Malwarebytes is freezing up when run in normal mode

Malwarebytes freezes up when run in normal mode. It ran ok in Safe Mode. AVG 8.5 does not pick up anything. I have no reason to think I have a virus however I am concerned since Malwarebytes won't run properly. I ran HJT and here is the log.

----HJT Log----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:17 PM, on 1/17/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Administrator\Application Data\Memorex\ChangeIcon.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\Administrator\Application Data\NewTech Infosystems\NTI Shadow\Shadow.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ancestry.com/search/rectype/advanced.aspx
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - c:\winnt\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O5 "LPT1:" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe" Z
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Memorex Secure TD icon] C:\Documents and Settings\Administrator\Application Data\Memorex\ChangeIcon.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Network Drive Mapping Utility] "C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Shadow] C:\Documents and Settings\Administrator\Application Data\NewTech Infosystems\NTI Shadow\Shadow.exe --minimize
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187374215042
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

--
End of file - 6524 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Thank you for your assistance. I installed Malwarebytes (MBAM) and ran Quick Scan. The app "froze" 1min 7sec into the scan. After 10 minutes I used Task Manager to stop this application. Task Manager showed MBAM was "Not Responding." No MBAM log file was created. In case it matters the value for "Currently scanning:" was "[2796] C:\WINNT\system32\ntdll.dll"

Please advise on next steps, thanks.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Here are the results of the OTL program.

---OTL.txt---


OTL logfile created on: 1/19/2010 8:29:44 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 93.89 Gb Free Space | 73.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 74.53 Gb Total Space | 43.87 Gb Free Space | 58.87% Space Free | Partition Type: NTFS
Drive Y: | 465.29 Gb Total Space | 382.29 Gb Free Space | 82.16% Space Free | Partition Type: NTFS

Computer Name: H3M3S1
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/19 20:28:47 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/12/12 09:50:45 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/10/20 18:26:01 | 00,073,728 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Memorex\ChangeIcon.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/16 14:41:21 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/16 14:41:20 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/16 14:41:09 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/16 14:41:02 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/16 14:40:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/09/17 14:22:50 | 00,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2007/08/30 09:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/07/27 19:14:34 | 00,271,672 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/07/27 19:14:24 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/06/08 07:34:52 | 00,278,144 | ---- | M] () -- C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe
PRC - [2007/04/23 08:48:06 | 00,517,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Documents and Settings\Administrator\Application Data\NewTech Infosystems\NTI Shadow\Shadow.exe
PRC - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe
PRC - [2004/09/07 09:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2004/04/26 02:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINNT\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE
PRC - [2003/07/25 00:00:00 | 00,258,048 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
PRC - [2003/06/19 13:05:04 | 00,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 13:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
PRC - [2003/06/19 13:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2003/06/19 13:05:04 | 00,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe
PRC - [2003/06/19 13:05:04 | 00,014,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\inetsrv\inetinfo.exe
PRC - [2002/10/15 17:00:20 | 01,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINNT\mixer.exe
PRC - [1997/07/11 00:00:00 | 00,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/19 20:28:47 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2003/06/19 13:05:04 | 00,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2003/06/19 13:05:04 | 00,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
MOD - [1999/12/07 06:00:00 | 00,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Symantec Core LC)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/16 14:41:02 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/16 14:40:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2007/07/27 19:14:24 | 00,501,048 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/01/03 19:40:21 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/09/07 09:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/19 13:05:04 | 00,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 13:05:04 | 00,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 13:05:04 | 00,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 13:05:04 | 00,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 13:05:04 | 00,061,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)
SRV - [2003/06/19 13:05:04 | 00,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/06/19 13:05:04 | 00,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2003/06/19 13:05:04 | 00,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transport Protocol (SMTP)
SRV - [2003/06/19 13:05:04 | 00,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2003/06/19 13:05:04 | 00,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/16 14:41:21 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINNT\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/16 14:41:20 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/05/16 08:40:50 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/05/20 18:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/04/07 17:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/08/17 16:17:35 | 00,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/10/22 11:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/10/04 20:42:42 | 00,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 20:42:42 | 00,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdr4_2k.sys -- (Cdr4_2K)
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2005/04/07 16:18:34 | 00,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/07/09 01:58:10 | 00,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/06/19 13:05:04 | 00,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/19 13:05:04 | 00,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 13:05:04 | 00,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 13:05:04 | 00,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2003/06/19 13:05:04 | 00,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/06/19 13:05:04 | 00,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 13:05:04 | 00,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2003/06/19 13:05:04 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/06/19 13:05:04 | 00,009,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/06/19 13:05:04 | 00,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 13:05:04 | 00,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2002/11/18 14:51:40 | 00,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/04/02 15:30:16 | 00,033,024 | ---- | M] (Colorvision Inc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\cvspydr2.sys -- (cvspydr2)
DRV - [2001/02/23 10:12:10 | 00,035,013 | ---- | M] (Network Everywhere) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NC100A.sys -- (NC100) Network Everywhere Fast Ethernet Adapter(NC100 v2)
DRV - [2000/07/24 00:01:00 | 00,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\BrPar.sys -- (BrPar)
DRV - [1999/12/07 06:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [1999/12/07 06:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [1999/12/07 06:00:00 | 00,006,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [1999/10/26 15:30:50 | 00,035,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\msgame.sys -- (msgame)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ancestry.com/search/rectype/advanced.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/24 08:55:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 21:46:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/11 10:56:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.18\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008/12/14 16:55:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.18\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2007/08/18 07:27:19 | 00,000,000 | ---D | M]

[2008/12/16 19:34:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/01/18 20:31:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6mwdpdjg.default\extensions
[2009/11/02 08:03:55 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6mwdpdjg.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2008/05/18 18:28:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6mwdpdjg.default\extensions\chromeditplus@webdesigns.ms11.net
[2009/11/25 19:23:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6mwdpdjg.default\extensions\firefox@facebook.com
[2010/01/18 20:31:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/18 15:37:46 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2007/09/16 13:11:03 | 01,124,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll
[2007/05/11 16:41:00 | 00,200,704 | ---- | M] (Ancestry.com) -- C:\Program Files\Mozilla Firefox\plugins\npImgCtl.dll
[2007/07/27 19:14:18 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll

O1 HOSTS File: ([1999/12/07 06:00:00 | 00,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINNT\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Memorex Secure TD icon] C:\Documents and Settings\Administrator\Application Data\Memorex\ChangeIcon.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Network Drive Mapping Utility] C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Network Drive Mapping Utility] C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe ()
O4 - HKCU..\Run: [Shadow] C:\Documents and Settings\Administrator\Application Data\NewTech Infosystems\NTI Shadow\Shadow.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe (ColorVision Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINNT\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187374215042 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/17 11:53:08 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/19 20:28:22 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/17 21:10:50 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/17 15:30:34 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/01/17 15:30:31 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/01/17 15:30:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[3 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/19 20:39:26 | 02,666,496 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/19 20:28:47 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/19 19:51:52 | 48,053,597 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2010/01/19 19:51:52 | 00,142,495 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\microavi.avg
[2010/01/19 03:45:10 | 00,000,364 | ---- | M] () -- C:\WINNT\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/01/18 20:36:54 | 00,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2010/01/18 20:36:54 | 00,001,409 | ---- | M] () -- C:\WINNT\QTFont.for
[2010/01/17 21:10:53 | 00,001,590 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/01/17 20:55:41 | 00,088,566 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2010/01/17 20:51:58 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/01/17 20:51:45 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c4.dat
[2010/01/17 20:50:27 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/17 15:30:37 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/15 07:20:34 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat
[2010/01/13 03:00:41 | 00,001,391 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/01/12 20:29:08 | 00,001,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Text Twist.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,018,520 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/01/06 20:59:56 | 03,557,320 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\03OneBulletHunt.mp3
[2010/01/05 16:13:32 | 00,007,041 | ---- | M] () -- C:\WINNT\Administrator8.xlb
[2010/01/05 16:09:28 | 00,000,293 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Budget.lnk
[2009/12/28 11:04:33 | 00,001,481 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/24 12:39:23 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3a8.dat
[3 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/18 20:36:54 | 00,054,156 | -H-- | C] () -- C:\WINNT\QTFont.qfn
[2010/01/18 20:36:54 | 00,001,409 | ---- | C] () -- C:\WINNT\QTFont.for
[2010/01/17 21:10:53 | 00,001,590 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/01/17 20:51:45 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c4.dat
[2010/01/17 15:30:37 | 00,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/15 07:20:34 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat
[2010/01/12 20:24:40 | 03,557,320 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\03OneBulletHunt.mp3
[2009/12/24 12:39:23 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3a8.dat
[2008/11/14 15:00:01 | 00,000,030 | ---- | C] () -- C:\Program Files\Exiferupdate.ini
[2008/11/12 10:47:49 | 00,000,210 | ---- | C] () -- C:\WINNT\System32\sr2spec.ini
[2008/11/12 10:10:57 | 00,000,022 | ---- | C] () -- C:\WINNT\exchng.ini
[2008/07/05 14:50:54 | 00,007,980 | ---- | C] () -- C:\WINNT\CDPlayer.ini
[2008/07/03 17:40:13 | 00,237,568 | ---- | C] () -- C:\WINNT\System32\lame_enc.dll
[2007/11/11 11:53:11 | 00,000,481 | ---- | C] () -- C:\WINNT\SIERRA.INI
[2007/10/13 11:17:34 | 00,003,840 | ---- | C] () -- C:\WINNT\System32\drivers\BANTExt.sys
[2007/10/05 12:46:29 | 00,338,944 | ---- | C] () -- C:\WINNT\System32\lffpx7.dll
[2007/09/16 13:11:10 | 00,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2007/09/14 13:20:42 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/09 16:36:06 | 00,118,784 | ---- | C] () -- C:\WINNT\System32\lfkodak.dll
[2007/08/27 18:26:55 | 00,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2007/08/23 20:10:28 | 00,000,130 | ---- | C] () -- C:\WINNT\pdf2text.INI
[2007/08/19 16:45:54 | 00,000,029 | ---- | C] () -- C:\WINNT\DEBUGSM.INI
[2007/08/18 20:50:55 | 00,007,680 | ---- | C] () -- C:\WINNT\System32\CNMVS5p.DLL
[2007/08/18 20:34:04 | 00,290,919 | ---- | C] () -- C:\WINNT\System32\pythoncom21.dll
[2007/08/18 20:34:04 | 00,057,344 | ---- | C] () -- C:\WINNT\System32\PyWinTypes21.dll
[2007/08/18 20:32:41 | 00,096,768 | ---- | C] () -- C:\WINNT\SlantAdj.dll
[2007/08/18 20:32:41 | 00,000,072 | ---- | C] () -- C:\WINNT\System32\epDPE.ini
[2007/08/18 20:29:12 | 00,000,196 | ---- | C] () -- C:\WINNT\EPSON 1260_1660 Installer.ini
[2007/08/17 21:41:49 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/17 20:11:11 | 00,000,337 | ---- | C] () -- C:\WINNT\ODBC.INI
[2007/08/17 18:58:46 | 00,000,082 | ---- | C] () -- C:\WINNT\MPLAYER.INI
[2007/08/17 18:37:08 | 00,000,165 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2007/08/17 18:30:01 | 00,000,147 | ---- | C] () -- C:\WINNT\BRVIDEO.INI
[2007/08/17 18:30:01 | 00,000,023 | ---- | C] () -- C:\WINNT\Brownie.ini
[2007/08/17 18:30:01 | 00,000,000 | ---- | C] () -- C:\WINNT\brmx2001.ini
[2007/08/17 18:29:51 | 00,014,441 | ---- | C] () -- C:\WINNT\HL-5250DN.INI
[2007/08/17 18:29:22 | 00,000,426 | ---- | C] () -- C:\WINNT\BRWMARK.INI
[2007/08/17 18:28:33 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\PtrcENG.dll
[2007/08/17 18:22:26 | 00,000,022 | ---- | C] () -- C:\WINNT\System32\PICSDK.ini
[2007/08/17 18:19:30 | 00,000,044 | ---- | C] () -- C:\WINNT\EPSPR320.ini
[2007/08/17 14:33:50 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2007/08/17 14:17:11 | 00,000,025 | ---- | C] () -- C:\WINNT\mixerdef.ini
[2007/08/17 12:05:14 | 00,000,000 | ---- | C] () -- C:\WINNT\frontpg.ini
[2007/08/17 12:03:57 | 00,021,789 | ---- | C] () -- C:\WINNT\System32\smtpctrs.ini
[2007/08/17 12:03:57 | 00,001,037 | ---- | C] () -- C:\WINNT\System32\ntfsdrct.ini
[2007/08/17 12:02:59 | 00,007,854 | ---- | C] () -- C:\WINNT\System32\ftpctrs.ini
[2007/08/17 12:02:55 | 00,038,523 | ---- | C] () -- C:\WINNT\System32\w3ctrs.ini
[2007/08/17 12:02:55 | 00,009,584 | ---- | C] () -- C:\WINNT\System32\axperf.ini
[2007/08/17 12:02:48 | 00,011,355 | ---- | C] () -- C:\WINNT\System32\infoctrs.ini
[2007/08/17 11:52:19 | 00,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2007/07/01 11:50:16 | 00,064,976 | ---- | C] () -- C:\WINNT\System32\PDFreDirectMonNT.dll
[2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 01,470,464 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINNT\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINNT\System32\nvapi.dll
[2004/04/15 23:00:00 | 00,000,058 | ---- | C] () -- C:\WINNT\System32\EAL32.INI
[1999/12/07 06:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/12/07 06:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[1999/12/07 06:00:00 | 00,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[1999/12/07 06:00:00 | 00,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[1999/12/07 06:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[1999/09/25 04:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 04:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1997/07/11 00:00:00 | 00,031,232 | ---- | C] () -- C:\WINNT\System32\XLREC.DLL
[1997/07/11 00:00:00 | 00,025,600 | ---- | C] () -- C:\WINNT\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINNT\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\HLINKPRX.DLL

========== Files - Unicode (All) ==========
[2007/08/17 18:30:40 | 00,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\癵
[2007/08/17 18:30:40 | 00,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\癵

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:333B9FFC
< End of report >


---Extras.txt---


OTL Extras logfile created on: 1/19/2010 8:29:51 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 225.00 Mb Available Physical Memory | 44.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 93.89 Gb Free Space | 73.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 74.53 Gb Total Space | 43.87 Gb Free Space | 58.87% Space Free | Partition Type: NTFS
Drive Y: | 465.29 Gb Total Space | 382.29 Gb Free Space | 82.16% Space Free | Partition Type: NTFS

Computer Name: H3M3S1
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] --

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lupas Rename] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2B59AB31-EBD0-45E4-A725-7112904DA605}" = Family Tree Maker Version 16
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{492724FC-3B26-46B4-824F-3CE2722D9AA0}" = Apple Software Update
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{67A5D171-4C74-4075-A492-0E480FA4B944}" = Brother BRAdmin Professiona 2.64
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{ABCE1C63-56ED-41FF-BEAF-57321F70DC49}" = iTunes
"{AD815A85-C530-4999-A35C-369C59AEACCC}" = Brother HL-5250DN
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{C26D7EF1-A5AD-4B46-9F49-535E9255A669}" = BlackBerry Desktop Software 4.7
"{C7325E7B-6844-4D46-9515-365BCE0DC185}" = Network Drive Mapping Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.2.1060)
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AlbumShaper_2.1" = Album Shaper 2.1
"Any Audio Converter_is1" = Any Audio Converter 1.1.0
"AVG8Uninstall" = AVG Free 8.5
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"BlackBerry_{C26D7EF1-A5AD-4B46-9F49-535E9255A669}" = BlackBerry Desktop Software 4.7
"CANONBJ_Deinstall_CNMCP5p.DLL" = Canon i9900
"CCleaner" = CCleaner
"EPSON Photo Print" = EPSON Photo Print
"EPSON Printer and Utilities" = EPSON Printer Software
"File Shredder_is1" = File Shredder 2.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.7.3
"GenSmarts_is1" = GenSmarts
"GeoSetter_is1" = GeoSetter 3.0.4
"HijackThis" = HijackThis 2.0.2
"HTMLKit_is1" = HTML-Kit
"HTMLKitTools_is1" = HTML-Kit Tools
"IrfanView" = IrfanView (remove only)
"Jasc Paint Shop Pro 9.01 - (9.0.1.1)" = Jasc Paint Shop Pro 9.01 - (9.0.1.1)
"Jasc Paint Shop Pro 9.01 - Mapped drive patch" = Jasc Paint Shop Pro 9.01 - Mapped drive patch
"Lupas Rename 2000_is1" = Lupas Rename 2000 v5.0 Release
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (2.0.0.18)" = Mozilla Thunderbird (2.0.0.18)
"mtt12" = Mp3 Tag Tools v1.2
"MWSnap 3" = MWSnap 3
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PCI Audio Driver" = PCI Audio Driver
"PDF reDirect" = PDF reDirect (remove only)
"pdfsam" = pdfsam 0.6 sr 3
"Picasa 3" = Picasa 3
"Poderosa_is1" = Poderosa4.1.0
"Print Server Driver" = Print Server Driver
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"Red Baron 3D" = Red Baron 3D
"Sierra Utilities" = Sierra Utilities
"Silent Package Run-Time Sample" = EPSON Scanner Reference Guide
"Spyder2" = Spyder2
"SWLR Installation Program" = SWLR Installation Program
"Text Twist" = Text Twist (remove only)
"The Master Genealogist (for Administrator)" = The Master Genealogist (for Administrator)
"The Master Genealogist v7 (for All Users)" = The Master Genealogist v7 (for All Users)
"TMG Utility" = TMG Utility
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"WMP7" = Windows Media Player system update (9 Series)
"XnView_is1" = XnView 1.91

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B4C671A6-4922-4C5C-9FDC-0059AC68088D}" = NTI Shadow
"FileZilla Client" = FileZilla Client 3.2.2.1
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2010 1:18:18 PM | Computer Name = H3M3S1 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 1/17/2010 5:13:37 PM | Computer Name = H3M3S1 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 1/17/2010 10:23:42 PM | Computer Name = H3M3S1 | Source = IISInfoCtrs | ID = 1003
Description = Unable to query the IIS Info service performance data. The error code
returned by the service is data DWORD 0. For additional information specific to
this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 1/17/2010 10:23:43 PM | Computer Name = H3M3S1 | Source = FTPCtrs | ID = 1000
Description = Unable to collect the FTP performance statistics. The error code returned
by the service is data DWORD 0. For additional information specific to this message
please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 1/17/2010 10:23:43 PM | Computer Name = H3M3S1 | Source = PerfDisk | ID = 1000
Description = Unable to open the Disk performance object. Status code returned is
data
DWORD 0.

Error - 1/17/2010 10:23:44 PM | Computer Name = H3M3S1 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 1/17/2010 10:23:44 PM | Computer Name = H3M3S1 | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.

Error - 1/17/2010 10:23:44 PM | Computer Name = H3M3S1 | Source = rasctrs | ID = 2001
Description =

Error - 1/17/2010 10:23:44 PM | Computer Name = H3M3S1 | Source = W3Ctrs | ID = 1003
Description = Unable to query the W3SVC (HTTP) service performance data. The error
code returned by the service is data DWORD 0. For additional information specific
to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Error - 1/17/2010 10:51:52 PM | Computer Name = H3M3S1 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

[ System Events ]
Error - 1/17/2010 10:23:19 PM | Computer Name = H3M3S1 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1077

Error - 1/17/2010 10:23:19 PM | Computer Name = H3M3S1 | Source = Service Control Manager | ID = 7001
Description = The IIS Admin Service service depends on the Protected Storage service
which failed to start because of the following error: %%1077

Error - 1/17/2010 10:23:19 PM | Computer Name = H3M3S1 | Source = Service Control Manager | ID = 7001
Description = The FTP Publishing Service service depends on the IIS Admin Service
service which failed to start because of the following error: %%1068

Error - 1/17/2010 10:23:19 PM | Computer Name = H3M3S1 | Source = Service Control Manager | ID = 7001
Description = The Simple Mail Transport Protocol (SMTP) service depends on the IIS
Admin Service service which failed to start because of the following error: %%1068

Error - 1/17/2010 10:23:19 PM | Computer Name = H3M3S1 | Source = Service Control Manager | ID = 7001
Description = The World Wide Web Publishing Service service depends on the IIS Admin
Service service which failed to start because of the following error: %%1068

Error - 1/17/2010 10:23:19 PM | Computer Name = H3M3S1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 AvgTdiX BANTExt MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 1/17/2010 10:23:44 PM | Computer Name = H3M3S1 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1077

Error - 1/17/2010 10:26:27 PM | Computer Name = H3M3S1 | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.

Error - 1/17/2010 10:50:27 PM | Computer Name = H3M3S1 | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.

Error - 1/17/2010 10:51:35 PM | Computer Name = H3M3S1 | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%2


< End of report >

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7

How is the machine running now?

I do not see Limewire on my computer and I do not want it on there. It is definitely not in the Add/Remove Programs list. Please advise. I do have Lupas Rename, is that what you saw?

I removed the Java app's as instructed and rebooted my computer for good measure.

My original issue with Malwarebytes continues. It stops running (freezes) less than one minute after it is launched while scanning the System32 folder. My concern is that there is something "bad" on my computer preventing Malwarebytes from running.

Your assistance and time is greatly appreciated.

Hello.
Ignore the Limewire bit, bat copy/paste job.

Uninstall MBAM, then re-install it, possibly a corrupted install is causing the freezing.

I tried uninstalling/reinstalling but that did not work, it still freezes. For what it is worth I tried running Malwarebytes in Safe Mode and it ran fine.

I found some forum postings where other people were having similar issues and that it could be a conflict with other software (e.g. AVG), but I did not see where anyone had a solution.
example: http://forums.avg.com/us-en/avg-free-forum?sec=thread&act=show&id=32429&type=0

I appreciate the help, but I don't want to waste your time either. If you don't think I have a virus, etc. and this may just be a software conflict issue then I could just run Malwarebytes in Safe Mode. I'll leave it up to you....thanks.

Try disabling AVG, see if it makes any difference.

I know it's been a while but I wanted to bring this specific issue to closure. I have purchased a new computer so I am not worried about this issue any longer. I appreciate the help more than you know. Thanks a bunch!