Antivirus Live/Pro

View previous topic View next topic Go down

Antivirus Live/Pro

Post by egghead123 on 30th January 2010, 4:02 am

My friend told me about the site and told me to come here. Its weird because my computers working now but i wanted to post something to be sure. I cant remember which was on my computer, Antivirus Live or Pro, but they're basically the same thing i think. When i clicked on a program or almost anything, it says it is infected. But when i turned my computer on this time, it was gone and i was able to get on the internet and do things.

egghead123
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-24
OS OS : windows xp
Points Points : 25223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by egghead123 on 30th January 2010, 4:04 am

I forgot to post the hijack this log. here it is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:07 PM, on 1/29/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\AMY\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [rtbmtooe] C:\Documents and Settings\AMY\Local Settings\Application Data\hrianu\ncdrsysguard.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rtbmtooe] C:\Documents and Settings\AMY\Local Settings\Application Data\hrianu\ncdrsysguard.exe
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9982 bytes

egghead123
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-24
OS OS : windows xp
Points Points : 25223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by Belahzur on 30th January 2010, 5:08 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
    O4 - HKLM\..\Run: [rtbmtooe] C:\Documents and Settings\AMY\Local Settings\Application Data\hrianu\ncdrsysguard.exe
    O4 - HKCU\..\Run: [rtbmtooe] C:\Documents and Settings\AMY\Local Settings\Application Data\hrianu\ncdrsysguard.exe
    O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245090
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by egghead123 on 31st January 2010, 9:38 pm

Ive got a new problem. After i opened hijack this and fixed the things you wanted me to check, Antivius Soft came up and blocked me from doing anything like before. I wasnt able to download malware bytes because my computed blocked me from using the internet because it thought my browser was infected. What should i do.

egghead123
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-24
OS OS : windows xp
Points Points : 25223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by Belahzur on 1st February 2010, 12:04 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245090
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by egghead123 on 3rd February 2010, 12:15 am

i ran the OTL and here are the logs. the first one didnt pop up because it said notepad was infected, but i found it on the desktop.
here is the OTL log

OTL logfile created on: 2/2/2010 7:04:13 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\AMY\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 642.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 27.44 Gb Free Space | 36.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 973.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMYNOEL5150
Current User Name: AMY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/02 19:02:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AMY\Desktop\OTL.exe
PRC - [2010/01/31 08:09:27 | 000,279,296 | ---- | M] () -- C:\Documents and Settings\AMY\Local Settings\Application Data\heiaqv\egaisysguard.exe
PRC - [2010/01/31 08:09:22 | 000,279,296 | ---- | M] () -- C:\Documents and Settings\AMY\Local Settings\Application Data\rovldu\ephrsysguard.exe
PRC - [2009/07/27 17:02:35 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/05/26 20:06:32 | 000,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/03/12 19:56:58 | 000,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/12 19:56:52 | 000,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/05 23:04:30 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/23 08:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/02/13 18:29:51 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/05 15:18:48 | 000,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/10 00:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 03:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/02/02 19:02:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AMY\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/03/12 19:56:52 | 000,656,168 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/03/05 23:04:30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/03 09:51:25 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/02/13 18:29:51 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/24 16:07:07 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/14 02:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 22:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 03:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/28 07:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2003/05/19 15:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


========== Driver Services (SafeList) ==========

DRV - [2009/03/05 22:59:00 | 000,036,864 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/02/25 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/20 04:00:00 | 000,876,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090413.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/02/20 04:00:00 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090413.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/02/09 17:59:18 | 000,251,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090407.002\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/01/15 11:19:36 | 000,023,848 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/01/11 22:12:56 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/10/13 00:31:57 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/07/28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/03/24 16:18:16 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/04/14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/01/09 17:32:13 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 17:32:13 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/01/09 17:32:13 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/01/09 17:32:13 | 000,035,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/01/09 17:32:13 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/09 17:32:13 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/10/18 02:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/11/18 11:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 11:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/07 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 04:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/04/05 14:46:28 | 000,830,684 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2004/12/13 16:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/10/14 16:30:46 | 000,155,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/04/13 18:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 13:48:08 | 000,011,043 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2009/07/30 09:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AMY\Application Data\Mozilla\Extensions
[2009/07/30 09:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AMY\Application Data\Mozilla\Extensions\mozswing@mozswing.org

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Symantec\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\Run: [ywljpntb] C:\Documents and Settings\AMY\Local Settings\Application Data\rovldu\ephrsysguard.exe ()
O4 - HKLM..\Run: [ywvwaevw] C:\Documents and Settings\AMY\Local Settings\Application Data\heiaqv\egaisysguard.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [ywljpntb] C:\Documents and Settings\AMY\Local Settings\Application Data\rovldu\ephrsysguard.exe ()
O4 - HKCU..\Run: [ywvwaevw] C:\Documents and Settings\AMY\Local Settings\Application Data\heiaqv\egaisysguard.exe ()
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} [You must be registered and logged in to see this link.] (ScrabbleCubes Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} [You must be registered and logged in to see this link.] (TPIR Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} [You must be registered and logged in to see this link.] (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} [You must be registered and logged in to see this link.] (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\AMY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\AMY\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/19 17:00:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/11 16:31:08 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008/01/11 16:40:28 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008/01/11 16:40:09 | 000,000,150 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/01/11 02:17:04 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{11c2e66b-c36c-11de-9f0a-00167696d80a}\Shell - "" = AutoRun
O33 - MountPoints2\{11c2e66b-c36c-11de-9f0a-00167696d80a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{11c2e66b-c36c-11de-9f0a-00167696d80a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\Shell - "" = AutoRun
O33 - MountPoints2\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/01/11 16:40:28 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{6f22b39c-b724-11dd-9ec0-00167696d80a}\Shell - "" = AutoRun
O33 - MountPoints2\{6f22b39c-b724-11dd-9ec0-00167696d80a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f22b39c-b724-11dd-9ec0-00167696d80a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\Shell - "" = AutoRun
O33 - MountPoints2\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/01/11 16:40:28 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\Shell - "" = AutoRun
O33 - MountPoints2\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/02 19:04:03 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AMY\Desktop\OTL.exe
[2010/01/31 08:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AMY\Desktop\backups
[2010/01/31 08:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AMY\Local Settings\Application Data\rovldu
[2010/01/31 08:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AMY\Local Settings\Application Data\heiaqv
[2010/01/29 22:51:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AMY\IECompatCache
[2010/01/29 22:47:47 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\AMY\Desktop\HijackThis.exe
[2010/01/18 00:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AMY\Local Settings\Application Data\hrianu
[2010/01/10 01:40:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/01/10 01:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/01/10 01:40:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2010/01/10 01:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/01/10 01:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/01/09 22:39:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/01/05 10:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AMY\My Documents\New Folder
[2008/10/27 10:38:54 | 000,095,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[2008/10/27 10:37:34 | 001,692,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2008/10/27 10:36:58 | 000,526,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[2008/05/28 16:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/03/25 13:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2008/03/25 13:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2008/03/24 15:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/03/24 15:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/24 15:40:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/24 15:40:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/19 19:12:04 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2008/03/19 19:12:03 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2008/03/19 19:12:03 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2008/03/19 19:12:03 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2008/03/19 19:12:03 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2008/03/19 19:12:03 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2008/03/19 19:12:03 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2008/03/19 19:12:03 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2008/03/19 19:12:03 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/02 19:03:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/02 19:03:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/02 19:02:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AMY\Desktop\OTL.exe
[2010/02/01 21:10:26 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\AMY\NTUSER.DAT
[2010/02/01 21:10:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\AMY\ntuser.ini
[2010/02/01 21:10:20 | 006,388,968 | -H-- | M] () -- C:\Documents and Settings\AMY\Local Settings\Application Data\IconCache.db
[2010/01/30 14:20:01 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for AMY.job
[2010/01/29 23:55:49 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/29 22:47:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/29 22:43:12 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\AMY\Desktop\HijackThis.exe
[2010/01/15 18:56:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/14 19:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/13 03:03:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/11 20:00:05 | 000,000,572 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Online - Run Full System Scan - AMY.job
[2010/01/10 01:40:49 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/01/10 01:40:47 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/01/07 09:00:15 | 000,018,795 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca1-7.pdf
[2010/01/07 08:57:45 | 000,032,922 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca1-6.pdf
[2010/01/07 08:56:28 | 000,034,547 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca1-5.pdf
[2010/01/07 08:55:20 | 000,035,100 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca1-4.pdf
[2010/01/07 08:53:49 | 000,039,092 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca1-3.pdf
[2010/01/07 08:52:19 | 000,068,831 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca1-2.pdf
[2010/01/07 08:47:55 | 000,019,818 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca5.pdf
[2010/01/07 08:46:41 | 000,033,301 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca4.pdf
[2010/01/07 08:44:48 | 000,035,830 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca3.pdf
[2010/01/07 08:42:39 | 000,037,249 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca2.pdf
[2010/01/07 08:36:22 | 000,725,846 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickca1.pdf
[2010/01/05 10:24:58 | 000,048,496 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickench3.pdf
[2010/01/05 10:24:01 | 000,054,744 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickench2.pdf
[2010/01/05 10:22:15 | 000,021,735 | ---- | M] () -- C:\Documents and Settings\AMY\My Documents\quickench1.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/10 01:40:51 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for AMY.job
[2010/01/10 01:40:48 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Scan.lnk
[2010/01/10 01:40:47 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/01/07 09:00:15 | 000,018,795 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca1-7.pdf
[2010/01/07 08:57:45 | 000,032,922 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca1-6.pdf
[2010/01/07 08:56:28 | 000,034,547 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca1-5.pdf
[2010/01/07 08:55:20 | 000,035,100 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca1-4.pdf
[2010/01/07 08:53:49 | 000,039,092 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca1-3.pdf
[2010/01/07 08:52:19 | 000,068,831 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca1-2.pdf
[2010/01/07 08:47:55 | 000,019,818 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca5.pdf
[2010/01/07 08:46:41 | 000,033,301 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca4.pdf
[2010/01/07 08:44:48 | 000,035,830 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca3.pdf
[2010/01/07 08:42:39 | 000,037,249 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca2.pdf
[2010/01/07 08:36:22 | 000,725,846 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickca1.pdf
[2010/01/05 10:24:58 | 000,048,496 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickench3.pdf
[2010/01/05 10:24:01 | 000,054,744 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickench2.pdf
[2010/01/05 10:22:15 | 000,021,735 | ---- | C] () -- C:\Documents and Settings\AMY\My Documents\quickench1.pdf
[2009/11/14 13:18:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/08/26 22:35:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2009/06/07 21:03:30 | 000,000,019 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/03/22 10:03:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/03/21 19:57:17 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\AMY\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2009/02/11 20:39:36 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\AMY\Application Data\dvd.bmk
[2009/01/11 22:12:55 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/12/27 21:48:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/12/25 14:18:39 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2008/10/27 10:38:20 | 013,265,184 | ---- | C] () -- C:\Program Files\dxnt.cab
[2008/10/27 10:38:20 | 004,163,646 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2008/10/27 10:38:20 | 001,907,944 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab
[2008/10/27 10:38:20 | 001,803,074 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
[2008/10/27 10:38:18 | 001,801,176 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
[2008/10/27 10:38:18 | 001,795,100 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab
[2008/10/27 10:38:18 | 001,793,624 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab
[2008/10/27 10:38:18 | 001,770,878 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
[2008/10/27 10:38:18 | 001,710,376 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
[2008/10/27 10:38:18 | 001,709,168 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
[2008/10/27 10:38:18 | 001,608,374 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
[2008/10/27 10:38:16 | 001,608,790 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
[2008/10/27 10:38:16 | 001,608,302 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
[2008/10/27 10:38:16 | 001,607,055 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
[2008/10/27 10:38:16 | 001,575,392 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2008/10/27 10:38:16 | 001,572,170 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2008/10/27 10:38:14 | 001,551,228 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab
[2008/10/27 10:38:14 | 001,465,688 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab
[2008/10/27 10:38:14 | 001,464,894 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab
[2008/10/27 10:38:14 | 001,413,918 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2008/10/27 10:38:14 | 001,363,812 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2008/10/27 10:38:14 | 001,358,992 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2008/10/27 10:38:12 | 001,444,298 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
[2008/10/27 10:38:12 | 001,398,846 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2008/10/27 10:38:12 | 001,351,558 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2008/10/27 10:38:10 | 001,348,370 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2008/10/27 10:38:10 | 001,337,018 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2008/10/27 10:38:10 | 001,248,515 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2008/10/27 10:38:10 | 001,156,507 | ---- | C] () -- C:\Program Files\BDANT.cab
[2008/10/27 10:38:10 | 001,128,233 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2008/10/27 10:38:10 | 001,116,237 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2008/10/27 10:38:10 | 001,080,472 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2008/10/27 10:38:08 | 001,085,736 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2008/10/27 10:38:08 | 001,079,978 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
[2008/10/27 10:38:08 | 001,078,660 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2008/10/27 10:38:08 | 001,065,941 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2008/10/27 10:38:08 | 001,014,241 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2008/10/27 10:38:08 | 000,995,154 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab
[2008/10/27 10:38:08 | 000,122,810 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x64.cab
[2008/10/27 10:38:08 | 000,097,833 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab
[2008/10/27 10:38:08 | 000,094,750 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab
[2008/10/27 10:38:04 | 000,976,164 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2008/10/27 10:38:04 | 000,966,445 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab
[2008/10/27 10:38:04 | 000,917,446 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2008/10/27 10:38:04 | 000,868,844 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab
[2008/10/27 10:38:04 | 000,868,628 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab
[2008/10/27 10:38:04 | 000,865,616 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
[2008/10/27 10:38:04 | 000,853,302 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
[2008/10/27 10:38:04 | 000,850,935 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab
[2008/10/27 10:38:04 | 000,096,053 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2008/10/27 10:38:04 | 000,094,144 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x86.cab
[2008/10/27 10:38:04 | 000,055,538 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab
[2008/10/27 10:38:04 | 000,045,464 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2008/10/27 10:38:02 | 000,850,183 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab
[2008/10/27 10:38:02 | 000,845,900 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
[2008/10/27 10:38:02 | 000,819,276 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
[2008/10/27 10:38:02 | 000,094,028 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x86.cab
[2008/10/27 10:38:02 | 000,093,700 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x86.cab
[2008/10/27 10:38:02 | 000,088,158 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2008/10/27 10:38:02 | 000,088,117 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2008/10/27 10:38:02 | 000,087,053 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2008/10/27 10:38:02 | 000,056,170 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab
[2008/10/27 10:38:02 | 000,056,074 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
[2008/10/27 10:38:02 | 000,054,318 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab
[2008/10/27 10:38:02 | 000,047,160 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
[2008/10/27 10:38:02 | 000,047,074 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2008/10/27 10:38:02 | 000,046,375 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2008/10/27 10:38:02 | 000,022,921 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab
[2008/10/27 10:38:02 | 000,022,867 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab
[2008/10/27 10:38:02 | 000,019,512 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
[2008/10/27 10:38:00 | 000,804,900 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
[2008/10/27 10:38:00 | 000,797,883 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
[2008/10/27 10:38:00 | 000,700,060 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
[2008/10/27 10:38:00 | 000,699,628 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
[2008/10/27 10:38:00 | 000,047,026 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab
[2008/10/27 10:38:00 | 000,022,883 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
[2008/10/27 10:37:58 | 000,699,488 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
[2008/10/27 10:37:58 | 000,696,881 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
[2008/10/27 10:37:58 | 000,272,384 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x64.cab
[2008/10/27 10:37:58 | 000,270,858 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x86.cab
[2008/10/27 10:37:58 | 000,270,644 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x64.cab
[2008/10/27 10:37:54 | 000,274,976 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x64.cab
[2008/10/27 10:37:54 | 000,273,627 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x86.cab
[2008/10/27 10:37:52 | 000,270,040 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x86.cab
[2008/10/27 10:37:52 | 000,252,210 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab
[2008/10/27 10:37:52 | 000,227,266 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab
[2008/10/27 10:37:52 | 000,199,112 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab
[2008/10/27 10:37:50 | 000,213,823 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2008/10/27 10:37:50 | 000,198,138 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab
[2008/10/27 10:37:50 | 000,193,491 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2008/10/27 10:37:48 | 000,197,778 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab
[2008/10/27 10:37:48 | 000,196,782 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab
[2008/10/27 10:37:48 | 000,195,691 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab
[2008/10/27 10:37:48 | 000,192,736 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2008/10/27 10:37:48 | 000,183,919 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2008/10/27 10:37:48 | 000,183,377 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2008/10/27 10:37:46 | 000,181,801 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2008/10/27 10:37:46 | 000,180,149 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2008/10/27 10:37:46 | 000,179,375 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2008/10/27 10:37:46 | 000,154,028 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab
[2008/10/27 10:37:44 | 000,153,925 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab
[2008/10/27 10:37:44 | 000,152,241 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab
[2008/10/27 10:37:42 | 000,149,280 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab
[2008/10/27 10:37:42 | 000,148,999 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab
[2008/10/27 10:37:42 | 000,146,615 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2008/10/27 10:37:42 | 000,139,033 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2008/10/27 10:37:42 | 000,138,251 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2008/10/27 10:37:40 | 000,134,687 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2008/10/27 10:37:40 | 000,133,425 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2008/10/27 10:37:40 | 000,123,352 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab
[2008/10/27 10:37:40 | 000,122,840 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x64.cab
[2008/10/27 10:37:40 | 000,122,070 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x64.cab
[2008/10/27 10:37:38 | 000,134,119 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2008/10/13 00:31:57 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2008/05/18 11:38:54 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\AMY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/24 16:04:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/03/23 15:22:19 | 000,000,260 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/19 19:12:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2008/03/19 19:12:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2008/03/19 19:12:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2008/03/19 19:12:03 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2008/03/19 19:12:03 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2008/03/19 19:12:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2008/03/19 19:12:02 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2008/03/19 19:12:02 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2008/03/19 19:12:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2008/03/19 19:12:02 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2008/03/19 17:13:45 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\AMY\Local Settings\Application Data\fusioncache.dat
[2006/12/06 13:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1998/10/10 23:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20FFCF0B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC9506D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48B90E7
< End of report >

egghead123
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-24
OS OS : windows xp
Points Points : 25223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by egghead123 on 3rd February 2010, 12:16 am

Heres the extras file

OTL Extras logfile created on: 2/2/2010 7:04:13 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\AMY\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 642.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 27.44 Gb Free Space | 36.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 973.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMYNOEL5150
Current User Name: AMY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = YBrowser.HTML] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)
htmlfile [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)
https [open] -- C:\PROGRA~1\Yahoo!\browser\ybrowser.exe %1 (Yahoo!, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\browser\ybrowser.exe" = C:\Program Files\Yahoo!\browser\ybrowser.exe:*:Enabled:AT&T Yahoo! -- (Yahoo!, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"H:\Age of Empires II\age2_x1.exe" = H:\Age of Empires II\age2_x1.exe:*:Disabled:Age of Empires II Expansion -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__PONY_LUV___is1" = Pony Luv v1.2
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1D80C770-D304-4F00-BC4B-7D6FE38C444B}" = Symantec Real Time Storage Protection Component
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5ABB5D02-BBAA-41D4-BDED-A52DB89A2D2F}" = Wal-Mart Digital Photo Manager
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A2459F3-718C-4D9D-BCF0-24F4BFF21823}" = Online Vegas Casino
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114777430}" = Slingo Quest Hawaii
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115286387}" = Operation Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115450600}" = Slingo Supreme
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"2Wire SetupWiz" = SBC Yahoo! DSL Home Networking Installer
"AdMission Photo Uploader" = AdMission Photo Uploader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"AIM_6" = AIM 6
"alotToolbar" = ALOT Toolbar
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BFGC" = Big Fish Games Client
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CoffeeCup HTML Editor 2008" = CoffeeCup HTML Editor 2008
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"ESPNMotion" = ESPNMotion
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"IC Engine 1.2" = IC Engine 1.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImTOO iPod Movie Converter" = ImTOO iPod Movie Converter
"LimeWire" = LimeWire 5.2.13
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP4 Converter_is1" = MP4 Converter 1.0
"MSNINST" = MSN
"MyWebSearch bar Uninstall" = My Web Search (Zwinky)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"PCFriendly" = PCFriendly
"PROSet" = Intel(R) PRO Network Connections Drivers
"Reader Rabbit Thinking Adventures Ages 4-6" = Reader Rabbit Thinking Adventures Ages 4-6
"StarFlyers Alien Space Chase" = StarFlyers Alien Space Chase
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/31/2010 9:55:15 AM | Computer Name = AMYNOEL5150 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/1/2010 12:54:00 PM | Computer Name = AMYNOEL5150 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/1/2010 12:54:01 PM | Computer Name = AMYNOEL5150 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/1/2010 12:54:02 PM | Computer Name = AMYNOEL5150 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/1/2010 12:54:03 PM | Computer Name = AMYNOEL5150 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/1/2010 12:54:03 PM | Computer Name = AMYNOEL5150 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/1/2010 12:54:04 PM | Computer Name = AMYNOEL5150 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/1/2010 12:54:04 PM | Computer Name = AMYNOEL5150 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/1/2010 12:54:05 PM | Computer Name = AMYNOEL5150 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 2/1/2010 12:56:24 PM | Computer Name = AMYNOEL5150 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

[ System Events ]
Error - 2/2/2010 6:12:10 PM | Computer Name = AMYNOEL5150 | Source = DCOM | ID = 10010
Description = The server {31371420-098D-4C0E-A11E-EBEC2305DD01} did not register
with DCOM within the required timeout.

Error - 2/2/2010 6:19:12 PM | Computer Name = AMYNOEL5150 | Source = DCOM | ID = 10010
Description = The server {9FC8AD10-2E1B-45BE-B57A-478803561E1F} did not register
with DCOM within the required timeout.

Error - 2/2/2010 6:40:20 PM | Computer Name = AMYNOEL5150 | Source = DCOM | ID = 10010
Description = The server {9FC8AD10-2E1B-45BE-B57A-478803561E1F} did not register
with DCOM within the required timeout.

Error - 2/2/2010 6:47:31 PM | Computer Name = AMYNOEL5150 | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 2/2/2010 6:54:21 PM | Computer Name = AMYNOEL5150 | Source = DCOM | ID = 10010
Description = The server {9FC8AD10-2E1B-45BE-B57A-478803561E1F} did not register
with DCOM within the required timeout.

Error - 2/2/2010 7:08:25 PM | Computer Name = AMYNOEL5150 | Source = DCOM | ID = 10010
Description = The server {31371420-098D-4C0E-A11E-EBEC2305DD01} did not register
with DCOM within the required timeout.

Error - 2/2/2010 7:22:31 PM | Computer Name = AMYNOEL5150 | Source = DCOM | ID = 10010
Description = The server {9FC8AD10-2E1B-45BE-B57A-478803561E1F} did not register
with DCOM within the required timeout.

Error - 2/2/2010 7:29:36 PM | Computer Name = AMYNOEL5150 | Source = DCOM | ID = 10010
Description = The server {9FC8AD10-2E1B-45BE-B57A-478803561E1F} did not register
with DCOM within the required timeout.

Error - 2/2/2010 7:36:32 PM | Computer Name = AMYNOEL5150 | Source = DCOM | ID = 10010
Description = The server {9FC8AD10-2E1B-45BE-B57A-478803561E1F} did not register
with DCOM within the required timeout.

Error - 2/2/2010 7:43:34 PM | Computer Name = AMYNOEL5150 | Source = DCOM | ID = 10010
Description = The server {9FC8AD10-2E1B-45BE-B57A-478803561E1F} did not register
with DCOM within the required timeout.


< End of report >

egghead123
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-24
OS OS : windows xp
Points Points : 25223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by Belahzur on 3rd February 2010, 1:02 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O4 - HKLM..\Run: [ywljpntb] C:\Documents and Settings\AMY\Local Settings\Application Data\rovldu\ephrsysguard.exe ()
    O4 - HKLM..\Run: [ywvwaevw] C:\Documents and Settings\AMY\Local Settings\Application Data\heiaqv\egaisysguard.exe ()
    O4 - HKCU..\Run: [ywljpntb] C:\Documents and Settings\AMY\Local Settings\Application Data\rovldu\ephrsysguard.exe ()
    O4 - HKCU..\Run: [ywvwaevw] C:\Documents and Settings\AMY\Local Settings\Application Data\heiaqv\egaisysguard.exe ()
    O4 - HKLM..\RunOnceEx: [] File not found
    O32 - AutoRun File - [2008/01/11 16:31:08 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
    O32 - AutoRun File - [2008/01/11 16:40:28 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
    O32 - AutoRun File - [2008/01/11 16:40:09 | 000,000,150 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O32 - AutoRun File - [2008/01/11 02:17:04 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
    O33 - MountPoints2\{11c2e66b-c36c-11de-9f0a-00167696d80a}\Shell - "" = AutoRun
    O33 - MountPoints2\{11c2e66b-c36c-11de-9f0a-00167696d80a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{11c2e66b-c36c-11de-9f0a-00167696d80a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\Shell - "" = AutoRun
    O33 - MountPoints2\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/01/11 16:40:28 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
    O33 - MountPoints2\{6f22b39c-b724-11dd-9ec0-00167696d80a}\Shell - "" = AutoRun
    O33 - MountPoints2\{6f22b39c-b724-11dd-9ec0-00167696d80a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6f22b39c-b724-11dd-9ec0-00167696d80a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\Shell - "" = AutoRun
    O33 - MountPoints2\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/01/11 16:40:28 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
    O33 - MountPoints2\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\Shell - "" = AutoRun
    O33 - MountPoints2\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    [2010/01/31 08:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AMY\Local Settings\Application Data\rovldu
    [2010/01/31 08:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AMY\Local Settings\Application Data\heiaqv
    [2010/01/18 00:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AMY\Local Settings\Application Data\hrianu



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245090
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by egghead123 on 4th February 2010, 2:35 am

here is log file of what you told me to fix

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ywljpntb deleted successfully.
C:\Documents and Settings\AMY\Local Settings\Application Data\rovldu\ephrsysguard.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ywvwaevw deleted successfully.
C:\Documents and Settings\AMY\Local Settings\Application Data\heiaqv\egaisysguard.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ywljpntb deleted successfully.
File C:\Documents and Settings\AMY\Local Settings\Application Data\rovldu\ephrsysguard.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ywvwaevw deleted successfully.
File C:\Documents and Settings\AMY\Local Settings\Application Data\heiaqv\egaisysguard.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
File not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11c2e66b-c36c-11de-9f0a-00167696d80a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11c2e66b-c36c-11de-9f0a-00167696d80a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11c2e66b-c36c-11de-9f0a-00167696d80a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11c2e66b-c36c-11de-9f0a-00167696d80a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11c2e66b-c36c-11de-9f0a-00167696d80a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11c2e66b-c36c-11de-9f0a-00167696d80a}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bb76f7b-9e4e-11dd-9eb7-00167696d80a}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f22b39c-b724-11dd-9ec0-00167696d80a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f22b39c-b724-11dd-9ec0-00167696d80a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f22b39c-b724-11dd-9ec0-00167696d80a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f22b39c-b724-11dd-9ec0-00167696d80a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f22b39c-b724-11dd-9ec0-00167696d80a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f22b39c-b724-11dd-9ec0-00167696d80a}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae1865ee-d9f2-11dd-9ec7-00167696d80a}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d372aa8c-91b0-11dd-9eb1-00167696d80a}\ not found.
File G:\LaunchU3.exe not found.
C:\Documents and Settings\AMY\Local Settings\Application Data\rovldu folder moved successfully.
C:\Documents and Settings\AMY\Local Settings\Application Data\heiaqv folder moved successfully.
C:\Documents and Settings\AMY\Local Settings\Application Data\hrianu folder moved successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 02032010_213009

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

egghead123
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-24
OS OS : windows xp
Points Points : 25223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by Belahzur on 4th February 2010, 10:00 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 11
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LimeWire 5.2.13
    My Web Search (Zwinky)
    Viewpoint Media Player

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245090
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by egghead123 on 5th February 2010, 1:02 am

hey i did the reboot thing and its finished.So does that mean the virus is gone for good now?

egghead123
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-24
OS OS : windows xp
Points Points : 25223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by Belahzur on 5th February 2010, 1:40 am

Hello.
Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245090
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by egghead123 on 9th February 2010, 7:12 pm

hey i didnt do the combofix thing in time and i try and get on the computer to do the combofix on the computer but i got the BLUE SCREEN OF DEATH.now i cant even access the desktop. what should i do?

egghead123
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-24
OS OS : windows xp
Points Points : 25223
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by Belahzur on 10th February 2010, 7:23 pm

Can you boot into Safe Mode?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34917
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245090
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Live/Pro

Post by egghead123 on 19th February 2010, 1:13 am

yes but then nuthn happens stil it asks me if i want to go into safe mode and i choose safe mode but i cant get any farther than that.

egghead123
Novice
Novice

Posts Posts : 9
Joined Joined : 2010-01-24
OS OS : windows xp
Points Points : 25223
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum