Malwarebytes Freezes and is unable to complete scan

Welverin · December 8, 2013

Hello,

Recently my computer started to run extremely sluggish and when I ran a Malwarebytes scan the program locked up after detecting objects. This happened a couple times before I rebooted into Safe Mode and ran it again, where it had completed. It was a PUP that was shown in the log (which has now oddly disappeared) inside the registry. After I removed it and ran Malwarebytes in Normal Mode it continued to freeze up. Thanks in advance for your help.

Here is the MBAM Check Results and the DDS are attacked and I'll paste both up here as well.

MBAM:

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ 1.75.0.1300

Date Log Created: 12/08/13

Time Log Created: 08:50:10

User Account type: Administrator

32 bit Operating System

Product Name: REG_SZ Microsoft Windows XP

Current Build Number: 2600

Current Version Number: 5.1

Current CSDVersion: Service Pack 3

OS Product Info: Professional

Proxy Status: No proxy is Set

Proxy Override:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

ProxyOverride REG_SZ *.local

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ hh:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 4 (The service is running.) (State is stopped)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files\Internet Explorer\iexplore.exeREG_SZ EnableNXShowUI

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Service and Driver Status:

==========================

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

MBAMProtector Registry Values:

==============================

MBAMService Registry Values:

============================

MBAMScheduler Registry Values:

==============================

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

advancedheuristics REG_DWORD 1

downloadprogram REG_DWORD 1

hidereg REG_DWORD 0

detectp2p REG_DWORD 0

detectpum REG_DWORD 1

detectpup REG_DWORD 2

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

contextmenu REG_DWORD 1

reportthreats REG_DWORD 1

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

startipdisabled REG_DWORD 0

silentipmode REG_DWORD 0

autoquarantine REG_DWORD 1

notifyinstallprogram REG_DWORD 1

trialpromptshown REG_DWORD 0

autoquarantinenotify REG_DWORD 1

alwaysscanarchives REG_DWORD 1

InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

dbdate REG_SZ Sat, 07 Dec 2013 17:01:29 GMT

dbversion REG_SZ v2013.12.07.05

programversion REG_SZ 1.75.0.1300

programbuild REG_SZ consumer

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 0

terminateie REG_DWORD 0

Language REG_SZ English.lng

selectedrives REG_SZ C:\|

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)

Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Manager

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300

DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.75.0.1300

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20131207

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 75

Pending File Rename Operations:

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Scheduler Queue:

================

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

MBAM Drivers:

=============

C:\WINDOWS\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

Description REG_SZ File System Filter Manager Driver

DisplayName REG_SZ FltMgr

ErrorControl REG_DWORD 1

Group REG_SZ FSFilter Infrastructure

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

Start REG_DWORD 0

Type REG_DWORD 2

Tag REG_DWORD 1

AttachWhenLoaded REG_DWORD 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512

C:\WINDOWS\system32\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34

C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512

List of MBAM Related Directories:

=================================

C:\Program Files\Malwarebytes' Anti-Malware

7z.dll File Size: 914432 BYTES FileVersion: 9.20.0.0

changes.txt File Size: 200 BYTES

license.rtf File Size: 17916 BYTES

mbam.chm File Size: 474148 BYTES

mbam.dll File Size: 527944 BYTES FileVersion: 1.70.0.0

mbam.exe File Size: 887432 BYTES FileVersion: 1.75.0.1

mbamcore.dll File Size: 1127496 BYTES FileVersion: 1.70.0.0

mbamext.dll File Size: 80968 BYTES FileVersion: 1.70.0.0

mbamgui.exe File Size: 532040 BYTES FileVersion: 1.70.0.0

mbamnet.dll File Size: 2191944 BYTES FileVersion: 1.70.0.0

mbampt.exe File Size: 40008 BYTES FileVersion: 1.70.0.0

mbamscheduler.exe File Size: 418376 BYTES FileVersion: 1.70.0.0

mbamservice.exe File Size: 701512 BYTES FileVersion: 1.70.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 15702 BYTES

unins000.exe File Size: 712264 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 11277 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 218184 BYTES

firefox.exe File Size: 218184 BYTES

firefox.pif File Size: 218184 BYTES

firefox.scr File Size: 218184 BYTES

iexplore.exe File Size: 218184 BYTES

mbam-chameleon.com File Size: 218184 BYTES

mbam-chameleon.exe File Size: 218184 BYTES

mbam-chameleon.pif File Size: 218184 BYTES

mbam-chameleon.scr File Size: 218184 BYTES

mbam-killer.exe File Size: 896072 BYTES

rundll32.exe File Size: 218184 BYTES

svchost.exe File Size: 218184 BYTES

winlogon.exe File Size: 218184 BYTES

C:\Program Files\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 21894 BYTES

belarusian.lng File Size: 26884 BYTES

bosnian.lng File Size: 27108 BYTES

bulgarian.lng File Size: 27574 BYTES

catalan.lng File Size: 28252 BYTES

chineseSI.lng File Size: 11024 BYTES

chineseTR.lng File Size: 11952 BYTES

croatian.lng File Size: 26670 BYTES

czech.lng File Size: 24874 BYTES

danish.lng File Size: 26582 BYTES

dutch.lng File Size: 28342 BYTES

english.lng File Size: 24542 BYTES

estonian.lng File Size: 25146 BYTES

finnish.lng File Size: 25950 BYTES

french.lng File Size: 29830 BYTES

german.lng File Size: 29894 BYTES

greek.lng File Size: 29300 BYTES

hebrew.lng File Size: 19362 BYTES

hungarian.lng File Size: 28666 BYTES

indonesian.lng File Size: 26854 BYTES

italian.lng File Size: 28194 BYTES

japanese.lng File Size: 16266 BYTES

korean.lng File Size: 14188 BYTES

latvian.lng File Size: 27100 BYTES

lithuanian.lng File Size: 27838 BYTES

norwegian.lng File Size: 25116 BYTES

polish.lng File Size: 26644 BYTES

portugueseBR.lng File Size: 28654 BYTES

portuguesePT.lng File Size: 29062 BYTES

romanian.lng File Size: 28290 BYTES

russian.lng File Size: 27302 BYTES

serbian.lng File Size: 26804 BYTES

slovak.lng File Size: 25644 BYTES

slovenian.lng File Size: 24852 BYTES

spanish.lng File Size: 30060 BYTES

swedish.lng File Size: 25992 BYTES

thai.lng File Size: 26092 BYTES

turkish.lng File Size: 25876 BYTES

vietnamese.lng File Size: 29528 BYTES

C:\Documents and Settings\Manager\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

C:\Documents and Settings\Manager\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

C:\Documents and Settings\Manager\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================

END OF FILE

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Manager at 8:19:46 on 2013-12-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2021.1349 [GMT -7:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Cloud Antivirus Firewall *Disabled*

.

============== Running Processes ================

.

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\Explorer.EXE

C:\MSSQL7\binn\sqlservr.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Program Files\AhsayACB\aua\bin\Aua.exe

C:\Program Files\AhsayACB\aua\jvm\bin\auaJW.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

C:\Program Files\Express ClickYes\ClickYes.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\MSSQL7\Binn\sqlmangr.exe

C:\Documents and Settings\Manager\Local Settings\Application Data\Google\Update\1.3.22.3\GoogleCrashHandler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Norton Safety Minder: {B8E07826-0971-4f16-B133-047B88034E89} - c:\program files\norton online\addons\norton safety minder\engine\2.0.0.48\coieplg.dll

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [Express ClickYes] c:\program files\express clickyes\ClickYes.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\manager\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\mssql7\binn\sqlmangr.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: NameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{11796D32-9EDA-45F7-9809-04EA48201BD2} : DHCPNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{CD39CB8D-9429-4929-8394-DD8AD85994AA} : DHCPNameServer = 192.168.0.1 205.171.3.25

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-28 84200]

R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-28 126184]

R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-28 107752]

R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-28 124648]

R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-28 95464]

R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-28 106344]

R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-28 287336]

R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-28 161384]

R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-28 108904]

R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-28 230376]

R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-28 93928]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2013-10-11 179688]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-4-27 54752]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-20 375120]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-7-5 13624]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-7-2 47640]

R2 MSSQL$VSDOTNET;SQL Server (VSDOTNET);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-5-28 140768]

R2 OBAAutoUpdate;AutoUpdateAgent (Ahsay A-Click Backup);c:\program files\ahsayacb\aua\bin\Aua.exe [2011-1-24 73728]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-10-17 145128]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-10-11 103400]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-10-11 114920]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-10-11 128104]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2013-12-7 47632]

R3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2007-5-21 20864]

R3 SNXPSERX;Sunix PCI Serial Port Driver;c:\windows\system32\drivers\snxpserx.sys [2007-5-21 54528]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c90ee2db85f29a;Google Update Service (gupdate1c90ee2db85f29a);c:\program files\google\update\GoogleUpdate.exe [2008-9-4 133104]

S2 NOF;Norton Online;c:\program files\norton online\engine\2.0.0.71\ccsvchst.exe [2010-7-6 126904]

S2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-10-18 37344]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-7 40776]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2011-11-18 30576]

S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-9-18 93056]

S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-9-18 4992]

S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-9-18 179328]

S3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-10-11 97768]

S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2006-10-6 9456]

S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;c:\windows\system32\drivers\rsc4usb.sys --> c:\windows\system32\drivers\RSC4USB.sys [?]

S3 snxcard;SUNIX Industrial Multiport Serial Card Driver;c:\windows\system32\drivers\snxcard.sys [2007-1-5 14976]

S3 snxport;SUNIX Industrial Port Driver;c:\windows\system32\drivers\snxport.sys [2007-1-5 54912]

S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\nsm\0200000.030\symrdr.sys [2010-7-6 180912]

S3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;c:\windows\system32\drivers\TMUSBXP.SYS [2011-4-6 48384]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-18 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2013-5-28 52328]

S4 OBACDPService;Continuous Data Protection (Ahsay A-Click Backup);c:\program files\ahsayacb\bin\CDPService.exe [2011-1-24 267720]

S4 OBAScheduler;Online Backup Scheduler (Ahsay A-Click Backup);c:\program files\ahsayacb\bin\Scheduler.exe [2011-1-24 83360]

.

=============== Created Last 30 ================

.

2013-12-07 23:38:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-12-07 23:35:57 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys

2013-12-07 17:30:19 -------- d-----w- c:\documents and settings\manager\application data\Malwarebytes

2013-12-07 17:22:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-12-07 17:21:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-12-07 17:21:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-12-06 09:21:59 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{38e76e11-a36d-46be-91f9-ee6ca6fc7b4e}\offreg.dll

2013-12-06 09:09:24 7772552 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{38e76e11-a36d-46be-91f9-ee6ca6fc7b4e}\mpengine.dll

2013-12-03 16:51:52 435936 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\temp\pssdet.dll

2013-11-09 16:31:05 -------- d-----w- c:\program files\iPod

2013-11-09 16:30:48 -------- d-----w- c:\program files\iTunes

2013-11-09 16:30:48 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

.

==================== Find3M ====================

.

2013-11-11 12:50:18 230048 -c----w- c:\windows\system32\MpSigStub.exe

2013-11-04 08:23:13 183776 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\psenlc.dll

2013-10-24 16:47:40 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2013-10-24 16:47:40 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2013-10-24 16:47:39 85832 ----a-w- c:\windows\system32\LMIinit.dll

2013-10-24 16:47:39 31560 ----a-w- c:\windows\system32\LMIport.dll

2013-10-22 09:25:20 83936 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\psenutil.dll

2013-10-22 09:25:19 397280 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSANModAV.dll

2013-10-22 09:25:17 346080 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSANUpgSI.dll

2013-10-20 06:24:42 3188192 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNPnlConfig.dll

2013-10-19 05:21:41 919520 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSCCGUIUtils.dll

2013-10-18 18:53:31 135136 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\psenfilter.dll

2013-10-18 18:53:30 307168 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSANModCfg.dll

2013-10-17 19:31:31 167904 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSINEnAg.dll

2013-10-17 19:31:30 145640 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system32\drivers\vista\PSINAflt.sys

2013-10-17 19:31:29 169192 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system64\drivers\vista\PSINAflt.sys

2013-10-17 19:31:28 145640 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system32\drivers\w7\PSINAflt.sys

2013-10-17 19:31:26 169192 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system64\drivers\w7\PSINAflt.sys

2013-10-17 19:31:25 145640 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\drivers\psinaflt\x86_w8\PSINAflt.sys

2013-10-17 19:31:24 169192 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\drivers\psinaflt\x64_w8\PSINAflt.sys

2013-10-17 19:31:22 145640 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system32\drivers\xp\PSINAflt.sys

2013-10-17 15:31:58 355624 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSINanoRun.exe

2013-10-17 15:30:46 241960 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\Launcher.exe

2013-10-15 11:34:22 111072 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\psenlog.dll

2013-10-15 11:34:20 331744 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSANCU.exe

2013-10-14 16:28:20 1461728 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSAUI.dll

2013-10-14 16:28:19 370656 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSAEng.dll

2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-10-13 07:25:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec

2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll

2013-10-11 09:47:23 97896 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system32\drivers\xp\PSINReg.sys

2013-10-11 09:45:56 137960 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system64\drivers\vista\PSINProt.sys

2013-10-11 09:45:56 124648 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system64\drivers\vista\PSINProc.sys

2013-10-11 09:45:55 206056 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system64\drivers\vista\PSINKNC.sys

2013-10-11 09:45:55 122600 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system64\drivers\vista\PSINFile.sys

2013-10-11 09:45:49 175848 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system32\drivers\w7\PSINKNC.sys

2013-10-11 09:45:49 105704 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system32\drivers\w7\PSINFile.sys

2013-10-11 09:45:32 280032 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSINPrSg.dll

2013-10-11 09:45:31 138208 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSINEvAg.dll

2013-10-11 09:45:30 163296 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSINApAg.dll

2013-10-11 09:45:28 127720 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system32\drivers\vista\PSINProt.sys

2013-10-11 09:45:28 114920 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system32\drivers\vista\PSINProc.sys

2013-10-11 09:45:27 175848 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system32\drivers\vista\PSINKNC.sys

2013-10-11 09:45:27 105704 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\system32\drivers\vista\PSINFile.sys

2013-10-10 15:38:08 227624 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\dg\SMCLpav.exe

2013-10-10 15:38:07 364840 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\dg\SMCLPav.dll

2013-10-10 15:38:06 229160 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\dg\PGUse.exe

2013-10-10 15:38:05 479016 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\dg\PAVSMCL.dll

2013-10-10 15:38:05 150312 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\dg\PAV2WSC.dll

2013-10-10 15:38:04 135464 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\dg\DGNano.dll

2013-10-10 08:26:54 133600 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\pkndtr.dll

2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll

2013-10-09 02:49:18 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 02:49:18 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-08 15:55:44 105440 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSNCSysInfo.dll

2013-10-07 13:36:59 2207712 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNReports.dll

2013-10-07 13:36:58 983520 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNMsg.dll

2013-10-07 12:48:25 238560 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNUtils.dll

2013-10-07 12:48:24 2298848 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNSuspects.dll

2013-10-07 12:48:23 2551264 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNScan.dll

2013-10-07 12:48:05 2238432 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNResources.dll

2013-10-07 12:48:04 2595808 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNProcMon.dll

2013-10-07 12:48:04 115168 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNProcMonMng.dll

2013-10-07 12:48:02 512992 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNMain.exe

2013-10-07 12:48:01 2404320 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNFwConfig.dll

2013-10-07 12:48:00 98784 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNConfigStore.dll

2013-10-07 12:48:00 520672 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUASBoot.exe

2013-10-07 12:47:59 35808 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSANLang.dll

2013-10-07 11:06:12 101344 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUAResourcesEx.dll

2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll

2013-10-07 10:54:59 202208 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSANModProcMon.dll

2013-10-07 10:37:38 90592 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\x64\PSNCSysAction.exe

2013-10-07 10:37:34 24544 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\x86\PSNCSysAction.exe

2013-10-07 10:37:21 69600 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSNXml.dll

2013-10-07 10:37:21 56288 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSNTypeReflection.dll

2013-10-07 10:37:20 64992 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSNMuid.dll

2013-10-07 10:37:20 55776 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSNCUpdMgr.dll

2013-10-07 10:37:20 47584 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSNEvts.dll

2013-10-07 10:37:20 42976 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSNReg.dll

2013-10-07 10:35:57 365024 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSANUpgMgr.dll

2013-10-07 10:34:59 227808 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\NdkApi.Prl.dll

2013-10-07 10:34:59 197600 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\NdkApi.Quarantine.dll

2013-10-07 10:34:58 225248 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\NdkApi.Notification.dll

2013-10-07 10:34:58 184288 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\NdkApi.License.dll

2013-10-07 10:34:57 234976 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\NdkApi.dll

2013-10-07 10:34:56 305632 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\NdkApi.Configuration.dll

2013-10-07 10:34:56 210400 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\NdkApi.Communication.dll

2013-10-07 10:34:55 221664 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\NdkApi.Analysis.dll

2013-10-07 10:34:55 131552 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\NdkApi.Common.dll

2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-10-03 16:07:23 3845088 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUNConsole.dll

2013-10-03 16:07:21 2502112 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSUAConfig.dll

2013-10-03 15:15:59 64992 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSNFiles.dll

2013-10-03 11:43:22 145888 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSANMSrvc.dll

2013-10-03 11:43:03 164832 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSANModCtrlCfg.dll

2013-10-03 06:15:33 35296 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\PSNWSC.dll

2013-10-03 06:15:14 92128 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan63.tmp\program files\panda security\panda cloud antivirus\psensfl.dll

.

============= FINISH: 8:20:45.09 ===============

CheckResults.txt

attach.txt

Welverin · December 8, 2013

I was able to locate and remove the malware that was freezing up Malwarebytes. I just had to Safe Mode/Scan on all users and removed all the malware now none is detected now. Below is what was on causing it.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.12.07.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode)

Internet Explorer 8.0.6001.18702

Manager :: MICROSOF-A4OYQK [administrator]

12/8/2013 12:21:05 PM

MBAM-log-2013-12-08 (12-33-03).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 238483

Time elapsed: 10 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 4

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

AdvancedSetup · December 10, 2013

Hello and :welcome:

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
If the log is too large then you can use attachments by clicking on the More Reply Options button.
Please enable your system to show hidden files: How to see hidden files in Windows
Make sure you're subscribed to this topic:
- Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
You can check here if you're not sure if your computer is 32-bit or 64-bit
Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
When we are done, I'll give you instructions on how to cleanup all the tools and logs
Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
Your topic will be closed if you haven't replied within 3 days
(If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1
Link 2

On Windows XP double-click on the Rkill desktop icon to run the tool.
On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
- Note: the default location is C:\Windows\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

RogueKiller 32-bit | RogueKiller 64-bit
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

Welverin · December 11, 2013

Hi Ron Lewis and thanks for the help.

Here is the Report.

RogueKiller V8.7.11 [Dec 3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Manager [Admin rights]

Mode : Scan -- Date : 12/11/2013 09:43:13

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-603CA0 +++++

--- User ---

[MBR] caf5c88531a5ae0f0d7b1f4a42f2f097

[bSP] e768ca4258416f91171f003c959eac8f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476890 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Officejet Pro L7 USB Device +++++

Error reading User MBR! ([0x15] The device is not ready. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_12112013_094313.txt >>

AdvancedSetup · December 11, 2013

That looks okay.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Welverin · December 13, 2013

Hi Ron,

I followed the procedure given on Step 3 and Malwarebytes Anti-RootKit scanner was doing fine and it has hung up 3 times so far, and on different files.

Suggestions?

AdvancedSetup · December 14, 2013

Please skip it for now and continue with the other steps.

Thanks

Welverin · December 14, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Microsoft Windows XP x86

Ran by Manager on Sat 12/14/2013 at 8:55:48.87

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"

Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"

Successfully deleted: [Folder] "C:\Program Files\ask.com"

Successfully deleted: [Folder] "C:\Documents and Settings\Manager\local settings\application data\asktoolbar"

Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 12/14/2013 at 9:00:22.95

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Welverin · December 14, 2013

No Folder's or Files on Step 5 but there was a few registry and a Chrome entry I'm not sure if I should clean all these?