Masters

One question. I keep seeing references to having a good antivirus program and Malwarebytes Antimalware (MBAM). I thought MBAM was supposed to be a good virus protection application as well a protection form other types of malware. Is MBAM not a fully functioning AV program and I should get something else?

Everything seems to be fine, for now. Thanks.

That worked great. Thank you.

That's exactly what I have. When I check the enable, it turns on protection and adds the icon into the sys tray. When I reboot, it doesn't load. I have to launch MBAM, go to the protection tab, which shows protection disabled. I click on the enable and it starts up. Reboot, and it's disabled again. I'm thinking of reinstalling MBAM, but first I need to locate my license keys. I have 3 of them.

Yes. The problem is I set Malwarebytes to start with Windows, but when I start Windows, MBAM is disabled. I have to launch MBAM manually. If I reboot, MBAM is disabled again.

It found nothing.

I don't believe so. This was a company provided laptop. It's my personal laptop now. I believe I was the only user. I don't ever recall seeing Zone Alarm.There has been other shareware virus protection products installed and removed, like SpySweeper. There has been a few different VPN clients. And there has been a few utilities like CCleaner and HijackThis.

The initial list only shows Malwarebytes AntiMalware. When I click on the Application not found. Try this, it shows Windows Live OneCare safety scanner. It does not show the vendor name, just the app name.

Still won't run to completion. Very frustrating as there is no indication, message, or log to review.

========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | 0 /E : value set successfully! ========== COMMANDS ========== OTL by OldTimer - Version 3.2.18.2 log created on 01072011_174619 I have Windows update turned off. Last time I had a false security virus, I removed it with MBAM. When the system came back up, I decided to load the latest Windows updates. There were 81 of them. After they were loaded, I rebooted the system. Windows would never load again. I tried all safe modes and even the previous good start mode. It wouldn't load at all. As soon as it got to the starting point, it would reboot the system, get back to the start point and reboot over and over. I wasn't aware of this forum at that time or I might have come here for help. I have since replaced that PC. Because of that experience, I turned off updates on all other computers. BTW, following your instructions for the fix above, after the fix is applied, OTL pops up a window to reboot the system to apply the change. If you click OK, it reboots and no log is produced. You have to click the red X to close the window, the only button is to reboot now, and then the 'Fix complete, press OK to view the log' pops up.

It does not exist. I deleted it the first time around. I also removed any registry entries that looked like they belonged to CA.

I get the same response as I detailed in post #11. The ComboFix app will start, it saves the 11 registry files, launches the DOS command window, says it is starting the scan, then does nothing but keep me from doing anything on the computer. I have to hard boot to get the computer working. Tried this in safe and normal mode. Same results.

This is the Extras log: OTL Extras logfile created on: 1/6/2011 3:04:51 AM - Run 3 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\randy.IBS002580\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 758.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 62.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 23.53 Gb Total Space | 2.99 Gb Free Space | 12.69% Space Free | Partition Type: NTFS Computer Name: RANDY-LT | User Name: randy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe" = %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher -- (IBM) "%ProgramFiles%\IBM\Updater\jre\bin\java.exe" = %ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher -- (IBM) "C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher -- (IBM) "C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM) "C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:UC Tray Icon -- (IBM Corporation, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe" = %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher -- (IBM) "%ProgramFiles%\IBM\Updater\jre\bin\java.exe" = %ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher -- (IBM) "C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher -- (IBM) "C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM) "C:\Program Files\IBM\Client Access\cwbunnav.exe" = C:\Program Files\IBM\Client Access\cwbunnav.exe:*:Enabled:cwbunnav.exe -- (IBM Corporation) "C:\Program Files\IBM\Client Access\cwbopcon.exe" = C:\Program Files\IBM\Client Access\cwbopcon.exe:*:Enabled:cwbopcon -- (IBM Corporation) "C:\Program Files\IBM\Client Access\JRE\bin\javaw.exe" = C:\Program Files\IBM\Client Access\JRE\bin\javaw.exe:*:Enabled:Java launcher -- (IBM) "C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LRE3B.tmp\jre\bin\java.exe" = C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LRE3B.tmp\jre\bin\java.exe:*:Enabled:Java launcher -- File not found "C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LREE.tmp\jre\bin\java.exe" = C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LREE.tmp\jre\bin\java.exe:*:Enabled:Java launcher -- File not found "C:\Program Files\IBM\IBM System Planning Tool\_jvm\jre\bin\java.exe" = C:\Program Files\IBM\IBM System Planning Tool\_jvm\jre\bin\java.exe:*:Enabled:Java launcher -- File not found "C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\javaw.exe" = C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary -- File not found "C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe" = C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe:*:Enabled:Lotus Notes -- File not found "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION) "C:\Program Files\Java\jre1.6.0_07\bin\java.exe" = C:\Program Files\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LRE13E.tmp\jre\bin\java.exe" = C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LRE13E.tmp\jre\bin\java.exe:*:Enabled:Java launcher -- File not found "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation) "C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe" = C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe:*:Enabled:Lotus Notes -- (IBM) "C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:UC Tray Icon -- (IBM Corporation, Inc.) "C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\I1274472556\Windows\resource\jre\jre\bin\javaw.exe" = C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\I1274472556\Windows\resource\jre\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary -- File not found "C:\Program Files\IBM\IBM System Planning Tool\jre\jre\bin\java.exe" = C:\Program Files\IBM\IBM System Planning Tool\jre\jre\bin\java.exe:*:Enabled:Java Platform SE binary -- (IBM) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- File not found "C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- File not found "C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message "{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar "{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA "{164EB883-354E-4290-AD76-67CEE65403A3}" = IBM System i Access for Windows V6R1M0 "{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel® PROSet for Wired Connections "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility "{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{2C42ED1E-6315-4E63-89E6-057EA114EBB8}" = MetaFrame Presentation Server Client "{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200}" = CA Licensing "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{40624553-811E-400E-B69B-38D8926A66BD}" = SonicWALL Global VPN Client "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{461D92DA-0B8C-496B-B6AA-BD0614BE0867}" = Kyocera Wireless USB Device Drivers "{47CB8B6B-49DF-4058-AC2B-1596E3BE63EA}" = Garmin City Navigator North America 2009 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{56373057-E823-4DDE-98C3-E89AEF7895B8}" = Intel® Sebring API "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource "{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource "{5C0054EB-24A5-46A8-80E3-62AAA930DEFA}" = Sound Blaster Live! 24-Bit External "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1 "{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{836670E9-61EB-4D47-9EF8-CFE936C3FE32}" = Lotus Notes 8.5.1 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English) "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow! "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder "{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DDE34257-E4E5-49CB-BE92-337DE7C90345}" = Mobile Broadband Generic Drivers "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features "{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers "{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem "DAO" = DAO "EasyEject Utility" = IBM ThinkPad EasyEject Utility "eConfig" = IBM eConfig "IBM System Planning Tool" = IBM System Planning Tool "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ieSpell" = ieSpell "InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1 "Lexmark_HostCD" = Lexmark Software Uninstall "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features "Power Management Driver" = IBM ThinkPad Power Management Driver "Presentation Director" = IBM ThinkPad Presentation Director "PROSet" = Intel® PRO Network Adapters and Drivers "RoomEQWizard" = RoomEQWizard "Selling Chain 3.2" = Selling Chain 3.2 "SpySweeper" = Spy Sweeper "SysInfo" = Creative System Information "ThinkPad Configuration" = IBM ThinkPad Configuration "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "ThinkPadSoftwareInstaller" = ThinkPad Software Installer "TrackPoint" = ThinkPad TrackPoint Driver "VRPGRT10" = VisualAge for RPG - Run-Time V51 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/27/2010 10:35:40 PM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 12/27/2010 10:35:40 PM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 12/27/2010 10:35:41 PM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 12/27/2010 10:35:41 PM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 12/27/2010 11:21:28 PM | Computer Name = RANDY-LT | Source = Application Error | ID = 1000 Description = Faulting application unspysweeper.exe, version 2.1.0.34, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb. Error - 12/28/2010 11:08:05 AM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 12/28/2010 11:08:05 AM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 1/3/2011 11:59:46 AM | Computer Name = RANDY-LT | Source = Application Error | ID = 1000 Description = Faulting application jaucheck.exe, version 2.0.2.1, faulting module jaucheck.exe, version 2.0.2.1, fault address 0x0000ebd9. Error - 1/4/2011 3:58:55 PM | Computer Name = RANDY-LT | Source = Application Hang | ID = 1002 Description = Hanging application OTL.exe, version 3.2.18.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/4/2011 4:06:53 PM | Computer Name = RANDY-LT | Source = Application Hang | ID = 1002 Description = Hanging application OTL.exe, version 3.2.18.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 1/4/2011 5:09:17 PM | Computer Name = RANDY-LT | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 1/4/2011 5:09:52 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7001 Description = The DHCP Client service depends on the NetBT service which failed to start because of the following error: %%31 Error - 1/4/2011 5:09:52 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7001 Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 1/4/2011 5:09:52 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: %%31 Error - 1/4/2011 5:09:52 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 1/4/2011 5:09:52 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD ANC Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Smapint SWIPsec Tcpip TDSMAPI TPHKDRV TPPWR TSMAPIP Error - 1/4/2011 5:26:35 PM | Computer Name = RANDY-LT | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 1/4/2011 5:28:47 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Event Log Watch service failed to start due to the following error: %%3 Error - 1/4/2011 5:28:47 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Sansa Updater Service service failed to start due to the following error: %%2 Error - 1/6/2011 7:01:01 AM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Sansa Updater Service service failed to start due to the following error: %%2 < End of report >

It didn't display the "Fix Complete press ok to open log" message. It did say fix complete and then the reboot notice. A log was not produced. I ran OTL after the boot. Following is the OTL log. The next post is the Extras log.OTL logfile created on: 1/6/2011 3:04:51 AM - Run 3 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\randy.IBS002580\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 758.00 Mb Total Physical Memory | 472.00 Mb Available Physical Memory | 62.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 23.53 Gb Total Space | 2.99 Gb Free Space | 12.69% Space Free | Partition Type: NTFS Computer Name: RANDY-LT | User Name: randy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\randy.IBS002580\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM) PRC - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.) PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\WINDOWS\system32\1XConfig.exe (Intel) PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation ) PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.) PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.) PRC - C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.) PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () PRC - C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM) PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe () PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.) PRC - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe () PRC - C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.) PRC - C:\WINDOWS\system32\ibmpmsvc.exe () PRC - C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) PRC - C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\WINDOWS\system32\TpKmpSvc.exe () PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\randy.IBS002580\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (SansaService) -- C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe File not found SRV - (PsaSrv) -- C:\WINDOWS\System32\PsaSrv.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Cwbrxd) -- C:\WINDOWS\cwbrxd.exe (IBM Corporation) SRV - (Multi-user Cleanup Service) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp) SRV - (Lotus Notes Diagnostics) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.) SRV - (OKI OPHC DCS Loader) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHCLDCS.EXE (Oki Data Corporation) SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation) SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.) SRV - (IBM Rapid Restore Ultra Service) -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe () SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe () SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe () SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS File not found DRV - (PCTINDIS5) -- C:\WINDOWS\System32\PCTINDIS5.SYS File not found DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found DRV - (Nmea) -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys File not found DRV - (motmodem) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys File not found DRV - (MotDev) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys File not found DRV - (motccgpfl) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys File not found DRV - (motccgp) -- C:\WINDOWS\System32\DRIVERS\motccgp.sys File not found DRV - (kwkxusb) -- C:\WINDOWS\System32\DRIVERS\kwusb2k.sys File not found DRV - (catchme) -- C:\DOCUME~1\RANDY~1.IBS\LOCALS~1\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc) DRV - (bcm) -- C:\WINDOWS\system32\drivers\drxvi314.sys (Beceem communications pvt ltd.) DRV - (bcmbusctr) -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.) DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys () DRV - (Tp4Track) -- C:\WINDOWS\system32\drivers\tp4track.sys (Lenovo Group Limited) DRV - (SWIPsec) -- C:\WINDOWS\system32\drivers\SWIPsec.sys (SonicWALL, Inc.) DRV - (SWVNIC) -- C:\WINDOWS\system32\drivers\SWVNIC.sys (SonicWALL, Inc.) DRV - (VNA) -- C:\WINDOWS\system32\drivers\vna.sys (Check Point Software Technologies) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (cm_net) -- C:\WINDOWS\system32\drivers\cm_net.sys (C-motech Co.,Ltd.) DRV - (cm_ser) -- C:\WINDOWS\system32\drivers\cm_ser.sys (C-motech Co.,Ltd.) DRV - (NWUSBPort2) -- C:\WINDOWS\system32\drivers\nwusbser2.sys (Novatel Wireless Inc.) DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.) DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.) DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Windows ® 2000 DDK provider) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (ibmfilter) -- C:\WINDOWS\system32\drivers\ibmfilter.sys (IBM) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (w22n51) Intel® -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel

It didn't create the OTL Extras.txt file this time. Following is the OTL.txt output.OTL logfile created on: 1/5/2011 3:30:04 PM - Run 2 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\randy.IBS002580\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 758.00 Mb Total Physical Memory | 418.00 Mb Available Physical Memory | 55.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 23.53 Gb Total Space | 3.07 Gb Free Space | 13.06% Space Free | Partition Type: NTFS Computer Name: RANDY-LT | User Name: randy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\randy.IBS002580\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM) PRC - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\system32\1XConfig.exe (Intel) PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation ) PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.) PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.) PRC - C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.) PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () PRC - C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM) PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe () PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.) PRC - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe () PRC - C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.) PRC - C:\WINDOWS\system32\ibmpmsvc.exe () PRC - C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) PRC - C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\WINDOWS\system32\TpKmpSvc.exe () PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\randy.IBS002580\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (SansaService) -- C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe File not found SRV - (PsaSrv) -- C:\WINDOWS\System32\PsaSrv.exe File not found SRV - (LogWatch) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (CA_LIC_SRVR) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe File not found SRV - (CA_LIC_CLNT) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Cwbrxd) -- C:\WINDOWS\cwbrxd.exe (IBM Corporation) SRV - (Multi-user Cleanup Service) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp) SRV - (Lotus Notes Diagnostics) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.) SRV - (OKI OPHC DCS Loader) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHCLDCS.EXE (Oki Data Corporation) SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation) SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.) SRV - (IBM Rapid Restore Ultra Service) -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe () SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe () SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe () SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS File not found DRV - (PCTINDIS5) -- C:\WINDOWS\System32\PCTINDIS5.SYS File not found DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found DRV - (Nmea) -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys File not found DRV - (motmodem) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys File not found DRV - (MotDev) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys File not found DRV - (motccgpfl) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys File not found DRV - (motccgp) -- C:\WINDOWS\System32\DRIVERS\motccgp.sys File not found DRV - (kwkxusb) -- C:\WINDOWS\System32\DRIVERS\kwusb2k.sys File not found DRV - (catchme) -- C:\DOCUME~1\RANDY~1.IBS\LOCALS~1\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc) DRV - (bcm) -- C:\WINDOWS\system32\drivers\drxvi314.sys (Beceem communications pvt ltd.) DRV - (bcmbusctr) -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.) DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys () DRV - (Tp4Track) -- C:\WINDOWS\system32\drivers\tp4track.sys (Lenovo Group Limited) DRV - (SWIPsec) -- C:\WINDOWS\system32\drivers\SWIPsec.sys (SonicWALL, Inc.) DRV - (SWVNIC) -- C:\WINDOWS\system32\drivers\SWVNIC.sys (SonicWALL, Inc.) DRV - (VNA) -- C:\WINDOWS\system32\drivers\vna.sys (Check Point Software Technologies) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (cm_net) -- C:\WINDOWS\system32\drivers\cm_net.sys (C-motech Co.,Ltd.) DRV - (cm_ser) -- C:\WINDOWS\system32\drivers\cm_ser.sys (C-motech Co.,Ltd.) DRV - (NWUSBPort2) -- C:\WINDOWS\system32\drivers\nwusbser2.sys (Novatel Wireless Inc.) DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.) DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.) DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Windows ® 2000 DDK provider) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (ibmfilter) -- C:\WINDOWS\system32\drivers\ibmfilter.sys (IBM) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (w22n51) Intel® -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel

Here is the log. I had to run it in safe mode as it just locked up in standard mode.All processes killed ========== FILES ========== C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully. C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully. C:\WINDOWS\000001_.tmp moved successfully. C:\WINDOWS\003255_.tmp moved successfully. C:\WINDOWS\msdownld.tmp folder moved successfully. C:\WINDOWS\System32\CONFIG.TMP moved successfully. C:\WINDOWS\System32\winsrc.dll.tmp moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Lisa ->Temp folder emptied: 668 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 49990 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 48835489 bytes ->Flash cache emptied: 12028 bytes User: randy.IBS002580 ->Temp folder emptied: 242043686 bytes ->Temporary Internet Files folder emptied: 431653711 bytes ->Java cache emptied: 125512085 bytes ->Apple Safari cache emptied: 1044480 bytes ->Flash cache emptied: 168781 bytes User: RANDY~1~IBS %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 72839208 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 9916514 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33171 bytes RecycleBin emptied: 167424 bytes Total Files Cleaned = 889.00 mb OTL by OldTimer - Version 3.2.18.2 log created on 01042011_131828 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

This is the OTL log: OTL logfile created on: 12/30/2010 9:20:59 AM - Run 1 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\randy.IBS002580\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 758.00 Mb Total Physical Memory | 344.00 Mb Available Physical Memory | 45.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 23.53 Gb Total Space | 2.54 Gb Free Space | 10.78% Space Free | Partition Type: NTFS Computer Name: RANDY-LT | User Name: randy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\randy.IBS002580\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM) PRC - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBUA.EXE (SEIKO EPSON CORPORATION) PRC - C:\WINDOWS\system32\1XConfig.exe (Intel) PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation ) PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.) PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.) PRC - C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.) PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe () PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.) PRC - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe () PRC - C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.) PRC - C:\WINDOWS\system32\ibmpmsvc.exe () PRC - C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.) PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) PRC - C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\WINDOWS\system32\TpKmpSvc.exe () PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\randy.IBS002580\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (SansaService) -- C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe File not found SRV - (PsaSrv) -- C:\WINDOWS\System32\PsaSrv.exe File not found SRV - (LogWatch) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (CA_LIC_SRVR) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe File not found SRV - (CA_LIC_CLNT) -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Cwbrxd) -- C:\WINDOWS\cwbrxd.exe (IBM Corporation) SRV - (Multi-user Cleanup Service) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe (IBM Corp) SRV - (Lotus Notes Diagnostics) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe (IBM) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (SWGVCSvc) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (SonicWALL, Inc.) SRV - (OKI OPHC DCS Loader) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHCLDCS.EXE (Oki Data Corporation) SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation) SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.) SRV - (IBM Rapid Restore Ultra Service) -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe () SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe () SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe () SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS File not found DRV - (PCTINDIS5) -- C:\WINDOWS\System32\PCTINDIS5.SYS File not found DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found DRV - (Nmea) -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys File not found DRV - (motmodem) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys File not found DRV - (MotDev) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys File not found DRV - (motccgpfl) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys File not found DRV - (motccgp) -- C:\WINDOWS\System32\DRIVERS\motccgp.sys File not found DRV - (kwkxusb) -- C:\WINDOWS\System32\DRIVERS\kwusb2k.sys File not found DRV - (catchme) -- C:\DOCUME~1\RANDY~1.IBS\LOCALS~1\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc) DRV - (bcm) -- C:\WINDOWS\system32\drivers\drxvi314.sys (Beceem communications pvt ltd.) DRV - (bcmbusctr) -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.) DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys () DRV - (Tp4Track) -- C:\WINDOWS\system32\drivers\tp4track.sys (Lenovo Group Limited) DRV - (SWIPsec) -- C:\WINDOWS\system32\drivers\SWIPsec.sys (SonicWALL, Inc.) DRV - (SWVNIC) -- C:\WINDOWS\system32\drivers\SWVNIC.sys (SonicWALL, Inc.) DRV - (VNA) -- C:\WINDOWS\system32\drivers\vna.sys (Check Point Software Technologies) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (cm_net) -- C:\WINDOWS\system32\drivers\cm_net.sys (C-motech Co.,Ltd.) DRV - (cm_ser) -- C:\WINDOWS\system32\drivers\cm_ser.sys (C-motech Co.,Ltd.) DRV - (NWUSBPort2) -- C:\WINDOWS\system32\drivers\nwusbser2.sys (Novatel Wireless Inc.) DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.) DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.) DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Windows ® 2000 DDK provider) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (ibmfilter) -- C:\WINDOWS\system32\drivers\ibmfilter.sys (IBM) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (w22n51) Intel® -- C:\WINDOWS\system32\drivers\w22n51.sys (Intel

This is the OLT Extras log: OTL Extras logfile created on: 12/30/2010 9:20:59 AM - Run 1 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\randy.IBS002580\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 758.00 Mb Total Physical Memory | 344.00 Mb Available Physical Memory | 45.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 23.53 Gb Total Space | 2.54 Gb Free Space | 10.78% Space Free | Partition Type: NTFS Computer Name: RANDY-LT | User Name: randy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe" = %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher -- (IBM) "%ProgramFiles%\IBM\Updater\jre\bin\java.exe" = %ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher -- (IBM) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher -- (IBM) "C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:UC Tray Icon -- (IBM Corporation, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe" = %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher -- (IBM) "%ProgramFiles%\IBM\Updater\jre\bin\java.exe" = %ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher -- (IBM) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher -- (IBM) "C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM) "C:\Program Files\IBM\Client Access\cwbunnav.exe" = C:\Program Files\IBM\Client Access\cwbunnav.exe:*:Enabled:cwbunnav.exe -- (IBM Corporation) "C:\Program Files\IBM\Client Access\cwbopcon.exe" = C:\Program Files\IBM\Client Access\cwbopcon.exe:*:Enabled:cwbopcon -- (IBM Corporation) "C:\Program Files\IBM\Client Access\JRE\bin\javaw.exe" = C:\Program Files\IBM\Client Access\JRE\bin\javaw.exe:*:Enabled:Java launcher -- (IBM) "C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LRE3B.tmp\jre\bin\java.exe" = C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LRE3B.tmp\jre\bin\java.exe:*:Enabled:Java launcher -- File not found "C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LREE.tmp\jre\bin\java.exe" = C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LREE.tmp\jre\bin\java.exe:*:Enabled:Java launcher -- File not found "C:\Program Files\IBM\IBM System Planning Tool\_jvm\jre\bin\java.exe" = C:\Program Files\IBM\IBM System Planning Tool\_jvm\jre\bin\java.exe:*:Enabled:Java launcher -- File not found "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation) "C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\javaw.exe" = C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary -- File not found "C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe" = C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.6.0.20080709-200808010926\jre\bin\notes2w.exe:*:Enabled:Lotus Notes -- File not found "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION) "C:\Program Files\Java\jre1.6.0_07\bin\java.exe" = C:\Program Files\Java\jre1.6.0_07\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LRE13E.tmp\jre\bin\java.exe" = C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\LRE13E.tmp\jre\bin\java.exe:*:Enabled:Java launcher -- File not found "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe" = C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe:*:Enabled:Lotus Notes -- (IBM) "C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:UC Tray Icon -- (IBM Corporation, Inc.) "C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\I1274472556\Windows\resource\jre\jre\bin\javaw.exe" = C:\Documents and Settings\randy.IBS002580\Local Settings\Temp\I1274472556\Windows\resource\jre\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary -- File not found "C:\Program Files\IBM\IBM System Planning Tool\jre\jre\bin\java.exe" = C:\Program Files\IBM\IBM System Planning Tool\jre\jre\bin\java.exe:*:Enabled:Java Platform SE binary -- (IBM) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- File not found "C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- File not found "C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message "{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar "{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA "{164EB883-354E-4290-AD76-67CEE65403A3}" = IBM System i Access for Windows V6R1M0 "{16906D21-0656-4F8B-9A01-C3D24B5401FC}" = Intel® PROSet for Wired Connections "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility "{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{2C42ED1E-6315-4E63-89E6-057EA114EBB8}" = MetaFrame Presentation Server Client "{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200}" = CA Licensing "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{40624553-811E-400E-B69B-38D8926A66BD}" = SonicWALL Global VPN Client "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{461D92DA-0B8C-496B-B6AA-BD0614BE0867}" = Kyocera Wireless USB Device Drivers "{47CB8B6B-49DF-4058-AC2B-1596E3BE63EA}" = Garmin City Navigator North America 2009 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{56373057-E823-4DDE-98C3-E89AEF7895B8}" = Intel® Sebring API "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource "{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource "{5C0054EB-24A5-46A8-80E3-62AAA930DEFA}" = Sound Blaster Live! 24-Bit External "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1 "{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{836670E9-61EB-4D47-9EF8-CFE936C3FE32}" = Lotus Notes 8.5.1 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English) "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow! "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder "{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DDE34257-E4E5-49CB-BE92-337DE7C90345}" = Mobile Broadband Generic Drivers "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features "{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers "{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem "DAO" = DAO "EasyEject Utility" = IBM ThinkPad EasyEject Utility "eConfig" = IBM eConfig "IBM System Planning Tool" = IBM System Planning Tool "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ieSpell" = ieSpell "InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit Runtime Environment for Java 2, v1.4.1 "Lexmark_HostCD" = Lexmark Software Uninstall "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features "Power Management Driver" = IBM ThinkPad Power Management Driver "Presentation Director" = IBM ThinkPad Presentation Director "PROSet" = Intel® PRO Network Adapters and Drivers "RoomEQWizard" = RoomEQWizard "Selling Chain 3.2" = Selling Chain 3.2 "SpySweeper" = Spy Sweeper "SysInfo" = Creative System Information "ThinkPad Configuration" = IBM ThinkPad Configuration "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "ThinkPadSoftwareInstaller" = ThinkPad Software Installer "TrackPoint" = ThinkPad TrackPoint Driver "VRPGRT10" = VisualAge for RPG - Run-Time V51 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/27/2010 4:53:43 PM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 12/27/2010 7:07:40 PM | Computer Name = RANDY-LT | Source = Application Error | ID = 1000 Description = Faulting application z2ohpet8.exe, version 1.0.15.15530, faulting module z2ohpet8.exe, version 1.0.15.15530, fault address 0x0000c551. Error - 12/27/2010 10:35:40 PM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 12/27/2010 10:35:40 PM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 12/27/2010 10:35:40 PM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 12/27/2010 10:35:41 PM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131083 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error - 12/27/2010 10:35:41 PM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 12/27/2010 11:21:28 PM | Computer Name = RANDY-LT | Source = Application Error | ID = 1000 Description = Faulting application unspysweeper.exe, version 2.1.0.34, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb. Error - 12/28/2010 11:08:05 AM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 12/28/2010 11:08:05 AM | Computer Name = RANDY-LT | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. [ System Events ] Error - 12/29/2010 7:59:39 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Event Log Watch service failed to start due to the following error: %%3 Error - 12/29/2010 7:59:39 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Sansa Updater Service service failed to start due to the following error: %%2 Error - 12/29/2010 8:22:45 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7034 Description = The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/29/2010 9:18:50 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Event Log Watch service failed to start due to the following error: %%3 Error - 12/29/2010 9:18:50 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Sansa Updater Service service failed to start due to the following error: %%2 Error - 12/29/2010 9:24:37 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Event Log Watch service failed to start due to the following error: %%3 Error - 12/29/2010 9:24:37 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Sansa Updater Service service failed to start due to the following error: %%2 Error - 12/29/2010 9:34:38 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7034 Description = The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/29/2010 11:18:50 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Event Log Watch service failed to start due to the following error: %%3 Error - 12/29/2010 11:18:50 PM | Computer Name = RANDY-LT | Source = Service Control Manager | ID = 7000 Description = The Sansa Updater Service service failed to start due to the following error: %%2 < End of report >

This is the second time I have copied and pasted the OTL and Extras logs to my reply, but it keeps making a blank reply. I will now try one at a time in the next two posts.

I was able to remove the directory and registry entries for CA Virus Protection in safe mode. I then tried the ComboFix in safe mode. It had me download the Windows Console, it created a backup for a new start point, then it went into the scan process. At first, it shows the disk light blinking, the system clock in the sys tray advances, and items in the task bar highlight if I hover the cursor over them. After about 2 minutes, the system clock stops advancing, task bar items (including the start button) stop highlighting if I hover, the disk light goes on solid. I have let this stay this way for over 2 hours and nothing happens. The keyboard is still working, but all I can do is toggle the caps lock and the num lock. The mouse still works, but I can't select anything. If I click on the desktop, the header bar on the ComboFix window shows it is not the active window and it does if I click on the header bar. The WiFi lamp blinks as well. Even ctrl-alt-delete doesn't work. All I can do is hard boot the system. This happens in safe mode and normal mode.

The problem is it doesn't give me the option to proceed with the ComboFix scan until the CA Virus software is removed. I don't know what it is looking at to determine that the CA software is installed. If it is the registry entries, I could delete them. If it is something in the CA folder, I could try deleting them one at a time and leaving only those that have access denied. At this time, I think it is just the dll.

When I try to run Combo-Fix, I get the message that it can't run with CA Antivirus installed. I had removed the application using the Windows 'Remove Software' a long time ago. I looked in the registry and there are some entries there. I followed the install path to a directory in the Program Files. There is a CA directory. When I try to delete it, I get Cannot delete lic98.dll, access denied. See attachment for screen shots. Any suggestions?Combofix_errors.doc

Here's the log:Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5406 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 12/28/2010 1:24:05 PM mbam-log-2010-12-28 (13-24-05).txt Scan type: Quick scan Objects scanned: 174006 Time elapsed: 21 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)