Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Computer shuts down running scans

  1. #11
    Member
    Join Date
    Apr 2008
    Posts
    82

    Default

    To be exact I have not used SmithFF recently... About a year ago Blade81 worked me though some fixes for Smithfraud but nothing since then.

  2. #12
    Member
    Join Date
    Apr 2008
    Posts
    82

    Default

    Sorry, unexpectedly out of town longer than planned hope to get the additional logs by Thursday or Friday.

    regards,

    BPB

  3. #13
    Member
    Join Date
    Apr 2008
    Posts
    82

    Default

    OTListIt logfile created on: 3/12/2009 8:36:15 PM - Run 1
    OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\Ed\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 72.62 Gb Free Space | 64.97% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOLCOMBE-A6F059
    Current User Name: Ed
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Output = Minimal
    File Age = 30 Days
    Company Name Whitelist: On

    ========== Processes (SafeList) ==========

    PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
    PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
    PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
    PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
    PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
    PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\WINDOWS\system32\BRMFRSMG.EXE (Brother Industries, Ltd.)
    PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    PRC - C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe ()
    PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Common Files\VideoMate\ComproRemote.exe (Compro Technology, Inc.)
    PRC - C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe (Compro Technology, Inc.)
    PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
    PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    PRC - C:\Documents and Settings\Ed\Desktop\OTListIt2.exe (OldTimer Tools)

    ========== Win32 Services (SafeList) ==========

    SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
    SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
    SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
    SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
    SRV - (gusvc [Auto | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
    SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
    SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
    SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
    SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (ATIAVAIW [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\atinavt2.sys (ATI Technologies Inc.)
    DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (BIOS [System | Running]) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
    DRV - (brfilt [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Brfilt.sys (Brother Industries Ltd.)
    DRV - (BrSerWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbScn [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\BrUsbScn.sys (Brother Industries Ltd.)
    DRV - (Cap7134 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Cap7134.sys (Compro Technology, Inc.)
    DRV - (CSRBC01 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\CSRBC01.sys (CSR)
    DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (HidBatt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
    DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (JEPPDRIVE [Auto | Stopped]) -- C:\WINDOWS\System32\Drivers\JeppD.sys (Smart Modular (MA))
    DRV - (KLIF [System | Running]) -- C:\WINDOWS\system32\DRIVERS\klif.sys (Kaspersky Lab)
    DRV - (mf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mf.sys (Microsoft Corporation)
    DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
    DRV - (n558 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\n558.sys ()
    DRV - (NCHSSVAD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
    DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
    DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
    DRV - (VMHybrid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VMHybrid.sys (Compro Technology, Inc.)
    DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Zone Labs, LLC)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> %ProgramFiles%\REAL\REALPLAYER\BROWSERRECORD [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2008/05/05 19:46:55 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/03/06 05:57:26 00,000,000 | ---D | M]

    O1 HOSTS File: (290629 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 10034 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
    O4 - HKLM..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
    O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
    O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
    O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
    O4 - HKCU..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ComproRemote.lnk = C:\Program Files\Common Files\VideoMate\ComproRemote.exe (Compro Technology, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe (Compro Technology, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Ed\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\Ed\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (palmOne/Leader Technologies)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: aopa.org ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: repair-spyware.com ([spyware] http in Local intranet)
    O15 - HKCU\..Trusted Domains: time-windows.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english...an_unicode.cab (CKAVWebScan Object)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1208484971250 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://pcpitstop.com/mhLbl.cab (mhLabel Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_12)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_12)
    O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
    O33 - MountPoints2\{f2aaaf7c-da3c-11dc-8832-00e04cde1641}\Shell - "" = AutoRun
    O33 - MountPoints2\{f2aaaf7c-da3c-11dc-8832-00e04cde1641}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f2aaaf7c-da3c-11dc-8832-00e04cde1641}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/03/12 20:35:13 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTListIt2.exe
    [2009/03/05 20:15:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2009/03/05 20:14:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Local Settings\Application Data\Downloaded Installations
    [2009/03/05 09:05:59 | 00,001,898 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\CFP_3_File_Registry_Cleaner.zip
    [2009/03/05 09:01:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
    [2009/03/04 22:02:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ed\Application Data\Malwarebytes
    [2009/03/04 22:02:36 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/03/04 22:02:36 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/03/04 22:02:34 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/03/04 22:02:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/03/04 22:02:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/03/04 22:00:04 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ed\Desktop\mbam-setup.exe
    [2009/03/02 19:51:34 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\RSIT.exe
    [2009/03/02 19:35:16 | 00,000,000 | ---D | C] -- C:\rsit
    [2009/02/27 19:58:55 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\HijackThis.lnk
    [2009/02/27 19:58:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/02/27 19:58:25 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ed\Desktop\HJTInstall.exe
    [2009/02/27 19:31:06 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Ed\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2009/02/27 19:30:57 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\NTREGOPT.lnk
    [2009/02/27 19:30:55 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Ed\Desktop\ERUNT.lnk
    [2009/02/27 19:30:51 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2009/02/26 07:08:50 | 34,891,89888 | -HS- | C] () -- C:\hiberfil.sys
    [2009/02/19 19:15:05 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ed\Desktop\spybotsd162.exe
    [2009/02/17 10:40:59 | 00,043,852 | ---- | C] () -- C:\Documents and Settings\Ed\My Documents\MU2 Icing tests.pdf

    ========== Files - Modified Within 30 Days ==========

    [1 C:\WINDOWS\System32\*.tmp files]
    [5 C:\WINDOWS\*.tmp files]
    [2009/03/12 20:35:20 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ed\Desktop\OTListIt2.exe
    [2009/03/12 09:38:22 | 34,005,013 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2009/03/12 09:38:22 | 00,033,747 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
    [2009/03/12 08:37:27 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\Ed\Start Menu\Programs\Startup\palmOne Registration.lnk
    [2009/03/12 08:36:25 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/03/12 08:36:15 | 00,002,651 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
    [2009/03/12 08:35:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/03/12 08:35:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/03/12 08:35:29 | 34,891,89888 | -HS- | M] () -- C:\hiberfil.sys
    [2009/03/11 23:34:06 | 39,198,752 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2009/03/11 23:34:06 | 00,459,116 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2009/03/11 17:07:54 | 00,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/03/11 01:44:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/03/08 17:00:21 | 00,441,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/03/08 17:00:21 | 00,071,308 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/03/08 17:00:20 | 00,522,706 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/03/05 09:05:59 | 00,001,898 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\CFP_3_File_Registry_Cleaner.zip
    [2009/03/04 22:02:36 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/03/04 22:00:12 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ed\Desktop\mbam-setup.exe
    [2009/03/03 12:58:14 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2009/03/02 19:51:38 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\RSIT.exe
    [2009/02/27 19:58:55 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\HijackThis.lnk
    [2009/02/27 19:58:26 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ed\Desktop\HJTInstall.exe
    [2009/02/27 19:31:06 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Ed\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2009/02/27 19:30:57 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\NTREGOPT.lnk
    [2009/02/27 19:30:55 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\ERUNT.lnk
    [2009/02/25 22:28:37 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\Ed\Desktop\230 Crunk Road.xls
    [2009/02/24 07:16:20 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2009/02/24 07:16:20 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2009/02/24 07:16:20 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2009/02/22 11:34:06 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
    [2009/02/19 19:15:53 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ed\Desktop\spybotsd162.exe
    [2009/02/17 10:40:59 | 00,043,852 | ---- | M] () -- C:\Documents and Settings\Ed\My Documents\MU2 Icing tests.pdf
    [2009/02/11 11:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/02/11 11:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
    @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Ed\My Documents\Thumbs.db:encryptable
    @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Ed\Desktop\Thumbs.db:encryptable
    < End of report >

  4. #14
    Member
    Join Date
    Apr 2008
    Posts
    82

    Default

    OTListIt Extras logfile created on: 3/12/2009 8:36:15 PM - Run 1
    OTListIt2 by OldTimer - Version 2.0.3.5 Folder = C:\Documents and Settings\Ed\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 72.62 Gb Free Space | 64.97% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOLCOMBE-A6F059
    Current User Name: Ed
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Output = Minimal
    File Age = 30 Days
    Company Name Whitelist: On

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger File not found
    C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
    C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger File not found
    C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) File not found
    C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11
    "{0E46D01D-8691-4FB6-972F-4C44EFD46B82}" = Aircraft Bluebook
    "{12346CA2-3799-4C06-90BC-A4AF242F439B}" = ComproDTV 3
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
    "{2809AFFB-F3CD-4879-B3B7-A3414C9EA142}" = DeLorme Street Atlas USA 2006
    "{2B0DF49C-FC06-4B2B-934A-92E2DCE20C4C}" = Jeppesen Services
    "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
    "{2C0C658D-6239-4844-A873-A32F7E3840D2}" = Street Atlas USA 2006
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{38C05AAD-971E-4665-99EC-37796DCF5730}" = DeLorme Street Atlas USA 2006 Data
    "{5BCB8AF9-C74D-42CA-B194-705B083DF242}" = Logbook Pro for Windows
    "{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
    "{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E}" = ScanSoft PDF Create! 4
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (Combo)
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{9EA404D2-5A5E-4A44-94E3-B8B148F7BCBC}" = ComproFM 2
    "{A8CDE964-E54B-4661-A44F-4286097DBB37}" = Street Atlas USA 2006
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D96A2309-4420-4BB6-AE4B-9873AA7C070F}" = Street Atlas USA 2006
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
    "{FFED7B1D-2F65-46DC-8CA6-44E16159EB90}" = Street Atlas USA 2006
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Avantext TechPubs Manager" = Avantext TechPubs Manager
    "AVG8Uninstall" = AVG Free 8.0
    "Debut" = Debut
    "EmailStripper_is1" = EmailStripper 2.2
    "ERUNT_is1" = ERUNT 1.1j
    "ExpressBurn" = Express Burn
    "Google Updater" = Google Updater
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{5BCB8AF9-C74D-42CA-B194-705B083DF242}" = Logbook Pro for Windows
    "Kaspersky Online Scanner" = Kaspersky Online Scanner
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "OnlineBible" = Online Bible 10.10.09
    "Professor Teaches Excel 2002" = Professor Teaches Excel 2002
    "Professor Teaches Windows XP Professional" = Professor Teaches Windows XP Professional
    "Professor Teaches Word 2002" = Professor Teaches Word 2002
    "RealPlayer 6.0" = RealPlayer
    "SoundTap" = SoundTap Uninstall
    "SpywareBlaster_is1" = SpywareBlaster 4.1
    "Switch" = Switch Sound File Converter
    "Tech Office Program Selector" = Office Program Selector 2.0
    "WavePad" = WavePad Sound Editor
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "ZoneAlarm" = ZoneAlarm

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "OnlineBible" = Online Bible 10.10.09
    "RadarLab HD" = RadarLab HD

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/25/2009 2:24:01 PM | Computer Name = HOLCOMBE-A6F059 | Source = Application Hang | ID = 1002
    Description = Hanging application PaprPort.exe, version 11.1.0.300, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2/25/2009 2:59:15 PM | Computer Name = HOLCOMBE-A6F059 | Source = Application Hang | ID = 1002
    Description = Hanging application PaprPort.exe, version 11.1.0.300, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2/25/2009 9:05:20 PM | Computer Name = HOLCOMBE-A6F059 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 2/25/2009 9:05:20 PM | Computer Name = HOLCOMBE-A6F059 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The specified server cannot perform the requested operation.

    Error - 2/27/2009 7:38:17 AM | Computer Name = HOLCOMBE-A6F059 | Source = Spybot - Search & Destroy | ID = 0
    Description =

    Error - 3/5/2009 9:45:19 AM | Computer Name = HOLCOMBE-A6F059 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 3/5/2009 9:45:20 AM | Computer Name = HOLCOMBE-A6F059 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 3/5/2009 10:00:24 AM | Computer Name = HOLCOMBE-A6F059 | Source = MsiInstaller | ID = 11316
    Description = Product: Windows Live Sign-in Assistant -- Error 1316. A network error
    occurred while attempting to read from the file: C:\WINDOWS\TEMP\IXP000.TMP\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi

    Error - 3/5/2009 9:21:04 PM | Computer Name = HOLCOMBE-A6F059 | Source = Application Hang | ID = 1002
    Description = Hanging application DriversHQ.DriverDetective.Client.exe, version
    6.4.0.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 3/8/2009 6:32:27 PM | Computer Name = HOLCOMBE-A6F059 | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
    module unknown, version 0.0.0.0, fault address 0x62160b50.

    [ System Events ]
    Error - 3/9/2009 5:45:19 AM | Computer Name = HOLCOMBE-A6F059 | Source = Service Control Manager | ID = 7000
    Description = The Smart Modular JeppDrive USB Driver service failed to start due
    to the following error: %%1058

    Error - 3/9/2009 5:45:19 AM | Computer Name = HOLCOMBE-A6F059 | Source = Service Control Manager | ID = 7000
    Description = The CMS PortIO Service service failed to start due to the following
    error: %%2

    Error - 3/9/2009 7:07:36 AM | Computer Name = HOLCOMBE-A6F059 | Source = Service Control Manager | ID = 7000
    Description = The Smart Modular JeppDrive USB Driver service failed to start due
    to the following error: %%1058

    Error - 3/9/2009 7:07:36 AM | Computer Name = HOLCOMBE-A6F059 | Source = Service Control Manager | ID = 7000
    Description = The CMS PortIO Service service failed to start due to the following
    error: %%2

    Error - 3/9/2009 6:00:46 PM | Computer Name = HOLCOMBE-A6F059 | Source = Service Control Manager | ID = 7000
    Description = The Smart Modular JeppDrive USB Driver service failed to start due
    to the following error: %%1058

    Error - 3/9/2009 6:00:46 PM | Computer Name = HOLCOMBE-A6F059 | Source = Service Control Manager | ID = 7000
    Description = The CMS PortIO Service service failed to start due to the following
    error: %%2

    Error - 3/11/2009 6:08:40 PM | Computer Name = HOLCOMBE-A6F059 | Source = Service Control Manager | ID = 7000
    Description = The Smart Modular JeppDrive USB Driver service failed to start due
    to the following error: %%1058

    Error - 3/11/2009 6:08:40 PM | Computer Name = HOLCOMBE-A6F059 | Source = Service Control Manager | ID = 7000
    Description = The CMS PortIO Service service failed to start due to the following
    error: %%2

    Error - 3/12/2009 9:36:13 AM | Computer Name = HOLCOMBE-A6F059 | Source = Service Control Manager | ID = 7000
    Description = The Smart Modular JeppDrive USB Driver service failed to start due
    to the following error: %%1058

    Error - 3/12/2009 9:36:13 AM | Computer Name = HOLCOMBE-A6F059 | Source = Service Control Manager | ID = 7000
    Description = The CMS PortIO Service service failed to start due to the following
    error: %%2


    < End of report >

  5. #15
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi bluefishbeagle

    Logs look good, what kind of problems you have

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  6. #16
    Member
    Join Date
    Apr 2008
    Posts
    82

    Default

    Only thing now is that IE is slow accessing internet when you open a second, third, or fourth window. In the above cases it takes forever to down load the site and sometimes it will seems to hang. Closing IE and starting over seems to solve the problem for a while... but not always.

    regards

  7. #17
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi bluefishbeagle

    There is no malware that would be causing your problem.May be software,windows problem.
    Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.
    http://www.techsupportforum.com/
    http://www.bleepingcomputer.com/forums/
    http://forums.whatthetech.com/forums.html
    http://forums.pcpitstop.com/

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  8. #18
    Member
    Join Date
    Apr 2008
    Posts
    82

    Default

    IE intermittently slow loading pages, will hang for minutes and sometimes not load page at all. Other than that OK.

    thanks

    BFB

  9. #19
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

    Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •