0

Everyonce in awhile I get this pop up message saying "Server Busy" , with a "retry" and a "switch to" option.

Now it doesn't happen often but the results can be horrible. I run ableton live and have had this error completly ruin a live set I was
doing. It just stopped the audio and my computer freaked out for awhile. Normally however if I'm not running live its not that big of a deal. I just want to clean my machine up. So if you see anything unnecessary I would love to just get rid of it.

So please guys help me out!

do your magic

Thanks!

Malwarebytes' Anti-Malware 1.38
Database version: 2394
Windows 5.1.2600 Service Pack 2

08/07/2009 1:58:17 PM
mbam-log-2009-07-08 (13-58-13).txt

Scan type: Quick Scan
Objects scanned: 91419
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\tmpie (Backdoor.Bot) -> No action taken.

Files Infected:
c:\WINDOWS\tmpie\me.ini (Backdoor.Bot) -> No action taken.
c:\WINDOWS\tmpie\msado25.tlb (Backdoor.Bot) -> No action taken.
c:\WINDOWS\tmpie\MSVBVM60.DLL (Backdoor.Bot) -> No action taken.
c:\WINDOWS\tmpie\MSWINSCK.OCX (Backdoor.Bot) -> No action taken.
c:\WINDOWS\tmpie\RICHTX32.OCX (Backdoor.Bot) -> No action taken.
c:\WINDOWS\tmpie\wbemdisp.tlb (Backdoor.Bot) -> No action taken.

C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> No action taken.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:17 PM, on 08/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth

Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32

Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\Bluetooth

Software\BTTray.exe
C:\Program Files\Red Chair Software\Anapod

Explorer\anamgr.exe
C:\Windows\System32\ASTSRV.exe
C:\WINDOWS\system32\dlbkcoms.exe
C:\Program Files\ESET\ESET NOD32

Antivirus\ekrn.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\M-Audio\M-Audio Series II

MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Malwarebytes'

Anti-Malware\mbamservice.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\System

Update\SUService.exe
C:\Program Files\Common

Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common

Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\I

nternet Settings,ProxyServer = :
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\I

nternet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -

{724d43a9-0d85-11d4-9908-00400523e39a} -

C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper -

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager -

{F040E541-A427-4CF7-85D8-75E3E0F476C5} -

C:\Program Files\Lenovo\Client Security

Solution\tvtpwm_ie_com.dll
O3 - Toolbar: &RoboForm -

{724d43a0-0d85-11d4-9908-00400523e39a} -

C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll
O4 - HKLM\..\Run: [SmcService]

C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware]

"C:\Program Files\Malwarebytes'

Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [egui] "C:\Program

Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide

/waitservice
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program

Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01]

rundll32 advpack.dll,DelNodeRunDLL32

"C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe

/C move /Y "%SystemRoot%\System32\syssetub.dll"

"%SystemRoot%\System32\syssetup.dll" (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04]

rundll32 advpack.dll,LaunchINFSection

nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05]

rundll32 advpack.dll,LaunchINFSection

nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK

SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01]

rundll32 advpack.dll,DelNodeRunDLL32

"C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator]

Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'Default

user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator]

Narrator.exe (User 'Default user')
O4 - Startup: Anapod Manager.lnk = C:\Program

Files\Red Chair Software\Anapod

Explorer\anamgr.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Customize Menu -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/30

00
O8 - Extra context menu item: Fill Forms -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth

Device... - C:\Program Files\ThinkPad\Bluetooth

Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) -

{0045D4BC-5189-4b67-969C-83BB1906C421} -

C:\Program Files\Lenovo\Client Security

Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage

Password Manager... -

{0045D4BC-5189-4b67-969C-83BB1906C421} -

C:\Program Files\Lenovo\Client Security

Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm -

{724d43aa-0d85-11d4-9908-00400523e39a} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar -

{724d43aa-0d85-11d4-9908-00400523e39a} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 -

{CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\ThinkPad\Bluetooth

Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -

{CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\ThinkPad\Bluetooth

Software\btsendto_ie.htm
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &

Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF:

{0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook

Photo Uploader 5 Control) -

http://upload.facebook.com/controls/2008.10.10_v

5.5.8/FacebookPhotoUploader5.cab
O16 - DPF:

{0E5F0222-96B9-11D3-8997-00104BD12D94}

(PCPitstop Utility) -

http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V

5Controls/en/x86/client/wuweb_site.cab?124147102

8437
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V

5Controls/en/x86/client/muweb_site.cab?124147101

6609
O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Atheros Configuration Service

(ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ASTSRV - Nalpeiron Ltd. -

C:\Windows\System32\ASTSRV.exe
O23 - Service: Bluetooth Service (btwdins) -

Broadcom Corporation. - C:\Program

Files\ThinkPad\Bluetooth

Software\bin\btwdins.exe
O23 - Service: dlbk_device - -

C:\WINDOWS\system32\dlbkcoms.exe
O23 - Service: ESET HTTP Server (EhttpSrv) -

ESET - C:\Program Files\ESET\ESET NOD32

Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET -

C:\Program Files\ESET\ESET NOD32

Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service -

Acresso Software Inc. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc)

- AltrixSoft (http://www.altrixsoft.com/) -

C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: HP Port Resolver -

Hewlett-Packard Company -

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPR

O.EXE
O23 - Service: HP Status Server -

Hewlett-Packard Company -

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOI

D.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) -

Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel

32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service -

Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M-Audio Series II MIDI Installer

(MA_CMIDI_InstallerService) - Unknown owner -

C:\Program Files\M-Audio\M-Audio Series II

MIDI\MA_CMIDI_Inst.exe
O23 - Service: MBAMService - Malwarebytes

Corporation - C:\Program Files\Malwarebytes'

Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program

Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG -

C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sygate Personal Firewall Pro

(SmcService) - Sygate Technologies, Inc. -

C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: System Update (SUService) -

Lenovo Group Limited - C:\Program

Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor

Service - Lenovo Group Limited - C:\Program

Files\Common

Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service

(TPHDEXLGSVC) - Lenovo. -

C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) -

Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService)

- IBM - C:\Program Files\Lenovo\Client Security

Solution\tvttcsd.exe
O23 - Service: TuneUp Drive Defrag Service

(TuneUp.Defrag) - TuneUp Software GmbH -

C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TVT Scheduler - Lenovo Group

Limited - C:\Program Files\Common

Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 11046 bytes

2
Contributors
2
Replies
3
Views
8 Years
Discussion Span
Last Post by Lowfront
0

No action was taken in your MBA-M scan AND you only ran a Quick Scan. If you followed the instructions given on this site you will see that you should run a Full System Scan and then
Be sure that everything is checked, and click Remove Selected.

Reboot the computer

Then run a NEW HiJackThis full scan and save the log. Please be certain that Word Wrap is NOT on as this makes the logs nearly impossible to read.
Post back with the MBA-M log, showing items fixed and the new HJT log.

0

I did select to delete those items don't know why It said that I didn't.

So here is the full scan now thats clean, nothing showed up.

Malwarebytes' Anti-Malware 1.38
Database version: 2394
Windows 5.1.2600 Service Pack 2

09/07/2009 8:25:40 AM
mbam-log-2009-07-09 (08-25-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 222904
Time elapsed: 36 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:49 AM, on 09/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Windows\System32\ASTSRV.exe
C:\WINDOWS\system32\dlbkcoms.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241471028437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241471016609
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ASTSRV - Nalpeiron Ltd. - C:\Windows\System32\ASTSRV.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: dlbk_device - - C:\WINDOWS\system32\dlbkcoms.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 11201 bytes


Thanks for helping!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.