bleu

Members
  • Content count

    4
  • Joined

  • Last visited

About bleu

  • Rank
    New Member
  1. Thank you for your quick reply! I'm currently doing a Threat Scan with the fresh install. Will follow your instructions should it still take too long. But the option to right-click a file to scan with MBAM is gone completely now. Is that no longer available?
  2. Hello, I tried my first threat scan with MBAM 2, and it was only about 1/4 complete after 3+ hours. Also, I'm unable to right-click a file and "Scan with MBAM." It opens MBAM, but nothing happens. Diagnostic logs follow. Thank you! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2014 Ran by Owner (administrator) on OWNER-FFBAD0F5B on 23-04-2014 17:12:12 Running from C:\Documents and Settings\Owner\Desktop Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe (Motive Communications, Inc.) C:\Program Files\Verizon Online\SmartBridge\MotiveSB.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe HKLM\...\Run: [Motive SmartBridge] => C:\Program Files\Verizon Online\SmartBridge\MotiveSB.exe [327680 2002-05-18] (Motive Communications, Inc.) HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation) HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-07-09] (Nero AG) HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-06-10] (Nero AG) HKLM\...\Run: [ulead Video@Home Scheduling Wizard] => C:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe [57344 2003-08-26] (Ulead Systems, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-01-25] (Apple Inc.) HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [emMON] => C:\WINDOWS\emMON.exe [61440 2006-05-30] (eMPIA Technology, Inc.) HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0 HKU\S-1-5-21-1844237615-861567501-1606980848-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-1844237615-861567501-1606980848-1003\...\Run: [ROC_ROC_APR2013_AV] => C:\Documents and Settings\Owner\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 49a508916d155923864bd0f53d057964-7efff39138f9341ecf568a6789471d6c84ca0f9b --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 HKU\S-1-5-21-1844237615-861567501-1606980848-1003\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Documents and Settings\Owner\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 49a508916d155923864bd0f53d057964-7efff39138f9341ecf568a6789471d6c84ca0f9b --CMPID 0913a HKU\S-1-5-21-1844237615-861567501-1606980848-1003\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe [841096 2014-03-12] (Adobe Systems Incorporated) AppInit_DLLs: bevimahu.dll => bevimahu.dll File Not Found AppInit_DLLs: c:\windows\system32\jahujihi.dll => c:\windows\system32\jahujihi.dll File Not Found AppInit_DLLs: c:\windows\system32\basukavu.dll => c:\windows\system32\basukavu.dll File Not Found Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk ShortcutTarget: Verizon Online Support Center.lnk -> C:\Program Files\Verizon Online\bin\matcli.exe (Motive Communications, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) SSODL: pihuzomul - {aa9aaa69-2176-45d1-9655-0fa3e2d3e6b1} - c:\windows\system32\jahujihi.dll No File SSODL: saboleloy - {15a4d199-9581-469d-a4fa-22f3593c5c02} - c:\windows\system32\basukavu.dll No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search StartMenuInternet: IEXPLORE.EXE - iexplore.exe BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll No File BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll No File Toolbar: HKCU - Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 Tcpip\..\Interfaces\{028C6D06-4BEB-4C4A-A9D9-F587A1BF5BA0}: [NameServer]8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\97xu6jao.default FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\97xu6jao.default\user.js FF Homepage: about:blank FF NetworkProxy: "no_proxies_on", "127.0.0.1" FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Extension: DownloadHelper - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\97xu6jao.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: MEGA EXTENSION - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\97xu6jao.default\Extensions\firefox@mega.co.nz.xpi [2014-04-22] FF Extension: NicoFox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\97xu6jao.default\Extensions\nicofox@littlebtc.xpi [2014-04-22] FF Extension: JS Switch - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\97xu6jao.default\Extensions\{88c7b321-2eb8-11da-8cd6-0800200c9a66}.xpi [2013-11-08] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4\ FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4\ [] FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [] ========================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) ==================== Drivers (Whitelisted) ==================== U3 .avgtdix; \* [0 2012-06-14] () R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. ) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.) R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation) S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [292864 2006-09-12] (eMPIA Technology, Inc.) S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [7168 2006-08-21] (eMPIA Technology, Inc.) S3 USB_RNDIS_XP; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-23 17:12 - 2014-04-23 17:12 - 00014447 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt 2014-04-23 17:11 - 2014-04-23 17:12 - 00000000 ____D () C:\FRST 2014-04-23 17:07 - 2014-04-23 17:07 - 01048576 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe 2014-04-22 17:25 - 2014-04-22 17:25 - 00000565 _____ () C:\Documents and Settings\Owner\Application Data\mbam.context.scan 2014-04-22 16:44 - 2014-04-23 16:46 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\NicoFox 2014-04-17 20:32 - 2014-04-17 20:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-12 03:17 - 2014-04-23 16:39 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-12 03:17 - 2014-04-12 03:17 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-12 03:17 - 2014-04-12 03:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-12 03:16 - 2014-04-12 03:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-12 03:16 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-07 00:47 - 2014-04-08 16:42 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-04-07 00:47 - 2014-04-07 00:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-04-07 00:45 - 2014-04-07 00:45 - 00373800 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-04-06 22:12 - 2014-04-06 22:17 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-06 22:09 - 2014-04-06 22:11 - 00019921 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-04-06 22:09 - 2014-04-06 22:09 - 00011109 _____ () C:\WINDOWS\KB2934207.log 2014-04-06 22:09 - 2014-04-06 22:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-04-06 22:09 - 2014-04-06 22:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-04-06 22:09 - 2014-04-06 22:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-04-06 21:49 - 2014-04-06 21:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-04-06 21:39 - 2014-04-06 21:39 - 00010129 _____ () C:\WINDOWS\KB2909210-IE8.log 2014-04-06 21:26 - 2014-04-06 21:26 - 00010001 _____ () C:\WINDOWS\KB2914368.log 2014-04-06 21:26 - 2014-04-06 21:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$ 2014-04-06 21:25 - 2014-04-06 21:26 - 00009970 _____ () C:\WINDOWS\KB2904266.log 2014-04-06 21:25 - 2014-04-06 21:25 - 00008661 _____ () C:\WINDOWS\KB2900986.log 2014-04-06 21:25 - 2014-04-06 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$ 2014-04-06 21:25 - 2014-04-06 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$ 2014-04-06 21:25 - 2014-04-06 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$ 2014-04-06 21:25 - 2014-04-06 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$ 2014-04-06 21:25 - 2014-04-06 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$ 2014-04-06 21:24 - 2014-04-06 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$ 2014-04-06 21:24 - 2014-04-06 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$ 2014-04-06 21:24 - 2014-04-06 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$ 2014-04-06 21:24 - 2014-04-06 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$ 2014-04-06 21:23 - 2014-04-06 21:24 - 00007938 _____ () C:\WINDOWS\KB2868038.log 2014-04-06 21:23 - 2014-04-06 21:23 - 00007795 _____ () C:\WINDOWS\KB2862335.log 2014-04-06 21:23 - 2014-04-06 21:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$ 2014-04-06 21:23 - 2014-04-06 21:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$ 2014-04-06 21:22 - 2014-04-06 21:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$ 2014-04-06 20:58 - 2014-04-06 20:58 - 00005995 _____ () C:\WINDOWS\KB2834904-v2.log 2014-04-06 20:58 - 2014-04-06 20:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$ 2014-04-06 20:58 - 2014-04-06 20:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$ 2014-04-06 20:58 - 2014-04-06 20:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$ 2014-04-06 20:58 - 2014-04-06 20:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ 2014-04-06 20:40 - 2014-04-06 20:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$ 2014-04-06 20:39 - 2014-04-06 20:39 - 00004715 _____ () C:\WINDOWS\KB2834886.log 2014-04-06 20:39 - 2014-04-06 20:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$ 2014-04-06 20:34 - 2014-04-06 22:11 - 00050622 _____ () C:\WINDOWS\setupapi.log 2014-04-06 20:34 - 2014-04-06 20:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$ 2014-04-06 20:34 - 2014-04-06 20:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$ 2014-04-06 20:33 - 2014-04-06 20:34 - 00007101 _____ () C:\WINDOWS\KB2807986.log 2014-04-06 20:33 - 2014-04-06 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$ 2014-04-06 20:31 - 2014-04-06 22:09 - 00015495 _____ () C:\WINDOWS\KB2929961.log 2014-04-06 20:30 - 2014-04-06 22:09 - 00016501 _____ () C:\WINDOWS\KB2930275.log 2014-04-06 20:30 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-04-06 20:30 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-04-06 20:29 - 2014-04-06 21:49 - 00015129 _____ () C:\WINDOWS\KB2916036.log 2014-04-06 20:27 - 2014-04-06 21:25 - 00015060 _____ () C:\WINDOWS\KB2898715.log 2014-04-06 20:27 - 2014-04-06 21:25 - 00013459 _____ () C:\WINDOWS\KB2892075.log 2014-04-06 20:26 - 2014-04-06 21:25 - 00013667 _____ () C:\WINDOWS\KB2893294.log 2014-04-06 20:26 - 2014-04-06 21:24 - 00013454 _____ () C:\WINDOWS\KB2876331.log 2014-04-06 20:26 - 2014-04-06 21:24 - 00012850 _____ () C:\WINDOWS\KB2868626.log 2014-04-06 20:26 - 2014-04-06 21:24 - 00011868 _____ () C:\WINDOWS\KB2862152.log 2014-04-06 20:26 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys 2014-04-06 20:26 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys 2014-04-06 20:25 - 2014-04-06 21:22 - 00011371 _____ () C:\WINDOWS\KB2847311.log 2014-04-06 20:25 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys 2014-04-06 20:25 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2014-04-06 20:25 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys 2014-04-06 20:24 - 2014-04-06 20:59 - 00010853 _____ () C:\WINDOWS\KB2864063.log 2014-04-06 20:24 - 2014-04-06 20:58 - 00010327 _____ () C:\WINDOWS\KB2876217.log 2014-04-06 20:23 - 2014-04-06 20:58 - 00009865 _____ () C:\WINDOWS\KB2850869.log 2014-04-06 20:22 - 2014-04-06 20:40 - 00010702 _____ () C:\WINDOWS\KB2859537.log 2014-04-06 20:20 - 2014-04-06 20:34 - 00012365 _____ () C:\WINDOWS\KB2813345.log 2014-04-06 20:19 - 2014-04-06 20:34 - 00011261 _____ () C:\WINDOWS\KB2820917.log 2014-04-06 20:19 - 2013-02-11 20:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys ==================== One Month Modified Files and Folders ======= 2014-04-23 17:12 - 2014-04-23 17:12 - 00014447 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt 2014-04-23 17:12 - 2014-04-23 17:11 - 00000000 ____D () C:\FRST 2014-04-23 17:07 - 2014-04-23 17:07 - 01048576 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe 2014-04-23 16:55 - 2009-08-21 17:03 - 01406596 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-23 16:46 - 2014-04-22 16:44 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\NicoFox 2014-04-23 16:39 - 2014-04-12 03:17 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-23 16:25 - 2013-11-08 05:07 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-04-23 10:49 - 2011-09-13 23:47 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG 2014-04-23 06:24 - 2010-12-20 22:10 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini 2014-04-23 01:24 - 2009-08-24 14:31 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E06549C-9903-4F1E-B0CD-52D3A50D1F37}.job 2014-04-22 17:25 - 2014-04-22 17:25 - 00000565 _____ () C:\Documents and Settings\Owner\Application Data\mbam.context.scan 2014-04-22 02:25 - 2009-08-21 17:10 - 00032440 _____ () C:\WINDOWS\SchedLgU.Txt 2014-04-19 18:46 - 2012-05-30 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-19 08:01 - 2009-08-25 18:35 - 00202240 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-19 04:10 - 2009-08-21 17:10 - 00000000 ____D () C:\Documents and Settings\Owner 2014-04-19 03:40 - 2009-08-24 10:29 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Sony ACID Music Studio 6.0 Projects 2014-04-19 03:19 - 2011-01-21 21:29 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\FileZilla 2014-04-17 20:33 - 2014-04-17 20:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-12 03:17 - 2014-04-12 03:17 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-12 03:17 - 2014-04-12 03:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-04-12 03:17 - 2013-02-05 18:03 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Malwarebytes 2014-04-12 03:16 - 2014-04-12 03:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-12 03:16 - 2013-02-05 18:03 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-04-12 03:16 - 2013-02-05 18:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-04-09 02:48 - 2008-04-14 08:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl 2014-04-09 00:44 - 2009-08-21 12:21 - 00015800 _____ () C:\WINDOWS\wiadebug.log 2014-04-09 00:40 - 2009-08-24 11:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Desktop Extras 2014-04-08 16:42 - 2014-04-07 00:47 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-04-07 00:48 - 2009-08-21 12:21 - 00000048 _____ () C:\WINDOWS\wiaservc.log 2014-04-07 00:47 - 2014-04-07 00:47 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-04-07 00:47 - 2009-08-21 17:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-07 00:47 - 2009-08-21 12:16 - 00139648 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-04-07 00:45 - 2014-04-07 00:45 - 00373800 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-04-07 00:45 - 2009-08-21 17:10 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini 2014-04-06 22:36 - 2009-08-24 13:22 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-04-06 22:17 - 2014-04-06 22:12 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-06 22:11 - 2014-04-06 22:09 - 00019921 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-04-06 22:11 - 2014-04-06 20:34 - 00050622 _____ () C:\WINDOWS\setupapi.log 2014-04-06 22:11 - 2009-08-24 13:25 - 00089331 _____ () C:\WINDOWS\updspapi.log 2014-04-06 22:11 - 2009-08-21 12:19 - 01455820 _____ () C:\WINDOWS\FaxSetup.log 2014-04-06 22:11 - 2009-08-21 12:19 - 00718213 _____ () C:\WINDOWS\ocgen.log 2014-04-06 22:11 - 2009-08-21 12:19 - 00568016 _____ () C:\WINDOWS\tsoc.log 2014-04-06 22:11 - 2009-08-21 12:19 - 00493932 _____ () C:\WINDOWS\comsetup.log 2014-04-06 22:11 - 2009-08-21 12:19 - 00299454 _____ () C:\WINDOWS\ntdtcsetup.log 2014-04-06 22:11 - 2009-08-21 12:19 - 00228388 _____ () C:\WINDOWS\iis6.log 2014-04-06 22:11 - 2009-08-21 12:19 - 00081333 _____ () C:\WINDOWS\ocmsn.log 2014-04-06 22:11 - 2009-08-21 12:19 - 00073721 _____ () C:\WINDOWS\msgsocm.log 2014-04-06 22:11 - 2009-08-21 12:19 - 00001355 _____ () C:\WINDOWS\imsins.log 2014-04-06 22:10 - 2009-08-24 13:40 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-04-06 22:09 - 2014-04-06 22:09 - 00011109 _____ () C:\WINDOWS\KB2934207.log 2014-04-06 22:09 - 2014-04-06 22:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-04-06 22:09 - 2014-04-06 22:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-04-06 22:09 - 2014-04-06 22:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-04-06 22:09 - 2014-04-06 20:31 - 00015495 _____ () C:\WINDOWS\KB2929961.log 2014-04-06 22:09 - 2014-04-06 20:30 - 00016501 _____ () C:\WINDOWS\KB2930275.log 2014-04-06 22:09 - 2009-08-21 12:19 - 00001355 _____ () C:\WINDOWS\imsins.BAK 2014-04-06 22:08 - 2009-08-21 12:19 - 00610260 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-06 21:49 - 2014-04-06 21:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-04-06 21:49 - 2014-04-06 20:29 - 00015129 _____ () C:\WINDOWS\KB2916036.log 2014-04-06 21:39 - 2014-04-06 21:39 - 00010129 _____ () C:\WINDOWS\KB2909210-IE8.log 2014-04-06 21:26 - 2014-04-06 21:26 - 00010001 _____ () C:\WINDOWS\KB2914368.log 2014-04-06 21:26 - 2014-04-06 21:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$ 2014-04-06 21:26 - 2014-04-06 21:25 - 00009970 _____ () C:\WINDOWS\KB2904266.log 2014-04-06 21:26 - 2009-08-24 13:27 - 00236580 _____ () C:\WINDOWS\system32\TZLog.log 2014-04-06 21:25 - 2014-04-06 21:25 - 00008661 _____ () C:\WINDOWS\KB2900986.log 2014-04-06 21:25 - 2014-04-06 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$ 2014-04-06 21:25 - 2014-04-06 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$ 2014-04-06 21:25 - 2014-04-06 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$ 2014-04-06 21:25 - 2014-04-06 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$ 2014-04-06 21:25 - 2014-04-06 21:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$ 2014-04-06 21:25 - 2014-04-06 20:27 - 00015060 _____ () C:\WINDOWS\KB2898715.log 2014-04-06 21:25 - 2014-04-06 20:27 - 00013459 _____ () C:\WINDOWS\KB2892075.log 2014-04-06 21:25 - 2014-04-06 20:26 - 00013667 _____ () C:\WINDOWS\KB2893294.log 2014-04-06 21:24 - 2014-04-06 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$ 2014-04-06 21:24 - 2014-04-06 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$ 2014-04-06 21:24 - 2014-04-06 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$ 2014-04-06 21:24 - 2014-04-06 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$ 2014-04-06 21:24 - 2014-04-06 21:23 - 00007938 _____ () C:\WINDOWS\KB2868038.log 2014-04-06 21:24 - 2014-04-06 20:26 - 00013454 _____ () C:\WINDOWS\KB2876331.log 2014-04-06 21:24 - 2014-04-06 20:26 - 00012850 _____ () C:\WINDOWS\KB2868626.log 2014-04-06 21:24 - 2014-04-06 20:26 - 00011868 _____ () C:\WINDOWS\KB2862152.log 2014-04-06 21:23 - 2014-04-06 21:23 - 00007795 _____ () C:\WINDOWS\KB2862335.log 2014-04-06 21:23 - 2014-04-06 21:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$ 2014-04-06 21:23 - 2014-04-06 21:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$ 2014-04-06 21:22 - 2014-04-06 21:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$ 2014-04-06 21:22 - 2014-04-06 20:25 - 00011371 _____ () C:\WINDOWS\KB2847311.log 2014-04-06 20:59 - 2014-04-06 20:24 - 00010853 _____ () C:\WINDOWS\KB2864063.log 2014-04-06 20:58 - 2014-04-06 20:58 - 00005995 _____ () C:\WINDOWS\KB2834904-v2.log 2014-04-06 20:58 - 2014-04-06 20:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$ 2014-04-06 20:58 - 2014-04-06 20:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$ 2014-04-06 20:58 - 2014-04-06 20:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$ 2014-04-06 20:58 - 2014-04-06 20:58 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$ 2014-04-06 20:58 - 2014-04-06 20:24 - 00010327 _____ () C:\WINDOWS\KB2876217.log 2014-04-06 20:58 - 2014-04-06 20:23 - 00009865 _____ () C:\WINDOWS\KB2850869.log 2014-04-06 20:40 - 2014-04-06 20:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$ 2014-04-06 20:40 - 2014-04-06 20:22 - 00010702 _____ () C:\WINDOWS\KB2859537.log 2014-04-06 20:39 - 2014-04-06 20:39 - 00004715 _____ () C:\WINDOWS\KB2834886.log 2014-04-06 20:39 - 2014-04-06 20:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$ 2014-04-06 20:38 - 2009-08-24 13:45 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer 2014-04-06 20:34 - 2014-04-06 20:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$ 2014-04-06 20:34 - 2014-04-06 20:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$ 2014-04-06 20:34 - 2014-04-06 20:33 - 00007101 _____ () C:\WINDOWS\KB2807986.log 2014-04-06 20:34 - 2014-04-06 20:20 - 00012365 _____ () C:\WINDOWS\KB2813345.log 2014-04-06 20:34 - 2014-04-06 20:19 - 00011261 _____ () C:\WINDOWS\KB2820917.log 2014-04-06 20:33 - 2014-04-06 20:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$ 2014-04-06 20:33 - 2009-08-24 13:11 - 00000000 ____D () C:\WINDOWS\$hf_mig$ 2014-04-05 22:54 - 2011-06-07 00:59 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2014-04-03 09:51 - 2014-04-12 03:16 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-03 09:50 - 2013-02-05 18:03 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-27 00:26 - 2013-11-08 05:17 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-03-26 16:32 - 2012-11-02 19:53 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\My Digital Editions Some content of TEMP: ==================== C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-04-2014 Ran by Owner at 2014-04-23 17:14:00 Running from C:\Documents and Settings\Owner\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ==================== Installed Programs ====================== Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.) Adobe AIR (Version: 1.5.1.8210 - Adobe Systems Inc.) Hidden Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}) (Version: 3.3.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.) ArcSoft PhotoStudio 5.5 (HKLM\...\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}) (Version: - ArcSoft) AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies) AVG 2012 (Version: 12.0.3722 - AVG Technologies) Hidden AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.) ComicRack v0.9.134 (HKLM\...\ComicRack) (Version: v0.9.134 - cYo Soft) Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - ) Express Scribe (HKLM\...\Scribe) (Version: - NCH Software) FileZilla Client 3.3.5.1 (HKLM\...\FileZilla Client) (Version: 3.3.5.1 - ) GIF Movie Gear 4.1.1 (HKLM\...\GIF Movie Gear_is1) (Version: - gamani productions) GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) IntelĀ® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - ) IntelĀ® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - ) iTunes (HKLM\...\{AAD47011-8518-4608-9656-951DA35B587B}) (Version: 10.1.2.17 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.) JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation) K-Lite Codec Pack 5.0.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.0.5 - ) Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Word 2000 (HKLM\...\{00170409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero - Burning Rom (HKLM\...\{A4D7B764-4140-11D4-88EB-0050DA3579C0}) (Version: 5.5.9 - ahead software gmbh) Nero 8 Essentials (HKLM\...\{7FD7FB8C-2C75-4A8E-A236-EB23C5CD1033}) (Version: 8.3.582 - Nero AG) neroxml (Version: 1.0.0 - Nero AG) Hidden NJStar Communicator (HKLM\...\NJStar Communicator) (Version: 2.75 - NJStar Software Corp.) QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) RAD Video Tools (HKLM\...\RADVideo) (Version: - ) SolveigMM AVI Trimmer (HKLM\...\SolveigMM AVI Trimmer) (Version: 1.6.910.1 - Solveig Multimedia) Sony ACID Music Studio 6.0 (HKLM\...\{805B2966-0CFB-4DD2-9307-B397C1EA4D14}) (Version: 6.0.46 - Sony) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Ulead Video@Home 2.0 (HKLM\...\{B2CFC580-7EE9-4D47-B691-8C314E1FF442}) (Version: 2.0 - Ulead Systems) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB972636) (HKLM\...\KB972636-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) Verizon Online (HKLM\...\{25EF00BE-F17B-11D6-88EA-000476CD2443}) (Version: - ) Verizon Online Support Center (HKLM\...\{25EF00A1-F17B-11D6-88EA-000476CD2443}) (Version: - ) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Winamp (HKLM\...\Winamp) (Version: 5.56 - Nullsoft, Inc) Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) ==================== Restore Points ========================= 28-03-2014 04:52:38 System Checkpoint 29-03-2014 05:17:44 System Checkpoint 30-03-2014 07:49:04 System Checkpoint 31-03-2014 07:51:00 System Checkpoint 01-04-2014 08:04:15 System Checkpoint 02-04-2014 08:24:15 System Checkpoint 03-04-2014 09:33:47 System Checkpoint 04-04-2014 09:49:07 System Checkpoint 05-04-2014 10:01:58 System Checkpoint 06-04-2014 11:01:58 System Checkpoint 07-04-2014 00:33:22 Software Distribution Service 3.0 08-04-2014 00:51:50 System Checkpoint 09-04-2014 00:54:05 System Checkpoint 10-04-2014 00:54:58 System Checkpoint 11-04-2014 01:40:09 System Checkpoint 12-04-2014 02:12:48 System Checkpoint 13-04-2014 03:29:26 System Checkpoint 14-04-2014 05:16:11 System Checkpoint 15-04-2014 06:36:36 System Checkpoint 16-04-2014 06:39:02 System Checkpoint 17-04-2014 07:45:53 System Checkpoint 18-04-2014 07:58:10 System Checkpoint 19-04-2014 09:13:17 System Checkpoint 20-04-2014 09:50:02 System Checkpoint 21-04-2014 10:43:12 System Checkpoint 22-04-2014 10:53:39 System Checkpoint 23-04-2014 12:21:28 System Checkpoint ==================== Hosts content: ========================== 2011-02-26 18:18 - 2013-06-13 02:45 - 00448813 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E06549C-9903-4F1E-B0CD-52D3A50D1F37}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2010-11-21 10:54 - 2010-11-21 10:54 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2009-08-31 07:14 - 2009-08-16 17:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll 2008-04-14 08:00 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2009-11-03 16:51 - 2009-11-03 16:51 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-04-17 20:32 - 2014-04-17 20:33 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-03-12 14:25 - 2014-03-12 14:25 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:5C321E34 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\klmdb.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/23/2014 06:29:23 AM) (Source: Application Hang) (User: ) Description: Hanging application NeroVision.exe, version 5.3.3.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/23/2014 06:29:23 AM) (Source: Application Hang) (User: ) Description: Hanging application NeroVision.exe, version 5.3.3.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/23/2014 06:23:34 AM) (Source: Application Hang) (User: ) Description: Hanging application NeroVision.exe, version 5.3.3.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (04/22/2014 08:44:22 AM) (Source: 0) (User: ) Description: \Device\CdRom1 Error: (04/22/2014 08:44:17 AM) (Source: 0) (User: ) Description: \Device\CdRom1 Error: (04/22/2014 08:44:11 AM) (Source: 0) (User: ) Description: \Device\CdRom1 Error: (04/22/2014 08:44:07 AM) (Source: 0) (User: ) Description: \Device\CdRom1 Error: (04/22/2014 08:44:03 AM) (Source: 0) (User: ) Description: \Device\CdRom1 Error: (04/22/2014 08:43:58 AM) (Source: 0) (User: ) Description: \Device\CdRom1 Error: (04/22/2014 08:43:16 AM) (Source: 0) (User: ) Description: \Device\CdRom1 Error: (04/22/2014 08:43:10 AM) (Source: 0) (User: ) Description: \Device\CdRom1 Error: (04/22/2014 08:43:05 AM) (Source: 0) (User: ) Description: \Device\CdRom1 Error: (04/22/2014 08:42:36 AM) (Source: 0) (User: ) Description: \Device\CdRom1 Microsoft Office Sessions: ========================= Error: (04/23/2014 06:29:23 AM) (Source: Application Hang)(User: ) Description: NeroVision.exe5.3.3.2hungapp0.0.0.000000000 Error: (04/23/2014 06:29:23 AM) (Source: Application Hang)(User: ) Description: NeroVision.exe5.3.3.2hungapp0.0.0.000000000 Error: (04/23/2014 06:23:34 AM) (Source: Application Hang)(User: ) Description: NeroVision.exe5.3.3.2hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 1533.98 MB Available physical RAM: 788.35 MB Total Pagefile: 2155.65 MB Available Pagefile: 1313.13 MB Total Virtual: 2047.88 MB Available Virtual: 1923.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:37.24 GB) (Free:13.01 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: D0F4738C) Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS) ==================== End Of Log ============================ CheckResults.txt
  3. Hello, I'm having a similar issue. MBAM freezes when "scanning additional items" -- in safe mode as well. Like the OP, I can complete the scan using the administrator account. Updated MBAM finds no threats in safe mode. Ditto for updated AVG and updated Spybot. I followed the instructions on a different post to uninstall MBAM, run mbam-clean, reboot, turn off anti-virus, and reinstall MBAM adding exceptions to my anti-virus and firewall for MBAM. The same issue persists. Most recent malware threat was blocked by AVG, although it apparently disabled my firewall. I followed instructions by Windows (I have XP) to turn it back on. Thanks in advance for any insight you can offer!