Possum47

G'day. I have been receivifng this error message for several week now. I have followed the directions given in other threads, by using the files - mbam-clean.exe and mbam--setup-1.60.1.1000.exe, on a half a dozen occasions. The re-installation has not helped as the Protection Moduel has to be manually executed. On this last occasion both my Firewall and Spyware programme were uninstalled without effect. Can anyone assist.? Thanking you Windows XP SP3 4Gb Ram Intel Pentium Processor

Elise, G'day. No, that is about it. Have cleaned out the C Partition and everything appears to be running normally. Again, thank you for your assistance. Cheers. Dave

Elise, Before I sign off, can I assume that the file Shelllnk.tlb was the cause of my problem? I have to be able to search for whatever put this file on my system. Other than that, my system is functioning correctly and appears to be stable. The programmes mentioned in your last post are used by myself in order to keep this system up to date, so there are no fears in that direction. Could you please advise if something was received by you from PP? Thank you for your assistance. Regards. Dave

Elise, Before I sign off, can I assume that the file Shelllnk.tlb was the cause of my problem? I have to be able to search for whatever put this file on my system. Other than that, my system is functioning correctly and appears to be stable. The programmes mentioned in your last post are used by myself in order to keep this system up to date, so there are no fears in that direction. Could you please advise if something was received by you from PP? Thank you for your assistance. Regards. Dave

Elise, Don't worry about Services. By working with my Registry backup I was able to restore my defaults in the new Registry, with the only errors being the initial failure of Automatic Updates and the Diskeeper Service which hang. I have set up Services for these Services restart and they do load as required. So - what next? Regards. Dave

Elise, G'day. Just a few things. The ESET Scan marked CrashRptHelp.dll as being 'probably' infected with the Win32/Genetik Trpkan. This is a definite false positive as the file is in my Stardock/Objectdock directory and necessary for the proper execution of Stardock/Objectdock. It was restored. ComboFix has mucked up many settings including Services, with the Event Log showing several Error messages.. I will have to restore them manually. The system now takes just under 10 minutes from Logon Screen to final execution of processes. Previously the system would boot somewhere between 3 a

Elise, O.K. Registry Cleaners. I use the Cleaner to remove leftover crud, particularly after the uninstall of unwanted programmes. Programmes like Total Uninstall and Revo Uninstaller Pro still leave behind rubbish. My Registry is safe as I use ERUNT or ERDNT to backup my Registry at each boot, a programme which I find is 100% accurate. I never use Windows System Restore or any backup from any other programme. In the recent past I can restore a registry to any day over the past 8 days, and long term, back over 2 months on a weekly basis. I always know what to re-install as I keep a cop

Elise, G'day. Please find attached the ComboFix.txt file. Have a good one. Dave : ComboFix 10-06-01.01 - Stephen D Beakey 02/06/2010 9:41.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3583.2857 [GMT 10:00] Running from: c:\downloads\M'Bytes files\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98} FW: Privatefirewall *disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF4F} FW: Sunbelt Personal Firewall

Elise, Thanks for the explanation. I have deleted five instances of ctfmon.exe (including Prefetch file) from this system. I had executed defogger.exe previously and I thought that this would prevent my DVD/CD from functioning. During the process of getting rid of this file, I found that, after a message that the system needed this file and that I was to place my Installation CD into the drive, that the above file was re-established. I was then able to delete this file from the system. There are no instances of this file on this system now and from what I can ascertain, no instances of M

Elise, Thank you again. The programme ctfmon.exe has been disabled in accordance with the Microsoft Knowledge Base. Microsoft Office had been installed but abandoned. I now use Open Office and the functions of ctfmon.exe are not required on this system. Thanking you. Dave

Elise, THANK YOU. Yes, I know it is shouting. Firstly, the issue of 'two' Anti-Virus programmes running at the same time. You can carve this in stone - there is only one such programme executing at any time on this system. I use Malwarebytes' Anti-Virus on a bi-weekly basis, and when executed all Alvira's executables, Services, and processes are disabled or quarantined so they do not interfere with the Malwarebyte's scan. The same applies when Alvira is in use. I removed PC Tools Anti-Virus and Threatfire about 3 years ago, and for several months after that I kept finding files and Regi

Third Post EXTRAS Log OTL Extras logfile created on: 29/05/2010 11:14:47 AM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Downloads\M'Bytes files Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): E:\pagefile.sys 0 0 [binary data]

Second Post OTL Log OTL logfile created on: 29/05/2010 11:14:47 AM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Downloads\M'Bytes files Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): E:\pagefile.sys 0 0 [binary data] %SystemDr

Elise, Thank you for the reply. PLEASE, be advised that this thread could extend over two or more replies as it has been indicated that the reply is too long. Sorry about that. Hereunder, in this first reply, are the new logs for DDS and GMER that you have requested, together with an explanation of the problem and steps taken : The problem I am experiencing is that at every boot svchost.exe is invoked in an attempt to connect to IP Address 239.255.255.250 Port 1900. I have entered this address into Firefox and it leads to Ask.com (a Search Engine I have never used) with one item displayed

G'day. I trust I have everything for you to solve this problem. I have included a snap of my Firewall Log so that the problem can be shown to you. Malwarebytes' Anti-Malware PRO Version Log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4150 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28/05/2010 12:17:42 PM mbam-log-2010-05-28 (12-17-42).txt Scan type: Quick scan Objects scanned: 150410 Time elapsed: 4 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data