Jump to content

Malware freezes during scan, so does virus protection


Recommended Posts

I have Malwarebytes and WebRoot Virus protection. When I run either program they each stall at the same place each time, after a few minutes of inactivity I get a black screen and I have to power off manually. Also, when these two programs freeze, so does the rest of my computer, I am not able to open and programs or close either of the running programs. Here are my OTL logs, I hope someone can help me. I also scanned with hijackthis, when I ckicked on analyze, it took me back to the hijackthis page, but I didn't see a log, http://hjt-data.trendmicro.com/hjt/analyze...report=14008811

Thanks.

OTL.txt

OTL logfile created on: 10/4/2010 11:35:33 AM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Misty\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 296.62 Gb Total Space | 175.25 Gb Free Space | 59.08% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MISTY-PC

Current User Name: Misty

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 11:33:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Misty\Downloads\OTL.exe

PRC - [2010/09/21 00:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\Misty\AppData\Local\Google\Chrome\Application\chrome.exe

PRC - [2010/09/15 13:18:42 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe

PRC - [2010/08/28 13:32:55 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Misty\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

PRC - [2010/08/05 08:46:00 | 001,016,792 | ---- | M] (PC Tool) -- C:\Program Files (x86)\Registry Mechanic\Alert.exe

PRC - [2010/07/02 13:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe

PRC - [2010/06/28 17:33:44 | 000,900,240 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

PRC - [2010/05/10 16:06:31 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe

PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

PRC - [2009/08/31 10:16:14 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe

PRC - [2009/08/26 10:07:08 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe

PRC - [2009/08/26 10:07:08 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe

PRC - [2008/09/19 15:06:42 | 000,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

PRC - [2008/07/10 20:35:30 | 000,188,416 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

PRC - [2008/07/10 19:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

PRC - [2007/12/13 21:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

PRC - [2007/09/28 18:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

PRC - [2007/05/25 12:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\aol\1248446505\ee\aolsoftware.exe

PRC - [2007/05/17 10:13:32 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 4300 Series\ezprint.exe

PRC - [2005/10/26 03:09:52 | 000,811,008 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

========== Modules (SafeList) ==========

MOD - [2010/10/04 11:33:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Misty\Downloads\OTL.exe

MOD - [2008/08/27 22:40:11 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll

MOD - [2008/05/27 00:18:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msshsq.dll

MOD - [2008/01/20 21:52:09 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll

MOD - [2008/01/20 21:51:11 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll

MOD - [2008/01/20 21:51:11 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll

MOD - [2008/01/20 21:51:09 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll

MOD - [2008/01/20 21:51:00 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll

MOD - [2008/01/20 21:50:12 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll

MOD - [2008/01/20 21:50:04 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SLC.dll

MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2008/01/20 21:48:21 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll

MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/28 17:24:40 | 005,416,080 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)

SRV:64bit: - [2008/04/30 22:20:42 | 001,371,136 | ---- | M] (Intel

Edited by Maurice Naggar
Logs place In-line
Link to post
Share on other sites

Just checking to see if anybody can help me.

Extras.txt

OTL Extras logfile created on: 10/4/2010 11:35:33 AM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Misty\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 296.62 Gb Total Space | 175.25 Gb Free Space | 59.08% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MISTY-PC

Current User Name: Misty

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4021887201-1993260024-3482237381-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Users\Misty\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{008AEF14-E287-421E-B7E6-2872F50BDEAB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{04C2DD10-6028-462F-A1BA-178A4E41AE10}" = rport=10243 | protocol=6 | dir=out | app=system |

"{094AEF75-2B4E-4AC1-BB6A-F6D062834DBE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{112DB3B4-EC1A-4D3B-B834-2BC48AB85895}" = rport=139 | protocol=6 | dir=out | app=system |

"{1E0727CF-22D0-4FEF-8430-97ADC4A26175}" = lport=10243 | protocol=6 | dir=in | app=system |

"{28927E2B-F724-4000-8854-D69A75A168A4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{28A426E0-3600-4A8C-BAEC-1BF4F878A493}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{32A9395A-1518-4EEF-8A8D-C07B513793F7}" = lport=445 | protocol=6 | dir=in | app=system |

"{35EC9454-8F7F-4A7D-90BE-664A33CF7FA7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{39CE9C41-10CD-4F49-9D80-65F42F0C05A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{475BDF67-A2D8-49A6-8B86-FF598C3C04BA}" = lport=139 | protocol=6 | dir=in | app=system |

"{4A67642A-3AD1-435C-8D1A-F9F0F5E1FD6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5290E4F4-1F04-4268-8C46-0499353638DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{55FE70EC-E479-40D1-98BE-4EECCA900C8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5B5EA211-FB03-4496-849F-DDE65795922F}" = rport=2869 | protocol=6 | dir=out | app=system |

"{60EE4553-C33E-44EB-A31C-22E400D12C71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{63427A05-A2CA-4451-B985-0087CB55FC3B}" = rport=137 | protocol=17 | dir=out | app=system |

"{639CC5CF-B79C-4BD0-90CA-A4A5D367ED7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{702BA702-E2C0-4478-BAE7-48C46216E0C6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7034D3F6-308A-42CC-B1AC-6DCFE30F3E82}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{7E5D9628-0573-45FE-A305-AFDEF8EE21D4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{8A1F4D44-D9B5-4768-AEBF-3DE41A3D606B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A1C249EE-A1D8-4466-9D78-1CC03B66C255}" = rport=138 | protocol=17 | dir=out | app=system |

"{A9FFA7D7-3DDB-4400-B49E-613CA85CA111}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B3F91800-0F7D-4BF5-988A-54822C8913F7}" = lport=137 | protocol=17 | dir=in | app=system |

"{B7340C5B-67A8-4F84-B60A-C3F5315561A0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{BA96C493-10A1-48C5-BC96-2BA26ADF1077}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D2F2B27D-6A3E-4236-A235-A43309F25FEE}" = rport=445 | protocol=6 | dir=out | app=system |

"{D60CB970-5B63-4B61-A90F-D8A8EB9AB17D}" = lport=138 | protocol=17 | dir=in | app=system |

"{E24C7B5D-46BB-4A7D-AC6E-BB4B3E5F4DC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E4ED2192-CA34-49ED-8F70-63AAE51E137B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{F47DAE2A-C8C8-452C-A041-D26812564008}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{F6648D5B-75A1-4D80-851F-477A2D2AA773}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{F8F79101-3F19-4044-B424-F365CC3AE5F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FBF3D5A8-11CF-4395-BEEA-D5150C76AA4D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{038278D1-FAE4-48F0-8F53-240D103A2795}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{05E10E61-FEFE-443D-A6AD-588B5A1D1DB8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{0B6DBDEF-DD8B-46B9-A9B8-5D5AC55709F4}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.1a\waol.exe |

"{104EE2BD-9C49-4D6C-BA86-210FD135084D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1488EE8A-8554-4C32-8936-127E3D504C87}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |

"{178A9007-6884-4526-A6EC-3BD42A89F936}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcecoms.exe |

"{19A5A95F-ADD4-46E1-AC30-DAA432D8662A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{19EA4DAB-85AC-4A4B-BFC8-CDC6FE48B98A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{1C181EF0-752B-4F2B-9BFA-85A283EEAC2A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1D766995-E2C2-488F-ACF0-18D72BAAF947}" = protocol=6 | dir=out | app=system |

"{1DD9B902-EF43-496E-B6F6-774C7BD3C8D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2045568F-7852-49FA-A96C-F8AC678A674D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{21B1FA48-13A3-4D54-9AAC-71BCC584592F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{22DAC6FB-2FE1-4871-BB21-5C62982DCA6E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{259C42CF-F669-4FCB-B6C3-42306ADEE3F0}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcecoms.exe |

"{2631141C-657F-4A7B-9F33-0172CE14F9C9}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{2710B371-6ED5-4094-B41A-F6A523CBB23B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |

"{27D41D79-6C87-4584-9622-3A5AEEB9CA25}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{2CCAFF2A-C892-4889-B442-5F3CE6B6C1BF}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |

"{2F5EDD87-4006-414B-A07A-8CFF0D7DDBDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{326188B5-E912-4C9D-8873-2E7F90211867}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{32CC2988-C42B-49C5-895E-C730C555484E}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{34F0E31D-7B5B-4F56-8C04-9A9DDC48D10E}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |

"{3A611617-E254-422B-92C4-1A7F3DB2FF58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{3ADF9C94-7C5B-4C1D-A8D0-6B610F58455F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3FADECEB-E7DA-4DDA-B095-D47EF5EB55A8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{47C9A71A-6499-4A36-89F2-F1D07160023A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{50059C06-B3E7-41D1-AC1D-9BDC16B60D76}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |

"{5AC36817-A1DA-4428-B745-216A6E70724E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5DA44507-1C3F-44B4-AF17-0F67C7454718}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1229991302\ee\aolsoftware.exe |

"{61E2C2B1-7789-4621-8D62-832467F0A801}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{6646F525-0C79-4005-9C69-4888302D4D50}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{68A39B8C-7D58-4CE2-BD2C-FB927D5F4952}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe |

"{68B95B4D-B985-4CFE-AB24-96047A17D2D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1248446505\ee\aolsoftware.exe |

"{6CC91BF8-7BEE-44E2-B1E3-7281409EFB5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6CF5F0D2-0CA4-44B8-AE17-692994BE4E33}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{6D76B232-CD62-423A-B818-C7C80ACDF3B6}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.1a\waol.exe |

"{7024E53B-754C-4A7B-B007-B7A53EF00DAF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{70797AC9-F93C-424E-A1C8-D968D87A961F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7516383A-A15B-47E3-923E-A44169702573}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{819CDB51-27B6-4276-923D-BE23AFE5590A}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{8409A2E7-0C72-4CD0-937C-9F038BF6D4D0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |

"{8492DEA1-2DCC-403F-811E-A293E04F6759}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{88CEC30B-8408-4889-9CF8-91B2D17CA010}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{8E418AC5-FF7F-406C-A3AD-142CFE65A15C}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe |

"{9FDC1B08-79F3-4EFA-BBD4-30A3362E6C59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A96C7D09-53C5-4B2B-9E85-4B61972714B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{AD65759C-1904-434B-BF2E-E0A90E589637}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |

"{AE0CC5BD-9C64-4410-9163-38BC45F232C3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcepswx.exe |

"{AE25DD32-539A-48BD-B6F2-90084E486BB2}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |

"{B615D5BE-B807-47B6-AE6A-4D607B8A5C6B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{BD7DA484-2A9C-4DAF-AA16-EE517228B0E9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1248446505\ee\aolsoftware.exe |

"{C26D94F8-626E-49D8-97E3-2A0316719C1C}" = protocol=6 | dir=in | app=c:\windows\system32\lxcecoms.exe |

"{C59BBE03-98D5-4998-94C6-544B9926D0D9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |

"{C67B9CE9-33FB-491B-A785-9E605EA835D0}" = protocol=17 | dir=in | app=c:\windows\system32\lxcecoms.exe |

"{C9BCA51E-9A0A-45F0-ACAD-982A6DC5C958}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |

"{CFC18DBC-7FBF-4D8D-86CD-D385008D9C89}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1229991302\ee\aolsoftware.exe |

"{D5074BF7-636C-4414-82A2-101A3F8FD5F2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |

"{E0C57397-20A5-4607-9C8B-23507B31A3A3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E1115D88-5AC2-469C-9853-F0DE922C4B02}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcepswx.exe |

"{E37C05F9-4EE5-4708-8C97-F328B1A3764F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{1DCEF5A8-E506-4B80-A3ED-2036EF173C69}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"TCP Query User{E094100D-AF43-4ACE-822B-A3ECDA7EC0D0}D:\setup.exe" = protocol=6 | dir=in | app=d:\setup.exe |

"TCP Query User{F9EEB2BE-E6BC-48A7-ADC4-4478CA7C7B04}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"UDP Query User{0B40CA12-0AB1-4415-B85C-96D598ABED03}D:\setup.exe" = protocol=17 | dir=in | app=d:\setup.exe |

"UDP Query User{BF1B7017-BB11-47E6-BCB6-A90E542C8CEB}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"UDP Query User{E2A4B090-8A38-4178-A311-EC512C021CD3}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series

"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst

"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software

"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support

"{40FFA8A2-451E-9E20-2ADC-2ED924F94D5E}" = ATI Catalyst Install Manager

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client

"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer

"{885F0FAE-D28B-9EC2-6B28-10B63B4CC1E2}" = ccc-utility64

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Edited by Maurice Naggar
Extras.txt placed In-line
Link to post
Share on other sites

Hello kcfan007,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Disable your Webroot before starting MBAM.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Next, start MBAM, do an Update, and then a Quick scan.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Next, Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

NOTE: IF any program stalls, I will need full details, such as program, folder name, filename "where the stall is suspected" and How long you waited before concluding it was "stalled". I would wait at least 5-10 minutes before calling it a stall.

Reply with copy of the MBAM scan log

and Checkup.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.