MBAM freezes on Windows 2000

[JohnDavid]

Starting a new thread for this 'old' issue:

Configuration:

W2K SP4

MBAM 1.30

AVG AV Free edition, ver 8

Zone Alarm uninstalled

When attempt to run 'quick scan', MBAM runs for 2-3 minutes, then freezes and has to be forced to close via Task Mgr.

Started MBAM; in settings, unchecked "Always scan memory objects"; ran MBAM quick scan. The scan ran to completion.

Good; but apparently the only way to run MBAM on this machine is WITHOUT including the 'memory scan'. Is there a way to resolve this?

Thanks.

[AdvancedSetup]

Hi John,

Please run the following routine and we'll see if there is something obvious going on that might be causing this.

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I need you to follow the instructions provided here

Pre- HJT Post Instructions

first.

I also need for you to download this program

OTListIt.exe

to your desktop.

• Close all applications and windows so that you have nothing open and are at your Desktop
  
  
• Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.
  
  
• Place a checkmark in the
  "Scan All Users"
  checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
  
  
• Click the Run Scan button
  
  
• NOTE:
  Please be patient and let the scan run without using the computer
  
  
• When the scan is complete, a text file (
  OTListIt.Txt
  ) will open in Notepad (if not, it can be found on your Desktop)
  
  
• In Notepad, click
  Edit
  ,
  Select all
  then
  Edit
  ,
  Copy
  
  
• Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.
  
  
• Submit your reply and close the Notepad window with
  OTList.txt
  
  
• Also OTListIt's
  Extras.txt
  log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window
  
  
• In Notepad, click
  Edit
  ,
  Select all
  then
  Edit
  ,
  Copy
  
  
• Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.
  
  
• NOTE:
  If the files (
  OTListIt.txt, Extras.txt
  ) do not appear in your taskbar, just open the files in notepad from your desktop.

  
  

Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

[JohnDavid]

Greetings,

In the following posts you will find the additional info you requested.

First, let me mention a few things:

> Ran Spybot; it found nothing.

> Attempted to run PandaActiveScan; it made no progress after reaching 1%. Let it run quite awhile, then forced it closed.

> Attempted to run ESET Online; it generated an error when almost thru the Initilization process; closed it.

Here is the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:54:46 PM, on 11/20/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Adeona\cygrunsrv.exe

C:\Program Files\Adeona\adeona-client.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\WINNT\System32\SCardSvr.exe

C:\WINNT\system32\wuauclt.exe

C:\WINNT\system32\taskmgr.exe

C:\WINNT\system32\mshta.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Startup: Shortcut to Screen shots of updates available_20081111.rtf.lnk = C:\Technical info\Windows updates\Screen shots of updates available_20081111.rtf

O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201410186358

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201412384897

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AdeonaClientService - Unknown owner - C:\Program Files\Adeona\cygrunsrv.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

--

End of file - 7008 bytes

[JohnDavid]

And the next requested log file, OTListIT:

OTListIt logfile created on: 11/20/2008 6:57:44 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Software to Install\Malwarebytes-related

Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 323.31 Mb Available Physical Memory | 63.21% Memory free

1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.99% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 39.76 Gb Free Space | 53.34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STEVE-LAPTOP

Current User Name: Steve Xxxxxxx

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/07/13 14:30:28 | 00,068,096 | ---- | M] () -- C:\Program Files\Adeona\cygrunsrv.exe

[2008/07/13 20:28:32 | 00,197,502 | ---- | M] () -- C:\Program Files\Adeona\adeona-client.exe

[2008/09/06 13:14:09 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

[2003/08/14 12:19:16 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe

[2003/11/13 13:29:40 | 00,455,680 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

[2003/06/24 17:32:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe

[2003/06/19 14:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe

[2004/09/07 10:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe

[2003/06/19 14:05:04 | 00,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe

[2003/06/19 14:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe

[2008/07/12 13:51:46 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

[2001/01/24 12:41:08 | 00,094,208 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[2001/01/24 12:40:22 | 00,253,952 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[2002/12/17 12:14:14 | 00,131,157 | ---- | M] (Roxio) -- C:\Program Files\Common Files\Adaptec

Shared\CreateCD\CreateCD50.exe

[2002/12/17 11:28:00 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[2008/10/31 12:49:15 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

[2008/10/08 10:05:33 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2003/08/25 10:17:44 | 00,503,875 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[2005/06/10 07:23:24 | 00,036,864 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

[2008/09/06 13:14:11 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

[2004/09/01 19:16:04 | 00,024,641 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wuauclt.exe

[2000/07/26 12:00:00 | 00,050,960 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\notepad.exe

[2008/09/06 13:13:22 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe

[2008/11/20 14:28:54 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Software to Install\Malwarebytes-related\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/07/13 14:30:28 | 00,068,096 | ---- | M] () -- C:\Program Files\Adeona\cygrunsrv.exe -- (AdeonaClientService [Auto |

Running])

[2008/09/06 13:14:11 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe --

(avg8emc [Auto | Running])

[2008/09/06 13:14:09 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe --

(avg8wd [Auto | Running])

[2003/08/14 12:19:16 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe -- (btwdins [Auto | Running])

[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) --

C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2003/06/19 14:05:04 | 00,147,728 | ---- | M] (VERITAS Software Corp.) -- C:\WINNT\system32\dmadmin.exe -- (dmadmin

[On_Demand | Stopped])

[2003/06/19 14:05:04 | 00,094,992 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\FAXSVC.EXE -- (Fax [On_Demand |

Stopped])

[2008/01/28 18:41:09 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2007/07/27 19:14:24 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service

[On_Demand | Stopped])

[2003/11/13 13:29:40 | 00,455,680 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe --

(NICSer_WPC54G [Auto | Running])

[2003/06/24 17:32:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc [Auto |

Running])

[2003/06/19 14:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry

[Auto | Running])

[2004/09/07 10:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe -- (Schedule [Auto |

Running])

[2003/06/19 14:05:04 | 00,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe -- (StiSvc [Auto |

Running])

[2003/06/19 14:05:04 | 00,022,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\utilman.exe -- (UtilMan

[On_Demand | Stopped])

[2003/06/19 14:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt

[Auto | Running])

========== Driver Services ==========

[1997/12/22 21:02:46 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINNT\System32\drivers\aspi32.sys -- (Aspi32 [Auto |

Running])

[2008/09/06 13:14:07 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\system32\drivers\avgldx86.sys --

(AvgLdx86 [system | Running])

[2008/07/12 13:51:45 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\system32\drivers\avgmfx86.sys --

(AvgMfx86 [system | Running])

[2008/07/12 13:51:56 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\system32\drivers\avgtdix.sys --

(AvgTdiX [Auto | Running])

[2004/12/17 13:52:58 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINNT\system32\bcm42rly.sys -- (BCM42RLY

[On_Demand | Stopped])

[2005/02/11 21:46:22 | 00,371,712 | ---- | M] (Broadcom Corporation) -- C:\WINNT\system32\drivers\BCMWL5.SYS -- (BCM43XX

[On_Demand | Running])

[2003/08/14 11:23:06 | 00,021,861 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btaudio.sys -- (BtAudio

[On_Demand | Running])

[2003/08/14 11:25:40 | 00,030,235 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btport.sys -- (BTDriver

[On_Demand | Running])

[2003/08/14 11:33:08 | 01,257,418 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btkrnl.sys -- (BTKRNL [boot |

Running])

[2003/08/14 11:37:14 | 00,022,183 | ---- | M] () -- C:\WINNT\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])

[2003/08/14 11:36:48 | 00,222,876 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btslbcsp.sys -- (BTSLBCSP [Auto

| Running])

[2003/08/14 11:24:12 | 00,146,812 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btwdndis.sys -- (BTWDNDIS

[On_Demand | Running])

[2003/08/14 11:22:44 | 00,051,848 | ---- | M] (WIDCOMM, Inc.) -- C:\WINNT\system32\drivers\btwusb.sys -- (BTWUSB

[On_Demand | Stopped])

[2003/07/16 22:28:02 | 00,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) --

C:\WINNT\system32\CBTNDIS5.sys -- (CBTNDIS5 [On_Demand | Running])

[2008/01/28 15:26:26 | 00,044,288 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K [system |

Running])

[2002/12/17 12:32:46 | 00,023,436 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k [system |

Running])

[2002/12/17 12:29:38 | 00,363,799 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\cdudf.sys -- (cdudf [system | Running])

[2003/06/19 14:05:04 | 00,007,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\drivers\diskperf.sys --

(Diskperf [boot | Running])

[2003/06/19 14:05:04 | 00,369,104 | ---- | M] (VERITAS Software Corp.) -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot

[Disabled | Stopped])

[2003/06/19 14:05:04 | 00,137,936 | ---- | M] (VERITAS Software Corp.) -- C:\WINNT\system32\drivers\dmio.sys -- (dmio

[boot | Running])

[2003/06/19 14:05:04 | 00,007,312 | ---- | M] (VERITAS Software Corp.) -- C:\WINNT\system32\drivers\dmload.sys -- (dmload

[Disabled | Stopped])

[2008/01/26 23:25:24 | 00,025,898 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand |

Stopped])

[2003/06/19 14:05:04 | 00,085,776 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\drivers\e100bnt5.sys -- (E100B

[On_Demand | Stopped])

[2003/06/19 14:05:04 | 00,027,440 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\drivers\efs.sys -- (EFS

[Disabled | Running])

[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINNT\system32\drivers\GEARAspiWDM.sys --

(GEARAspiWDM [On_Demand | Running])

[2001/12/03 16:11:14 | 00,160,640 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\drivers\Icam4USB.sys -- (Icam4USB

[On_Demand | Stopped])

[1999/10/23 08:01:40 | 00,413,712 | ---- | M] (LT) -- C:\WINNT\system32\drivers\ltmdmnt.sys -- (ltmodem5 [On_Demand |

Running])

[2000/08/14 07:18:22 | 00,220,328 | R--- | M] (ESS Technology, Inc.) -- C:\WINNT\system32\drivers\es198x.sys -- (maestro

[On_Demand | Running])

[2008/01/26 23:25:24 | 00,030,630 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand |

Stopped])

[2000/07/26 12:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\netdtect.sys --

(NetDetect [On_Demand | Stopped])

[2003/06/24 17:32:00 | 01,326,203 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv

[On_Demand | Running])

[2003/06/24 17:32:00 | 01,326,203 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv4

[On_Demand | Stopped])

[2004/09/24 23:36:44 | 00,173,056 | ---- | M] (Funk Software, Inc.) -- C:\WINNT\system32\drivers\odysseyIM4.sys --

(odysseyIM4 [On_Demand | Running])

[2003/06/19 14:05:04 | 00,024,784 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\openhci.sys -- (openhci

[On_Demand | Stopped])

[2008/01/28 22:12:34 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINNT\system32\drivers\PalmUSBD.sys -- (PalmUSBD

[On_Demand | Stopped])

[2003/06/19 14:05:04 | 00,060,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\parallel.sys --

(Parallel [On_Demand | Running])

[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINNT\system32\drivers\pavboot.sys -- (pavboot

[boot | Running])

[2003/06/19 14:05:04 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINNT\system32\drivers\ptilink.sys --

(Ptilink [On_Demand | Running])

[2008/01/26 23:25:24 | 00,143,834 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\pwd_2K.sys -- (pwd_2k [system |

Running])

[2000/07/26 12:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\rca.sys -- (RCA

[On_Demand | Stopped])

[2001/01/24 12:37:12 | 00,218,384 | ---- | M] (Synaptics, Inc.) -- C:\WINNT\system32\drivers\SynTP.sys -- (SynTP

[On_Demand | Running])

[2008/01/26 23:25:24 | 00,227,298 | ---- | M] (Roxio) -- C:\WINNT\System32\drivers\udfreadr.sys -- (UdfReadr [system |

Running])

[2003/06/19 14:05:04 | 00,032,848 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd

[On_Demand | Running])

[2003/06/19 14:05:04 | 00,049,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\usbhub20.sys --

(usbhub20 [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

HKU\PE_C_ADMINISTRATOR\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

C:\WINNT\system32\blank.htm

HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

http://www.google.com

HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.com/

HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

http://www.google.com/ie

HKU\S-1-5-21-839522115-854245398-1708537768-1000\S-1-5-21-839522115-854245398-1708537768-1000\Software\Microsoft\Windows\C

urrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG

Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll

(Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll

(Google Inc.)

O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll

(Google Inc.)

O3 - HKU\PE_C_ADMINISTRATOR\..\Toolbar: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - Reg Error: Key does not exist

or could not be opened. File not found

O3 - HKU\S-1-5-21-839522115-854245398-1708537768-1000\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -

c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r (Roxio)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet (NVIDIA Corporation)

O4 - HKLM..\Run: [synchronization Manager] mobsync.exe /logon (Microsoft Corporation)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\PE_C_ADMINISTRATOR..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (Microsoft

Corporation)

O4 - HKU\S-1-5-21-839522115-854245398-1708537768-1000..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background

(Microsoft Corporation)

O4 - HKU\S-1-5-21-839522115-854245398-1708537768-1000..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

(Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program

Files\palmOne\register.exe (palmOne/Leader Technologies)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program

Files\palmOne\Hotsync.exe (PalmSource, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\resolution assistant.lnk = C:\Program

Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe (Motive Communications, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk = C:\Program

Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe ()

O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\BTTray.lnk = C:\Program

Files\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)

O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program

Files\palmOne\Hotsync.exe (PalmSource, Inc)

O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk =

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe ()

O4 - Startup: C:\Documents and Settings\Steve Xxxxxx\Start Menu\Programs\Startup\Shortcut to Screen shots of updates

available_20081111.rtf.lnk = C:\Technical info\Windows updates\Screen shots of updates available_20081111.rtf ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-839522115-854245398-1708537768-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

CDRAutoRun = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()

O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\Msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: 55 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\PE_C_ADMINISTRATOR\..Trusted Sites: 49 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-839522115-854245398-1708537768-1000\..Trusted Sites: 55 domain(s) and sub-domain(s) not assigned to a

zone.

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office

Template and Media Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage

Validation Tool)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

http://www.update.microsoft.com/windowsupd...b?1201410186358 (WUWebControl

Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

http://www.update.microsoft.com/microsoftu...b?1201412384897 (MUWebControl

Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

(Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key does not exist or could

not be opened.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key does not exist or could

not be opened.)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft

Corporation)

O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft

Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

(Microsoft Corporation)

O18 - Protocol\Handler: - vnd.ms.radio - C:\WINNT\system32\msdxm.ocx ()

O20 - See sections below for AppInitDlls and Winlogon settings

O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E}C:\WINNT\system32\netshell.dll (Microsoft

Corporation)

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls" = NVDESK32.DLL,avgrsstx.dll

>File not found --

>[2008/07/12 13:51:46 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINNT\system32\avgrsstx.dll

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

wzcnotif: "DllName" = wzcdlg.dll -- C:\WINNT\system32\wzcdlg.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2008/01/26 17:03:47 | 00,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/11/20 18:52:43 | 00,001,600 | ---- | C] () -- C:\Documents and Settings\Steve Xxxxxx\Desktop\HijackThis.lnk

[2008/11/20 18:11:40 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2008/11/20 17:24:07 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner

[2008/11/20 14:36:50 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINNT\System32\drivers\pavboot.sys

[2008/11/20 14:35:54 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008/11/14 21:19:55 | 00,000,000 | ---D | C] -- C:\3f01f81fd0cac2208be72fdd99f51f4f

[2008/11/12 22:55:01 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Steve Xxxxxx\Start

Menu\Programs\Startup\Shortcut to Screen shots of updates available_20081111.rtf.lnk

[2008/11/12 22:54:34 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\Steve Xxxxxx\Desktop\Shortcut to Screen

shots of updates available_20081111.rtf.lnk

[2008/11/12 19:44:45 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

[2008/11/12 19:44:43 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys

[2008/11/12 19:44:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2008/11/10 22:13:27 | 00,201,728 | ---- | C] () -- C:\Documents and Settings\Steve Xxxxxx\My

Documents\sunnysidechristmas08.pub

[2008/11/08 21:39:10 | 00,000,000 | ---D | C] -- C:\Program Files\PC Magazine Utilities

[2008/11/08 20:53:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Xxxxxx\Application Data\Malwarebytes

[2008/11/08 20:53:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes

[2008/11/08 19:40:37 | 00,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat

[2008/11/08 19:40:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Xxxxxx\Local Settings\Application

Data\Mozilla

[2008/11/08 19:40:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Steve Xxxxxx\Application Data\Mozilla

[2008/11/08 19:40:20 | 00,001,491 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Mozilla Firefox.lnk

[2008/11/08 19:40:15 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2008/11/08 19:18:03 | 00,000,000 | ---D | C] -- C:\Program Files\IObit

[2008/11/04 21:46:20 | 00,012,592 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\drivers\usbscan.sys

[2008/11/04 21:46:20 | 00,012,592 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbscan.sys

[2008/11/04 21:17:27 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\EOS Utility.lnk

[2008/11/04 21:16:55 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\ZoomBrowser EX.lnk

[2008/11/04 21:16:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\ZoomBrowser

[2008/11/04 21:15:06 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application

Data\QTSBandwidthCache

[2008/10/31 08:26:17 | 00,113,744 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\drivers\ks.sys

[2008/10/31 08:26:17 | 00,113,744 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ks.sys

[2008/10/31 08:26:17 | 00,051,472 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\vfwwdm32.dll

[2008/10/31 08:26:17 | 00,051,472 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\vfwwdm32.dll

[2008/10/31 08:26:16 | 00,103,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksproxy.ax

[2008/10/31 08:26:16 | 00,103,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksproxy.ax

[2008/10/31 08:26:16 | 00,081,168 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\kswdmcap.ax

[2008/10/31 08:26:16 | 00,081,168 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kswdmcap.ax

[2008/10/31 08:26:16 | 00,059,664 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\kstvtune.ax

[2008/10/31 08:26:16 | 00,059,664 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kstvtune.ax

[2008/10/31 08:26:16 | 00,039,184 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksxbar.ax

[2008/10/31 08:26:16 | 00,039,184 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksxbar.ax

[2008/10/31 08:26:16 | 00,010,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksvpintf.ax

[2008/10/31 08:26:16 | 00,010,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksvpintf.ax

[2008/10/31 08:26:16 | 00,007,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksinterf.ax

[2008/10/31 08:26:16 | 00,007,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksinterf.ax

[2008/10/31 08:26:16 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksclockf.ax

[2008/10/31 08:26:16 | 00,007,440 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksclockf.ax

[2008/10/31 08:26:16 | 00,006,928 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksdata.ax

[2008/10/31 08:26:16 | 00,006,928 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksdata.ax

[2008/10/31 08:26:16 | 00,004,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\ksuser.dll

[2008/10/31 08:26:16 | 00,004,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ksuser.dll

[2008/10/29 21:22:58 | 00,503,808 | ---- | C] () -- C:\WINNT\System32\AudioGenie2.ocx

[2008/10/29 21:12:02 | 00,000,000 | ---D | C] -- C:\Midi files

========== Files - Modified Within 30 Days ==========

[1 C:\WINNT\System32\*.tmp files]

[4 C:\WINNT\*.tmp files]

[2008/11/20 18:52:43 | 00,001,600 | ---- | M] () -- C:\Documents and Settings\Steve Xxxxxx\Desktop\HijackThis.lnk

[2008/11/20 17:26:50 | 30,240,653 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm

[2008/11/20 17:26:50 | 00,042,274 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg

[2008/11/20 17:20:55 | 00,008,736 | ---- | M] () -- C:\WINNT\System32\nvModes.001

[2008/11/20 17:20:40 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT

[2008/11/17 22:16:09 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Steve Xxxxxx\Start

Menu\Programs\Startup\Shortcut to Screen shots of updates available_20081111.rtf.lnk

[2008/11/17 19:14:05 | 00,001,429 | ---- | M] () -- C:\WINNT\imsins.BAK

[2008/11/14 21:41:23 | 00,201,728 | ---- | M] () -- C:\Documents and Settings\Steve Xxxxxx\My

Documents\sunnysidechristmas08.pub

[2008/11/12 22:54:34 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\Steve Xxxxxx\Desktop\Shortcut to Screen

shots of updates available_20081111.rtf.lnk

[2008/11/12 22:52:04 | 00,230,392 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT

[2008/11/12 21:50:45 | 00,000,769 | ---- | M] () -- C:\WINNT\win.ini

[2008/11/12 21:48:46 | 00,429,230 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI

[2008/11/12 21:48:46 | 00,385,894 | ---- | M] () -- C:\WINNT\System32\perfh009.dat

[2008/11/12 21:48:46 | 00,057,488 | ---- | M] () -- C:\WINNT\System32\perfc009.dat

[2008/11/08 21:11:21 | 00,000,770 | ---- | M] () -- C:\Documents and Settings\Steve Xxxxxx\Desktop\Revo Uninstaller.lnk

[2008/11/08 19:40:37 | 00,000,000 | ---- | M] () -- C:\WINNT\nsreg.dat

[2008/11/08 19:40:20 | 00,001,491 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Mozilla Firefox.lnk

[2008/11/08 19:15:47 | 00,334,743 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\miniavi.avg

[2008/11/04 21:17:27 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\EOS Utility.lnk

[2008/11/04 21:16:55 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\ZoomBrowser EX.lnk

[2008/11/04 21:15:06 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Application

Data\QTSBandwidthCache

[2008/11/03 16:10:26 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MRT.exe

[2008/10/29 23:44:02 | 01,371,612 | -H-- | M] () -- C:\WINNT\ShellIconCache

[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys

[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

< End of report >

[JohnDavid]

And finally, the OTListIT Extras file:

(thanks for your help)

OTListIt Extras logfile created on: 11/20/2008 6:57:44 PM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Software to

Install\Malwarebytes-related

Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type =

NTWorkstation

Internet Explorer (Version = 6.0.2800.1106)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.46 Mb Total Physical Memory | 323.31 Mb Available Physical Memory | 63.21% Memory

free

1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.99% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 39.76 Gb Free Space | 53.34% Space Free | Partition

Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STEVE-LAPTOP

Current User Name: Steve Xxxxx

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPo

licy\StandardProfile

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP

olicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP

olicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Wireless-G Notebook Adapter

"{492724FC-3B26-46B4-824F-3CE2722D9AA0}" = Apple Software Update

"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic

"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business

"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client

"{A44413DC-17D5-4F0B-A128-8B590B20323C}" = Windows Messenger 5.1

"{ABCE1C63-56ED-41FF-BEAF-57321F70DC49}" = iTunes

"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{E434580A-2D4A-4433-A81E-4BCAE86AD148}" = palmOne

"{EEBC43D5-C84E-401D-84BC-D7DF882ED00D}" = Canon Camera TWAIN Driver

"{FE90E9E7-A158-4687-8853-DF677A939A61}" = WIDCOMM Bluetooth Software

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"ArcSoft Camera Suite" = ArcSoft Camera Suite

"AVG8Uninstall" = AVG Free 8.0

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CANONBJ_Deinstall_CNMCP36.DLL" = Canon S500

"CSCLIB" = Canon Camera Support Core Library

"EOS Utility" = Canon Utilities EOS Utility

"EsetOnlineScanner" = ESET Online Scanner

"HijackThis" = HijackThis 2.0.2

"InstallShield_{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client

"InstallShield_{EEBC43D5-C84E-401D-84BC-D7DF882ED00D}" = Canon Camera TWAIN Driver 6.6

"InterVideo WinDVD" = InterVideo WinDVD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)

"MyCamera" = Canon Utilities MyCamera

"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers

"Nvidia Demo Suite" = Nvidia Demo Suite

"PC Magazine StartupCop Pro_is1" = PC Magazine StartupCop Pro

"PhotoRecord" = Canon PhotoRecord

"PhotoStitch" = Canon Utilities PhotoStitch

"Q828026" = Windows Media Player Hotfix [see Q828026 for more information]

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RemoteCaptureDC" = Canon Utilities RemoteCapture DC

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"Revo Uninstaller" = Revo Uninstaller 1.75

"Smart Defrag_is1" = Smart Defrag 1.02

"SynTPDeinstKey" = Synaptics TouchPad

"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4

"VMidi" = vanBasco's Karaoke Player

"WinZip" = WinZip

"WMP7" = Windows Media Player system update (9 Series)

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\PE_C_ADMINISTRATOR\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/26/2008 7:52:39 PM | Computer Name = STEVE-LAPTOP | Source = MsiInstaller |

ID = 11706

Description = Product: Microsoft Office XP Small Business -- Error 1706. Setup cannot

find the required files. Check your connection to the network, or CD-ROM drive.

For other potential solutions to this problem, see C:\Program Files\Microsoft

Office\Office10\1033\SETUP.HLP.

[ System Events ]

Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID =

262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID =

262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID =

262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID =

262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID =

262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID =

262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID =

262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID =

262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2008 8:30:56 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID =

262151

Description = The device, \Device\CdRom0, has a bad block.

Error - 5/19/2008 8:32:54 PM | Computer Name = STEVE-LAPTOP | Source = Cdrom | ID =

262151

Description = The device, \Device\CdRom0, has a bad block.

< End of report >

[AdvancedSetup]

Thanks for posting John. I may not have time to get to this for a day or so but I'll try. Someone else may have time though and provide you with feedback before then. If I've not replied back to you within 24 hours or so please send me a Private Message as a reminder.

Thanks.

[JohnDavid]

Will wait patiently for you to review the logs.

And here is an update: attempted, again, to run ESET Online scan and this time it ran successfully. Found 1 threat, which it deleted:

Wind32/Toobar.MyWebSearch applicatiion.

Thanks for your help.

[JohnDavid]

Well, I seem to be writing a novel here, in extremely short chapters; another update:

Remember that the original problem was that MBAM would stall early in a quick scan IF settings included "Always scan memory objects".

I just booted into Safe Mode and ran the quick scan successfully, even though memory objects were being scanned.

Absolutely no problems were found.

But if someone wants to take a look at the logs I've posted, I'd still like to understand why the scan can only be done in Safe Mode.

No rush.

Thanks.

[JeanInMontana]

Please boot to normal mode. Update MBAM, run a quick scan, post that log and a new HJT log.

[JohnDavid]

Okay, JeaninMontana,

Have followed your request as best I could.

Booted to normal mode,

updated MBAM,

attempted quick scan (with all options selected) -- but the problem continues to be that MBAM becomes a non-responder when 'scan memory objects' is selected; have to force MBAM closed; consequently, it does not produce a log under these circumstances.

Below is a new HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:22:00 PM, on 11/22/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Adeona\cygrunsrv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Adeona\adeona-client.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\Msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\WINNT\System32\SCardSvr.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Startup: Shortcut to Screen shots of updates available_20081111.rtf.lnk = C:\Technical info\Windows updates\Screen shots of updates available_20081111.rtf

O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201410186358

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201412384897

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AdeonaClientService - Unknown owner - C:\Program Files\Adeona\cygrunsrv.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

--

End of file - 7074 bytes

[JeanInMontana]

Open MBAM, go to Settings, uncheck scan memory processes. Run the quick scan post the log and a new HJT log please.

[JohnDavid]

JeanInMontana,

the additional info you requested is in this post.

MBAM log:

Malwarebytes' Anti-Malware 1.30

Database version: 1416

Windows 5.0.2195 Service Pack 4

11/25/2008 6:28:14 PM

mbam-log-2008-11-25 (18-28-14).txt

Scan type: Quick Scan

Objects scanned: 57730

Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

end MBAM log end

------------------------------------

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:35:01 PM, on 11/25/2008

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Adeona\cygrunsrv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Adeona\adeona-client.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\Msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe

C:\WINNT\System32\SCardSvr.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

O4 - Startup: Shortcut to Screen shots of updates available_20081111.rtf.lnk = C:\Technical info\Windows updates\Screen shots of updates available_20081111.rtf

O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201410186358

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201412384897

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AdeonaClientService - Unknown owner - C:\Program Files\Adeona\cygrunsrv.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

--

End of file - 7071 bytes

[Raid]

If you temporarily disable AVG v8, will MBAM complete a scan then?

Please try this and let me know how it works out.

[JohnDavid]

Thanks for your response.

Had already tried what you suggested.

First disabled AVG's Resident Shield; started MBAM, which became unresponsive, as usual.

Then went back and also disabled AVG's Link Scanner and even the Update Manager; started MBAM; it froze again.

Thanks.

[Raid]

Thanks for your response.

Had already tried what you suggested.

First disabled AVG's Resident Shield; started MBAM, which became unresponsive, as usual.

Then went back and also disabled AVG's Link Scanner and even the Update Manager; started MBAM; it froze again.

Thanks.

Would you mind temporarily disabling the Adeona program and see if MBAM still locks up on you. You have a few resident programs, and you reported this lockup occurs with memory scan on?

[JohnDavid]

Okay, did what you suggested: disabled Adeona; started MBAM quick scan with memory objects selected. MBAM still froze within 10 secs and had to be closed with Task Mgr.

Details of how this test was run:

> booted normally.

> forced closed the one Adeona-related exe using Task Mgr.

> set the one Adeona-related service to Disabled.

> ran HiJackThis and confirmed that nothing related to Adeona was running or in memory.

> attempted to run MBAM; it froze.

Thanks for your help.

[Raid]

Not a problem John. Let's see if we can't figure out what the problem is.

Try doing a quick scan in safe mode, with memory scan turned on. I want to know if it completes the scan.

[JohnDavid]

Already done (please see my post of Nov 20).

In Safe Mode, MBAM does complete successfully, even with 'memory objects' selected.

We may be beating that dead horse in this endeavor. Although I'd like to know why the scan won't complete in normal mode and would like to avoid the inconvenience of having to boot to Safe Mode for a completed scan, maybe it's not worth the effort.

I'm still willing to pursue it -- somewhat obsessive -- but I'll leave it to you. If you're willing to continue, let's do so. And if we're close enough, then we can call it a day.

Thanks for your assistance.

JohnDavid

[Raid]

Already done (please see my post of Nov 20).

In Safe Mode, MBAM does complete successfully, even with 'memory objects' selected.

We may be beating that dead horse in this endeavor. Although I'd like to know why the scan won't complete in normal mode and would like to avoid the inconvenience of having to boot to Safe Mode for a completed scan, maybe it's not worth the effort.

I'm still willing to pursue it -- somewhat obsessive -- but I'll leave it to you. If you're willing to continue, let's do so. And if we're close enough, then we can call it a day.

Thanks for your assistance.

JohnDavid

It only tells me that something else running resident doesn't get along too well with MBAM.

We can try disabling all 3rd party apps until we possibly find the culprit, but I suspect even if we do, as your os is win2k; its unlikely to find later drivers which may correct the issue.

[JohnDavid]

Don't think any further effort is worth it given that I can get a completed MBAM run in Safe Mode. Close enough.

Thanks for your help.

Take care.

jd

It only tells me that something else running resident doesn't get along too well with MBAM.

We can try disabling all 3rd party apps until we possibly find the culprit, but I suspect even if we do, as your os is win2k; its unlikely to find later drivers which may correct the issue.