Jump to content

MBAM freezes and laptop, when trying to run full scan

Recommended Posts

Hi,I've been in contact with Maurice for quite a while over at "hijack this" and laptop seems to be virus free now.

Here's the link back http://forums.malwarebytes.org/index.php?showtopic=111695

But my original problem still persists which is when i try to run a full scan on MBAM it scans for about 20secs then freezes,

i then try to close MBAM and the laptop freezes and i have to shutdown with the power button.

This also happens if i try to do a full scan with Avast free and eset online scanner.

Here's the dds logs.


DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0

Run by Wools at 21:43:38 on 2012-07-02

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4093.2775 [GMT 1:00]


AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


============== Running Processes ===============




C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss


C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup


C:\Windows\system32\svchost.exe -k LocalService


C:\Program Files\AVAST Software\Avast\AvastSvc.exe




C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork


C:\Program Files\AVAST Software\Avast\AvastUI.exe


C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\ProgramData\TVersity\Media Server\MediaServer.exe


C:\Windows\System32\svchost.exe -k WerSvcGroup


C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE


C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe


C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation












============== Pseudo HJT Report ===============


uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = local

BHO: {02464DDC-3187-11D8-8004-0020ED227566} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe

mRun: [Conime] %windir%\system32\conime.exe

mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\PROGRA~2\SPEEDB~1\sblsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer =

TCP: Interfaces\{B66ACD1C-A45F-4F23-8E4A-C44FDF72B774} : DhcpNameServer =

TCP: Interfaces\{B7026FF6-C90E-4C9F-99B3-6488E8B30C70} : DhcpNameServer =

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02464DDC-3187-11D8-8004-0020ED227566} - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File

TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe

mRun-x64: [Conime] %windir%\system32\conime.exe

mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent


================= FIREFOX ===================


FF - ProfilePath - C:\Users\Wools\AppData\Roaming\Mozilla\Firefox\Profiles\m54eyri2.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Wools\AppData\Local\Google\Update\\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll


============= SERVICES / DRIVERS ===============


R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 archlp;archlp;C:\Windows\system32\drivers\archlp.sys --> C:\Windows\system32\drivers\archlp.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-11 44808]

R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-1-15 1737464]

R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys --> C:\Windows\system32\DRIVERS\winbondcir.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-20 250056]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-22 113120]

S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]

S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]

S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]


=============== File Associations ===============


JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*


=============== Created Last 30 ================


2012-07-02 20:35:23 -------- d-----w- C:\Users\Wools\AppData\Roaming\Malwarebytes

2012-07-02 20:35:04 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-02 20:35:03 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-02 20:35:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-02 10:11:16 -------- d-----w- C:\Users\Wools\AppData\Local\{05DBDB5B-38F7-41E9-8FEE-011325BD419E}

2012-07-02 10:10:53 -------- d-----w- C:\Users\Wools\AppData\Local\{982484D3-4DEF-4F45-830A-ABDC24EF2E7F}

2012-07-01 22:09:53 -------- d-----w- C:\Users\Wools\AppData\Local\VS Revo Group

2012-07-01 22:09:46 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys

2012-07-01 22:09:43 -------- d-----w- C:\Program Files\VS Revo Group

2012-07-01 20:28:36 -------- d-----w- C:\Users\Wools\AppData\Local\{6B3B0B48-6191-4E0E-9BC3-00F8935BD5CF}

2012-07-01 20:28:14 -------- d-----w- C:\Users\Wools\AppData\Local\{2080CE8F-A31C-4038-A36F-73752A1270C6}

2012-06-30 23:34:24 -------- d-----w- C:\Users\Wools\AppData\Local\{5780AE89-756A-4B38-95D5-522F5FF8A6EA}

2012-06-30 23:34:02 -------- d-----w- C:\Users\Wools\AppData\Local\{F32A96CC-77C9-4F6F-8B16-D7B28FE85262}

2012-06-30 08:53:57 -------- d-----w- C:\Users\Wools\AppData\Local\{A6D1DC07-1455-4E79-B21E-7F4AC91A9750}

2012-06-30 08:53:35 -------- d-----w- C:\Users\Wools\AppData\Local\{2DF7BC54-F835-4533-9FEE-01E5FBFBD07E}

2012-06-29 23:20:44 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-29 22:32:30 -------- d-----w- C:\Users\Wools\AppData\Local\temp

2012-06-29 19:10:15 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-06-29 19:10:15 839096 ----a-w- C:\Windows\System32\deployJava1.dll

2012-06-29 18:10:07 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51907530-1D62-4AB6-BC31-498909072E42}\mpengine.dll

2012-06-29 12:53:13 -------- d-----w- C:\Users\Wools\AppData\Local\{D0F7E4D7-0597-49A2-8B68-CBB30635BBBA}

2012-06-29 12:52:51 -------- d-----w- C:\Users\Wools\AppData\Local\{0152D154-E86E-4EE7-A94E-71A384B7449E}

2012-06-29 09:23:11 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-29 09:22:47 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-06-28 22:43:31 -------- d-----w- C:\Users\Wools\AppData\Local\Macromedia

2012-06-28 20:00:16 -------- d-----w- C:\Program Files (x86)\trend micro

2012-06-28 19:07:04 -------- d-----w- C:\Program Files\Speccy

2012-06-28 17:34:24 -------- d-----w- C:\Users\Wools\AppData\Roaming\Windows Live Writer

2012-06-28 17:34:24 -------- d-----w- C:\Users\Wools\AppData\Local\Windows Live Writer

2012-06-28 16:37:05 -------- d-----w- C:\Users\Wools\AppData\Local\{3FF8005A-367D-4046-BCAE-A4D001FD4BD2}

2012-06-28 16:36:40 -------- d-----w- C:\Users\Wools\AppData\Local\{2C81C020-D8E6-4DC3-AF1D-CA3F8E25A02D}

2012-06-28 16:25:48 -------- d-----w- C:\Users\Wools\AppData\Local\{88F55D00-18FB-476A-BD5B-37A824B7BC27}

2012-06-27 18:29:30 -------- d-----w- C:\Users\Wools\AppData\Local\{ED4859C4-B913-4703-8266-59C398564F5C}

2012-06-27 18:29:19 -------- d-----w- C:\Users\Wools\AppData\Local\{71A81712-55FE-479E-9E20-7B27A3E84325}

2012-06-27 06:28:51 -------- d-----w- C:\Users\Wools\AppData\Local\{E47DA82A-4B3A-49E2-8A6F-2CFBEF60868C}

2012-06-27 06:28:40 -------- d-----w- C:\Users\Wools\AppData\Local\{6EB52170-9D47-47B0-BC1C-236BE3DCDDAC}

2012-06-26 17:05:25 -------- d-----w- C:\Users\Wools\AppData\Local\{9B9B8620-7096-4E65-A8E0-59CFEDB5ECF1}

2012-06-26 17:05:14 -------- d-----w- C:\Users\Wools\AppData\Local\{5BDE6BF9-EF75-4062-A39E-AEB579B3460C}

2012-06-25 21:09:02 -------- d-----w- C:\Users\Wools\AppData\Local\{5C21C788-6DF5-425A-807C-36F986497145}

2012-06-25 21:08:51 -------- d-----w- C:\Users\Wools\AppData\Local\{BC21448F-A033-4107-9D11-585DCD8BE2E6}

2012-06-25 08:55:57 -------- d-----w- C:\Users\Wools\AppData\Local\{25F545FD-91F5-42FE-9BD9-6AAABD2FF804}

2012-06-25 08:55:46 -------- d-----w- C:\Users\Wools\AppData\Local\{3ED477D8-8246-4869-8E6F-2DA5F577AE00}

2012-06-24 20:55:19 -------- d-----w- C:\Users\Wools\AppData\Local\{78407925-45D7-44A6-99A7-0166FD7B825C}

2012-06-24 20:55:08 -------- d-----w- C:\Users\Wools\AppData\Local\{3D5C3A35-5729-462A-8D98-0EBDE8E8F12C}

2012-06-24 07:55:02 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-24 07:54:43 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-24 07:54:43 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-24 07:54:30 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-24 07:54:30 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-24 07:54:30 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-24 07:54:30 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-24 07:51:39 -------- d-----w- C:\Users\Wools\AppData\Local\{D0823DA7-33DB-4376-AAA3-4AB867DB6A21}

2012-06-24 07:51:27 -------- d-----w- C:\Users\Wools\AppData\Local\{02C4D204-5623-4A85-932B-29DC47A50377}

2012-06-23 10:14:46 -------- d-----w- C:\Users\Wools\AppData\Local\{2D089141-F823-4D49-8A06-07AF0F4EE847}

2012-06-23 10:14:36 -------- d-----w- C:\Users\Wools\AppData\Local\{ABF7B6C8-A654-425E-9EB0-7CD81CF0351D}

2012-06-22 22:13:56 -------- d-----w- C:\Users\Wools\AppData\Local\{61BA4F6F-E8D4-47E3-BABB-045FB67B97DC}

2012-06-22 22:13:40 -------- d-----w- C:\Users\Wools\AppData\Local\{96AC12B8-BC52-4224-9070-9771ADF90C75}

2012-06-22 14:51:19 -------- d-s---w- C:\Windows\SysWow64\Microsoft

2012-06-22 09:41:30 -------- d-----w- C:\Users\Wools\AppData\Local\{FAC2A1A5-4FD6-4707-A2CD-BD60A4040B58}

2012-06-22 09:41:19 -------- d-----w- C:\Users\Wools\AppData\Local\{0796D460-FC73-43B4-9D80-0410131B2158}

2012-06-21 21:40:49 -------- d-----w- C:\Users\Wools\AppData\Local\{949560E0-C09A-4C39-94E7-B3A46D994EFA}

2012-06-21 21:40:38 -------- d-----w- C:\Users\Wools\AppData\Local\{8020F98D-6CDF-4B89-A2EE-EDCA1DC2A71D}

2012-06-21 07:43:06 -------- d-----w- C:\Users\Wools\AppData\Local\{16F41147-DA26-411F-988D-76DFB79BA94F}

2012-06-21 07:42:55 -------- d-----w- C:\Users\Wools\AppData\Local\{CA817313-5104-4BF5-9867-74E423FD99FA}

2012-06-20 19:42:25 -------- d-----w- C:\Users\Wools\AppData\Local\{D0B0F8B1-B0C0-481C-A7A1-811C89E15800}

2012-06-20 19:42:13 -------- d-----w- C:\Users\Wools\AppData\Local\{10B83190-0A31-4981-AF18-C0E3C2E89F3D}

2012-06-20 13:54:35 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-20 07:41:46 -------- d-----w- C:\Users\Wools\AppData\Local\{D77DF6AE-7B9F-441F-B0D3-C6DD3393FBDB}

2012-06-20 07:41:33 -------- d-----w- C:\Users\Wools\AppData\Local\{D0BF5514-F6F0-4E5A-B8CD-98F15611CA95}

2012-06-18 17:15:49 -------- d-----w- C:\Users\Wools\AppData\Local\{A6A4DC64-5DE7-44B8-AC38-9EE243922F66}

2012-06-18 17:15:36 -------- d-----w- C:\Users\Wools\AppData\Local\{7EDD6F1E-A9BF-4E1A-9CB2-096CD3F4978A}

2012-06-17 21:26:36 -------- d-----w- C:\Users\Wools\AppData\Local\{7CAD0A33-D47A-4407-B36A-DB8967497DB1}

2012-06-17 21:25:06 -------- d-----w- C:\Users\Wools\AppData\Local\{FC94348B-2C41-4F47-8AA7-7F8C5273CAEB}

2012-06-17 07:49:21 -------- d-----w- C:\Users\Wools\AppData\Local\{2B4542F0-14EB-49C8-AA50-CCBDD57A6BA1}

2012-06-17 07:49:09 -------- d-----w- C:\Users\Wools\AppData\Local\{70446436-502C-4972-8622-6C597EC07F36}

2012-06-16 18:50:30 -------- d-----w- C:\Program Files\iPod

2012-06-16 18:50:27 -------- d-----w- C:\Program Files\iTunes

2012-06-16 18:50:27 -------- d-----w- C:\Program Files (x86)\iTunes

2012-06-16 17:21:41 -------- d-----w- C:\Users\Wools\AppData\Local\{107B959B-E806-408F-A4B1-7A3D13FC18A7}

2012-06-16 17:21:28 -------- d-----w- C:\Users\Wools\AppData\Local\{BCB04E58-8801-439A-8155-B7C954C5976F}

2012-06-14 16:55:33 -------- d-----w- C:\Users\Wools\AppData\Local\{8D78A727-161F-4BBB-894A-CA45CE60CA8B}

2012-06-14 16:55:20 -------- d-----w- C:\Users\Wools\AppData\Local\{95935B0F-4182-41BD-A7C6-1CA066FE61E5}

2012-06-13 21:05:59 754808 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2012-06-13 20:13:49 2767360 ----a-w- C:\Windows\System32\win32k.sys

2012-06-13 20:13:49 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-13 20:13:28 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-13 20:13:28 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-13 20:13:28 174592 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-13 20:13:28 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-13 20:13:28 132096 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-13 20:13:28 1267200 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-13 20:01:54 -------- d-----w- C:\Users\Wools\AppData\Local\{6029F339-1780-45CE-A9E6-6E1B97AC4723}

2012-06-13 20:01:41 -------- d-----w- C:\Users\Wools\AppData\Local\{A82A1540-B955-4C82-B599-1556A07B16BA}

2012-06-11 18:36:27 -------- d-----w- C:\Users\Wools\AppData\Local\{DEC9FEA9-FBE2-40AB-8C0F-38F02D9D96F4}

2012-06-11 18:36:11 -------- d-----w- C:\Users\Wools\AppData\Local\{B9A61F07-66CF-4357-BCA6-13A122DF4311}

2012-06-10 18:25:33 -------- d-----w- C:\Users\Wools\AppData\Local\{05380D6D-0064-4615-B8EA-F49670D0662F}

2012-06-10 18:25:33 -------- d-----w- C:\Program Files (x86)\Dropbox

2012-06-10 18:25:15 -------- d-----w- C:\Users\Wools\AppData\Local\{18C33764-C6CE-40A6-8EE0-D82C97939246}

2012-06-08 19:22:01 -------- d-----w- C:\Users\Wools\AppData\Local\{F9753E96-F9EB-42F0-9E15-460CA6080D69}

2012-06-08 19:21:46 -------- d-----w- C:\Users\Wools\AppData\Local\{0C9FFCB8-E621-4E13-83BC-7BA54B3BC8B3}

2012-06-06 16:40:11 -------- d-----w- C:\Users\Wools\AppData\Local\{AABE05C8-5818-43BA-A870-B36D6205899D}

2012-06-06 16:39:59 -------- d-----w- C:\Users\Wools\AppData\Local\{9867D357-AC71-400F-9684-9ABE4DCBF546}

2012-06-05 16:37:29 -------- d-----w- C:\Users\Wools\AppData\Local\{F4D880A8-C5CD-4700-9590-AE394F8654DE}

2012-06-05 16:37:01 -------- d-----w- C:\Users\Wools\AppData\Local\{9DED1CBE-B806-4CE5-8CE1-E15347A439D6}

2012-06-04 08:42:46 -------- d-----w- C:\Users\Wools\AppData\Local\{7D60664F-4CB1-4008-AC6B-F7E3F970ABC2}

2012-06-04 08:42:33 -------- d-----w- C:\Users\Wools\AppData\Local\{0A1D0B73-258B-41CF-87F5-0E99E8DEFE16}

2012-06-03 20:42:06 -------- d-----w- C:\Users\Wools\AppData\Local\{9A03D1C4-B67C-461E-980F-035CAC651889}

2012-06-03 20:41:54 -------- d-----w- C:\Users\Wools\AppData\Local\{4C5F7F59-BFCB-45FB-BE17-7D756A59D1CB}

2012-06-03 08:41:22 -------- d-----w- C:\Users\Wools\AppData\Local\{7B5A2411-2A97-4268-84AB-652C85A203DE}

2012-06-03 08:40:40 -------- d-----w- C:\Users\Wools\AppData\Local\{121D97F8-4498-4420-A037-3FA3915075C1}


==================== Find3M ====================


2012-06-29 19:19:23 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-28 22:43:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-28 12:52:36 958912 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-06-28 12:52:35 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-06-28 12:52:20 41224 ----a-w- C:\Windows\avastSS.scr

2012-05-30 18:34:11 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-05-30 18:34:11 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-18 19:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-18 19:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts


============= FINISH: 21:44:16.37 ===============





DDS (Ver_2011-08-26.01)


Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 07/01/2011 17:36:39

System Uptime: 02/07/2012 21:32:41 (0 hours ago)


Motherboard: Acer, Inc. | | Chapala

Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/166mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 219 GiB total, 95.868 GiB free.

D: is CDROM ()


==== Disabled Device Manager Items =============


Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01211025&REV_12\4&3482A409&0&4AF0


Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01211025&REV_12\4&3482A409&0&4AF0



Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01211025&REV_12\4&3482A409&0&4BF0


Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01211025&REV_12\4&3482A409&0&4BF0



==== System Restore Points ===================


RP455: 02/07/2012 19:57:33 - Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version

RP457: 02/07/2012 21:12:20 - Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version

RP459: 02/07/2012 21:28:43 - Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version


==== Installed Programs ======================



Acer Crystal Eye webcam

Acoustica Effects Pack

Acronis Disk Director Suite

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Reader X (10.1.3)



Apple Application Support

Apple Software Update

avast! Free Antivirus

AviSynth 2.5


Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista


CCC Help English



DivX Setup


DVD Shrink 3.2


ffdshow v1.1.4225 [2012-01-05]

File Type Assistant

Firebird SQL Server - MAGIX Edition

Free File Viewer 2011

Free Mp3 Wma Converter V 2.2

Glary Utilities Pro

Google Chrome

Haali Media Splitter

HandBrake 0.9.6

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)


ImTOO DVD Ripper Ultimate

Java Auto Updater

Java 7 Update 5

Junk Mail filter update

KODAK AiO Software

Logitech Harmony Remote Software 7

MAGIX 3D Maker (embedded MSI)

MAGIX Screenshare

MAGIX Speed 2 (MSI)

MAGIX Video Pro X2 Download Version

Malwarebytes Anti-Malware version

Mesh Runtime

Messenger Companion

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XML Parser


Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSU Screen Capture Lossless Codec v1.2 (Remove Only)





MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nokia Connectivity Cable Driver

Nokia Lifeblog 2.5

Nokia Suite


OpenOffice.org 3.3

PC Connectivity Solution



RealNetworks - Microsoft Visual C++ 2005 Runtime

RealNetworks - Microsoft Visual C++ 2008 Runtime


Realtek High Definition Audio Driver

RealUpgrade 1.1

Remote Control USB Driver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Segoe UI


Skype™ 5.8

TVersity Codec Pack 1.7

TVersity Media Server 1.9.7

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC80CRTRedist - 8.0.50727.6195

Visual Studio 2008 x64 Redistributables

VLC media player 2.0.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

Xiph.Org Open Codecs 0.85.17777


==== Event Viewer Messages From Past Week ========


30/06/2012 16:52:50, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

30/06/2012 01:00:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Kodak AiO Network Discovery Service service to connect.

30/06/2012 01:00:43, Error: Service Control Manager [7000] - The Kodak AiO Network Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

29/06/2012 23:29:07, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

29/06/2012 23:28:19, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

29/06/2012 23:00:59, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

29/06/2012 23:00:59, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

29/06/2012 23:00:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

29/06/2012 10:30:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVersity Media Server service to connect.

28/06/2012 23:25:10, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

28/06/2012 19:58:48, Error: EventLog [6008] - The previous system shutdown at 19:57:25 on 28/06/2012 was unexpected.

28/06/2012 19:20:59, Error: EventLog [6008] - The previous system shutdown at 19:17:51 on 28/06/2012 was unexpected.

28/06/2012 19:15:59, Error: EventLog [6008] - The previous system shutdown at 19:06:59 on 28/06/2012 was unexpected.

28/06/2012 17:55:14, Error: EventLog [6008] - The previous system shutdown at 17:53:09 on 28/06/2012 was unexpected.

28/06/2012 17:34:13, Error: EventLog [6008] - The previous system shutdown at 17:32:20 on 28/06/2012 was unexpected.

27/06/2012 17:56:33, Error: EventLog [6008] - The previous system shutdown at 17:53:11 on 27/06/2012 was unexpected.

27/06/2012 07:26:39, Error: EventLog [6008] - The previous system shutdown at 22:54:03 on 26/06/2012 was unexpected.

26/06/2012 21:27:08, Error: EventLog [6008] - The previous system shutdown at 20:28:06 on 26/06/2012 was unexpected.

02/07/2012 21:34:40, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep

02/07/2012 20:23:28, Error: EventLog [6008] - The previous system shutdown at 20:10:29 on 02/07/2012 was unexpected.

02/07/2012 19:53:09, Error: EventLog [6008] - The previous system shutdown at 19:23:21 on 02/07/2012 was unexpected.

02/07/2012 18:49:09, Error: EventLog [6008] - The previous system shutdown at 18:39:47 on 02/07/2012 was unexpected.

02/07/2012 17:54:21, Error: EventLog [6008] - The previous system shutdown at 17:47:44 on 02/07/2012 was unexpected.

02/07/2012 17:20:27, Error: EventLog [6008] - The previous system shutdown at 17:17:51 on 02/07/2012 was unexpected.

02/07/2012 17:16:01, Error: EventLog [6008] - The previous system shutdown at 17:09:54 on 02/07/2012 was unexpected.

02/07/2012 16:28:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BecHelperService service to connect.

02/07/2012 16:28:22, Error: Service Control Manager [7000] - The BecHelperService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

02/07/2012 16:20:33, Error: Service Control Manager [7034] - The VideoAcceleratorService service terminated unexpectedly. It has done this 1 time(s).

02/07/2012 16:20:33, Error: Service Control Manager [7031] - The TVersity Media Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


==== End Of File ===========================

Link to post
Share on other sites

Hello and welcome to the Malwarebytes support forum. Thank you for choosing Malwarebytes' Anti-Malware as your malware security solution, my name is Nan Coley and I'll be assisting you today.

The Corporate Support team is reviewing the very extensive information (for which we thank you) that you provided and we will have a reply for you tomorrow.


Nan Coley

Link to post
Share on other sites

Thank you for your patience while we pored over the information you provided. It is known that there are issues when more than one anti-virus application is installed on a computer. They do not co-exist as peacefully as you might think. I did notice that there was a recent installation of Trend Micro. I would ask you to uninstall it and see if the problem persists. Essentially, process of elimination, going back in time, uninstalling the most recent apps and utilities, will be your best course of action to see what is causing the system to lock up.

This is not unheard with multiple installations of anti-virus. That is why we recommend that there should be one anti-malware application (MBAM) and one anti-virus application of your choice. I will tell you, and this is just an observation rather than a recommendation, that generally speaking, the free versions of anti-virus have less features, are are thus less robust, than the pay-for subscriptions. Just keep that in mind as you look for anti-virus utilities to use on your system.

Please keep us advised of your findings as you troubleshoot your system as suggested. I would also suggest that you submit a ticket if this issue persists on www.malwarebytes.org.

Best regards,

Nan Coley

Malwarebytes Corporation

Link to post
Share on other sites

Hi Nan,Thanks for getting back to me.The problem now is that the laptop is my brother-in-laws who took it back

yesterday after i had it for aprox a week,while Maurice was checking for viruses with various tools.

I've no recollection of him installing Trend Micro or myself unless one of the tools from Maurice was from Trend Micro.

Shall i get him to run a Trend Micro clean tool?I did install Revo uninstaller on his laptop and i did'nt see Trend Micro

on the list.

Link to post
Share on other sites


Thank you for your quick reply. Revo may not catch the Trend Micro if Trend Micro installation is intact. Meaning, no file bits left over from an ungraceful uninstallation. Rather, an Uninstall utility from Trend Micro may be best. Other than that, installing TM and uninstalling should do the trick. I realize you are not aware of the installation so it may be an older installation. In that case, the Trend Micro removal toolkit would again be your best bet but I've no idea of cost, if any, associated with it. I'm not suggesting you spend your money, but maybe if that was installed, perhaps the uninstaller is nearby at the local site of the installation.

Here is the entry from your logs for Trend Micro: 2012-06-28 20:00:16 -------- d-----w- C:\Program Files (x86)\trend micro

Best regards,


Malwarebytes Corporation

Link to post
Share on other sites

Hi Nan,

Thanks for the info.After a bit of searching i managed to get hold of Trend Micro clean up tool

from their website.I've sent it to my brother-in -law via dropbox with instructions,so waiting to hear

back from him.

Thanks for your help.

Link to post
Share on other sites

Hi Nan,

Here's the latest update.Had to carry on helping my brother-in law via phone and

Avast remote assistance on the instructions from your link on "section L"/step 2:Run


CHKDSK took ages to run.I then attempted "step 3" defragment your hard drive,but after following instructions and saving the defrag file to the desktop i the did a right click and run as administrater,which opened up a cmd prompt saying defrag with a flashing hyphen which did nothing(waited 15mins) before i closed it.

So i decided to do a defrag via right click c drive/tools/defrag.

Getting pretty late now so let it run over night.So next day i decided to do a sfc /scannow which was ok.

So now the acid test run a full scan with MBAM and yes it did a full scan without freezing and also found a virus called "rootkit.TDSS" which i think is quite nasty,but MBAM removed it.

Sorry the post is so long .Let me know what you think.

Regard Neil.

PS. I forgot to say trend micro clean tool was a success.

Link to post
Share on other sites

Hi Quinny,

Thank you so much for your post. I appreciate your efforts to work on this issue and it appears you have had some good results. That is very encouraging!

You need to know that the TDSS Rootkit is a nasty little fellow that is persistent. Best results are achieved by using the TDSSKiller tool which is written for this rootkit and can detect and remove other rootkits as well.

Please download TDSSKiller.exe to your desktop


Execute TDSSKiller.exe by doubleclicking on it

Press Start Scan

If Malicious objects are found, ensure "Cure" is selected (it should be by default)

Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.

I don't mean to toss a wet rag on your efforts, it's just that we know that rootkits are actually not removed by MBAM although they may be detected and appear to be removed. Rootkits are another creature altogether. I want you to be fully informed and have the tools at hand to take care of the TDSS rootkit.

Thank you so much for keeping me informed. I am very pleased that these instructions are working for you. I look forward to hearing from you again.

Best regards,

Nan Coley

Malwarebytes Corporation

Link to post
Share on other sites

Thanks for your reply.After working with Maurice and getting the laptop virus free my brother-in-law took

his laptop back although had'nt sorted out the original problem of freezing.

Anyway brother-in-law phoned me next day saying he was getting loads of pop ups on IE9 prompting

him to click here there and everywhere,and of course he did.

So knowing MBAM quick scan was working i got him to run it and it picked up 2 viruses which he removed.

Could'nt tell me what they were called though.I asked him if he had downloaded anything and he said he

downloaded Vuze after i warned him about using it and had uninstalled it when i had the laptop.

So i got him to uninstall Vuze again,and then try IE9 and he reported back that all the pop ups had stopped.

So i then proceeded to follow the MBAM faq's instructions for CHDSK and defrag and exclusions etc.

I then got him to do a MBAM full which finished without freezing but also found rootkit TDSS and removed it.(allegedly)

Avast will also do a full scan without freezing.

While i was waiting for a reply from you i ran Kapersky TDSSKiller which found nothing, does this mean his laptop

is clean?or could it stiil be lurking somewhere.

Cheers Quinny.

Link to post
Share on other sites

Sorry for the bump,but i've been waiting ages for a reply from "nangeek" also sent her a pm but no reply.

This thread was originaly on malwarebytes general forum but for some reason got moved yesterday to

HJT forum and put on page 4.

Just looking for comment/advice from my last post.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.