Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I've tried everything in MY knowledge

Started by roosterwes , Nov 29 2010 12:39 PM

  • Please log in to reply

#1
roosterwes
Posted 29 November 2010 - 12:39 PM

roosterwes

    New Member

  • Member
  • Pip
  • 2 posts
My problem is I get a blue screen. It is mainly at startup but can be after the computer is running awhile, or when trying to install the Avast cd that came with my subscription. When the virus scan gets to a certain file, it blue screens. (That's my guess). The only way I can get in to the computer is if I F12 and choose IDE. This is an older IBM laptop Thinkpad T41 that my mother uses. I love it. It's great for lying in bed surfing the internet. Please Help! Here are the error code that the Microsoft report gives me. I am not fast enough to get the blue screen data,but I think it usually says, "greater than_but not equal".

BCCode:1000000a BCP1:F7C886E0 BCP2:00000002 BCP3:00000001 BCP4:804D9BBA OSver:5_1_2600 Product:256_1

Microsoft error reporting sends these file locations:

1) c:\DOCUME~1\jim\Locals~1\TEMP\WER3c22.dir00\mini112410-01.dmp (the .dmp # values change each time)
2) c:\DOCUME~1\jim\Locals~1\TEMP\WER3c22.dir00\sysdata.xml

OTL logfile created on: 11/29/2010 11:43:25 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 518.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.20 Gb Free Space | 62.28% Space Free | Partition Type: NTFS

Computer Name: JIMNB | User Name: JIM | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/29 11:42:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
PRC - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/10/08 15:03:32 | 000,882,304 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\SystemSuite\MXTask.exe
PRC - [2010/08/20 20:20:02 | 000,328,704 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\Avanquest\SystemSuite\AVQWinMonEngine.exe
PRC - [2010/08/20 07:51:34 | 000,042,848 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\SystemSuite\MXTask2.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/02/22 13:29:56 | 001,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2009/12/11 16:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/11/20 15:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003/11/06 16:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/29 11:42:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/19 19:15:04 | 000,009,728 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\SystemSuite\WinHook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/10/12 11:08:06 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/10/08 15:03:32 | 000,882,304 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files\Avanquest\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)
SRV - [2010/08/20 20:20:02 | 000,328,704 | ---- | M] (Avanquest Publishing USA, Inc.) [Auto | Running] -- C:\Program Files\Avanquest\SystemSuite\AVQWinMonEngine.exe -- (AvanquestWindowsMonitorService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/22 13:29:56 | 001,012,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/12/11 16:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\seqewnf.sys -- (pdxu)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CSVirtA.sys -- (CSVirtA)
DRV - [2010/08/20 07:53:24 | 000,026,920 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Running] -- C:\Program Files\Avanquest\SystemSuite\TFilter.sys -- (TFilter)
DRV - [2010/08/20 07:53:16 | 000,061,912 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Running] -- C:\Program Files\Avanquest\SystemSuite\KFilter.sys -- (KFilter)
DRV - [2010/04/23 00:17:40 | 000,244,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/12/11 16:52:52 | 000,074,088 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
DRV - [2009/10/13 08:22:50 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/08/10 19:06:28 | 000,069,936 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2009/07/15 08:17:58 | 000,203,056 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2009/05/13 16:30:46 | 000,013,360 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2008/04/13 12:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2007/06/01 02:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2005/05/25 22:59:12 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/10 17:47:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/10 17:46:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 17:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/02/10 12:12:34 | 002,479,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2003/06/27 09:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/02/11 14:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 14:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\Avanquest\SystemSuite\Firefox [2010/11/27 15:47:46 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/11/19 22:38:25 | 000,425,913 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14674 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Avanquest Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\avgssie.dll (AVG Exploit Prevention Labs, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DataVault Object) - {8373ADC0-6330-11DD-9D77-22C856D89593} - C:\Program Files\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll (Avanquest Software)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1123265432933 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1279094376086 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.cnm.com
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/05 11:36:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{28d46fd1-9836-11de-aaff-000cf124aff2}\Shell - "" = AutoRun
O33 - MountPoints2\{28d46fd1-9836-11de-aaff-000cf124aff2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28d46fd1-9836-11de-aaff-000cf124aff2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{33335023-12d4-11dd-a8eb-000cf124aff2}\Shell\AutoRun\command - "" = E:\wdsync.exe -- File not found
O33 - MountPoints2\{7582cbc8-bd25-11dc-a8c6-000cf124aff2}\Shell\AutoRun\command - "" = E:\LinksysConnectPC.exe -- File not found
O33 - MountPoints2\{852fef84-5d48-11dc-a89e-000cf124aff2}\Shell - "" = AutoRun
O33 - MountPoints2\{852fef84-5d48-11dc-a89e-000cf124aff2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{852fef84-5d48-11dc-a89e-000cf124aff2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d315ee51-3298-11dd-a8f7-000cf124aff2}\Shell - "" = AutoRun
O33 - MountPoints2\{d315ee51-3298-11dd-a8f7-000cf124aff2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d315ee51-3298-11dd-a8f7-000cf124aff2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/29 11:42:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2010/11/27 19:30:58 | 000,000,000 | ---D | C] -- C:\7096409b6fc4b3a704
[2010/11/27 19:30:46 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/27 19:30:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/11/27 19:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/27 19:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/27 15:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\patch
[2010/11/27 15:20:27 | 000,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2010/11/27 15:20:26 | 000,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2010/11/27 15:19:20 | 000,203,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2010/11/27 15:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Avanquest Software
[2010/11/27 15:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2010/11/27 15:12:57 | 000,000,000 | RHSD | C] -- C:\_Backup.RC
[2010/11/27 15:12:47 | 000,000,000 | -H-D | C] -- C:\_Backup
[2010/11/27 15:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\Avanquest
[2010/11/27 15:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AntiVirus
[2010/11/27 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest
[2010/11/27 15:01:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/27 09:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\Malwarebytes
[2010/11/27 09:32:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/27 09:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/27 09:32:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/27 09:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/27 08:49:10 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/11/25 20:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Local Settings\Application Data\Innovative Solutions
[2010/11/25 20:09:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\AdvUninstal
[2010/11/25 20:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2010/11/25 20:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/11/25 18:12:47 | 018,914,120 | ---- | C] (iolo technologies, LLC ) -- C:\Documents and Settings\jim\Desktop\SystemMechanic.exe
[2010/11/25 18:12:41 | 000,000,000 | ---D | C] -- C:\iolo
[2010/11/25 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/11/24 19:28:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jim\Recent
[2010/11/19 23:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2010/11/19 17:17:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jim\IECompatCache
[2010/11/19 17:15:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jim\PrivacIE
[2010/11/19 11:54:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jim\IETldCache
[2010/11/18 23:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/11/18 23:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/11/18 23:39:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/18 23:36:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/18 23:26:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/11/18 22:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/11/18 22:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/11/18 22:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\iolo
[2010/11/18 22:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/29 11:45:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{53E6BE73-079D-43D8-9A34-46742D7DF513}.job
[2010/11/29 11:42:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2010/11/29 11:28:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/29 11:26:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/27 09:32:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/27 09:27:11 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/11/25 20:09:06 | 000,002,085 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\Advanced Uninstaller Free.lnk
[2010/11/24 19:27:54 | 000,019,172 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\cc_20101124_192745.reg
[2010/11/19 22:38:25 | 000,425,913 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/19 22:37:52 | 000,425,913 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101119-223825.backup
[2010/11/19 21:50:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/19 20:30:58 | 000,000,386 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/11/19 13:39:39 | 000,527,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/19 13:39:39 | 000,096,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/19 11:55:16 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/18 23:41:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/11/18 23:41:18 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/11/18 22:48:43 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/11/18 22:07:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/27 15:14:40 | 000,035,008 | ---- | C] () -- C:\WINDOWS\System32\mxntdfg.exe
[2010/11/27 09:32:39 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/25 20:09:06 | 000,002,085 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\Advanced Uninstaller Free.lnk
[2010/11/24 19:27:52 | 000,019,172 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\cc_20101124_192745.reg
[2010/11/19 21:50:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/19 17:16:58 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{53E6BE73-079D-43D8-9A34-46742D7DF513}.job
[2010/11/18 23:41:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/11/18 23:41:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/11/18 22:55:28 | 000,000,386 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/11/18 22:48:43 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/18 16:44:45 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/01/13 16:45:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/20 08:33:55 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/15 15:43:28 | 000,030,387 | ---- | C] () -- C:\WINDOWS\avwin.ini
[2007/06/15 15:29:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/06/15 09:58:05 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\ina32.ini
[2005/08/11 11:45:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/10 14:16:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/05 13:31:34 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2005/08/05 04:23:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/06/24 15:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

========== LOP Check ==========

[2010/11/27 19:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/01/14 11:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/11/29 11:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2007/07/16 14:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2010/11/25 20:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/11/29 11:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/05/17 18:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/09/07 17:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010/11/19 12:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/19 12:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/10 08:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visioneer
[2010/07/13 21:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/01/14 11:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Autodesk
[2010/11/27 15:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Avanquest
[2008/08/04 12:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Cisco
[2007/07/16 14:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\DassaultSystemes
[2007/08/18 14:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\InterVideo
[2010/11/20 08:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\iolo
[2008/08/07 09:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Leadertech
[2008/01/10 08:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\LinkManager 4.0
[2008/01/10 09:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\OneTouch 4.0
[2010/07/13 22:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\ScanSoft
[2008/07/27 19:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Smith Micro
[2008/12/15 15:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Uniblue
[2008/02/22 14:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\webex
[2010/07/14 02:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Windows Desktop Search
[2010/07/14 03:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Windows Search
[2010/11/29 11:45:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{53E6BE73-079D-43D8-9A34-46742D7DF513}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E60C72DB
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >
  • 0

Advertisements

#2
roosterwes
Posted 29 November 2010 - 12:53 PM

roosterwes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
EXTRAS

OTL Extras logfile created on: 11/29/2010 11:43:29 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 518.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.20 Gb Free Space | 62.28% Space Free | Partition Type: NTFS

Computer Name: JIMNB | User Name: JIM | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6A615007-721D-4063-B226-EA41EB6604B9}" = SystemSuite 11 Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"AU10F_is1" = Advanced Uninstaller Free - Version 10
"Blue Coat K9 Web Protection" = Blue Coat® K9 Web Protection 4.0.296
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2010 9:29:03 AM | Computer Name = JIMNB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/27/2010 9:29:22 AM | Computer Name = JIMNB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/27/2010 10:51:08 AM | Computer Name = JIMNB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/27/2010 10:51:11 AM | Computer Name = JIMNB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/27/2010 10:51:43 AM | Computer Name = JIMNB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/27/2010 1:57:33 PM | Computer Name = JIMNB | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\JIM\LOCAL SETTINGS\TEMP\IEXPLORE.MADEXCEPT>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 11/27/2010 4:04:19 PM | Computer Name = JIMNB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/27/2010 4:04:24 PM | Computer Name = JIMNB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/29/2010 1:27:28 PM | Computer Name = JIMNB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/29/2010 1:27:30 PM | Computer Name = JIMNB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ Cisco AnyConnect VPN Client Events ]
Error - 8/24/2008 11:56:00 PM | Computer Name = JIMNB | Source = vpnagent | ID = 50331649
Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:
.\Certificates\CapiCertificate.cpp Line: 1796 Description: A certificate chain processed,
but terminated in a root certificate which is not trusted by the trust provider.



Error - 8/24/2008 11:56:00 PM | Computer Name = JIMNB | Source = vpnagent | ID = 50331649
Description = Function: CCapiCertificate::Verify Return code: 0xFE220012 File: .\Certificates\CapiCertStore.cpp
Line:
515 Description: CERTIFICATE_ERROR_VERIFY_CHAIN_POLICY_FAILED_ASKUSER

Error - 8/24/2008 11:56:04 PM | Computer Name = JIMNB | Source = vpnui | ID = 50724865
Description = Function: ::LoadLibrary Return code: 126 File: .\Utility\Win\HModuleMgr.cpp
Line:
114 Description: The specified module could not be found.

Error - 9/24/2008 9:50:48 PM | Computer Name = JIMNB | Source = vpnui | ID = 50724865
Description = Function: ::LoadLibrary Return code: 126 File: .\Utility\Win\HModuleMgr.cpp
Line:
114 Description: The specified module could not be found.

Error - 9/24/2008 9:51:18 PM | Computer Name = JIMNB | Source = vpnagent | ID = 50331649
Description = Function: WSAGetOverlappedResult Return code: 10054 File: .\IPC\SocketTransport.cpp
Line:
1072 Description: An existing connection was forcibly closed by the remote host.



Error - 9/24/2008 9:51:18 PM | Computer Name = JIMNB | Source = vpnagent | ID = 50331649
Description = Function: WSARecv/WSARecvFrom Return code: 10054 File: .\IPC\SocketTransport.cpp
Line:
1073 Description: An existing connection was forcibly closed by the remote host.



Error - 9/24/2008 9:51:18 PM | Computer Name = JIMNB | Source = vpnagent | ID = 50331649
Description = Function: CSocketTransport::readSocket Return code: 0xFE1F000F File:
.\IPC\IPCTransport.cpp Line: 751 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE


Error - 9/24/2008 9:51:18 PM | Computer Name = JIMNB | Source = vpnagent | ID = 50331649
Description = Function: CIpcTransport::OnSocketReadComplete Return code: 0xFE1F000F
File:
.\IPC\IPCDepot.cpp Line: 787 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE


Error - 9/24/2008 9:51:18 PM | Computer Name = JIMNB | Source = vpnagent | ID = 50331649
Description = Function: WSASend Return code: 10054 File: .\IPC\SocketTransport.cpp
Line:
1333 Description: An existing connection was forcibly closed by the remote host.



Error - 9/24/2008 9:51:18 PM | Computer Name = JIMNB | Source = vpnagent | ID = 50331649
Description = Function: CSocketTransport::writeSocketBlocking Return code: 0xFE1F000B
File:
.\IPC\IPCTransport.cpp Line: 351 Description: SOCKETTRANSPORT_ERROR_WRITE

[ OSession Events ]
Error - 8/10/2008 8:56:58 PM | Computer Name = JIMNB | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 10/2/2008 8:34:37 AM | Computer Name = JIMNB | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 11/27/2010 9:33:48 PM | Computer Name = JIMNB | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/27/2010 9:33:50 PM | Computer Name = JIMNB | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SALMON_ARM due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 11/27/2010 9:33:50 PM | Computer Name = JIMNB | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/27/2010 9:48:52 PM | Computer Name = JIMNB | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2010 1:27:27 PM | Computer Name = JIMNB | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2010 1:27:27 PM | Computer Name = JIMNB | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SALMON_ARM due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 11/29/2010 1:27:28 PM | Computer Name = JIMNB | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2010 1:36:53 PM | Computer Name = JIMNB | Source = Service Control Manager | ID = 7034
Description = The ThinkPad PM Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/29/2010 1:37:03 PM | Computer Name = JIMNB | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 11/29/2010 1:42:30 PM | Computer Name = JIMNB | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.


< End of report >
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP