files\Trend Micro\logger\HijackThis.exe"
"inherit.exe" "c:\\Program Files\Trend Microphone\Hilow\HijackThis.exe"
"inherit.exe" "c:\\Program Files\Uniblue\DriverScanner\DriverScanner.exe"
"inherit.exe" "c:\\RECYCLER\S-1-5-21-2911804556-3295839565-4153342445-1006\Dc62\HijackThis.exe"
"inherit.exe" "c:\\RECYCLER\S-1-5-21-2911804556-3295839565-4153342445-1006\Dc63\HijackThis.exe"
"inherit.exe" "c:\\RECYCLER\S-1-5-21-2911804556-3295839565-4153342445-1006\Dc64\HiJackThis.exe"
exit
Save this as fix.bat, save it to your desktop.

Let it run until it says OK on each one.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 28th December 2009, 3:54 pm

Did that
thanks

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 28th December 2009, 4:24 pm

Can you delete Hijack This now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 28th December 2009, 4:48 pm

yes deleted it
sure I install it again now

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 28th December 2009, 4:50 pm

Yes, install it again and run a scan, post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 28th December 2009, 6:20 pm

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:20:18 PM, on 12/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-2911804556-3295839565-4153342445-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2911804556-3295839565-4153342445-1006\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (User '?')
O4 - HKUS\S-1-5-21-2911804556-3295839565-4153342445-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [NordBull] C:\WINDOWS\TEMP\c.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [NordBull] C:\WINDOWS\TEMP\c.exe (User 'Default user')
O4 - S-1-5-21-2911804556-3295839565-4153342445-1006 Startup: SDK Tray Menu.lnk = ? (User '?')
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {2F5C9C6B-4117-4A42-A836-2735A8FCF5C6} (AreaSketch Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {F17A0E18-97B6-4C4D-9277-6832DB40EC61} (ToolPad Control) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat c:\windows\system32\lijuhidi.dll,
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: LKMSFOIVAMFOMSFVIOSVJASIUENFJNDJV - {BD56A320-23F2-42AD-F4E4-00AAC39CAA53} - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15159 bytes

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by Belahzur on 28th December 2009, 6:24 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\sdra64.exe,
    O4 - HKUS\S-1-5-18\..\Run: [NordBull] C:\WINDOWS\TEMP\c.exe (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [NordBull] C:\WINDOWS\TEMP\c.exe (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O20 - AppInit_DLLs: C:\WINDOWS\system32\cru629.dat c:\windows\system32\lijuhidi.dll,
    O22 - SharedTaskScheduler: LKMSFOIVAMFOMSFVIOSVJASIUENFJNDJV - {BD56A320-23F2-42AD-F4E4-00AAC39CAA53} - (no file)
    O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
    O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Now try installing MBAM again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: unable to run an antivirus scan

Post by marcalina on 28th December 2009, 6:38 pm

keep getting runtime errors

marcalina
Novice
Novice

Posts Posts : 21
Joined Joined : 2009-12-15
OS OS : xp
Points Points : 25771
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum