Can't check Enable Malicious Website Blocking on Trial

sub6fix · July 2, 2013

On the recommendation of a friend to try your software, I installed Malwarebytes anti Malware Pro (Trial) and have 13 days remaining. I can't, however, seem to get the "Enable malicious website blocking" check box to actually check/enable. Meanwhile, the Malwarebytes icon in the taskbar remains grey indicating that it is not fully enabled. Please advise.

Maurice Naggar · July 4, 2013

Hello and welcome to the MalwareBytes forum.

My name is Maurice Naggar.

I will be helping you.

Please do a backup of any documents/personal files that you cannot afford to lose.

Malware cleanups can sometimes be unpredictable. So do a backup to Offline media as a precaution.

If this is not your computer, or if it belongs to a company or organization then please Stop and tell me.

I'll need more information to locate the source of the issue.

Please only Copy > paste the log files I ask for into main body of reply-box.

Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Close / exit Notepad.

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/index.php?showtopic=114351

Do NOT turn off the firewall

Double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

When done, DDS will open two (2) logs: DDS.txt & Attach.txt

Save both reports to your desktop.

Please post following logs in your next reply:

DDS.txt

Attach.txt

Quit all programs that you may have started.

Please disconnect any USB or external storage drives from the computer before you run this scan!

For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

For Windows XP, double-click to start.

When prompted to accept the EULA, please do so.

Wait until Prescan has finished ... <<-----

Then Click on Scan button at upper right of screen.

Wait until the Status box shows "Scan Finished"

Post the log into your next reply.

The log should be found in RKreport[1].txt on your Desktop

Do NOT press any Fix button.

Exit/Close RogueKiller

sub6fix · July 6, 2013

I can't check the box to enable malicious website blocking. As per the "I'm infected - What do I do now?" forum that I was directed to, here's the DDS.txt and attach.txt files. Thank you in advance for your help.

attach.txt

dds.txt

sub6fix · July 7, 2013

I can't check the box to enable malicious website blocking. As per the "I'm infected - What do I do now?" forum that I was directed to, here's the DDS.txt and attach.txt files. Thank you in advance for your help.

dds.txt

attach.txt

sub6fix · July 7, 2013

RogueKiller report

RKreport0_S_07072013_100411.txt

Maurice Naggar · July 7, 2013

The roguekiller report is good, as apparently the DDS.

Please do this sequence to redo MBAM install, using the steps outlined here.

First, close and save any open documents, and close any of your open windows-apps.

Download and SAVE & then run mbam-clean.exe from http://www.malwarebytes.org/mbam-clean.exe

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see => How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

http://www.bleepingcomputer.com/forums/index.php?showtopic=114351

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from http://downloads.malwarebytes.org/file/mbam

Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's http://forums.malwarebytes.org/index.php?showtopic=10138

Re-enable the anti-virus application that you turned off before.

sub6fix · July 8, 2013

Ok, cleaned, downloaded and reinstalled. Problem still remains, with only 7 days showing as remaining in the trial.

Maurice Naggar · July 8, 2013

I'll need more information for review.

Step 1

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Step 2

Download Security Check by screen317 and save it to your Desktop: here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 3

Download mbam-check.exe from >>> here <<<and save it to your desktop
On Vista/Windows 7, Right-click on mbam-check.exe & select Run as Administrator & allow to Run.
On XP,Double-click on mbam-check.exe to run it.
It should then open a log file CheckResults.txt
Please copy and paste the entire contents of the log into your next post, or, if you prefer, you may attach the CheckResults.txt file located on your desktop instead

Step 4

Then copy/paste the following into your post (in order):

the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt
the contents of CheckResults.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

sub6fix · July 8, 2013

Sorry, I had to attach the files because when copying the contents into the text field, an error came up when I clicked Post stating post too long.

sub6fix · July 8, 2013

Ugh, I just read the bottom of your last posts so here are the reports contents:

OTL.txt:

OTL logfile created on: 7/8/2013 10:25:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Stephen K. Hansen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 489.20 Mb Available Physical Memory | 47.87% Memory free
1.66 Gb Paging File | 1.30 Gb Available in Paging File | 78.50% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 6.34 Gb Free Space | 8.93% Space Free | Partition Type: NTFS

Computer Name: STEVETUDOR | User Name: Stephen K. Hansen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/08 10:25:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephen K. Hansen\Desktop\OTL.exe
PRC - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/04/19 16:45:52 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

========== Modules (No Company Name) ==========

MOD - [2004/04/19 16:46:00 | 000,094,208 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\TrackUtils.dll
MOD - [2004/04/19 16:45:56 | 000,368,640 | ---- | M] () -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\CoreDll.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/30 08:58:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/10/22 13:42:44 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2004/01/05 03:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\L6TPortA.sys -- (L6TPortA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\l6dp.sys -- (L6DP)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\STEPHE~1.HAN\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2005/05/02 09:38:43 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005/03/12 19:48:08 | 000,243,456 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys -- (rt2500usb)
DRV - [2004/11/10 20:32:28 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/05 13:25:38 | 000,381,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMA02.sys -- (PRISM_A02)
DRV - [2004/07/27 11:20:46 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\ANIO.sys -- (ANIO)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/06/09 10:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DDMI2.sys -- (SDDMI2)
DRV - [2004/04/15 13:31:02 | 000,101,480 | ---- | M] (Visual Networks) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\IPVNMon.sys -- (IPVNMon)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/08/10 23:48:04 | 000,177,664 | R--- | M] (2wire) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wltwo51b.sys -- (wltwo51b)
DRV - [2003/04/17 23:48:09 | 000,068,672 | R--- | M] (2Wire, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\2WirePCP.sys -- (2WIREPCP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 B5 8D AD A5 76 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

[2009/06/23 14:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen K. Hansen\Application Data\Mozilla\Extensions
[2009/06/23 14:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen K. Hansen\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2013/07/01 12:19:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html File not found
O15 - HKCU\..Trusted Domains: cascades.com ([satellite] https in Trusted sites)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1372597214734 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86499569-38CF-4F24-8CCB-6FB765E58997}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CB21A-6C0C-426A-A89D-B3ECACA2626C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CB21A-6C0C-426A-A89D-B3ECACA2626C}: Domain = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DE7A5CA-798B-4DBD-BC19-D80C97B7EF82}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DF04FA-7E85-431C-8A50-D0CE6A51E319}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/08 10:25:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stephen K. Hansen\Desktop\OTL.exe
[2013/07/07 23:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen K. Hansen\Application Data\Malwarebytes
[2013/07/07 23:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/07 23:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/07/07 23:08:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/07/07 23:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/07 23:08:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Stephen K. Hansen\Recent
[2013/07/07 23:08:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/07 02:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Malwarebytes
[2013/07/03 01:15:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1404000.028
[2013/07/03 00:09:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2013/07/02 10:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/07/01 23:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/07/01 16:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen K. Hansen\Desktop\RK_Quarantine
[2013/07/01 12:04:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/01 11:55:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/01 11:55:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/01 11:55:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/01 11:55:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/01 11:55:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/01 11:54:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Stephen K. Hansen\Start Menu\Programs\Administrative Tools
[2013/07/01 11:54:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/01 10:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2013/07/01 10:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/07/01 10:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/07/01 10:34:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2013/06/30 08:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen K. Hansen\Desktop\Stephen Hansen
[2013/06/29 13:17:50 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/06/29 13:15:49 | 000,000,000 | ---D | C] -- C:\ADK
[2013/06/26 11:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2013/06/21 07:46:23 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/06/21 07:46:23 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/06/21 07:46:23 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/08 10:26:05 | 000,890,988 | ---- | M] () -- C:\Documents and Settings\Stephen K. Hansen\Desktop\SecurityCheck.exe
[2013/07/08 10:25:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephen K. Hansen\Desktop\OTL.exe
[2013/07/08 10:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/07 23:12:29 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Stephen K. Hansen\Desktop\I'm infected - What do I do now - Malware Removal Help - Malwarebytes Forum.url
[2013/07/07 23:08:42 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/07 23:07:58 | 000,013,698 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2013/07/07 23:07:20 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/07 23:07:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2013/07/03 12:37:52 | 000,728,796 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\Cat.DB
[2013/07/02 19:22:23 | 000,484,438 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2013/07/02 19:22:23 | 000,081,248 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2013/07/01 12:19:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2013/07/01 12:04:10 | 000,000,292 | RHS- | M] () -- C:\boot.ini
[2013/06/30 08:58:14 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Stephen K. Hansen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/30 08:57:58 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/30 08:57:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/19 08:58:31 | 000,061,141 | ---- | M] () -- C:\WINDOWS\cdPlayer.ini
[2013/06/12 21:48:00 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/06/12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/06/12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/06/12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/06/12 21:35:55 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/06/12 14:28:52 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Stephen K. Hansen\Desktop\Microsoft Word.lnk
[2013/06/12 10:23:23 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013/06/12 10:23:23 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/08 10:26:04 | 000,890,988 | ---- | C] () -- C:\Documents and Settings\Stephen K. Hansen\Desktop\SecurityCheck.exe
[2013/07/07 23:08:42 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/06 14:07:22 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Stephen K. Hansen\Desktop\I'm infected - What do I do now - Malware Removal Help - Malwarebytes Forum.url
[2013/07/03 12:37:07 | 000,728,796 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\Cat.DB
[2013/07/03 01:17:53 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\VT20130115.021
[2013/07/01 12:04:10 | 000,000,176 | ---- | C] () -- C:\Boot.bak
[2013/07/01 12:04:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/01 11:55:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/01 11:55:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/01 11:55:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/01 11:55:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/01 11:55:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/01 10:33:09 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/06/12 10:23:23 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013/06/12 10:23:23 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/02/15 04:38:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/10/27 18:01:30 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Stephen K. Hansen\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/27 17:56:24 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2007/06/11 21:40:26 | 000,001,410 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/02 12:28:19 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Stephen K. Hansen\Local Settings\Application Data\fusioncache.dat
[2005/02/25 17:44:00 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Stephen K. Hansen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/10 15:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/08/22 17:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2013/02/05 08:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2007/09/26 17:04:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2009/01/14 14:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2004/11/16 15:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2012/09/30 15:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartPCScan
[2007/05/01 09:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/08/22 17:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen K. Hansen\Application Data\Ableton
[2009/07/30 08:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen K. Hansen\Application Data\Aim
[2005/09/30 10:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen K. Hansen\Application Data\Interact Commerce
[2006/01/19 18:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen K. Hansen\Application Data\Leadertech
[2011/06/17 09:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen K. Hansen\Application Data\Line 6
[2011/06/17 09:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen K. Hansen\Application Data\MSNInstaller
[2012/09/30 15:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen K. Hansen\Application Data\QuickScan
[2007/01/04 14:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen K. Hansen\Application Data\Roni Music
[2007/05/01 09:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen K. Hansen\Application Data\Viewpoint

========== Purity Check ==========

< End of report >

Extras.txt:

OTL Extras logfile created on: 7/8/2013 10:25:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Stephen K. Hansen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 489.20 Mb Available Physical Memory | 47.87% Memory free
1.66 Gb Paging File | 1.30 Gb Available in Paging File | 78.50% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 6.34 Gb Free Space | 8.93% Space Free | Partition Type: NTFS

Computer Name: STEVETUDOR | User Name: Stephen K. Hansen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1126732286\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1126732286\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\ftp.exe" = C:\WINDOWS\SYSTEM32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\RealVNC\WinVNC\winvnc.exe" = C:\Program Files\RealVNC\WinVNC\winvnc.exe:*:Enabled:VNC server for Win32 -- (RealVNC Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1C02D187-9256-4B08-92D1-82922DBE4D52}" = DAK Wave MP3 Editor PRO v3.6b
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 25
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{62F79C52-E264-44ab-ABC2-7BEA2962C70D}" = 5500Trb
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6D4E56A1-22EE-44d8-BD14-7B9FB7F80D1B}" = 5500_Help
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C23496-A105-4b6f-B8F0-22523DFE4E4E}" = 5500
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AC76BA86-7AD7-5A76-5A64-7E8A45000001}" = Adobe Reader Japanese Fonts
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDBFDD5B-50E0-4021-94AF-516B80509ABE}" = 5500Tour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"CCleaner" = CCleaner
"Click'N Design 3D" = Click'N Design 3D
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (630)
"DePopper2" = DePopper 2.x
"Equalizer" = Equalizer
"HP Photo & Imaging" = HP Image Zone 3.5
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"Snood_is1" = Snood for Windows version 3.52-W
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinVNC_is1" = VNC 3.3.5
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/29/2013 8:53:59 AM | Computer Name = STEVETUDOR | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/29/2013 8:54:00 AM | Computer Name = STEVETUDOR | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/29/2013 8:54:01 AM | Computer Name = STEVETUDOR | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/12/2013 2:47:47 PM | Computer Name = STEVETUDOR | Source = Application Hang | ID = 1002
Description = Hanging application amazing.exe, version 3.0.6.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2013 11:07:26 AM | Computer Name = STEVETUDOR | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/26/2013 11:07:26 AM | Computer Name = STEVETUDOR | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/26/2013 11:08:00 AM | Computer Name = STEVETUDOR | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 6/26/2013 11:08:00 AM | Computer Name = STEVETUDOR | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/1/2013 12:27:13 PM | Computer Name = STEVETUDOR | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 7/3/2013 12:39:14 PM | Computer Name = STEVETUDOR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 5/29/2013 9:42:55 AM | Computer Name = STEVETUDOR | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without
first being prepared for removal.

Error - 6/24/2013 5:26:02 PM | Computer Name = STEVETUDOR | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.3
with the system having network hardware address E0:B9:BA:BC:24:65. Network operations
on this system may be disrupted as a result.

Error - 6/24/2013 5:26:02 PM | Computer Name = STEVETUDOR | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.3
with the system having network hardware address E0:B9:BA:BC:24:65. Network operations
on this system may be disrupted as a result.

< End of report >

sub6fix · July 8, 2013

Checkup.txt:

Results of screen317's Security Check version 0.99.68
Windows XP Service Pack 3 x86
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Java 2 Runtime Environment, SE v1.4.2_03
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 6 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

CheckResults.txt:

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ 1.75.0.1300

Date Log Created: 07/08/13
Time Log Created: 10:41:23

User Account type: Administrator

32 bit Operating System

Product Name: REG_SZ Microsoft Windows XP

Current Build Number: 2600

Current Version Number: 5.1

Current CSDVersion: Service Pack 3

OS Product Info: Home Edition

Proxy Status: No proxy is Set

LAN Settings:
=============

No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
  h:mm:ss tt
  AM
  PM
  :

Currently:
REG_SZ  h:mm:ss tt
REG_SZ  AM
REG_SZ  PM
REG_SZ  :

Language and Regional Settings:
===============================

ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

TERMService:
==============
Type    : 32
State    : 4 (The service is running.) (State is stopped)
WIN32_EXIT_CODE  : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT  : 0
WAIT_HINT  : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\WINDOWS\SYSTEM32\spoolsv.exeREG_SZ EnableNXShowUI

Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Malwarebytes Anti-Malware REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Service and Driver Status:
==========================

MBAMProtector:
==============
Type    : 2
State    : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE  : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT  : 0
WAIT_HINT  : 0

MBAMService:
==============
Type    : 16
State    : 4 (The service is running.)
WIN32_EXIT_CODE  : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT  : 0
WAIT_HINT  : 0

MBAMScheduler:
==============
Type    : 16
State    : 4 (The service is running.)
WIN32_EXIT_CODE  : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT  : 0
WAIT_HINT  : 0

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type                          REG_DWORD  2
Start                         REG_DWORD  3
ErrorControl                  REG_DWORD  1
ImagePath                     REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys
Group                         REG_SZ  FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr

DependOnGroup                 REG_DWORD  0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ  MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ  328800
Flags                         REG_DWORD  0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security
Security                      REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
0                             REG_SZ  Root\LEGACY_MBAMPROTECTOR\0000
Count                         REG_DWORD  1
NextInstance                  REG_DWORD  1
MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type                          REG_DWORD  16
Start                         REG_DWORD  2
ErrorControl                  REG_DWORD  1
ImagePath                     REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
DependOnService               REG_MULTI_SZ MBAMProtector

DependOnGroup                 REG_DWORD  0
ObjectName                    REG_SZ  LocalSystem
Description                   REG_SZ  Malwarebytes Anti-Malware service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security
Security                      REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum
0                             REG_SZ  Root\LEGACY_MBAMSERVICE\0000
Count                         REG_DWORD  1
NextInstance                  REG_DWORD  1
MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
Type                          REG_DWORD  16
Start                         REG_DWORD  2
ErrorControl                  REG_DWORD  1
ImagePath                     REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"
ObjectName                    REG_SZ  LocalSystem
Description                   REG_SZ  Malwarebytes Anti-Malware scheduler
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Security
Security                      REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Enum
0                             REG_SZ  Root\LEGACY_MBAMSCHEDULER\0000
Count                         REG_DWORD  1
NextInstance                  REG_DWORD  1

MBAM DLL's and Runtime Files:
=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
(Default): REG_SZ vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
(Default): REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer
(Default): REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
(Default): REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ  SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ  SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ  1.0

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ  SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ  Apartment
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ  SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ  1.0

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ  SSubTimer6.CTimer
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ  Apartment
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ  SSubTimer6.CTimer
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ  1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default):                    REG_SZ  vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default):                    REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default):                    REG_SZ  2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default):                    REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default):                    REG_SZ  vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default):                    REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default):                    REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ  ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ  1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ  CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ  {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ  {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ  1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default):                    REG_SZ  vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
(Default):                    REG_SZ  {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default):                    REG_SZ  {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default):                    REG_SZ  {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version                       REG_SZ  1.1

MBAM Registry Settings and License Info:
========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware
advancedheuristics            REG_DWORD  1
downloadprogram               REG_DWORD  1
hidereg                       REG_DWORD  0
detectp2p                     REG_DWORD  0
detectpum                     REG_DWORD  1
detectpup                     REG_DWORD  2
updatewarn                    REG_DWORD  1
updatewarndays                REG_DWORD  7
useproxy                      REG_DWORD  0
useauthentication             REG_DWORD  0
contextmenu                   REG_DWORD  1
reportthreats                 REG_DWORD  1
startwithwindows              REG_DWORD  1
startfsdisabled               REG_DWORD  0
startipdisabled               REG_DWORD  0
silentipmode                  REG_DWORD  0
autoquarantine                REG_DWORD  1
notifyinstallprogram          REG_DWORD  1
trialpromptshown              REG_DWORD  1
autoquarantinenotify          REG_DWORD  1
alwaysscanarchives            REG_DWORD  1
InstallPath                   REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware
dbdate                        REG_SZ  Mon, 08 Jul 2013 05:32:37 GMT
dbversion                     REG_SZ  v2013.07.08.02
programversion                REG_SZ  1.75.0.1300
programbuild                  REG_SZ  consumer
trialended                    REG_DWORD  0
SchedulerQueue                REG_MULTI_SZ 49299460, 30309045, 2952007680, 1, 1 | 30309280, 1634693120
       2101252, 30309045, 2952007680, 1, 1 | 30309282, 1679822734

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware (Trial)
TrialId                       There is data here but it is hidden.
StartDate                     REG_SZ  Mon, 01 Jul 2013 20:05:57 UTC
EndDate                       REG_SZ  Mon, 15 Jul 2013 20:05:57 UTC

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD  1
alwaysscanheuristics          REG_DWORD  1
alwaysscanmemory              REG_DWORD  1
alwaysscanregistry            REG_DWORD  1
alwaysscanstartups            REG_DWORD  1
autosavelog                   REG_DWORD  1
openlog                       REG_DWORD  1
defaultscan                   REG_DWORD  0
terminateie                   REG_DWORD  0
Language                      REG_SZ  English.lng
selectedrives                 REG_SZ  C:\|
HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD  1
alwaysscanheuristics          REG_DWORD  1
alwaysscanmemory              REG_DWORD  1
alwaysscanregistry            REG_DWORD  1
alwaysscanstartups            REG_DWORD  1
autosavelog                   REG_DWORD  1
openlog                       REG_DWORD  1
defaultscan                   REG_DWORD  0
terminateie                   REG_DWORD  0
selectedrives                 REG_SZ  C:\|
HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD  1
alwaysscanheuristics          REG_DWORD  1
alwaysscanmemory              REG_DWORD  1
alwaysscanregistry            REG_DWORD  1
alwaysscanstartups            REG_DWORD  1
autosavelog                   REG_DWORD  1
openlog                       REG_DWORD  1
defaultscan                   REG_DWORD  0
terminateie                   REG_DWORD  0
selectedrives                 REG_SZ  C:\|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
Inno Setup: Setup Version     REG_SZ  5.5.3-dev (a)
Inno Setup: App Path          REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware
InstallLocation               REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware\
Inno Setup: Icon Group        REG_SZ  Malwarebytes' Anti-Malware
Inno Setup: User              REG_SZ  Stephen K. Hansen
Inno Setup: Selected Tasks    REG_SZ  desktopicon
Inno Setup: Deselected Tasks REG_SZ  quicklaunchicon
Inno Setup: Language          REG_SZ  English
DisplayName                   REG_SZ  Malwarebytes Anti-Malware version 1.75.0.1300
DisplayIcon                   REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
UninstallString               REG_SZ  "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
QuietUninstallString          REG_SZ  "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT
DisplayVersion                REG_SZ  1.75.0.1300
Publisher                     REG_SZ  Malwarebytes Corporation
URLInfoAbout                  REG_SZ  http://www.malwarebytes.org
NoModify                      REG_DWORD  1
NoRepair                      REG_DWORD  1
InstallDate                   REG_SZ  20130707
MajorVersion                  REG_DWORD  1
MinorVersion                  REG_DWORD  75

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Scheduler Queue:
================

Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
(Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
(Default):                    REG_SZ  MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
(Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
(Default):                    REG_SZ  IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid
(Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
(Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
(Default):                    REG_SZ  {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
Version                       REG_SZ  1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
(Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
(Default):                    REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
ThreadingModel                REG_SZ  Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
(Default):                    REG_SZ  MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
(Default):                    REG_SZ  {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
(Default):                    REG_SZ  MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ  MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
(Default):                    REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ  C:\Program Files\Malwarebytes' Anti-Malware\

MBAM Drivers:
=============

C:\WINDOWS\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0

Required Dependencies:
======================

fltmgr:
==============
Type    : 2
State    : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE  : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT  : 0
WAIT_HINT  : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
Type                          REG_DWORD  2
Start                         REG_DWORD  0
ErrorControl                  REG_DWORD  1
Tag                           REG_DWORD  1
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
DisplayName                   REG_SZ  FltMgr
Group                         REG_SZ  FSFilter Infrastructure
Description                   REG_SZ  File System Filter Manager Driver
AttachWhenLoaded              REG_DWORD  1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security
Security                      REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ  Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD  1
NextInstance                  REG_DWORD  1
C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792    BYTES FileVersion: 5.1.2600.5512
C:\WINDOWS\system32\comctl32.ocx File Size: 608448    BYTES FileVersion: 6.0.81.5
C:\WINDOWS\system32\mscomctl.ocx File Size: 1066176   BYTES FileVersion: 6.0.88.62
C:\WINDOWS\system32\olepro32.dll File Size: 84992     BYTES FileVersion: 5.1.2600.5512

List of MBAM Related Directories:
=================================

C:\Program Files\Malwarebytes' Anti-Malware
7z.dll                        File Size:    914432 BYTES FileVersion: 9.20.0.0
changes.txt                   File Size:       200 BYTES
license.rtf                   File Size:     17916 BYTES
mbam.chm                      File Size:    474148 BYTES
mbam.dll                      File Size:    527944 BYTES FileVersion: 1.70.0.0
mbam.exe                      File Size:    887432 BYTES FileVersion: 1.75.0.1
mbamcore.dll                  File Size:   1127496 BYTES FileVersion: 1.70.0.0
mbamext.dll                   File Size:     80968 BYTES FileVersion: 1.70.0.0
mbamgui.exe                   File Size:    532040 BYTES FileVersion: 1.70.0.0
mbamnet.dll                   File Size:   2191944 BYTES FileVersion: 1.70.0.0
mbampt.exe                    File Size:     40008 BYTES FileVersion: 1.70.0.0
mbamscheduler.exe             File Size:    418376 BYTES FileVersion: 1.70.0.0
mbamservice.exe               File Size:    701512 BYTES FileVersion: 1.70.0.0
ssubtmr6.dll                  File Size:     46416 BYTES FileVersion: 1.1.0.3
unins000.dat                  File Size:     15707 BYTES
unins000.exe                  File Size:    712264 BYTES FileVersion: 51.52.0.0
unins000.msg                  File Size:     11277 BYTES
vbalsgrid6.ocx                File Size:    496976 BYTES FileVersion: 2.0.0.40

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon
chameleon.chm                 File Size:    186068 BYTES
firefox.com                   File Size:    218184 BYTES
firefox.exe                   File Size:    218184 BYTES
firefox.pif                   File Size:    218184 BYTES
firefox.scr                   File Size:    218184 BYTES
iexplore.exe                  File Size:    218184 BYTES
mbam-chameleon.com            File Size:    218184 BYTES
mbam-chameleon.exe            File Size:    218184 BYTES
mbam-chameleon.pif            File Size:    218184 BYTES
mbam-chameleon.scr            File Size:    218184 BYTES
mbam-killer.exe               File Size:    896072 BYTES
rundll32.exe                  File Size:    218184 BYTES
svchost.exe                   File Size:    218184 BYTES
winlogon.exe                  File Size:    218184 BYTES

C:\Program Files\Malwarebytes' Anti-Malware\Languages
arabic.lng                    File Size:     21894 BYTES
belarusian.lng                File Size:     26884 BYTES
bosnian.lng                   File Size:     27108 BYTES
bulgarian.lng                 File Size:     27574 BYTES
catalan.lng                   File Size:     28252 BYTES
chineseSI.lng                 File Size:     11024 BYTES
chineseTR.lng                 File Size:     11952 BYTES
croatian.lng                  File Size:     26670 BYTES
czech.lng                     File Size:     24874 BYTES
danish.lng                    File Size:     26582 BYTES
dutch.lng                     File Size:     28342 BYTES
english.lng                   File Size:     24542 BYTES
estonian.lng                  File Size:     25146 BYTES
finnish.lng                   File Size:     25950 BYTES
french.lng                    File Size:     29830 BYTES
german.lng                    File Size:     29894 BYTES
greek.lng                     File Size:     29300 BYTES
hebrew.lng                    File Size:     19362 BYTES
hungarian.lng                 File Size:     28666 BYTES
indonesian.lng                File Size:     26854 BYTES
italian.lng                   File Size:     28194 BYTES
japanese.lng                  File Size:     16266 BYTES
korean.lng                    File Size:     14188 BYTES
latvian.lng                   File Size:     27100 BYTES
lithuanian.lng                File Size:     27838 BYTES
norwegian.lng                 File Size:     25116 BYTES
polish.lng                    File Size:     26644 BYTES
portugueseBR.lng              File Size:     28654 BYTES
portuguesePT.lng              File Size:     29062 BYTES
romanian.lng                  File Size:     28290 BYTES
russian.lng                   File Size:     27302 BYTES
serbian.lng                   File Size:     26804 BYTES
slovak.lng                    File Size:     25644 BYTES
slovenian.lng                 File Size:     24852 BYTES
spanish.lng                   File Size:     30060 BYTES
swedish.lng                   File Size:     25992 BYTES
thai.lng                      File Size:     26092 BYTES
turkish.lng                   File Size:     25876 BYTES
vietnamese.lng                File Size:     29528 BYTES

C:\Documents and Settings\Stephen K. Hansen\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

C:\Documents and Settings\Stephen K. Hansen\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

C:\Documents and Settings\Stephen K. Hansen\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================
END OF FILE

Maurice Naggar · July 9, 2013

Do these next:

1

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.

The safety scanner log should be called msert.txt

It should be located in the same folder as where you had msert.exe

If not there, then look for it under c:\windows

2

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830

3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}

Press the ESET Online scanner" button
Check the I accept the terms box. Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Un-check the Remove found threats option.
Checkmark Scan Archives option.
Click on Advanced Settings and checkmark the following
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology
click Scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://www.eset.com/onlinescan/cac4.php?page=faq
Use of Internet Explorer for the online scan is preferred. If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log.

4

I need a current status on the setting of Website blocking.

sub6fix · July 10, 2013

MSERT.txt
---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.153.1656.0)
Started On Tue Jul 09 22:29:57 2013

Extended Scan Results
----------------
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
Threat detected: TrojanDropper:Java/Beyond.gen!A

        SHA1:   550D0F732CFEB0E6B6A12EB19542CC82000AF3CE

        SHA1:   550D0F732CFEB0E6B6A12EB19542CC82000AF3CE
    file://C:\Documents and Settings\Stephen K. Hansen\Application Data\Sun\Java\Deployment\cache\6.0\31\6abdaa1f-6cbd4ff4->Beyond.class
        SigSeq: 0x0002FC2977AAD802
        SHA1:   45E39F06F5F912048CF03C902C81A23CABE8ED4C
    file://C:\Documents and Settings\Stephen K. Hansen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-745e56b8.zip->Beyond.class
        SigSeq: 0x0002FC2977AAD802
        SHA1:   45E39F06F5F912048CF03C902C81A23CABE8ED4C
Threat detected: TrojanDownloader:ASX/Wimad.AZ

        SHA1:   B23A3BC3E038B8477AF8EC80D4EA1AF6A8D35DD9
    file://C:\Documents and Settings\Stephen K. Hansen\Shared\grey street dave matthews band.mp3->(ASF_Script_Commands)
        SigSeq: 0x00003C296385F677
        SHA1:   B23A3BC3E038B8477AF8EC80D4EA1AF6A8D35DD9
Threat detected: TrojanDownloader:ASX/Wimad.BZ

        SHA1:   AE04B52E491EFFE4ADC67B0F8364361111483F8C
    file://C:\Documents and Settings\Stephen K. Hansen\Shared\Stevie ray Vaughan Look at (Full version).wma->(ASF_Script_Commands)
        SigSeq: 0x00004F29C1FA3C22
        SHA1:   AE04B52E491EFFE4ADC67B0F8364361111483F8C
Threat detected: TrojanClicker:ASX/Wimad.CS
    file://C:\Documents and Settings\Stephen K. Hansen\Shared\Elenore The Turtles (greatest hit 2009).wma
        SigSeq: 0x00003C290498BD61
        SHA1:   6CE793163BE376408FF58DF3DF28E14516E15875

Extended Scan Removal Results
----------------
Start 'remove' for file://\\?\C:\Documents and Settings\Stephen K. Hansen\Shared\Stevie ray Vaughan Look at (Full version).wma->(ASF_Script_Commands)
Operation succeeded !

Start 'remove' for file://\\?\C:\Documents and Settings\Stephen K. Hansen\Shared\grey street dave matthews band.mp3->(ASF_Script_Commands)
Operation succeeded !

Start 'remove' for file://\\?\C:\Documents and Settings\Stephen K. Hansen\Shared\Elenore The Turtles (greatest hit 2009).wma
Operation succeeded !

Start 'remove' for file://\\?\C:\Documents and Settings\Stephen K. Hansen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a26-745e56b8.zip->Beyond.class
Operation succeeded !

Start 'remove' for file://\\?\C:\Documents and Settings\Stephen K. Hansen\Application Data\Sun\Java\Deployment\cache\6.0\31\6abdaa1f-6cbd4ff4->Beyond.class
Operation succeeded !

Results Summary:
----------------
Found TrojanClicker:ASX/Wimad.CS and Removed!
Found TrojanDownloader:ASX/Wimad.AZ and Removed!
Found TrojanDownloader:ASX/Wimad.BZ and Removed!
Found TrojanDropper:Java/Beyond.gen!A and Removed!
Microsoft Safety Scanner Finished On Wed Jul 10 00:43:39 2013

Return code: 6 (0x6)

MRT.log
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
Started On Wed Jul 10 00:52:21 2013

Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 10 00:52:38 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
Started On Wed Jul 10 00:52:49 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 10 04:28:03 2013

Return code: 0 (0x0)

LOG.txt

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=22121bbde6b6cd4fa720efe5095e836a
# engine=14340
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-10 12:23:39
# local_time=2013-07-10 08:23:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=88805
# found=0
# cleaned=0
# scan_time=4423

4: Still not enabling

Maurice Naggar · July 12, 2013

The MSRT tool found some trojans.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Sub6fix only. If you are a casual viewer, do NOT try this on your system!

If you are not Sub6fix and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

Disable your AntiVirus and AntiSpyware

applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on Combo-Fix.exe accept the EULA & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
Notes:
[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion
....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.
[2] Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.
[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh
Reply & Copy / Paste the contents of C:\Combofix.txt log
and tell me, How is the system now
RE-Enable your AntiVirus and AntiSpyware applications.

sub6fix · July 12, 2013

ComboFix 13-07-12.01 - Stephen K. Hansen 07/12/2013 12:06:18.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.718 [GMT -4:00]
Running from: c:\adk\installs\humps.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-12 to 2013-07-12 )))))))))))))))))))))))))))))))
.
.
2013-07-11 02:16 . 2013-07-11 02:16 -------- d-----w- c:\documents and settings\Stephen K. Hansen\Application Data\Malwarebytes
2013-07-11 02:16 . 2013-07-11 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-07-11 02:16 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-11 02:16 . 2013-07-11 02:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-11 02:13 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-07-11 02:13 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-07-10 08:32 . 2013-07-10 08:32 -------- d-----w- c:\program files\ESET
2013-07-08 16:26 . 2013-07-08 16:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-08 16:21 . 2013-07-08 16:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-08 16:21 . 2013-07-08 16:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-07 06:00 . 2013-07-07 06:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Malwarebytes
2013-07-03 04:09 . 2013-07-03 16:39 -------- d-----w- c:\windows\system32\drivers\NIS
2013-07-02 14:18 . 2013-07-02 14:18 -------- d-----w- c:\program files\Microsoft.NET
2013-07-02 03:41 . 2013-07-02 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-01 14:34 . 2013-07-01 14:34 -------- d-----w- c:\windows\system32\winrm
2013-07-01 14:34 . 2013-07-01 14:34 -------- d-----w- c:\windows\system32\GroupPolicy
2013-07-01 14:34 . 2013-07-01 14:34 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-07-01 14:33 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-06-29 17:15 . 2013-07-06 18:11 -------- d-----w- C:\ADK
2013-06-26 15:08 . 2013-06-26 15:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-08 16:26 . 2013-04-18 12:06 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-08 16:26 . 2012-10-24 12:07 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-08 16:26 . 2010-08-19 18:07 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 14:23 . 2013-06-12 14:23 1409 ----a-w- c:\windows\QTFont.for
2013-06-08 03:55 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-12 14:09 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-12 13:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-12 14:03 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-12 14:09 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 04:28 . 2006-10-19 02:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:26 . 2004-08-12 14:02 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^2Wire Wireless Client Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client Manager.lnk
backup=c:\windows\pss\2Wire Wireless Client Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Stephen K. Hansen^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\Stephen K. Hansen\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Stephen K. Hansen^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\Stephen K. Hansen\Start Menu\Programs\Startup\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2004-10-22 17:42 45056 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
2004-11-19 13:15 1216512 ----a-w- c:\program files\D-Link\AirPlus G\AirGCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 13:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 23:37 229437 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-08-13 07:05 122939 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvMon.exe]
2007-10-20 12:53 53248 ------w- c:\windows\SYSTEM32\DrvMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 03:11 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-07-28 13:43 188416 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 14:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 14:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-19 20:45 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-04-19 20:45 131072 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 ----a-w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-16 15:54 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\ftp.exe"=
"c:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 2:19 PM 24652]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [7/10/2013 10:16 PM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2013 10:16 PM 701512]
S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys --> c:\windows\system32\Drivers\l6dp.sys [?]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA.sys --> c:\windows\system32\Drivers\L6TPortA.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [7/10/2013 10:16 PM 22856]
S4 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [11/16/2004 12:11 PM 17792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSCHEDULER
*NewlyCreated* - MBAMSERVICE
*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-08 16:21]
.
.
------- Supplementary Scan -------
.

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
Trusted Zone: cascades.com\satellite
Trusted Zone: line6.net
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_11\bin\jusched.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-12 12:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1516)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-07-12 12:17:14
ComboFix-quarantined-files.txt 2013-07-12 16:16
.
Pre-Run: 5,357,600,768 bytes free
Post-Run: 5,634,375,680 bytes free
.
- - End Of File - - 76BDF36E516424B6E5E0EAA8CE5A0DCD
B16A2359F4962B0C622D81A1C1F4B703

sub6fix · July 12, 2013

Enable Malicious Website Blocking is now working.

sub6fix · July 12, 2013

Scratch that. I was a little overreactive thinking it was going to work, when in fact it simply enable momentarily then went off again.

Maurice Naggar · July 13, 2013

Please "exclude" (i.e., put Trust settings) for the following MBAM exe files within your Antivirus Software :

Note: If using a software firewall besides the built in "Windows Firewall" you'll need to exclude them from it as well

For 32-bit Windows Vista or Windows 7 or Windows XP:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

For 64 bit versions of Windows Vista or Windows 7 or Windows 8:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE and MBAMSERVICE.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

sub6fix · July 13, 2013

There is no antivirus software currently installed.

Maurice Naggar · July 14, 2013

Your system must have one, otherwise the integrity & safety of your system may well have been compromised by viruses.

Every system should have an antivirus.

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

IF cost is an issue,

free good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

and Comodo antivirus www.comodo.com/home/internet-security/antivirus.php

Choose one of them.

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

AFTER the a-v is installed:

a) make an Update run to get all current

b) then do a Full scan with it

Given the fact that this sys had -no- antivirus installed, now I am not at all surprised that there is this quirky issue. Honestly, in situations like this I would normally recommend that the box be wiped / and that Windows and all apps be installed from scratch.

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

sub6fix · July 14, 2013

I'll reemphasize the word "currently" in my last statement. I had Norton Internet Security installed with an active subscription, but uninstalled it when beginning to troubleshoot this problem to eliminate it from the possibility of conflict. Norton states that Malwarebytes is not compatible with Norton Internet Securitywhen you install NIS and Malwarebytes is already installed. Besides, I did notice that the ESET antivirus that you recommended I run produced zero results in the log.txt. Am I making sence here or no?

Maurice Naggar · July 14, 2013

The thread has been on for a good bit. Not surprisingly, I did not recall N I S

Then disregard my last reply.

Know that most all antivirus apps (when installing the a-v) "squawk" (complain) if they see MBAM already installed on system or perhaps may even complain at the time you install MBAM.

a) Turn off temporarily your a-v "before" starting the setup of MBAM

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

b) IF NIS is not now installed, you install it 1st, when all done, turn it off (just only turn off) and then you setup MBAM.

when that is completed, you go back and turn on NIS

c) In most recent past, NIS has had issues (uncalled for) about MBAM.

Norton 360

http://community.norton.com/t5/Norton-360/Product-Update-20-4-of-Norton-360/m-p/973711/highlight/true#M92142

Norton Internet Security

http://community.norton.com/t5/Norton-Internet-Security-Norton/Product-Update-20-4-of-Norton-Internet-Security-and-Norton/m-p/973707#U973707

sub6fix · July 15, 2013

Ok did the following:

1. uninstalled MBAM

2. installed NIS

3. Performed Live Update to bring NIS up to the 20.4.0.40 version that is said to be compatible with MBAM in the last link provided

4. diabled (turn off) NIS Anti-virus Auto-Protect and Smart Firewall

5. reinstalled MBAM

6. Still can't Enable malicious website blocking.

Please advise.

Maurice Naggar · July 15, 2013

Please "exclude" (i.e., put Trust settings) for the following MBAM exe files within your Norton A-V + Firewall Software :

Note: If using a software firewall besides the built in "Windows Firewall" you'll need to exclude them from it as well

For 32-bit Windows Vista or Windows 7 or Windows XP:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

For 64 bit versions of Windows Vista or Windows 7 or Windows 8:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE and MBAMSERVICE.EXE from it as well

Review the examples / templates mentioned in the FAQ's http://forums.malwarebytes.org/index.php?showtopic=10138

sub6fix · July 18, 2013

Forgive me if I sound naïve, but why would I need to install AV and a firewall only to set exclusions? Aren't these exclusions inherent when there isn't an AV or firewall installed? Anyhow, I made these exclusions in N I S in both the AV and firewall portions of the program, restarted to assure changes would take effect, and attempted to Enable Malicious Website Blocking. No success and the trial has run out. That is very unfortunate.

Can't check Enable Malicious Website Blocking on Trial

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information