Jump to content

Recommended Posts

  • Root Admin

Hi Walt and Welcome to Malwarebytes.

Are you using a Dialup modem for your Internet connection? Looking up this error points to a PPP dialup issue for most users so just trying to get to the bottom of the issue.

Are you now or have you had issues connecting to any sites with this system?

Please go into your Control Panel, Admin Tools and look at the Event Viewer and read some of the error messages and see if that gives you a hint to the root cause of the issue.

What operating system are you using and what service pack level is it at? Did you download MBAM for curiosity or to help clean up an infection? Just curious of some infection may be the cause of the error or not.

Link to post
Share on other sites

Hi Walt and Welcome to Malwarebytes.

Are you using a Dialup modem for your Internet connection? Looking up this error points to a PPP dialup issue for most users so just trying to get to the bottom of the issue.

Are you now or have you had issues connecting to any sites with this system?

Please go into your Control Panel, Admin Tools and look at the Event Viewer and read some of the error messages and see if that gives you a hint to the root cause of the issue.

What operating system are you using and what service pack level is it at? Did you download MBAM for curiosity or to help clean up an infection? Just curious of some infection may be the cause of the error or not.

I am running Windows XP with Service Pack 3 and have downloaded all the latest updates (checked again just now). I'm not aware of any infection and run SpyBot and AdAware as well as Avast Antivirus weekly. I looked at the Event viewer but I'm afraid I didn't see anything that looked relevant but then I'm not much of a techie either. I deleted the Anti-Malware software and just reinstalled but continued to get the same error message. Any other ideas??

Thanks for the help.

Link to post
Share on other sites

  • Root Admin

Well you can try running this routine and it will provide a lot of logging information that we can review to see if we can find something that might be causing it or not.

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I also need for you to download this program
OTListIt.exe
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.


Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

Link to post
Share on other sites

Well you can try running this routine and it will provide a lot of logging information that we can review to see if we can find something that might be causing it or not.

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.
I also need for you to download this program
to your desktop.
  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    "Scan All Users"
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.

Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

Here's what the OTListIt.Txt found

OTListIt logfile created on: 11/15/2008 12:53:29 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Walt's Downloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.48 Mb Total Physical Memory | 382.02 Mb Available Physical Memory | 42.71% Memory free

2.12 Gb Paging File | 1.67 Gb Available in Paging File | 78.75% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 182.10 Gb Total Space | 98.95 Gb Free Space | 54.34% Space Free | Partition Type: NTFS

Drive D: | 4.20 Gb Total Space | 1.04 Gb Free Space | 24.80% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: UPSTAIRS

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/07/19 09:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

[2008/07/19 09:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

[2008/08/10 12:13:24 | 00,380,536 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe

[2008/07/19 09:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

[2008/07/09 08:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[2007/06/17 12:40:36 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe

[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[2005/08/28 01:14:26 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe

[2008/07/19 09:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

[2008/07/23 09:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

[2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

[2008/07/18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2008/11/15 12:51:11 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Walt's Downloads\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/08/10 12:13:24 | 00,380,536 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])

[2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [On_Demand | Running])

[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])

[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/07/19 09:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])

[2006/02/21 19:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])

[2007/06/13 13:29:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

File not found -- -- (Automatic LiveUpdate Scheduler [Disabled | Stopped])

[2008/07/19 09:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])

[2008/07/19 09:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])

[2008/07/23 09:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])

[2005/04/06 16:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [On_Demand | Stopped])

[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])

[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[1999/12/12 12:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Disabled | Stopped])

[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Disabled | Stopped])

[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])

[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2007/10/11 20:35:15 | 01,838,592 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])

[2007/02/04 18:04:57 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])

File not found -- -- (LiveUpdate [Disabled | Stopped])

[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])

[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])

[2005/08/28 01:14:26 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])

[2007/03/26 12:06:24 | 00,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])

[2005/11/17 22:34:28 | 00,833,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Disabled | Stopped])

[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])

[2008/07/09 08:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/19 09:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Running])

[2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])

[2007/04/25 15:20:48 | 04,030,144 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM [On_Demand | Running])

[2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [boot | Running])

[2006/07/01 21:39:40 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [system | Running])

[2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running])

[2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running])

[2008/07/19 09:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])

[2008/07/19 09:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])

[2008/07/19 09:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])

[2008/07/19 09:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Running])

[2008/07/19 09:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

[2006/02/21 19:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2007/01/31 08:33:46 | 00,005,632 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgarkt.sys -- (AVG Anti-Rootkit [boot | Running])

[2007/01/18 07:00:28 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln [system | Running])

[2004/03/05 16:09:00 | 00,003,744 | ---- | M] () -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO [Auto | Running])

[2006/06/23 16:00:26 | 00,031,488 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])

[2005/08/31 10:34:52 | 00,020,480 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])

[2006/01/19 13:31:34 | 00,010,068 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT [On_Demand | Stopped])

[2006/07/16 16:06:16 | 00,023,040 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])

[2008/04/13 13:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])

[2005/07/30 07:21:32 | 00,011,988 | ---- | M] () -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum [On_Demand | Running])

[2005/05/01 05:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr [boot | Running])

[2008/04/13 13:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])

[2008/04/13 13:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])

[2008/06/13 06:05:51 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])

[2008/04/13 13:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])

[2006/10/04 21:42:42 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [system | Running])

[2006/10/04 21:42:42 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [system | Running])

[2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running])

[2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running])

[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GearAspiWDM [On_Demand | Running])

[2005/10/21 18:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])

[2005/10/21 18:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])

[2005/10/21 18:52:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])

[2005/07/22 10:01:10 | 00,231,168 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])

[2004/06/17 17:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])

[2005/07/22 10:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])

[2004/05/18 00:25:00 | 00,016,880 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])

[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [system | Running])

[2005/03/28 15:07:40 | 00,004,736 | ---- | M] (Laplink Software, Inc.) -- C:\WINDOWS\system32\drivers\llusbflt.sys -- (LLUSBFLT [On_Demand | Stopped])

[2004/03/05 16:09:02 | 00,003,904 | ---- | M] () -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM [Auto | Running])

[2005/10/05 14:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running])

[2004/11/22 18:36:34 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])

[2004/11/22 18:36:39 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])

[2001/08/17 15:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic [On_Demand | Stopped])

[2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])

[2008/04/02 21:58:18 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Running])

[2003/09/20 08:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])

[2004/06/03 11:10:00 | 00,071,596 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\PFModNT.sys -- (PfModNT [Auto | Running])

[2005/03/28 15:07:42 | 00,008,960 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2 [On_Demand | Stopped])

[2005/12/01 14:57:58 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])

[2008/01/22 04:18:40 | 00,007,808 | ---- | M] (Secunia) -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI [On_Demand | Stopped])

[2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2006/09/27 16:53:22 | 00,036,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running])

[2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running])

[2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running])

[2008/04/13 13:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])

[2004/08/10 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])

[2008/02/25 11:54:56 | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [boot | Running])

[2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running])

[2004/07/21 10:24:04 | 00,341,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])

[2008/02/27 02:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [boot | Running])

[2004/11/15 19:41:54 | 00,036,804 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt [On_Demand | Running])

[2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running])

[2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running])

[2005/11/19 10:14:43 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])

[2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running])

[2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running])

[2008/09/25 11:33:16 | 00,043,552 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd [On_Demand | Stopped])

[2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2004/10/19 13:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm [On_Demand | Running])

[2006/02/28 16:57:22 | 00,084,836 | ---- | M] (IVT Corporation) -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])

[2008/07/09 08:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [system | Running])

[2005/07/22 10:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[2008/09/27 13:52:47 | 00,035,363 | ---- | M] () -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT [Auto | Running])

[2004/08/10 14:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running])

[2005/03/28 15:07:36 | 00,006,560 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\system32\zntport.sys -- (zntport [Auto | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/index.html

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-3113870545-3567692883-938910631-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-3113870545-3567692883-938910631-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\S-1-5-21-3113870545-3567692883-938910631-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

HKU\S-1-5-21-3113870545-3567692883-938910631-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

HKU\S-1-5-21-3113870545-3567692883-938910631-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/index.html

HKU\S-1-5-21-3113870545-3567692883-938910631-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKU\S-1-5-21-3113870545-3567692883-938910631-1006\S-1-5-21-3113870545-3567692883-938910631-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-3113870545-3567692883-938910631-1006\S-1-5-21-3113870545-3567692883-938910631-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (289483 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 9975 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

O2 - BHO: (CGreenPrintPDF Object) - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - C:\Program Files\GreenPrint\GreenPrint\GPIEPlugin.dll (TODO: <Company name>)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)

O9 - Extra Button: GreenPrint - {554099FE-3856-4d93-86B5-0024AEF63BC7} - C:\Program Files\GreenPrint\GreenPrint\GPIEPlugin.dll (TODO: <Company name>)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 51 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: free.aol.com (http in Trusted sites)

O15 - HKCU\..Trusted Sites: www.nytimes.com (http in Trusted sites)

O15 - HKCU\..Trusted Sites: turbotax.com (http in Trusted sites)

O15 - HKCU\..Trusted Sites: turbotax.com (https in Trusted sites)

O15 - HKCU\..Trusted Sites: 52 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-19\..Trusted Sites: 31 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-20\..Trusted Sites: 31 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\..Trusted Sites: free.aol.com (http in Trusted sites)

O15 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\..Trusted Sites: www.nytimes.com (http in Trusted sites)

O15 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\..Trusted Sites: turbotax.com (http in Trusted sites)

O15 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\..Trusted Sites: turbotax.com (https in Trusted sites)

O15 - HKU\S-1-5-21-3113870545-3567692883-938910631-1006\..Trusted Sites: 52 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (SupportSoft SmartIssue)

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab (SupportSoft Script Runner Class)

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://help.bellsouth.net/sdccommon/download/tgctlcm.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {41F841C1-AE16-11D5-8817-0050DA6EF5E5} https://www.acsenterprisesystem.com/CAB%20a...es/SPR32X60.cab (FarPoint Spread 6.0)

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://home3.ca.com/PestPatrol/uniblue/pestscan/pestscan.cab (PSFormX Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://scan.safety.live.com/resource/downl...lscbase5059.cab (Windows Live Safety Center Base Module)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1131747723062 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} http://pbells.broadjump.com/wizlet/Standar...wActiveXCab.CAB (BinAg1 Class)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (Reg Error: Value does not exist or could not be read.)

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)

O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} http://pbells.broadjump.com/wizlet/Standar...aller_4-2-0.cab (Reg Error: Value does not exist or could not be read.)

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15031/CTPID.cab (Creative Software AutoUpdate Support Package)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2005/04/13 12:20:25 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ]

[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[2008/11/15 12:42:31 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/11/15 12:42:30 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/11/15 12:42:28 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/11/15 12:42:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/11/15 12:42:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/11/11 17:49:06 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2008/11/11 17:47:18 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/11/11 17:46:51 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

[2008/11/08 10:39:02 | 00,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlueSoleil.lnk

[2008/11/08 10:35:05 | 00,000,000 | ---D | C] -- C:\Program Files\IVT Corporation

[2008/10/25 09:46:07 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008/10/18 17:41:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sonic

[2008/10/18 17:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Canneverbe_Limited

[2008/10/18 17:18:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CDBurnerXP Projects

[2008/10/18 13:20:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Any Video Converter

[2008/10/18 13:20:10 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Any Video Converter.lnk

[2008/10/18 13:20:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Any Video Converter

[2008/10/18 13:20:00 | 00,000,000 | ---D | C] -- C:\Program Files\Any Video Converter

[2008/10/18 13:06:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\RapidSolution

[2008/10/18 13:05:59 | 00,000,000 | ---D | C] -- C:\Program Files\PixiePack Codec Pack

[2008/10/18 13:02:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RapidSolution

[2008/10/18 10:10:07 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2008/10/18 10:09:37 | 00,000,000 | ---D | C] -- C:\Program Files\iPod

[2008/10/18 10:09:33 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes

[2008/10/18 10:09:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Files - Modified Within 30 Days ==========

[2008/11/15 12:52:16 | 20,518,944 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2008/11/15 12:49:22 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/11/15 12:42:31 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/11/15 12:34:39 | 00,059,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2008/11/15 11:48:27 | 00,289,483 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2008/11/14 11:13:18 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Word.lnk

[2008/11/14 10:52:57 | 00,352,921 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2008/11/14 10:52:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/11/14 10:51:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/11/14 10:51:50 | 93,800,4480 | -HS- | M] () -- C:\hiberfil.sys

[2008/11/14 10:51:50 | 00,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/11/13 23:17:54 | 00,234,104 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2008/11/13 23:17:26 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat

[2008/11/13 21:48:47 | 00,563,804 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/11/13 21:48:47 | 00,477,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/11/13 21:48:47 | 00,079,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008/11/11 18:48:35 | 00,002,471 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Excel.lnk

[2008/11/11 17:49:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008/11/10 21:46:28 | 00,001,366 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

[2008/11/08 18:04:01 | 00,288,766 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081115-114827.backup

[2008/11/08 14:05:18 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2008/11/08 11:49:58 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008/11/08 10:39:02 | 00,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlueSoleil.lnk

[2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008/10/31 18:06:50 | 00,270,687 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081108-180400.backup

[2008/10/25 11:43:03 | 00,269,761 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081031-190650.backup

[2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys

[2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/10/18 16:03:40 | 00,058,880 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/10/18 13:20:10 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Any Video Converter.lnk

< End of report >

Link to post
Share on other sites

Here's the report from Extras.txt

OTListIt Extras logfile created on: 11/15/2008 12:53:29 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Walt's Downloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.48 Mb Total Physical Memory | 382.02 Mb Available Physical Memory | 42.71% Memory free

2.12 Gb Paging File | 1.67 Gb Available in Paging File | 78.75% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 182.10 Gb Total Space | 98.95 Gb Free Space | 54.34% Space Free | Partition Type: NTFS

Drive D: | 4.20 Gb Total Space | 1.04 Gb Free Space | 24.80% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: UPSTAIRS

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL

File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL

File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

File not found -- C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine

File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL

File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL

File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL

File not found -- C:\Program Files\iMesh Applications\iMesh6\iMesh6.exe:*:Enabled:iMesh 6

[2005/07/11 16:35:18 | 00,011,352 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader

[2005/11/02 22:01:14 | 00,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1140139756\ee\aolsoftware.exe:*:Enabled:AOL Services

[2006/01/09 14:31:29 | 00,050,792 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1140139756\ee\aim6.exe:*:Enabled:AIM

[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007/03/08 00:25:56 | 09,950,760 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax

[2007/03/30 21:28:53 | 03,679,784 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager

[2004/11/04 18:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

[2004/12/14 22:16:18 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe

[2004/12/14 22:16:30 | 00,036,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe

[2004/12/14 22:13:04 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe

[2005/05/10 20:50:34 | 00,200,704 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe

[2005/05/10 20:07:26 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe

[2004/11/04 18:29:02 | 00,516,096 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe

[2004/11/04 10:21:30 | 00,151,637 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe

[2004/12/14 22:17:06 | 00,450,560 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe

[2004/10/08 08:42:04 | 00,413,696 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe

[2004/12/14 22:29:52 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe

[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2008/03/05 22:29:49 | 10,343,712 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax

[2007/10/22 17:56:52 | 03,597,600 | ---- | M] (Intuit, Inc.) -- C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager

[2006/07/16 17:33:36 | 00,626,176 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil

[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution

"{0917447C-477A-4C56-99E5-87186FDEBBEE}" = QuickWrite

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007

"{0DC00F90-E7E7-4B19-959A-0A53032DA52C}" = Documents To Go

"{0E2DAB2F-5A2F-8F65-1006-30E94506B15D}" = Skins

"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600

"{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch

"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition

"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy

"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines

"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant

"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax

"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare

"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy

"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{25F6C900-C138-4888-A56C-91D3D063023A}" = HP Update

"{269D9176-CEF5-81BE-D204-B90ACA0ECD79}" = Catalyst Control Center Core Implementation

"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2CCBABCB-6427-4A55-B091-49864623C43F}" =

"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource

"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005

"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour

"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext

"{393C1150-6EBF-D1DA-BDC2-3E1D1D772B44}" = Catalyst Control Center Graphics Full Existing

"{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}" =

"{3c1e9fe1 0da3 4eee 851c f4814090e899}}_is1" = SimoHealth 1.0.1

"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth

"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10

"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme

"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B

"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger

"{57F7C02B-D36E-3F81-239B-FD031984ADFE}" = Catalyst Control Center Graphics Previews Common

"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone

"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects

"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69580770-C77E-67FE-014F-BE02DF5D8A4F}" = ccc-core-preinstall

"{6EACA7EA-CA28-1333-206C-C985F7F22C2F}" = CCC Help English

"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm

"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC

"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader

"{8318FEFD-F467-44D6-82B8-129374BFE9B1}" = Opera 9.62

"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1

"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc

"{8D0049D9-265D-145D-96D7-CD5814DA7092}" = ccc-core-static

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support

"{98F2555F-6749-49BA-949F-FC887831A524}" = Palm Desktop by ACCESS

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil

"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker

"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AD088F72-2C65-4A21-8ACF-CFC2B28F8EE8}" = Text Complete (English)

"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006

"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director

"{BA9A7A5D-5976-3682-826C-CDE03A0DE33D}" = Catalyst Control Center Graphics Full New

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP

"{CA74E4E3-FAF1-4F5E-8A77-D89A5C5A02E8}" = GreenPrint

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help

"{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express

"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg

"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer

"{D721F201-E316-0825-7D23-48C16939914F}" = ccc-utility

"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for PENTAX 2.0

"{D9A812DA-143D-4780-BEDC-FD6D41386317}" =

"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M

"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E07FEDF6-3E9E-2F4C-3734-15B839CC3CD3}" = Catalyst Control Center Graphics Light

"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks

"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5

"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FB745B2C-E7BA-472E-9523-2B200CF2F500}" = Before You Know It 3.6

"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard

"{fe7ccec2-0f76-4921-bc75-caaf255cbbf2}" = DFX for Windows Media Player

"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver

"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)

"98SE_is1" = 98SE

"Abacast Client" = Abacast Client

"AddressBook" =

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"All ATI Software" = ATI - Software Uninstall Utility

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3

"Analyse-it for Excel" = Analyse-it for Microsoft Excel

"Any Video Converter_is1" = Any Video Converter 2.6.5

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"a-squared Free_is1" = a-squared Free 3.1

"ATI Display Driver" = ATI Display Driver

"avast!" = avast! Antivirus

"AVGantiRootkit" = AVG Anti-Rootkit Free

"BellsouthHelpCenter4.0b_is1" = FastAccess

Edited by AdvancedSetup
Removed full quoting
Link to post
Share on other sites

Please update MBAM and do a Quick Scan and fix anything found and reboot.

Run a new HJT scan and post back both logs please.

I'm unable to run MBAM as I continue to receive the error code 718 (-2146893798, 0) even after uninstalling and reinstalling the software. Should I just delete the npmnqmp071101000055.dll file? How can I get the 718 error code to go away?

Thanks

Link to post
Share on other sites

Hi Walt,

Yes, if you can please delete that file. Let me know if you're unable to and we can try another tool to assist you.

OK - I deleted the file successfully. Still have the same issues in trying to install Malwarebytes. Any ideas? Thanks for helping me find and remove the bad file.

Link to post
Share on other sites

  • Root Admin

Well this could be a difficult one to fix Walt. You have a LOT of programs that are failing to start or run based on just a few of the Event Logs shown near the bottom of the OTLIST report.

I'm not sure they're Malware related at all. It could just be from various broken Registry and or file entries.

Let's try this though and see where we get.

Close ALL programs and Click on START - RUN and copy / paste this into the box and click OK.

This will set your hard drive to check the disk and automatically restart your computer for you.

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Then after the restart click on START - RUN and type in REGEDIT and click OK

Highlight the tree branch named HKEY_CLASSES_ROOT and click on File, Export.

In the drop down box select Registry Hive *.* and save the file as Walt_classes with no extension.

Do the same for these branches

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_CURRENT_CONFIG

Then ZIP them up or use RAR and name it waltsreg.zip

Then click on START - RUN and type in EVENTVWR and click OK

Highlight the Application branch and right click and choose Save Log File As and choose Event Log (*.evt) and save it as waltapplication.evt

Then do the same for Security and System

Then ZIP them up or use RAR and name it waltseventlogs.zip and upload both of the zip files (or put them all in one ZIP) to rapidshare.com and make sure you save the link that Rapidshare gives you as they will not mail it to you and if you lose it you can not get back to the file. Then send me a Private Message with the link to the file and I'll download it and review it and see if I can determine what's else might be going on with your system.

Link to post
Share on other sites

In trying to copy HKEY_LOCAL_MACHINE & HKEY_USERS I repeatedly got an error message "error writing file - may be disk or file system error" so those are not included

One other thing I wanted to mention, I use a program called "The Ultimate Troubleshooter" which among other things allows you control startups, tasks and services. I've used the services tab to turn program startups from automatic to manual or disable and to keep programs from starting at startup. This may cause a number of the failures to start up.

I appreciate any help you can offer me. While I'm able to keep up my computer by running antivirus and such weekly, the registry has always been intimidating to me.

Link to post
Share on other sites

  • Root Admin

Sorry for the Delay Walt but just too many things going on and not enough time in the day.

Okay I loaded up the portions you uploaded but those are of very little help. I really needed the HKLM and HKCU keys of the Registry as those hold all the details. The classes have many COM things but are of little value without the other pieces.

I did notice you're using a program called Folder Lock. It might be a good idea to remove this for now and try to get your system cleaned back up before turning it back on.

Just not enough information here to see what's going on.

I would like you to follow the directions here and we'll proceed as though your system is infected and run some routines to check for an infection.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

  • 1 year later...

Hi

I am getting the same error code when starting a Malwarebytes scan. Previously I was able to use it though.

I tried to uninstal and re install the program, followed this thread and , here is my hijackthis log. I assume it is better to post in a similar thread.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:55:09 AM, on 2/9/2010

Platform: Windows 2000 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\Explorer.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\I8kfanGUI\I8kfanGUI.exe

C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\System32\GPhotos.scr/200

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--

End of file - 4265 bytes

The guifan is one I do use, the reason I mention this is other have not recognized it and questioned it's legitimacy

Thanks for the help

Link to post
Share on other sites

  • Root Admin

This post is over a year ago. Please try the following and let us know.

Please try this on the computer that is having an issue.

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.

2. Restart your computer (very important).

3. Download and run this utility. mbam-clean.exe

4. It will ask to restart your computer (please allow it to).

5. After the computer restarts, install the latest version from here. mbam-setup.exe

Note: You will need to reactivate the program using the license you were sent

Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that MBAM is in the task tray and that you can run a quick scan and all is working as expected.

Link to post
Share on other sites

  • Root Admin

Okay then I'd suggest following the advice below and have someone assist you and make sure your system is not infected.

Hello , and welcome to Malwarebytes.org

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.