JohnDavid

Don't think any further effort is worth it given that I can get a completed MBAM run in Safe Mode. Close enough. Thanks for your help. Take care. jd

Already done (please see my post of Nov 20). In Safe Mode, MBAM does complete successfully, even with 'memory objects' selected. We may be beating that dead horse in this endeavor. Although I'd like to know why the scan won't complete in normal mode and would like to avoid the inconvenience of having to boot to Safe Mode for a completed scan, maybe it's not worth the effort. I'm still willing to pursue it -- somewhat obsessive -- but I'll leave it to you. If you're willing to continue, let's do so. And if we're close enough, then we can call it a day. Thanks for your assistance. JohnDavid

Okay, did what you suggested: disabled Adeona; started MBAM quick scan with memory objects selected. MBAM still froze within 10 secs and had to be closed with Task Mgr. Details of how this test was run: > booted normally. > forced closed the one Adeona-related exe using Task Mgr. > set the one Adeona-related service to Disabled. > ran HiJackThis and confirmed that nothing related to Adeona was running or in memory. > attempted to run MBAM; it froze. Thanks for your help.

Thanks for your response. Had already tried what you suggested. First disabled AVG's Resident Shield; started MBAM, which became unresponsive, as usual. Then went back and also disabled AVG's Link Scanner and even the Update Manager; started MBAM; it froze again. Thanks.

JeanInMontana, the additional info you requested is in this post. MBAM log: Malwarebytes' Anti-Malware 1.30 Database version: 1416 Windows 5.0.2195 Service Pack 4 11/25/2008 6:28:14 PM mbam-log-2008-11-25 (18-28-14).txt Scan type: Quick Scan Objects scanned: 57730 Time elapsed: 8 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) end MBAM log end ------------------------------------ HiJackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:35:01 PM, on 11/25/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Adeona\cygrunsrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Adeona\adeona-client.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINNT\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Messenger\Msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\WINNT\System32\SCardSvr.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: Shortcut to Screen shots of updates available_20081111.rtf.lnk = C:\Technical info\Windows updates\Screen shots of updates available_20081111.rtf O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201410186358 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201412384897 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll O23 - Service: AdeonaClientService - Unknown owner - C:\Program Files\Adeona\cygrunsrv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe -- End of file - 7071 bytes

Okay, JeaninMontana, Have followed your request as best I could. Booted to normal mode, updated MBAM, attempted quick scan (with all options selected) -- but the problem continues to be that MBAM becomes a non-responder when 'scan memory objects' is selected; have to force MBAM closed; consequently, it does not produce a log under these circumstances. Below is a new HiJackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:22:00 PM, on 11/22/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Adeona\cygrunsrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Adeona\adeona-client.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINNT\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Messenger\Msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\WINNT\System32\SCardSvr.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: Shortcut to Screen shots of updates available_20081111.rtf.lnk = C:\Technical info\Windows updates\Screen shots of updates available_20081111.rtf O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201410186358 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201412384897 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll O23 - Service: AdeonaClientService - Unknown owner - C:\Program Files\Adeona\cygrunsrv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe -- End of file - 7074 bytes

Well, I seem to be writing a novel here, in extremely short chapters; another update: Remember that the original problem was that MBAM would stall early in a quick scan IF settings included "Always scan memory objects". I just booted into Safe Mode and ran the quick scan successfully, even though memory objects were being scanned. Absolutely no problems were found. But if someone wants to take a look at the logs I've posted, I'd still like to understand why the scan can only be done in Safe Mode. No rush. Thanks.

Will wait patiently for you to review the logs. And here is an update: attempted, again, to run ESET Online scan and this time it ran successfully. Found 1 threat, which it deleted: Wind32/Toobar.MyWebSearch applicatiion. Thanks for your help.

And finally, the OTListIT Extras file: (thanks for your help) OTListIt Extras logfile created on: 11/20/2008 6:57:44 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Software to Install\Malwarebytes-related Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.46 Mb Total Physical Memory | 323.31 Mb Available Physical Memory | 63.21% Memory free 1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.99% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 39.76 Gb Free Space | 53.34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STEVE-LAPTOP Current User Name: Steve Xxxxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPo licy\StandardProfile ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP olicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP olicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Wireless-G Notebook Adapter "{492724FC-3B26-46B4-824F-3CE2722D9AA0}" = Apple Software Update "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic "{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content "{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business "{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client "{A44413DC-17D5-4F0B-A128-8B590B20323C}" = Windows Messenger 5.1 "{ABCE1C63-56ED-41FF-BEAF-57321F70DC49}" = iTunes "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E434580A-2D4A-4433-A81E-4BCAE86AD148}" = palmOne "{EEBC43D5-C84E-401D-84BC-D7DF882ED00D}" = Canon Camera TWAIN Driver "{FE90E9E7-A158-4687-8853-DF677A939A61}" = WIDCOMM Bluetooth Software "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ArcSoft Camera Suite" = ArcSoft Camera Suite "AVG8Uninstall" = AVG Free 8.0 "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANONBJ_Deinstall_CNMCP36.DLL" = Canon S500 "CSCLIB" = Canon Camera Support Core Library "EOS Utility" = Canon Utilities EOS Utility "EsetOnlineScanner" = ESET Online Scanner "HijackThis" = HijackThis 2.0.2 "InstallShield_{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client "InstallShield_{EEBC43D5-C84E-401D-84BC-D7DF882ED00D}" = Canon Camera TWAIN Driver 6.6 "InterVideo WinDVD" = InterVideo WinDVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3) "MyCamera" = Canon Utilities MyCamera "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers "Nvidia Demo Suite" = Nvidia Demo Suite "PC Magazine StartupCop Pro_is1" = PC Magazine StartupCop Pro "PhotoRecord" = Canon PhotoRecord "PhotoStitch" = Canon Utilities PhotoStitch "Q828026" = Windows Media Player Hotfix [see Q828026 for more information] "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureDC" = Canon Utilities RemoteCapture DC "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "Revo Uninstaller" = Revo Uninstaller 1.75 "Smart Defrag_is1" = Smart Defrag 1.02 "SynTPDeinstKey" = Synaptics TouchPad "Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4 "VMidi" = vanBasco's Karaoke Player "WinZip" = WinZip "WMP7" = Windows Media Player system update (9 Series) "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "WinDirStat" = WinDirStat 1.1.2 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/26/2008 7:52:39 PM | Computer Name = STEVE-LAPTOP | Source = MsiInstaller | ID = 11706 Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. [ System Events ] Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. Error - 5/19/2008 8:32:54 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. < End of report >

And the next requested log file, OTListIT: OTListIt logfile created on: 11/20/2008 6:57:44 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Software to Install\Malwarebytes-related Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.46 Mb Total Physical Memory | 323.31 Mb Available Physical Memory | 63.21% Memory free 1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.99% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 39.76 Gb Free Space | 53.34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STEVE-LAPTOP Current User Name: Steve Xxxxxxx Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2008/07/13 14:30:28 | 00,068,096 | ---- | M] () -- C:\Program Files\Adeona\cygrunsrv.exe [2008/07/13 20:28:32 | 00,197,502 | ---- | M] () -- C:\Program Files\Adeona\adeona-client.exe [2008/09/06 13:14:09 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe [2003/08/14 12:19:16 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2003/11/13 13:29:40 | 00,455,680 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003/06/24 17:32:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe [2003/06/19 14:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe [2004/09/07 10:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe [2003/06/19 14:05:04 | 00,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe [2003/06/19 14:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe [2008/07/12 13:51:46 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe [2001/01/24 12:41:08 | 00,094,208 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2001/01/24 12:40:22 | 00,253,952 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002/12/17 12:14:14 | 00,131,157 | ---- | M] (Roxio) -- C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe [2002/12/17 11:28:00 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [2008/10/31 12:49:15 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe [2008/10/08 10:05:33 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2003/08/25 10:17:44 | 00,503,875 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005/06/10 07:23:24 | 00,036,864 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2008/09/06 13:14:11 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe [2004/09/01 19:16:04 | 00,024,641 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wuauclt.exe [2000/07/26 12:00:00 | 00,050,960 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\notepad.exe [2008/09/06 13:13:22 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe [2008/11/20 14:28:54 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Software to Install\Malwarebytes-related\OTListIt.exe ========== (O23) Win32 Services ========== [2008/07/13 14:30:28 | 00,068,096 | ---- | M] () -- C:\Program Files\Adeona\cygrunsrv.exe -- (AdeonaClientService [Auto | Running]) [2008/09/06 13:14:11 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running]) [2008/09/06 13:14:09 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) [2003/08/14 12:19:16 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2003/06/19 14:05:04 | 00,147,728 | ---- | M] (VERITAS Software Corp.) -- C:\WINNT\system32\dmadmin.exe -- (dmadmin [On_Demand | Stopped]) [2003/06/19 14:05:04 | 00,094,992 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\FAXSVC.EXE -- (Fax [On_Demand | Stopped]) [2008/01/28 18:41:09 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) [2007/07/27 19:14:24 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) [2003/11/13 13:29:40 | 00,455,680 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G [Auto | Running]) [2003/06/24 17:32:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2003/06/19 14:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry [Auto | Running]) [2004/09/07 10:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe -- (Schedule [Auto | Running]) [2003/06/19 14:05:04 | 00,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe -- (StiSvc [Auto | Running]) [2003/06/19 14:05:04 | 00,022,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\utilman.exe -- (UtilMan [On_Demand | Stopped]) [2003/06/19 14:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt [Auto | Running]) ========== Driver Services ========== [1997/12/22 21:02:46 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINNT\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running]) [2008/09/06 13:14:07 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\system32\drivers\avgldx86.sys -- (AvgLdx86 [system | Running]) [2008/07/12 13:51:45 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\system32\drivers\avgmfx86.sys -- (AvgMfx86 [system | Running]) [2008/07/12 13:51:56 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running]) [2004/12/17 13:52:58 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINNT\system32\bcm42rly.sys -- (BCM42RLY [On_Demand | Stopped]) [2005/02/11 21:46:22 | 00,371,712 | ---- | M] (Broadcom Corporation) -- C:\WINNT\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running]) [2003/08/14 11:23:06 | 00,021,861 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btaudio.sys -- (BtAudio [On_Demand | Running]) [2003/08/14 11:25:40 | 00,030,235 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btport.sys -- (BTDriver [On_Demand | Running]) [2003/08/14 11:33:08 | 01,257,418 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btkrnl.sys -- (BTKRNL [boot | Running]) [2003/08/14 11:37:14 | 00,022,183 | ---- | M] () -- C:\WINNT\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running]) [2003/08/14 11:36:48 | 00,222,876 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btslbcsp.sys -- (BTSLBCSP [Auto | Running]) [2003/08/14 11:24:12 | 00,146,812 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Running]) [2003/08/14 11:22:44 | 00,051,848 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped]) [2003/07/16 22:28:02 | 00,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINNT\system32\CBTNDIS5.sys -- (CBTNDIS5 [On_Demand | Running]) [2008/01/28 15:26:26 | 00,044,288 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K [system | Running]) [2002/12/17 12:32:46 | 00,023,436 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k [system | Running]) [2002/12/17 12:29:38 | 00,363,799 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\cdudf.sys -- (cdudf [system | Running]) [2003/06/19 14:05:04 | 00,007,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf [boot | Running]) [2003/06/19 14:05:04 | 00,369,104 | ---- | M] (VERITAS Software Corp.) -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped]) [2003/06/19 14:05:04 | 00,137,936 | ---- | M] (VERITAS Software Corp.) -- C:\WINNT\system32\drivers\dmio.sys -- (dmio [boot | Running]) [2003/06/19 14:05:04 | 00,007,312 | ---- | M] (VERITAS Software Corp.) -- C:\WINNT\system32\drivers\dmload.sys -- (dmload [Disabled | Stopped]) [2008/01/26 23:25:24 | 00,025,898 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped]) [2003/06/19 14:05:04 | 00,085,776 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\drivers\e100bnt5.sys -- (E100B [On_Demand | Stopped]) [2003/06/19 14:05:04 | 00,027,440 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\drivers\efs.sys -- (EFS [Disabled | Running]) [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINNT\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2001/12/03 16:11:14 | 00,160,640 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\drivers\Icam4USB.sys -- (Icam4USB [On_Demand | Stopped]) [1999/10/23 08:01:40 | 00,413,712 | ---- | M] (LT) -- C:\WINNT\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running]) [2000/08/14 07:18:22 | 00,220,328 | R--- | M] (ESS Technology, Inc.) -- C:\WINNT\system32\drivers\es198x.sys -- (maestro [On_Demand | Running]) [2008/01/26 23:25:24 | 00,030,630 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Stopped]) [2000/07/26 12:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect [On_Demand | Stopped]) [2003/06/24 17:32:00 | 01,326,203 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2003/06/24 17:32:00 | 01,326,203 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv4 [On_Demand | Stopped]) [2004/09/24 23:36:44 | 00,173,056 | ---- | M] (Funk Software, Inc.) -- C:\WINNT\system32\drivers\odysseyIM4.sys -- (odysseyIM4 [On_Demand | Running]) [2003/06/19 14:05:04 | 00,024,784 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\openhci.sys -- (openhci [On_Demand | Stopped]) [2008/01/28 22:12:34 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINNT\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped]) [2003/06/19 14:05:04 | 00,060,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel [On_Demand | Running]) [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINNT\system32\drivers\pavboot.sys -- (pavboot [boot | Running]) [2003/06/19 14:05:04 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2008/01/26 23:25:24 | 00,143,834 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\pwd_2K.sys -- (pwd_2k [system | Running]) [2000/07/26 12:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\rca.sys -- (RCA [On_Demand | Stopped]) [2001/01/24 12:37:12 | 00,218,384 | ---- | M] (Synaptics, Inc.) -- C:\WINNT\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running]) [2008/01/26 23:25:24 | 00,227,298 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\udfreadr.sys -- (UdfReadr [system | Running]) [2003/06/19 14:05:04 | 00,032,848 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd [On_Demand | Running]) [2003/06/19 14:05:04 | 00,049,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20 [On_Demand | Stopped]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKU\PE_C_ADMINISTRATOR\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie HKU\S-1-5-21-839522115-854245398-1708537768-1000\S-1-5-21-839522115-854245398-1708537768-1000\Software\Microsoft\Windows\C urrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx () O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\PE_C_ADMINISTRATOR\..\Toolbar: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-839522115-854245398-1708537768-1000\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio) O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r (Roxio) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet (NVIDIA Corporation) O4 - HKLM..\Run: [synchronization Manager] mobsync.exe /logon (Microsoft Corporation) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\PE_C_ADMINISTRATOR..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (Microsoft Corporation) O4 - HKU\S-1-5-21-839522115-854245398-1708537768-1000..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background (Microsoft Corporation) O4 - HKU\S-1-5-21-839522115-854245398-1708537768-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\.DEFAULT..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (palmOne/Leader Technologies) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\resolution assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe (Motive Communications, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe () O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.) O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc) O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe () O4 - Startup: C:\Documents and Settings\Steve Xxxxxx\Start Menu\Programs\Startup\Shortcut to Screen shots of updates available_20081111.rtf.lnk = C:\Technical info\Windows updates\Screen shots of updates available_20081111.rtf () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM () O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Sites: 55 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\.DEFAULT\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\PE_C_ADMINISTRATOR\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-839522115-854245398-1708537768-1000\..Trusted Sites: 55 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1201410186358 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1201412384897 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler: - vnd.ms.radio - C:\WINNT\system32\msdxm.ocx () O20 - See sections below for AppInitDlls and Winlogon settings O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E}C:\WINNT\system32\netshell.dll (Microsoft Corporation) ========== AppInit_DLLs ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls" = NVDESK32.DLL,avgrsstx.dll >File not found -- >[2008/07/12 13:51:46 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\system32\avgrsstx.dll ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] wzcnotif: "DllName" = wzcdlg.dll -- C:\WINNT\system32\wzcdlg.dll (Microsoft Corporation) ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2008/01/26 17:03:47 | 00,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [2008/11/20 18:52:43 | 00,001,600 | ---- | C] () -- C:\Documents and Settings\Steve Xxxxxx\Desktop\HijackThis.lnk [2008/11/20 18:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2008/11/20 17:24:07 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner [2008/11/20 14:36:50 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINNT\System32\drivers\pavboot.sys [2008/11/20 14:35:54 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2008/11/14 21:19:55 | 00,000,000 | ---D | C] -- C:\3f01f81fd0cac2208be72fdd99f51f4f [2008/11/12 22:55:01 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Steve Xxxxxx\Start Menu\Programs\Startup\Shortcut to Screen shots of updates available_20081111.rtf.lnk [2008/11/12 22:54:34 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\Steve Xxxxxx\Desktop\Shortcut to Screen shots of updates available_20081111.rtf.lnk [2008/11/12 19:44:45 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys [2008/11/12 19:44:43 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys [2008/11/12 19:44:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/11/10 22:13:27 | 00,201,728 | ---- | C] () -- C:\Documents and Settings\Steve Xxxxxx\My Documents\sunnysidechristmas08.pub [2008/11/08 21:39:10 | 00,000,000 | ---D | C] -- C:\Program Files\PC Magazine Utilities [2008/11/08 20:53:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Xxxxxx\Application Data\Malwarebytes [2008/11/08 20:53:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes [2008/11/08 19:40:37 | 00,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat [2008/11/08 19:40:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Xxxxxx\Local Settings\Application Data\Mozilla [2008/11/08 19:40:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Xxxxxx\Application Data\Mozilla [2008/11/08 19:40:20 | 00,001,491 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Mozilla Firefox.lnk [2008/11/08 19:40:15 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2008/11/08 19:18:03 | 00,000,000 | ---D | C] -- C:\Program Files\IObit [2008/11/04 21:46:20 | 00,012,592 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\drivers\usbscan.sys [2008/11/04 21:46:20 | 00,012,592 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbscan.sys [2008/11/04 21:17:27 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\EOS Utility.lnk [2008/11/04 21:16:55 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\ZoomBrowser EX.lnk [2008/11/04 21:16:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\ZoomBrowser [2008/11/04 21:15:06 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\QTSBandwidthCache [2008/10/31 08:26:17 | 00,113,744 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\drivers\ks.sys [2008/10/31 08:26:17 | 00,113,744 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ks.sys [2008/10/31 08:26:17 | 00,051,472 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\vfwwdm32.dll [2008/10/31 08:26:17 | 00,051,472 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\vfwwdm32.dll [2008/10/31 08:26:16 | 00,103,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksproxy.ax [2008/10/31 08:26:16 | 00,103,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksproxy.ax [2008/10/31 08:26:16 | 00,081,168 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\kswdmcap.ax [2008/10/31 08:26:16 | 00,081,168 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kswdmcap.ax [2008/10/31 08:26:16 | 00,059,664 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\kstvtune.ax [2008/10/31 08:26:16 | 00,059,664 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kstvtune.ax [2008/10/31 08:26:16 | 00,039,184 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksxbar.ax [2008/10/31 08:26:16 | 00,039,184 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksxbar.ax [2008/10/31 08:26:16 | 00,010,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksvpintf.ax [2008/10/31 08:26:16 | 00,010,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksvpintf.ax [2008/10/31 08:26:16 | 00,007,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksinterf.ax [2008/10/31 08:26:16 | 00,007,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksinterf.ax [2008/10/31 08:26:16 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksclockf.ax [2008/10/31 08:26:16 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksclockf.ax [2008/10/31 08:26:16 | 00,006,928 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksdata.ax [2008/10/31 08:26:16 | 00,006,928 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksdata.ax [2008/10/31 08:26:16 | 00,004,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksuser.dll [2008/10/31 08:26:16 | 00,004,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksuser.dll [2008/10/29 21:22:58 | 00,503,808 | ---- | C] () -- C:\WINNT\System32\AudioGenie2.ocx [2008/10/29 21:12:02 | 00,000,000 | ---D | C] -- C:\Midi files ========== Files - Modified Within 30 Days ========== [1 C:\WINNT\System32\*.tmp files] [4 C:\WINNT\*.tmp files] [2008/11/20 18:52:43 | 00,001,600 | ---- | M] () -- C:\Documents and Settings\Steve Xxxxxx\Desktop\HijackThis.lnk [2008/11/20 17:26:50 | 30,240,653 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm [2008/11/20 17:26:50 | 00,042,274 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg [2008/11/20 17:20:55 | 00,008,736 | ---- | M] () -- C:\WINNT\System32\nvModes.001 [2008/11/20 17:20:40 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT [2008/11/17 22:16:09 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Steve Xxxxxx\Start Menu\Programs\Startup\Shortcut to Screen shots of updates available_20081111.rtf.lnk [2008/11/17 19:14:05 | 00,001,429 | ---- | M] () -- C:\WINNT\imsins.BAK [2008/11/14 21:41:23 | 00,201,728 | ---- | M] () -- C:\Documents and Settings\Steve Xxxxxx\My Documents\sunnysidechristmas08.pub [2008/11/12 22:54:34 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\Steve Xxxxxx\Desktop\Shortcut to Screen shots of updates available_20081111.rtf.lnk [2008/11/12 22:52:04 | 00,230,392 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT [2008/11/12 21:50:45 | 00,000,769 | ---- | M] () -- C:\WINNT\win.ini [2008/11/12 21:48:46 | 00,429,230 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI [2008/11/12 21:48:46 | 00,385,894 | ---- | M] () -- C:\WINNT\System32\perfh009.dat [2008/11/12 21:48:46 | 00,057,488 | ---- | M] () -- C:\WINNT\System32\perfc009.dat [2008/11/08 21:11:21 | 00,000,770 | ---- | M] () -- C:\Documents and Settings\Steve Xxxxxx\Desktop\Revo Uninstaller.lnk [2008/11/08 19:40:37 | 00,000,000 | ---- | M] () -- C:\WINNT\nsreg.dat [2008/11/08 19:40:20 | 00,001,491 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Mozilla Firefox.lnk [2008/11/08 19:15:47 | 00,334,743 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\miniavi.avg [2008/11/04 21:17:27 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\EOS Utility.lnk [2008/11/04 21:16:55 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\ZoomBrowser EX.lnk [2008/11/04 21:15:06 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Application Data\QTSBandwidthCache [2008/11/03 16:10:26 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MRT.exe [2008/10/29 23:44:02 | 01,371,612 | -H-- | M] () -- C:\WINNT\ShellIconCache [2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys [2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys < End of report >

Greetings, In the following posts you will find the additional info you requested. First, let me mention a few things: > Ran Spybot; it found nothing. > Attempted to run PandaActiveScan; it made no progress after reaching 1%. Let it run quite awhile, then forced it closed. > Attempted to run ESET Online; it generated an error when almost thru the Initilization process; closed it. Here is the HiJackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:54:46 PM, on 11/20/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Adeona\cygrunsrv.exe C:\Program Files\Adeona\adeona-client.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\WINNT\System32\SCardSvr.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\system32\taskmgr.exe C:\WINNT\system32\mshta.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: Shortcut to Screen shots of updates available_20081111.rtf.lnk = C:\Technical info\Windows updates\Screen shots of updates available_20081111.rtf O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201410186358 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201412384897 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll O23 - Service: AdeonaClientService - Unknown owner - C:\Program Files\Adeona\cygrunsrv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe -- End of file - 7008 bytes

Starting a new thread for this 'old' issue: Configuration: W2K SP4 MBAM 1.30 AVG AV Free edition, ver 8 Zone Alarm uninstalled When attempt to run 'quick scan', MBAM runs for 2-3 minutes, then freezes and has to be forced to close via Task Mgr. Started MBAM; in settings, unchecked "Always scan memory objects"; ran MBAM quick scan. The scan ran to completion. Good; but apparently the only way to run MBAM on this machine is WITHOUT including the 'memory scan'. Is there a way to resolve this? Thanks.

A response to both JeanInMontana & Swandog46: I followed up on suggestions you both made. * Uninstalled ZoneAlarm; rebooted; made sure that all components of ZA were gone and that the True Vector service was no longer running. * Ran MBAM with all scan items still selected (the default) * MBAM froze again; after 13 seconds and 1992 objects scanned. * Forced MBAM closed. * Started MBAM; in settings, unchecked "Always scan memory objects"; ran MBAM quick scan. * The scan ran to completion. Interesting; but what does that mean? Presumably, I can reinstall ZA. Must Malwarebytes always be run without scanning memory objects? If so, doesn't that create a potential security hole? Is there anything to be done to allow MBAM to run successfully while scanning memory objects? Thanks again for your assistance, JohnDavid

And thanks to Swandog46 also, for your quick reply. I AM running ZoneAlarm. Didn't think to indicate that since the scan did begin and Zone Alarm did not prompt me for permission. Sounds like you may be aware of some ZoneAlarm impact, though. What are you thinking??

Thanks for quick response, JeaninMontana. No messages of any kind; MBAM just stops responding. And nothing gets written to the MBAM log file. I have tried some of what you recommend: in General Settings I removed all checks except "....display logfile...." and "Always scan memory objects". Since that resulted in probably my first 'freeze', I stopped there. I am willing to attempt scans with just one of the scan objects selected at a time, but without an error msg I fear limited understanding, even if a scan does complete.