Jump to content

infinite loop of two dialog boxes


cakloss

Recommended Posts

DEP is present after the reboot. 

 

The repair log follows:

 

Starting Repairs...
   Start (9/18/2013 11:53:57 AM)
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (9/18/2013 11:53:57 AM)
   Running Repair Under Current User Account
   Done (9/18/2013 11:54:17 AM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (9/18/2013 11:54:17 AM)
   Running Repair Under System Account
   Done (9/18/2013 11:55:40 AM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (9/18/2013 11:55:40 AM)
   Running Repair Under System Account
   Done (9/18/2013 11:56:17 AM)
 
02 - Reset File Permissions 01/14
   C:\AdwCleaner & Sub Folders
   Start (9/18/2013 11:56:17 AM)
   Running Repair Under System Account
   Done (9/18/2013 11:56:20 AM)
 
02 - Reset File Permissions 02/14
   C:\Brother & Sub Folders
   Start (9/18/2013 11:56:20 AM)
   Running Repair Under System Account
   Done (9/18/2013 11:56:22 AM)
 
02 - Reset File Permissions 03/14
   C:\CAD & Sub Folders
   Start (9/18/2013 11:56:22 AM)
   Running Repair Under System Account
   Done (9/18/2013 11:56:59 AM)
 
02 - Reset File Permissions 04/14
   C:\cmdcons & Sub Folders
   Start (9/18/2013 11:56:59 AM)
   Running Repair Under System Account
   Done (9/18/2013 11:57:02 AM)
 
02 - Reset File Permissions 05/14
   C:\Config.Msi & Sub Folders
   Start (9/18/2013 11:57:02 AM)
   Running Repair Under System Account
   Done (9/18/2013 11:57:04 AM)
 
02 - Reset File Permissions 06/14
   C:\FRST & Sub Folders
   Start (9/18/2013 11:57:04 AM)
   Running Repair Under System Account
   Done (9/18/2013 11:57:06 AM)
 
02 - Reset File Permissions 07/14
   C:\I386 & Sub Folders
   Start (9/18/2013 11:57:06 AM)
   Running Repair Under System Account
   Done (9/18/2013 11:57:13 AM)
 
02 - Reset File Permissions 08/14
   C:\MSOCache & Sub Folders
   Start (9/18/2013 11:57:13 AM)
   Running Repair Under System Account
   Done (9/18/2013 11:57:15 AM)
 
02 - Reset File Permissions 09/14
   C:\Program Files & Sub Folders
   Start (9/18/2013 11:57:15 AM)
   Running Repair Under System Account
   Done (9/18/2013 12:01:56 PM)
 
02 - Reset File Permissions 10/14
   C:\Qoobox & Sub Folders
   Start (9/18/2013 12:01:56 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:01:59 PM)
 
02 - Reset File Permissions 11/14
   C:\Sandbox & Sub Folders
   Start (9/18/2013 12:01:59 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:02:22 PM)
 
02 - Reset File Permissions 12/14
   C:\SUPPORT & Sub Folders
   Start (9/18/2013 12:02:22 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:02:24 PM)
 
02 - Reset File Permissions 13/14
   C:\VALUEADD & Sub Folders
   Start (9/18/2013 12:02:24 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:02:26 PM)
 
02 - Reset File Permissions 14/14
   C:\WINXP & Sub Folders
   Start (9/18/2013 12:02:26 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:05:22 PM)
 
02 - Reset File Permissions 01/01
   E:\90112cb1165de1bbcb & Sub Folders
   Start (9/18/2013 12:05:22 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:05:24 PM)
 
02 - Reset File Permissions 01/05
   F:\BACKUPS & Sub Folders
   Start (9/18/2013 12:05:24 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:07:53 PM)
 
02 - Reset File Permissions 02/05
   F:\DL & Sub Folders
   Start (9/18/2013 12:07:53 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:24:21 PM)
 
02 - Reset File Permissions 03/05
   F:\Hal & Sub Folders
   Start (9/18/2013 12:24:21 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:24:52 PM)
 
02 - Reset File Permissions 04/05
   F:\Sam & Sub Folders
   Start (9/18/2013 12:24:52 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:24:54 PM)
 
02 - Reset File Permissions 05/05
   F:\Toms Computer Data & Sub Folders
   Start (9/18/2013 12:24:54 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:26:32 PM)
 
03 - Register System Files
   Start (9/18/2013 12:26:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:28:00 PM)
 
04 - Repair WMI
   Start (9/18/2013 12:28:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:31:00 PM)
 
05 - Repair Windows Firewall
   Start (9/18/2013 12:31:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:31:13 PM)
 
06 - Repair Internet Explorer
   Start (9/18/2013 12:31:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:32:49 PM)
 
07 - Repair MDAC/MS Jet
   Start (9/18/2013 12:32:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:33:00 PM)
 
08 - Repair Hosts File
   Start (9/18/2013 12:33:00 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:33:02 PM)
 
09 - Remove Policies Set By Infections
   Start (9/18/2013 12:33:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:33:07 PM)
 
11 - Repair Icons
   Start (9/18/2013 12:33:07 PM)
   Running Repair Under System Account
   Done (9/18/2013 12:33:09 PM)
 
12 - Repair Winsock & DNS Cache
   Start (9/18/2013 12:33:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:33:22 PM)
 
14 - Repair Proxy Settings
   Start (9/18/2013 12:33:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:33:27 PM)
 
16 - Repair Windows Updates
   Start (9/18/2013 12:33:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:34:24 PM)
 
17 - Repair CD/DVD Missing/Not Working
   Start (9/18/2013 12:34:24 PM)
   Done (9/18/2013 12:34:24 PM)
 
18 - Repair Volume Shadow Copy Service
   Start (9/18/2013 12:34:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:34:43 PM)
 
20 - Repair MSI (Windows Installer)
   Start (9/18/2013 12:34:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:34:56 PM)
 
22.01 - Repair bat Association
   Start (9/18/2013 12:34:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:01 PM)
 
22.02 - Repair cmd Association
   Start (9/18/2013 12:35:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:05 PM)
 
22.03 - Repair com Association
   Start (9/18/2013 12:35:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:10 PM)
 
22.04 - Repair Directory Association
   Start (9/18/2013 12:35:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:14 PM)
 
22.05 - Repair Drive Association
   Start (9/18/2013 12:35:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:19 PM)
 
22.06 - Repair exe Association
   Start (9/18/2013 12:35:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:24 PM)
 
22.07 - Repair Folder Association
   Start (9/18/2013 12:35:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:28 PM)
 
22.08 - Repair inf Association
   Start (9/18/2013 12:35:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:33 PM)
 
22.09 - Repair lnk (Shortcuts) Association
   Start (9/18/2013 12:35:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:38 PM)
 
22.10 - Repair msc Association
   Start (9/18/2013 12:35:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:42 PM)
 
22.11 - Repair reg Association
   Start (9/18/2013 12:35:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:47 PM)
 
22.12 - Repair scr Association
   Start (9/18/2013 12:35:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:51 PM)
 
23 - Repair Windows Safe Mode
   Start (9/18/2013 12:35:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:35:56 PM)
 
24 - Repair Print Spooler
   Start (9/18/2013 12:35:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:36:09 PM)
 
25 - Restore Important Windows Services
   Start (9/18/2013 12:36:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:36:13 PM)
 
26 - Set Windows Services To Default Startup
   Start (9/18/2013 12:36:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (9/18/2013 12:36:28 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done (9/18/2013 12:36:28 PM)
   Total Repair Time: 00:42:31
 
 
...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Here is the log

 

mbam-check result log version: 2.0.0.1000Malwarebytes Version: REG_SZ		1.75.0.1300Date Log Created: 09/18/13Time Log Created: 08:43:49User Account type: Administrator32 bit Operating SystemProduct Name: REG_SZ		Microsoft Windows XPCurrent Build Number: 2600Current Version Number: 5.1Current CSDVersion: Service Pack 3OS Product Info: ProfessionalProxy Status: No proxy is SetLAN Settings:=============No Settings are Set		<--NOT DETECTING SETTING AUTOMATICALLYSystemPartition:================HKEY_LOCAL_MACHINE\SYSTEM\Setup\	SystemPartition	REG_SZ		\Device\HarddiskVolume1Balloon Tips Status:====================EnabledTime Format Settings:=====================Should be:		h:mm:ss tt		AM 		PM 		:Currently:REG_SZ		h:mm:ss ttREG_SZ		AMREG_SZ		PMREG_SZ		:Language and Regional Settings:===============================ACP: 	Language is English (United States)MACCP: 	Language is English (United States)OEMCP: 	Language is English (United States)Startup Folders for Error_Expanding_Variables Check:====================================================All Users Startup Folder Exists.Current User's startup Folder Exists.Terminal Services Status for (null) entries in PM logs and GetUserToken errors:===============================================================================TERMService:==============Type 			: 32State 			: 4 (The service is running.) (State is stopped)WIN32_EXIT_CODE		: 0SERVICE_EXIT_CODE	: 0CHECKPOINT		: 0WAIT_HINT		: 0TermService Start is set to: 3 (Manual Startup)Compatibility Flag Settings (Any MBAM file listings should be removed):=======================================================================HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers	C:\Program Files\Zoom Search Engine 6.0\ZoomIndexer.exeREG_SZ		DisableNXShowUI	C:\WINXP\explorer.exe         REG_SZ		EnableNXShowUIMalwarebytes Anti-Malware Shell Extension Block Check:======================================================HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\BlockedMBAM Startup Entries: =====================HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceService and Driver Status:==========================MBAMProtector:==============Type 			: 2State 			: 1 (The service is not running.) (State is stopped)WIN32_EXIT_CODE		: 1077SERVICE_EXIT_CODE	: 0CHECKPOINT		: 0WAIT_HINT		: 0MBAMService:==============Type 			: 16State 			: 1 (The service is not running.) (State is stopped)WIN32_EXIT_CODE		: 1077SERVICE_EXIT_CODE	: 0CHECKPOINT		: 0WAIT_HINT		: 0MBAMScheduler:==============Type 			: 16State 			: 4 (The service is running.)WIN32_EXIT_CODE		: 0SERVICE_EXIT_CODE	: 0CHECKPOINT		: 0WAIT_HINT		: 0		<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleonMBAMProtector Registry Values:==============================HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector	Type                          REG_DWORD		2	Start                         REG_DWORD		3	ErrorControl                  REG_DWORD		1	ImagePath                     REG_EXPAND_SZ	\??\C:\WINXP\system32\drivers\mbam.sys	Group                         REG_SZ		FSFilter Anti-Virus	DependOnService               REG_MULTI_SZ	FltMgr	DependOnGroup                 REG_DWORD		0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances	DefaultInstance               REG_SZ		MBAMProtector InstanceHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance	Altitude                      REG_SZ		328800	Flags                         REG_DWORD		0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security	Security                      REG_BINARY	Binary DataHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum	0                             REG_SZ		Root\LEGACY_MBAMPROTECTOR\0000	Count                         REG_DWORD		1	NextInstance                  REG_DWORD		1MBAMService Registry Values:============================HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService	Type                          REG_DWORD		16	Start                         REG_DWORD		3	ErrorControl                  REG_DWORD		1	ImagePath                     REG_EXPAND_SZ	"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"	DependOnService               REG_MULTI_SZ	MBAMProtector	DependOnGroup                 REG_DWORD		0	ObjectName                    REG_SZ		LocalSystem	Description                   REG_SZ		Malwarebytes Anti-Malware service	DisplayName                   REG_SZ		MBAMServiceHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security	Security                      REG_BINARY	Binary DataHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum	0                             REG_SZ		Root\LEGACY_MBAMSERVICE\0000	Count                         REG_DWORD		1	NextInstance                  REG_DWORD		1MBAMScheduler Registry Values:==============================HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler	Type                          REG_DWORD		16	Start                         REG_DWORD		2	ErrorControl                  REG_DWORD		1	ImagePath                     REG_EXPAND_SZ	"C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"	ObjectName                    REG_SZ		LocalSystem	Description                   REG_SZ		Malwarebytes Anti-Malware schedulerHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Security	Security                      REG_BINARY	Binary DataHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Enum	0                             REG_SZ		Root\LEGACY_MBAMSCHEDULER\0000	Count                         REG_DWORD		1	NextInstance                  REG_DWORD		1MBAM DLL's and Runtime Files:=============================HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid	(Default):                    REG_SZ		vbAccelerator Grid ControlHKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid	(Default):                    REG_SZ		{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}HKEY_CLASSES_ROOT\SSubTimer6.GSubclass	(Default):                    REG_SZ		SSubTimer6.GSubclassHKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid	(Default):                    REG_SZ		{71A27032-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\SSubTimer6.CTimer	(Default):                    REG_SZ		SSubTimer6.CTimerHKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid	(Default):                    REG_SZ		{71A27034-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\SSubTimer6.ISubclass	(Default):                    REG_SZ		SSubTimer6.ISubclassHKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid	(Default):                    REG_SZ		{71A2702F-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}	(Default):                    REG_SZ		SSubTimer6.ISubclassHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID	(Default):                    REG_SZ		SSubTimer6.ISubclassHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib	(Default):                    REG_SZ		{71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION	(Default):                    REG_SZ		1.0HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}	(Default):                    REG_SZ		SSubTimer6.GSubclassHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32	(Default):                    REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll	ThreadingModel                REG_SZ		ApartmentHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID	(Default):                    REG_SZ		SSubTimer6.GSubclassHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib	(Default):                    REG_SZ		{71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION	(Default):                    REG_SZ		1.0HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}	(Default):                    REG_SZ		SSubTimer6.CTimerHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32	(Default):                    REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll	ThreadingModel                REG_SZ		ApartmentHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID	(Default):                    REG_SZ		SSubTimer6.CTimerHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib	(Default):                    REG_SZ		{71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION	(Default):                    REG_SZ		1.0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1	(Default):                    REG_SZ		vbAccelerator VB6 SGrid Control 2.0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32	(Default):                    REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocxHKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS	(Default):                    REG_SZ		2HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR	(Default):                    REG_SZ		C:\Program Files\Malwarebytes' Anti-MalwareHKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0	(Default):                    REG_SZ		vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32	(Default):                    REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dllHKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS	(Default):                    REG_SZ		0HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR	(Default):                    REG_SZ		C:\Program Files\Malwarebytes' Anti-MalwareHKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}	(Default):                    REG_SZ		ISubclassHKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid	(Default):                    REG_SZ		{00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32	(Default):                    REG_SZ		{00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib	(Default):                    REG_SZ		{71A2702D-C7D8-11D2-BEF8-525400DFB47A}	Version                       REG_SZ		1.0HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}	(Default):                    REG_SZ		CTimerHKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid	(Default):                    REG_SZ		{00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32	(Default):                    REG_SZ		{00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib	(Default):                    REG_SZ		{71A2702D-C7D8-11D2-BEF8-525400DFB47A}	Version                       REG_SZ		1.0HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}	(Default):                    REG_SZ		vbalGridHKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid	(Default):                    REG_SZ		{00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32	(Default):                    REG_SZ		{00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib	(Default):                    REG_SZ		{DE8CE233-DD83-481D-844C-C07B96589D3A}	Version                       REG_SZ		1.1MBAM Registry Settings and License Info:========================================HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware	advancedheuristics            REG_DWORD		1	downloadprogram               REG_DWORD		1	hidereg                       REG_DWORD		0	detectp2p                     REG_DWORD		1	detectpum                     REG_DWORD		1	detectpup                     REG_DWORD		1	updatewarn                    REG_DWORD		1	updatewarndays                REG_DWORD		5	useproxy                      REG_DWORD		0	useauthentication             REG_DWORD		0	contextmenu                   REG_DWORD		1	reportthreats                 REG_DWORD		1	startwithwindows              REG_DWORD		1	startfsdisabled               REG_DWORD		0	startipdisabled               REG_DWORD		0	silentipmode                  REG_DWORD		0	autoquarantine                REG_DWORD		1	notifyinstallprogram          REG_DWORD		1	trialpromptshown              REG_DWORD		1	autoquarantinenotify          REG_DWORD		1	InstallPath                   REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware	dbdate                        REG_SZ		Tue, 17 Sep 2013 19:20:16 GMT	dbversion                     REG_SZ		v2013.09.17.09	programversion                REG_SZ		1.75.0.1300	programbuild                  REG_SZ		consumer	trialended                    REG_DWORD		0	ID                            XXXXX-XXXXX	This is hidden data.	Key                           XXXX-XXXX-XXXX-XXXX	This is hidden data.	alwaysscanarchives            REG_DWORD		1	SchedulerQueue                REG_MULTI_SZ	16392, 30322800, 1676851200, 1, 0 | 30322842, 1288224768							16388, 30323445, 3422945280, 1, 0 | 30323688, 3745892352							8196, 30322435, 1539914240, 1, 0 | 30323684, 1125761536							8196, 30322393, 1928540672, 1, 0 | 30323642, 1514387968							1085442, 30322365, 987624960, 1, 0 | 30323689, 12460554HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware (Trial)	TrialId                       	There is data here but it is hidden.	StartDate                     REG_SZ		Mon, 18 Feb 2013 21:20:21 UTC	EndDate                       REG_SZ		Mon, 04 Mar 2013 21:20:21 UTCHKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware	alwaysscanfiles               REG_DWORD		1	alwaysscanheuristics          REG_DWORD		1	alwaysscanmemory              REG_DWORD		1	alwaysscanregistry            REG_DWORD		1	alwaysscanstartups            REG_DWORD		1	autosavelog                   REG_DWORD		1	openlog                       REG_DWORD		1	defaultscan                   REG_DWORD		0	terminateie                   REG_DWORD		0	selectedrives                 REG_SZ		C:\|HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware	alwaysscanfiles               REG_DWORD		1	alwaysscanheuristics          REG_DWORD		1	alwaysscanmemory              REG_DWORD		1	alwaysscanregistry            REG_DWORD		1	alwaysscanstartups            REG_DWORD		1	autosavelog                   REG_DWORD		1	openlog                       REG_DWORD		1	defaultscan                   REG_DWORD		0	terminateie                   REG_DWORD		0HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware	alwaysscanfiles               REG_DWORD		1	alwaysscanheuristics          REG_DWORD		1	alwaysscanmemory              REG_DWORD		1	alwaysscanregistry            REG_DWORD		1	alwaysscanstartups            REG_DWORD		1	autosavelog                   REG_DWORD		1	openlog                       REG_DWORD		1	defaultscan                   REG_DWORD		0	terminateie                   REG_DWORD		0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1	Inno Setup: Setup Version     REG_SZ		5.5.3-dev (a)	Inno Setup: App Path          REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware	InstallLocation               REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware\	Inno Setup: Icon Group        REG_SZ		Malwarebytes' Anti-Malware	Inno Setup: User              REG_SZ		Hal	Inno Setup: Selected Tasks    REG_DWORD		0	Inno Setup: Deselected Tasks  REG_SZ		desktopicon,quicklaunchicon	Inno Setup: Language          REG_SZ		English	DisplayName                   REG_SZ		Malwarebytes Anti-Malware version 1.75.0.1300	DisplayIcon                   REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe	UninstallString               REG_SZ		"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"	QuietUninstallString          REG_SZ		"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT	DisplayVersion                REG_SZ		1.75.0.1300	Publisher                     REG_SZ		Malwarebytes Corporation	URLInfoAbout                  REG_SZ		http://www.malwarebytes.org	NoModify                      REG_DWORD		1	NoRepair                      REG_DWORD		1	InstallDate                   REG_SZ		20130410	MajorVersion                  REG_DWORD		1	MinorVersion                  REG_DWORD		75Pending File Rename Operations: ================================If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.Scheduler Queue:================Scheduled Item: Scan	 Schedule Options:	Full Scan	| Weekly	Start Time: 2013-09-13 11:00	 Repeating Every: 1	 Recover if missed by: 0Scheduled Item: Scan	 Schedule Options:	Full Scan	| Daily	Start Time: 2013-09-16 16:00	 Repeating Every: 1	 Recover if missed by: 0Scheduled Item: Scan	 Schedule Options:	Quick Scan	| Daily	Start Time: 2013-09-11 15:27	 Repeating Every: 1	 Recover if missed by: 0Scheduled Item: Scan	 Schedule Options:	Quick Scan	| Daily	Start Time: 2013-09-11 10:27	 Repeating Every: 1	 Recover if missed by: 0Scheduled Item: Update	 Schedule Options:	Flash Scan	| Hourly	| Silent	Start Time: 2013-09-11 07:05	 Repeating Every: 1	 Recover if missed by: 0Context Menu Entries:=====================HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt	(Default):                    REG_SZ		{57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt	(Default):                    REG_SZ		{57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt	(Default):                    REG_SZ		MBAMShlExt ClassHKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID	(Default):                    REG_SZ		{57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer	(Default):                    REG_SZ		MBAMExt.MBAMShlExt.1HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1	(Default):                    REG_SZ		MBAMShlExt ClassHKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID	(Default):                    REG_SZ		{57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}	(Default):                    REG_SZ		IMBAMShlExtHKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid	(Default):                    REG_SZ		{00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32	(Default):                    REG_SZ		{00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib	(Default):                    REG_SZ		{AFF1A83B-6C83-4342-8E68-1648DE06CB65}	Version                       REG_SZ		1.0HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}	(Default):                    REG_SZ		MBAMShlExt ClassHKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32	(Default):                    REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll	ThreadingModel                REG_SZ		ApartmentHKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID	(Default):                    REG_SZ		MBAMExt.MBAMShlExt.1HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib	(Default):                    REG_SZ		{AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID	(Default):                    REG_SZ		MBAMExt.MBAMShlExtHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0	(Default):                    REG_SZ		MBAMExt 1.0 Type LibraryHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32	(Default):                    REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dllHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS	(Default):                    REG_SZ		0HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR	(Default):                    REG_SZ		C:\Program Files\Malwarebytes' Anti-Malware\MBAM Drivers:=============C:\WINXP\system32\drivers\mbam.sys	File Size: 22856     BYTES	FileVersion: 1.60.2.0Required Dependencies:======================fltmgr:==============Type 			: 2State 			: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE		: 0SERVICE_EXIT_CODE	: 0CHECKPOINT		: 0WAIT_HINT		: 0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr	Type                          REG_DWORD		2	Start                         REG_DWORD		0	ErrorControl                  REG_DWORD		1	Tag                           REG_DWORD		4	ImagePath                     REG_EXPAND_SZ	system32\DRIVERS\fltMgr.sys	DisplayName                   REG_SZ		FltMgr	Group                         REG_SZ		FSFilter Infrastructure	Description                   REG_SZ		File System Filter Manager Driver	AttachWhenLoaded              REG_DWORD		0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security	Security                      REG_BINARY	Binary DataHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum	0                             REG_SZ		Root\LEGACY_FLTMGR\0000	Count                         REG_DWORD		1	NextInstance                  REG_DWORD		1C:\WINXP\system32\drivers\fltmgr.sys	File Size: 129792    BYTES	FileVersion: 5.1.2600.5512C:\WINXP\system32\comctl32.ocx	File Size: 608448    BYTES	FileVersion: 6.0.81.5C:\WINXP\system32\mscomctl.ocx	File Size: 1070352   BYTES	FileVersion: 6.1.98.33C:\WINXP\system32\olepro32.dll	File Size: 84992     BYTES	FileVersion: 5.1.2600.5512List of MBAM Related Directories:=================================C:\Program Files\Malwarebytes' Anti-Malware7z.dll                        	File Size:    914432 BYTES	FileVersion: 9.20.0.0changes.txt                   	File Size:       200 BYTESlicense.rtf                   	File Size:     17916 BYTESmbam.chm                      	File Size:    474148 BYTESmbam.dll                      	File Size:    527944 BYTES	FileVersion: 1.70.0.0mbam.exe                      	File Size:    887432 BYTES	FileVersion: 1.75.0.1mbamcore.dll                  	File Size:   1127496 BYTES	FileVersion: 1.70.0.0mbamext.dll                   	File Size:     79208 BYTES	FileVersion: 1.70.0.0mbamgui.exe                   	File Size:    532040 BYTES	FileVersion: 1.70.0.0mbamnet.dll                   	File Size:   2191944 BYTES	FileVersion: 1.70.0.0mbampt.exe                    	File Size:     40008 BYTES	FileVersion: 1.70.0.0mbamscheduler.exe             	File Size:    418376 BYTES	FileVersion: 1.70.0.0mbamservice.exe               	File Size:    701512 BYTES	FileVersion: 1.70.0.0ssubtmr6.dll                  	File Size:     46416 BYTES	FileVersion: 1.1.0.3unins000.dat                  	File Size:     30243 BYTESunins000.exe                  	File Size:    712264 BYTES	FileVersion: 51.52.0.0unins000.msg                  	File Size:     11277 BYTESvbalsgrid6.ocx                	File Size:    496976 BYTES	FileVersion: 2.0.0.40C:\Program Files\Malwarebytes' Anti-Malware\Chameleonchameleon.chm                 	File Size:    186068 BYTESfirefox.com                   	File Size:    218184 BYTESfirefox.exe                   	File Size:    218184 BYTESfirefox.pif                   	File Size:    218184 BYTESfirefox.scr                   	File Size:    218184 BYTESiexplore.exe                  	File Size:    218184 BYTESmbam-chameleon.com            	File Size:    218184 BYTESmbam-chameleon.exe            	File Size:    218184 BYTESmbam-chameleon.pif            	File Size:    218184 BYTESmbam-chameleon.scr            	File Size:    218184 BYTESmbam-killer.exe               	File Size:    896072 BYTESrundll32.exe                  	File Size:    218184 BYTESsvchost.exe                   	File Size:    218184 BYTESwinlogon.exe                  	File Size:    218184 BYTESC:\Program Files\Malwarebytes' Anti-Malware\Languagesarabic.lng                    	File Size:     21894 BYTESbelarusian.lng                	File Size:     26884 BYTESbosnian.lng                   	File Size:     27108 BYTESbulgarian.lng                 	File Size:     27574 BYTEScatalan.lng                   	File Size:     28252 BYTESchineseSI.lng                 	File Size:     11024 BYTESchineseTR.lng                 	File Size:     11952 BYTEScroatian.lng                  	File Size:     26670 BYTESczech.lng                     	File Size:     24874 BYTESdanish.lng                    	File Size:     26582 BYTESdutch.lng                     	File Size:     28342 BYTESenglish.lng                   	File Size:     24542 BYTESestonian.lng                  	File Size:     25146 BYTESfinnish.lng                   	File Size:     25950 BYTESfrench.lng                    	File Size:     29830 BYTESgerman.lng                    	File Size:     29894 BYTESgreek.lng                     	File Size:     29300 BYTEShebrew.lng                    	File Size:     19362 BYTEShungarian.lng                 	File Size:     28666 BYTESindonesian.lng                	File Size:     26854 BYTESitalian.lng                   	File Size:     28194 BYTESjapanese.lng                  	File Size:     16266 BYTESkorean.lng                    	File Size:     14188 BYTESlatvian.lng                   	File Size:     27100 BYTESlithuanian.lng                	File Size:     27838 BYTESmacedonian.lng                	File Size:     28864 BYTESnorwegian.lng                 	File Size:     25116 BYTESpolish.lng                    	File Size:     26644 BYTESportugueseBR.lng              	File Size:     28654 BYTESportuguesePT.lng              	File Size:     29062 BYTESromanian.lng                  	File Size:     28290 BYTESrussian.lng                   	File Size:     27302 BYTESserbian.lng                   	File Size:     26804 BYTESslovak.lng                    	File Size:     25644 BYTESslovenian.lng                 	File Size:     24852 BYTESspanish.lng                   	File Size:     30060 BYTESswedish.lng                   	File Size:     25992 BYTESthai.lng                      	File Size:     26092 BYTESturkish.lng                   	File Size:     25876 BYTESvietnamese.lng                	File Size:     29528 BYTESC:\Documents and Settings\Sam\Application Data\Malwarebytes\Malwarebytes' Anti-MalwareC:\Documents and Settings\Sam\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logsmbam-log-2013-08-06 (14-13-54).txt	File Size:      9412 BYTESmbam-log-2013-08-06 (14-39-13).txt	File Size:         0 BYTESmbam-log-2013-09-11 (15-28-56).txt	File Size:      1930 BYTESmbam-log-2013-09-12 (10-27-13).txt	File Size:      2522 BYTESmbam-log-2013-09-13 (10-27-14).txt	File Size:      3542 BYTESmbam-log-2013-09-13 (11-21-08).txt	File Size:      4342 BYTESmbam-log-2013-09-13 (15-27-20).txt	File Size:      2528 BYTESmbam-log-2013-09-14 (10-19-55).txt	File Size:      1922 BYTESmbam-log-2013-09-14 (10-27-10).txt	File Size:      1922 BYTESmbam-log-2013-09-14 (10-31-41).txt	File Size:      1936 BYTESmbam-log-2013-09-15 (09-45-38).txt	File Size:      1918 BYTESmbam-log-2013-09-16 (12-45-34).txt	File Size:      1922 BYTESmbam-log-2013-09-16 (15-27-11).txt	File Size:      1918 BYTESmbam-log-2013-09-16 (16-00-10).txt	File Size:      1954 BYTESmbam-log-2013-09-17 (10-27-13).txt	File Size:      1922 BYTESmbam-log-2013-09-17 (11-03-25).txt	File Size:      1914 BYTESmbam-log-2013-09-17 (15-27-12).txt	File Size:      1920 BYTESmbam-log-2013-09-17 (16-00-08).txt	File Size:      1950 BYTESmbam-log-2013-09-17 (16-01-16).txt	File Size:      1914 BYTESC:\Documents and Settings\Sam\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine0167410272.data               	File Size:         0 BYTES0253564031.data               	File Size:       812 BYTES0253564031.quar               	File Size:   1667264 BYTES0305107396.data               	File Size:       808 BYTES0305107396.quar               	File Size:    626688 BYTES0313028198.data               	File Size:         0 BYTES0464414596.data               	File Size:       803 BYTES0596528669.data               	File Size:         0 BYTES0616453856.data               	File Size:       926 BYTES0616453856.quar               	File Size:    173056 BYTES1294374935.data               	File Size:       784 BYTES1294374935.quar               	File Size:     67584 BYTES1702717503.data               	File Size:         0 BYTES1833124693.data               	File Size:       771 BYTES1833124693.quar               	File Size:       876 BYTES1969670228.data               	File Size:      1035 BYTES1991807809.data               	File Size:         0 BYTES3064234239.data               	File Size:         0 BYTES3135580843.data               	File Size:       953 BYTES3511458282.data               	File Size:      1035 BYTES3591115351.data               	File Size:       952 BYTES3741971355.data               	File Size:       772 BYTES3741971355.quar               	File Size:    269508 BYTES3889236947.data               	File Size:         0 BYTES3998115301.data               	File Size:         0 BYTES4250852642.data               	File Size:       890 BYTES4687870685.data               	File Size:       777 BYTES4687870685.quar               	File Size:     39558 BYTES4730177926.data               	File Size:       771 BYTES4730177926.quar               	File Size:    626688 BYTES4730747556.data               	File Size:       942 BYTES4837932447.data               	File Size:       760 BYTES4837932447.quar               	File Size:  15493571 BYTES4929613355.data               	File Size:       935 BYTES5127197207.data               	File Size:         0 BYTES5165812908.data               	File Size:       808 BYTES5165812908.quar               	File Size:    405504 BYTES5190184783.data               	File Size:       767 BYTES5190184783.quar               	File Size:     21626 BYTES5250318504.data               	File Size:       776 BYTES5250318504.quar               	File Size:    139264 BYTES5291254714.data               	File Size:       771 BYTES5291254714.quar               	File Size:       876 BYTES5404758906.data               	File Size:       770 BYTES5404758906.quar               	File Size:    139264 BYTES5579292286.data               	File Size:         0 BYTES5923583940.data               	File Size:         0 BYTES6366601094.data               	File Size:       769 BYTES6366601094.quar               	File Size:    147456 BYTES6554731661.data               	File Size:         0 BYTES6602118935.data               	File Size:       823 BYTES6602118935.quar               	File Size:     56832 BYTES6764408202.data               	File Size:       827 BYTES6764408202.quar               	File Size:    147456 BYTES6803767765.data               	File Size:         0 BYTES6812923126.data               	File Size:       771 BYTES6812923126.quar               	File Size:      1126 BYTES7168567993.data               	File Size:       766 BYTES7168567993.quar               	File Size:      1836 BYTES7172932643.data               	File Size:      1035 BYTES7334031074.data               	File Size:       813 BYTES7334031074.quar               	File Size:    229768 BYTES7343458813.data               	File Size:       789 BYTES7343458813.quar               	File Size:    606208 BYTES7923628567.data               	File Size:       869 BYTES7923628567.quar               	File Size:    173056 BYTES7935136151.data               	File Size:       777 BYTES7935136151.quar               	File Size:    405504 BYTES8002682221.data               	File Size:       835 BYTES8277471281.data               	File Size:       790 BYTES8277471281.quar               	File Size:     81536 BYTES8305738060.data               	File Size:         0 BYTES8427559900.data               	File Size:       807 BYTES8427559900.quar               	File Size:    823296 BYTES8436054638.data               	File Size:       892 BYTES8514020700.data               	File Size:         0 BYTES8654614943.data               	File Size:       771 BYTES8654614943.quar               	File Size:      1976 BYTES8994930310.data               	File Size:         0 BYTES9170608392.data               	File Size:       812 BYTES9170608392.quar               	File Size:       412 BYTES9754973223.data               	File Size:         0 BYTES===============================================================END OF FILE
Link to post
Share on other sites

Thanks to AdvancedSetup for guidance with mbam-check log, i`d like to run a registry fix to see if this issue can be put right. It is always beneficial to make a backup of the registry before this is done.

 

As follows please:

 

  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.


erunt.png

Please follow these instructions carefully:

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers]"C:\WINXP\explorer.exe"=-"C:\Program Files\Zoom Search Engine 6.0\ZoomIndexer.exe"=-


Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

Next navigate to your desktop, and enter the file name fixme.reg, and click Save.

You should now find a new file on your desktop named fixme.reg. Double click on fixme.reg. You will get a warning,
agree to the merge, and then a message the file has been merged will immediately pop up.

Then reboot.

 

Kevin...
 

Link to post
Share on other sites

Done.

DEP is still there. 

I am assuming there is not some log you wanted be to post. 

 

Is there one or more registry entries

that control whether various types of error messages are shown on the monitor? 

If so and if DEP can be affected alone, 

can the DEP window be turned off 

without the danger that it might be needed in another situation?

Link to post
Share on other sites

Can you run Mbam-Check one more time and attach its log, to attach select the "more reply options" below reply box, the new window is self explanatory, browse/open/attach this file....

 

Also run FRST again, I give instruction again if needed:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • Only the first time the tool is run, it makes also another log (Addition.txt). none from second run...

 

post or attach also...

 

Kevin

Link to post
Share on other sites

Files are attached.

 

Although my system does not seem to have a persistent infection,

I attach a screen shot (MBAMQuarantine.bmp) of the MWB quarantine of all the items that 

have been involved in the current attacks that began the 12th of this month,

hoping that this might be of some use.

 

I also checked my Malwarebytes and 

found that under the Protection tab 

I had not previously checked -

I suppose but do not know because I left the default setting -

the boxes "Enable filesystem protection" and 

"Enable malicious website blocking". 

They are now checked

(image MBAMProtection.bmp attached). 

  

 

CheckResults.txt

FRST.txt

MBAMProtection.bmp

MBAMQuarantine.bmp

Link to post
Share on other sites

Thanks for update, the reg entries still show. OK we try a different method...

 

Make sure you are logged in as with admin status, select the windows key and R key together, in the run box type cmd and hit enter.

At the prompt I want you to run the following two commands and hit enter after each one. Highlight each command in turn, right click and select copy. Right click at the prompt, select paste, hit enter.


REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\Program Files\Zoom Search Engine 6.0\ZoomIndexer.exe" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /v "C:\WINXP\explorer.exe" /f

Type exit when done, hit enter then reboot the system, does DEP alert still happen?
 

Link to post
Share on other sites

DEP is still there.

 

I looked in the registry and the first entry is gone, but 

the second, referring to explorer.exe is still there and

it is the one entry other than the blank default for adding new entries.

 

I feel quite comfortable editing the registry with the Windows registry editor.

Shall I delete the explorer.exe entry?

Link to post
Share on other sites

I removed the entry from the registry using Windows registry editor.

When I did a cold reboot, the DEP and entry were back.

 

As per 


replacing the Value data string "EnableNXShowUI" with "DisableNXShowUI 

should disable the DEP, AKA NX.

 

That did remove the DEP, however, 

the other dialog box still remains and 

reoccurs when closed. 

 

I have been looking for a similar solution for the final dialog box. 

If I find one before I next here from you, 

I will pass it on. 
Link to post
Share on other sites

I found that dwwin.exe is reponsible for the final persistent dialog box and 
that it is associated with the following registry keys in the following three folders:
 
Folder
\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\dwwin.exe
 
Name Type Data
0 REG_BINARY 00 00 b8 0f 00 00 0a 00 00 00 bd 0b 00 00 0a 00
1 REG_BINARY 4d bf 7e 37 c2 ef ba 28 37 64 1a 4d 90 26 ac 4b
 
==========================================================================
 
Folder
\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\dwwin.exe
 
Name Type Data
0 REG_BINARY 00 00 b8 0f 00 00 0a 00 00 00 bd 0b 00 00 0a 00
1 REG_BINARY 4d bf 7e 37 c2 ef ba 28 37 64 1a 4d 90 26 ac 4b

==========================================================================
 
Folder
\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Control\Nls\MUILanguages\RCV2\dwwin.exe
 
Name Type Data
0 REG_BINARY 00 00 b8 0f 00 00 0a 00 00 00 bd 0b 00 00 0a 00
1 REG_BINARY 4d bf 7e 37 c2 ef ba 28 37 64 1a 4d 90 26 ac 4b
 
Is this information of any help?
Link to post
Share on other sites

I tried to disable the last dialog box spawned by dwwin.exe 

by using the control panel (image attached):

 

Control Panel > System > Advanced > Performance > Settings > Data Execution Prevention 

 

explorer.exe was already disabled - 

I presume from my registry edit - and 

I added dwwin.exe which appeared as 

Windows Application Error Reporting. 

 

When I rebooted, the dialog box that will not die reappeared. 

post-145614-0-17642800-1379619686_thumb.

Link to post
Share on other sites

This turning int an extreme PIA for sure, I want to run a diagnostic scan to look at your system and see what is onboard, specifically tools that have been used etc, I want remove all of these entries/tools etc and start over again.... If you agree run the following:

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

 

I f these logs exceed forum character limits attach them...

 

Kevin..

Link to post
Share on other sites

Disable Spybots teatimer and leave off for now.

 

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident

2. Run Spybot S&D

3. Go to the Mode menu, and make sure Advanced Mode is selected.

4. On the left hand side, choose Tools > Resident > uncheck Resident TeaTimer and OK any prompt and Restart your computer.

 

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

 

Re-Run otlDesktopIcon.png  by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

    :OTLSRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\dllhost.exe /Processid:{861AEBB7-1C9A-4391-BAFF-83D353DE5DD3} -- (SwPrv)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Sam\LOCALS~1\Temp\catchme.sys -- (catchme)[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34:FilesC:\WINDOWS\system32\dllhost.exeC:\WINXP\SWREG.exeC:\WINXP\SWSC.exeC:\WINXP\SWXCACLS.exeC:\WINXP\NIRCMD.exeC:\QooboxC:\WINXP\PEV.exeC:\WINXP\MBR.exeC:\WINXP\sed.exeC:\WINXP\grep.exeC:\WINXP\zip.exeC:\WINXP\System32\EXPLORER.EX_:Commands[emptytemp][Reboot]
  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.



Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites

Tea timer was already disabled. 

I suppose I had disabled it last week, 

when I was following a closed MBAM set of forum posts 

that detailed how to remove Medfos. 

 

Running OTL with the script you sent me froze the computer

forcing a shut down with the power button. 

 

I tried it twice, 

first leaving it for 30 minutes, 

the second time for 60 minutes. 

OTL started with a message in the lower message bar, 

something about deleting files or processes, 

then nothing more. 

Each time OTL ran

an empty folder was created under the C:\_OTL\MovedFiles folder: 

09202013_100403 and 09202013_103423.

 

Is there another way to move these file?

 

Hal

Link to post
Share on other sites

From the OTL script the only file I`m concerned about is this one C:\WINDOWS\system32\dllhost.exe You`ll note the root folder is "Windows" and not "WinXP" also have a read here: http://www.systemlookup.com/search.php?type=filename&search=dllhost.exe&s= under the services section... Maybe upload that file and the other two from previous logs to VT for analysis...

 

Upload a File to Virustotal

Go to http://www.virustotal.com/


Click the Choose file button
Navigate to the file C:\Windows\system32\dllhost.exe or just copy/paste it in.
Click the Scan it tab
If you get a message saying File has already been analyzed: click Reanalyze file now
Copy and paste the results back here please.
Repeat the above steps for the following files

 

C:\WinXP\system32\Dwwin.exe

C\WinXP\Explorer.exe

 

Let me know what results show...

Link to post
Share on other sites

There is no directory C:\WINDOWS and no C:\WINDOWS\system32\dllhost.exe

either using Windows Explorer or through a cmd box. 

And the folders are set to reveal all files and subfolders, 

regardless their attributes.

 

In the OTL.txt log I found the following:

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\dllhost.exe /Processid:{861AEBB7-1C9A-4391-BAFF-83D353DE5DD3} -- (SwPrv)

Does this not mean that OTL did not find the file?

 

The results of scanning C:\WINXP\system32\dllhost.exe are below:

 

SHA256: 8a8116429189d631fc00596278c92a363ec734f0cde76f52c7456fdc9c56e384 File name: dllhost.exe Detection ratio: 0 / 48 Analysis date: 2013-09-20 19:12:21 UTC ( 0 minutes ago )7
Antivirus Result Update Agnitum   20130920 AhnLab-V3   20130920 AntiVir   20130920 Antiy-AVL   20130920 Avast   20130920 AVG   20130920 Baidu-International   20130920 BitDefender   20130920 Bkav   20130920 ByteHero   20130919 CAT-QuickHeal   20130920 ClamAV   20130920 Commtouch   20130920 Comodo   20130920 DrWeb   20130920 Emsisoft   20130920 ESET-NOD32   20130920 F-Prot   20130920 F-Secure   20130920 Fortinet   20130920 GData   20130920 Ikarus   20130920 Jiangmin   20130903 K7AntiVirus   20130920 K7GW   20130920 Kaspersky   20130920 Kingsoft   20130829 Malwarebytes   20130920 McAfee   20130920 McAfee-GW-Edition   20130920 Microsoft   20130920 MicroWorld-eScan   20130920 NANO-Antivirus   20130920 Norman   20130920 nProtect   20130920 Panda   20130920 PCTools   20130920 Rising   20130918 Sophos   20130920 SUPERAntiSpyware   20130920 Symantec   20130920 TheHacker   20130920 TotalDefense   20130920 TrendMicro   20130920 TrendMicro-HouseCall   20130920 VBA32   20130920 VIPRE   20130920 ViRobot   20130920

 

The results of scanning C:\WINXP\system32\dwwin.exe are below:

SHA256: 92e5974dfd91acebf5d8bd5f14361c0afd7528ef6503d1d8a8c26e64c115a0cb File name: dwwin.exe Detection ratio: 0 / 47 Analysis date: 2013-09-20 19:25:45 UTC ( 0 minutes ago )

 
More details
Antivirus Result Update Agnitum   20130920 AhnLab-V3   20130920 AntiVir   20130920 Antiy-AVL   20130920 Avast   20130920 AVG   20130920 Baidu-International   20130920 BitDefender   20130920 Bkav   20130920 ByteHero   20130919 CAT-QuickHeal   20130920 ClamAV   20130920 Commtouch   20130920 Comodo   20130920 DrWeb   20130920 Emsisoft   20130920 ESET-NOD32   20130920 F-Prot   20130920 F-Secure   20130920 Fortinet   20130920 GData   20130920 Ikarus   20130920 Jiangmin   20130903 K7AntiVirus   20130920 K7GW   20130920 Kaspersky   20130920 Kingsoft   20130829 Malwarebytes   20130920 McAfee   20130920 McAfee-GW-Edition   20130920 Microsoft   20130920 MicroWorld-eScan   20130920 NANO-Antivirus   20130920 Norman   20130920 nProtect   20130920 Panda   20130920 PCTools   20130920 Rising   20130918 Sophos   20130920 SUPERAntiSpyware   20130920 Symantec   20130920 TheHacker   20130920 TotalDefense   20130920 TrendMicro   20130920 TrendMicro-HouseCall   20130920 VBA32   20130920 VIPRE   20130920 ViRobot   20130920

The results of scanning C:\WINXP\explorer.exe are below:

 

SHA256: 1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455 File name: explorer.exe Detection ratio: 0 / 48 Analysis date: 2013-09-20 19:30:03 UTC ( 0 minutes ago )

 

Antivirus Result Update Agnitum   20130920 AhnLab-V3   20130920 AntiVir   20130920 Antiy-AVL   20130920 Avast   20130920 AVG   20130920 Baidu-International   20130920 BitDefender   20130920 Bkav   20130920 ByteHero   20130920 CAT-QuickHeal   20130920 ClamAV   20130920 Commtouch   20130920 Comodo   20130920 DrWeb   20130920 Emsisoft   20130920 ESET-NOD32   20130920 F-Prot   20130920 F-Secure   20130920 Fortinet   20130920 GData   20130920 Ikarus   20130920 Jiangmin   20130903 K7AntiVirus   20130920 K7GW   20130920 Kaspersky   20130920 Kingsoft   20130829 Malwarebytes   20130920 McAfee   20130920 McAfee-GW-Edition   20130920 Microsoft   20130920 MicroWorld-eScan   20130920 NANO-Antivirus   20130920 Norman   20130920 nProtect   20130920 Panda   20130920 PCTools   20130920 Rising   20130918 Sophos   20130920 SUPERAntiSpyware   20130920 Symantec   20130920 TheHacker   20130920 TotalDefense   20130920 TrendMicro   20130920 TrendMicro-HouseCall   20130920 VBA32   20130920 VIPRE   20130920 ViRobot   20130920
Link to post
Share on other sites

OTL will often throw a "Not found" when it has problems interpreting an entry, Its sort of strange for an established scanner like OTL to list a file address if it aint on the system. I`m really unsure why it lists the root folder as Windows if it does not show anywhere on the system.

 

We have an issue we cannot seem to resolve, we cannot find or see anything malicious. We know for sure that an infection was previously dealt with and many tools were used in that process. Possibly the system has been damaged resulting in the constant DEP nag you see at boot....

 

The remaining options are limited, Reinstall the system and start again. A repair install where the OS is installed over the top. That way would revert back to whatever service pack level is on the Installation CD and relevant updates and service packs are needed,

 

Also if you have any System Restore Points that pre-date the infection and DEP issues it may be well worth try system restore... What are your thoughts...

 

Kevin

Link to post
Share on other sites

Many thanks for all your work and 

the education in tools and site of which I had no knowledge.

 

(1) 

I'd mentioned earlier that the DEP is gone, 

only the dialog box that it invoked remains and 

recurs whenever you try to close it, but 

it is easy to move out of the way and get on with life. 

 

Using Windows' registry editor 

to replace the Value data string "EnableNXShowUI" with "DisableNXShowUI" -

instead of removing the registry - worked.

 

(2) 

I think this dead horse does not need any more beating. 

If you think of anything in the however remote future, 

my email is cakloss@aol.com. 

If I can solve it on my own, 

I will try to contact you through the MBAM forum.

 

(3) 

RE: System Restore

 

When I try to do a System Restore at boot - 

I installed the command console as a boot option - 

I get the following message: 

 

"WinNT has found only 414 K of low memory. 

512 of low memory is required to run WinNT. 

You may have to upgrade your computer or 

run a configuration program provided by the manufacturer."

 

It had 3GB of RAM, 

2GB in one of the two memory slots and 

1GB in the other. 

I thought the mismatch a bit unusual. 

 

So, I got two 2GB of identical manufacture, 

installed them, rebooted, and 

got the same message as above 

when trying to boot to the System Restore Console. 

 

I remember that one piece of malware that occurred last week 

was labeled by MBAM as something to do with memory, but, 

as you wrote, there seems to be no persistent or recurrent infection. 

 

Maybe the error message about low memory also reflects 

some damage to the OS. 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.