tkn

Malwarebytes freezes during quick/full scan

35 posts in this topic

Hello,

I'm trying to remove malware from my laptop which recently was infected with Win 7 Antivirus 2012. I've scanned with avast and superantispyware which found threats and were dealt with but when I try to scan with malwarebytes it freezes after approximately 25mins. in both normal and safe mode. As well, my laptop once in a while restarts with no warning. I can't help to think that I am infected with something. I ask for help please!

Many thanks!

Here is the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Mai at 10:56:02 on 2012-01-13

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3835.2448 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atibtmon.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Motorola\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Motorola\Bluetooth\audiosrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

TCP: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120

TCP: Interfaces\{3410DC0B-AD31-4A80-B704-C0564F333C04} : DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

IE-X64: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mai\AppData\Roaming\Mozilla\Firefox\Profiles\n6fzfm0z.default\

FF - prefs.js: browser.startup.homepage - www.google.ca

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-14 44768]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2011-4-16 679176]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-13 2424424]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2011-4-16 4150864]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2011-4-16 1188616]

R3 BTMUSB;Motorola Bluetooth Radio Service;C:\Windows\system32\Drivers\btmusb.sys --> C:\Windows\system32\Drivers\btmusb.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-4-16 1028096]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BTMCOM;Bluetooth Serial Port;C:\Windows\system32\Drivers\btmcom.sys --> C:\Windows\system32\Drivers\btmcom.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-01-12 04:35:56 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-12 04:35:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-12 00:43:09 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-12 00:43:08 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-12 00:43:08 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-12 00:43:07 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-12 00:43:02 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-12 00:43:01 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-12 00:43:00 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-12 00:43:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-11 02:59:30 -------- d-----w- C:\Users\Mai\AppData\Roaming\SUPERAntiSpyware.com

2012-01-11 02:59:12 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-01-11 02:59:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-01-09 06:03:02 -------- d-----w- C:\Users\Mai\AppData\Roaming\Malwarebytes

2012-01-09 06:02:51 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-06 17:35:28 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E256C3D-D758-4027-A8C9-5D0996DBC53F}\mpengine.dll

2011-12-27 02:20:10 -------- d-----w- C:\Users\Mai\AppData\Local\CyberLink

2011-12-21 00:57:08 -------- d-----w- C:\Users\Mai\AppData\Roaming\WildTangent

.

==================== Find3M ====================

.

2011-12-13 18:02:25 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll

2011-12-13 18:02:25 226600 ----a-w- C:\Windows\System32\SynTPAPI.dll

2011-12-13 18:02:25 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll

2011-12-13 18:02:25 1448496 ----a-w- C:\Windows\System32\drivers\SynTP.sys

2011-12-13 18:02:25 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll

2011-12-13 18:02:20 412456 ----a-w- C:\Windows\System32\SynCOM.dll

2011-12-13 18:02:20 276264 ----a-w- C:\Windows\System32\SynCtrl.dll

2011-12-13 18:02:20 222504 ----a-w- C:\Windows\SysWow64\SynCtrl.dll

2011-12-13 18:02:20 177448 ----a-w- C:\Windows\SysWow64\SynCOM.dll

2011-12-13 18:00:17 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll

2011-12-13 18:00:16 339048 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys

2011-12-13 17:58:01 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2011-12-13 17:58:01 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2011-12-13 17:58:01 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr

2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll

.

============= FINISH: 10:57:29.72 ===============

Attach.txt

Share this post


Link to post
Share on other sites

Hi,

I still cannot run Malwarebytes without it freezing up so I would appreciate some help please!

Thanks!

Share this post


Link to post
Share on other sites

:welcome:

Please do the following to see if it resolves the issue: Post back and let us know please

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Share this post


Link to post
Share on other sites

Hi,

Thank you for helping! Unfortunately, after I followed your directions malwarebytes still froze when i attemptted to do a quick scan and this time it stopped at 2min. Any ideas?

Share this post


Link to post
Share on other sites

Please do the following to see if it resolves the issue: Post back and let us know please

Go to C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Double Click Chameleon to open the file.

Try clicking Test until one of them works.

MBAM will open and run a quick scan.

Share this post


Link to post
Share on other sites

The first tested was mbam-chameleon.exe and MBAM quickscan started running but again it stopped at 2min and the 'currently scanning' remained at C:\\WINDOWS\SYSTEM32\tapi3.dll

Thanks!

Share this post


Link to post
Share on other sites

Hello,

Sorry for the late reply, its been a busy weekend. I've tried each of the tests and none of them work. Malwarebytes still freezes during the quickscans.

Thanks

Share this post


Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Hello,

At the moment my system runs like fine with the exception of some random reboots. I had the Win7 Antivirus 2012 infection before and when I tried to remove it by scanning with Malwarebytes that's when the program started to freeze during scans even during safe mode. When MBAM freezes, I have to manually shut off the system since it makes everything unresponsive. Because MBAM was not working, I scanned with Avast and it removed some infections but I wanted to be sure with an MBAM scan which is not working.

So I ran combofix as directed and disabled my antivirus beforehand but combofix still suggested that it was enabled after I double checked twice. I ran it anyway but if this is a problem I can redo it again.

Thanks a lot!

Here's the combofix log:

ComboFix 12-01-27.01 - Mai 27/01/2012 10:31:45.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3835.2255 [GMT -7:00]

Running from: c:\users\Mai\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-27 to 2012-01-27 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-13 18:04 . 2011-12-13 18:05 535040 ----a-w- c:\windows\system32\drivers\stwrt64.sys

2011-12-13 18:04 . 2011-12-13 18:05 446464 ----a-w- c:\windows\system32\stcplx64.dll

2011-12-13 18:04 . 2011-04-16 20:48 4113408 ----a-w- c:\windows\system32\stlang64.dll

2011-12-13 18:04 . 2011-04-16 20:48 1424896 ----a-w- c:\windows\sttray64.exe

2011-12-13 18:04 . 2011-12-13 18:05 655872 ------w- c:\windows\system32\stapi64.dll

2011-12-13 18:04 . 2011-12-13 18:05 1966080 ----a-w- c:\windows\system32\stapo64.dll

2011-12-13 18:04 . 2011-04-16 20:48 251392 ----a-w- c:\windows\system32\staco64.dll

2011-12-13 18:04 . 2011-04-16 20:48 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe

2011-12-13 18:04 . 2011-04-16 20:48 5077504 ----a-w- c:\windows\system32\IDTNHP.dll

2011-12-13 18:04 . 2011-04-16 20:48 233472 ----a-w- c:\windows\system32\IDTNJ.exe

2011-12-13 18:04 . 2011-04-16 20:48 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl

2011-12-13 18:04 . 2011-04-16 20:48 1041920 ----a-w- c:\windows\system32\IDTNX.dll

2011-12-13 18:04 . 2011-04-16 20:48 564224 ----a-w- c:\windows\system32\idt64mp1.exe

2011-12-13 18:02 . 2011-12-13 18:02 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll

2011-12-13 18:02 . 2011-12-13 18:02 226600 ----a-w- c:\windows\system32\SynTPAPI.dll

2011-12-13 18:02 . 2011-12-13 18:02 148264 ----a-w- c:\windows\system32\SynTPCo9.dll

2011-12-13 18:02 . 2011-12-13 18:02 1448496 ----a-w- c:\windows\system32\drivers\SynTP.sys

2011-12-13 18:02 . 2011-12-13 18:02 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll

2011-12-13 18:02 . 2011-12-13 18:02 276264 ----a-w- c:\windows\system32\SynCtrl.dll

2011-12-13 18:02 . 2011-12-13 18:02 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll

2011-12-13 18:02 . 2011-12-13 18:02 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll

2011-12-13 18:02 . 2010-12-17 02:26 412456 ----a-w- c:\windows\system32\SynCOM.dll

2011-12-13 18:00 . 2011-12-13 18:01 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll

2011-12-13 18:00 . 2011-12-13 18:01 339048 ----a-w- c:\windows\system32\drivers\RtsPStor.sys

2011-12-13 17:58 . 2011-12-13 17:58 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2011-12-13 17:58 . 2011-12-13 17:58 539240 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2011-12-13 17:58 . 2011-04-16 20:46 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2011-11-28 18:01 . 2011-08-02 04:57 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-08-02 04:57 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-11-28 18:01 . 2011-08-02 04:57 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2011-08-02 04:57 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-08-02 04:57 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-08-02 04:57 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-08-02 04:57 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-08-02 04:57 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-08-02 04:57 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-24 05:00 . 2011-12-14 00:13 3141632 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 05:26 . 2011-12-14 00:13 1197568 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:23 . 2011-12-14 00:13 57856 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-05 05:17 . 2011-12-14 00:13 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-14 00:13 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:34 . 2011-12-14 00:13 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-11-05 04:30 . 2011-12-14 00:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 04:07 . 2011-12-14 00:13 482816 ----a-w- c:\windows\system32\html.iec

2011-11-05 03:28 . 2011-12-14 00:13 386048 ----a-w- c:\windows\SysWow64\html.iec

2011-11-05 03:25 . 2011-12-14 00:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:55 . 2011-12-14 00:13 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-05 336384]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-12-01 679176]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-13 2424424]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-12-01 4150864]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-12-01 1188616]

S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-16 1028096]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-02 c:\windows\Tasks\HPCeeScheduleForMAI-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2012-01-24 c:\windows\Tasks\HPCeeScheduleForMai.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-12-01 21705296]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-13 1424896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm

TCP: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120

FF - ProfilePath - c:\users\Mai\AppData\Roaming\Mozilla\Firefox\Profiles\n6fzfm0z.default\

FF - prefs.js: browser.startup.homepage - www.google.ca

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atibtmon.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\atibtmon.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files\Motorola\Bluetooth\btplayerctrl.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2012-01-27 11:28:53 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-27 18:28

.

Pre-Run: 577,507,561,472 bytes free

Post-Run: 578,323,791,872 bytes free

.

- - End Of File - - B172625A1DC4B02255784F1BDB55314F

Share this post


Link to post
Share on other sites

Yes it is. I just tried a quickscan and it froze after 1min 34secs.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Topic reopened

Please run a new combofix scan

Share this post


Link to post
Share on other sites

Hi,

Thanks for revisiting the topic. Below is the new combofix log but just a note, like last time it still claims that Avast was enabled even though I've made sure everything was disabled.

ComboFix 12-02-01.01 - Mai 01/02/2012 18:08:52.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3835.2496 [GMT -7:00]

Running from: c:\users\Mai\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))

.

.

2012-02-02 01:16 . 2012-02-02 01:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-24 02:08 . 2012-01-24 02:08 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

2012-01-20 17:56 . 2012-01-21 19:02 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-01-19 00:41 . 2012-01-19 00:41 -------- d-----w- c:\users\Mai\AppData\Roaming\Malwarebytes

2012-01-19 00:41 . 2012-01-19 00:41 -------- d-----w- c:\programdata\Malwarebytes

2012-01-19 00:41 . 2012-01-19 00:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-19 00:41 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-12 00:43 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-12 00:43 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-12 00:43 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-12 00:43 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-12 00:43 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll

2012-01-12 00:43 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-12 00:43 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-12 00:43 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-11 02:59 . 2012-01-11 02:59 -------- d-----w- c:\users\Mai\AppData\Roaming\SUPERAntiSpyware.com

2012-01-11 02:59 . 2012-01-11 02:59 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-01-11 02:59 . 2012-01-11 02:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-01-06 17:35 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E256C3D-D758-4027-A8C9-5D0996DBC53F}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-13 18:04 . 2011-12-13 18:05 535040 ----a-w- c:\windows\system32\drivers\stwrt64.sys

2011-12-13 18:04 . 2011-12-13 18:05 446464 ----a-w- c:\windows\system32\stcplx64.dll

2011-12-13 18:04 . 2011-04-16 20:48 4113408 ----a-w- c:\windows\system32\stlang64.dll

2011-12-13 18:04 . 2011-04-16 20:48 1424896 ----a-w- c:\windows\sttray64.exe

2011-12-13 18:04 . 2011-12-13 18:05 655872 ------w- c:\windows\system32\stapi64.dll

2011-12-13 18:04 . 2011-12-13 18:05 1966080 ----a-w- c:\windows\system32\stapo64.dll

2011-12-13 18:04 . 2011-04-16 20:48 251392 ----a-w- c:\windows\system32\staco64.dll

2011-12-13 18:04 . 2011-04-16 20:48 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe

2011-12-13 18:04 . 2011-04-16 20:48 5077504 ----a-w- c:\windows\system32\IDTNHP.dll

2011-12-13 18:04 . 2011-04-16 20:48 233472 ----a-w- c:\windows\system32\IDTNJ.exe

2011-12-13 18:04 . 2011-04-16 20:48 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl

2011-12-13 18:04 . 2011-04-16 20:48 1041920 ----a-w- c:\windows\system32\IDTNX.dll

2011-12-13 18:04 . 2011-04-16 20:48 564224 ----a-w- c:\windows\system32\idt64mp1.exe

2011-12-13 18:02 . 2011-12-13 18:02 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll

2011-12-13 18:02 . 2011-12-13 18:02 226600 ----a-w- c:\windows\system32\SynTPAPI.dll

2011-12-13 18:02 . 2011-12-13 18:02 148264 ----a-w- c:\windows\system32\SynTPCo9.dll

2011-12-13 18:02 . 2011-12-13 18:02 1448496 ----a-w- c:\windows\system32\drivers\SynTP.sys

2011-12-13 18:02 . 2011-12-13 18:02 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll

2011-12-13 18:02 . 2011-12-13 18:02 276264 ----a-w- c:\windows\system32\SynCtrl.dll

2011-12-13 18:02 . 2011-12-13 18:02 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll

2011-12-13 18:02 . 2011-12-13 18:02 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll

2011-12-13 18:02 . 2010-12-17 02:26 412456 ----a-w- c:\windows\system32\SynCOM.dll

2011-12-13 18:00 . 2011-12-13 18:01 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll

2011-12-13 18:00 . 2011-12-13 18:01 339048 ----a-w- c:\windows\system32\drivers\RtsPStor.sys

2011-12-13 17:58 . 2011-12-13 17:58 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2011-12-13 17:58 . 2011-12-13 17:58 539240 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2011-12-13 17:58 . 2011-04-16 20:46 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2011-11-28 18:01 . 2011-08-02 04:57 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-08-02 04:57 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-11-28 18:01 . 2011-08-02 04:57 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2011-08-02 04:57 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-08-02 04:57 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-08-02 04:57 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-08-02 04:57 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-08-02 04:57 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-08-02 04:57 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-24 05:00 . 2011-12-14 00:13 3141632 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 05:26 . 2011-12-14 00:13 1197568 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:23 . 2011-12-14 00:13 57856 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-05 05:17 . 2011-12-14 00:13 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-14 00:13 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:34 . 2011-12-14 00:13 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-11-05 04:30 . 2011-12-14 00:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 04:07 . 2011-12-14 00:13 482816 ----a-w- c:\windows\system32\html.iec

2011-11-05 03:28 . 2011-12-14 00:13 386048 ----a-w- c:\windows\SysWow64\html.iec

2011-11-05 03:25 . 2011-12-14 00:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:55 . 2011-12-14 00:13 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-27_18.22.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-02-02 00:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-27 18:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-27 18:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-02 00:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-02 00:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-27 18:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-01-15 00:27 . 2012-02-02 00:19 45462 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-02 00:19 44768 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-08-01 23:00 . 2012-01-30 01:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-01 23:00 . 2012-01-27 01:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-01 23:00 . 2012-01-30 01:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-08-01 23:00 . 2012-01-27 01:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-30 01:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-27 01:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-02 04:38 . 2012-01-27 18:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-02 04:38 . 2012-02-02 00:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-02 04:38 . 2012-02-02 00:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-08-02 04:38 . 2012-01-27 18:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-02 04:38 . 2012-02-02 00:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-02 04:38 . 2012-01-27 18:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-01 22:34 . 2012-02-02 01:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-01 22:34 . 2012-01-27 18:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-01 22:34 . 2012-02-02 01:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-01 22:34 . 2012-01-27 18:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-02 04:39 . 2012-02-02 00:19 8194 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3081384823-2538802504-4288099213-1002_UserData.bin

+ 2012-02-02 00:17 . 2012-02-02 00:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-01-27 18:21 . 2012-01-27 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-02 00:17 . 2012-02-02 00:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-27 18:21 . 2012-01-27 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-02 04:37 . 2012-01-31 02:20 265810 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-02-02 00:22 628460 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-01-27 17:18 628460 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-02-02 00:22 110612 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-01-27 17:18 110612 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-02-01 20:27 391092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-01-27 18:20 391092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 02:34 . 2012-02-02 00:31 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:34 . 2012-01-27 01:45 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2011-04-16 21:06 . 2012-01-27 18:20 1423712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-04-16 21:06 . 2012-02-01 20:27 1423712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-08-02 06:08 . 2012-01-27 18:20 16928484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3081384823-2538802504-4288099213-1002-8192.dat

+ 2011-08-02 06:08 . 2012-02-01 20:27 16928484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3081384823-2538802504-4288099213-1002-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-05 336384]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-12-01 679176]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-13 2424424]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-12-01 4150864]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-12-01 1188616]

S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-16 1028096]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-01 c:\windows\Tasks\HPCeeScheduleForMAI-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

2012-01-31 c:\windows\Tasks\HPCeeScheduleForMai.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-12-01 21705296]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-13 1424896]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm

TCP: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120

FF - ProfilePath - c:\users\Mai\AppData\Roaming\Mozilla\Firefox\Profiles\n6fzfm0z.default\

FF - prefs.js: browser.startup.homepage - www.google.ca

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-02-01 18:20:24

ComboFix-quarantined-files.txt 2012-02-02 01:20

ComboFix2.txt 2012-01-27 18:28

.

Pre-Run: 576,842,498,048 bytes free

Post-Run: 576,423,026,688 bytes free

.

- - End Of File - - 5D99F27ECDF8D78942AEC8F98107AD09

Share this post


Link to post
Share on other sites

I'm not seeing anything bad.

How's it running?

Share this post


Link to post
Share on other sites

I have not seen anything out of the ordinary anymore with the exception of MBAM freezing in normal and safe mode. When this happens, it makes the laptop very slow and usually I have to manually shut it off and power it on again.

Share this post


Link to post
Share on other sites

Did you run the Clean / Uninstall and re-install as in the post #3 above?

Share this post


Link to post
Share on other sites

Yes I did. I tried everything suggested thus far but MBAM still freezes.

Share this post


Link to post
Share on other sites

Is your SUPERAntiSpyware paid for or the free version?

If the free one, uninstall it and try MBAM again

Share this post


Link to post
Share on other sites

It is the free version and after I uninstalled it, MBAM still freezes during a scan

Share this post


Link to post
Share on other sites

There appears to be some issues with Avast! and MBAM.

I'll see what I can findout.

Can you disable Avast! and try a MBAM scan?

Also try running the MBAM scan in Safe Mode

Share this post


Link to post
Share on other sites

I tried scanning with MBAM with Avast disabled and in safe mode as well but MBAM still feezes. Thanks for your continuous help!

Share this post


Link to post
Share on other sites

Are you sure it's freezing?

What file is it freezing on?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.