[Inactive] Computer still infected after cleaning?

My recently cleaned Dell XP computer may still be infected. AVG runs OK, detects nothing abnormal.

MBAM would not run as normal, with Chameleon or by renaming MBAM. Safe Mode MBAM scan made it up to Heuristic Analysis and quarantined something.

Restarted and ran MBAM again - found nothing.

Could you please check the recent MBAM log and DDS logs?

Thanks


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/25/2014
Scan Time: 1:01:51 PM
Logfile: MBAMscan.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.25.14
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306731
Time Elapsed: 29 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.60.2
Run by Administrator at 13:37:54 on 2014-11-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.272 [GMT -8:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - LocalServer32 - <no file>
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://pcpitstop.com/internet/pcpConnCheck.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://navigatela.lacity.org/download/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194646323811
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194646358889
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AEB14E2D-3C89-4C45-B2D2-A7C01379D391} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6ybkd31d.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-6-18 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-7-18 230680]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-10-5 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-6-18 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-6-18 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-10-7 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-6-18 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-8-28 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-10-10 200984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-11-9 3488784]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-11-9 298080]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-12-6 1229528]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-12-6 662232]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-12-6 16024]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-11-24 54360]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-11-14 06:42:05 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-14 06:42:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-11 12:32:09 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-30 05:35:14 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2014-10-10 23:13:58 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-10-10 06:20:41 1409 ----a-w- c:\windows\QTFont.for
2014-08-29 05:43:36 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 13:38:59.79 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/9/2007 11:42:08 AM
System Uptime: 11/25/2014 12:56:52 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2391/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 15.166 GiB free.
D: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1503: 11/13/2014 11:17:52 PM - System Checkpoint
RP1504: 11/13/2014 11:17:52 PM - System Checkpoint
RP1505: 11/13/2014 11:17:52 PM - System Checkpoint
RP1506: 11/13/2014 11:17:52 PM - System Checkpoint
RP1507: 11/13/2014 11:17:52 PM - System Checkpoint
RP1508: 11/13/2014 11:17:52 PM - System Checkpoint
RP1509: 11/13/2014 11:17:53 PM - System Checkpoint
RP1510: 11/13/2014 11:17:53 PM - System Checkpoint
RP1511: 11/13/2014 11:17:53 PM - System Checkpoint
RP1512: 11/13/2014 11:17:53 PM - System Checkpoint
RP1513: 11/13/2014 11:17:53 PM - System Checkpoint
RP1514: 11/13/2014 11:17:53 PM - System Checkpoint
RP1515: 11/13/2014 11:17:54 PM - System Checkpoint
RP1516: 11/13/2014 11:17:54 PM - System Checkpoint
RP1517: 11/13/2014 11:17:54 PM - System Checkpoint
RP1518: 11/13/2014 11:17:54 PM - System Checkpoint
RP1519: 11/13/2014 11:17:54 PM - System Checkpoint
RP1520: 11/13/2014 11:17:54 PM - System Checkpoint
RP1521: 11/13/2014 11:17:55 PM - System Checkpoint
RP1522: 11/13/2014 11:17:55 PM - System Checkpoint
RP1523: 11/13/2014 11:17:55 PM - System Checkpoint
RP1524: 11/13/2014 11:17:55 PM - N1
RP1525: 11/13/2014 11:17:56 PM - N2
RP1526: 11/13/2014 11:17:56 PM - Malwarebytes Anti-Rootkit Restore Point
RP1527: 11/13/2014 11:17:56 PM - Installed AVG 2015
RP1528: 11/13/2014 11:17:57 PM - Removed AVG 2014
RP1529: 11/13/2014 11:17:57 PM - Installed AVG 2015
RP1530: 11/13/2014 11:17:57 PM - System Checkpoint
RP1531: 11/13/2014 11:17:58 PM - System Checkpoint
RP1532: 11/13/2014 11:17:58 PM - Removed AVG 2015
RP1533: 11/13/2014 11:17:58 PM - Removed AVG 2015
RP1534: 11/13/2014 11:17:58 PM - Installed AVG 2015
RP1535: 11/13/2014 11:17:59 PM - Installed AVG 2015
RP1536: 11/13/2014 11:17:59 PM - Removed AVG 2015
RP1537: 11/13/2014 11:17:59 PM - Removed AVG 2015
RP1538: 11/13/2014 11:17:59 PM - Installed AVG 2015
RP1539: 11/13/2014 11:17:59 PM - Installed AVG 2015
RP1540: 11/13/2014 11:18:00 PM - System Checkpoint
RP1541: 11/13/2014 11:18:06 PM - End of disinfection
RP1542: 11/14/2014 11:42:59 PM - System Checkpoint
RP1543: 11/16/2014 12:43:01 AM - System Checkpoint
RP1544: 11/17/2014 1:44:07 AM - System Checkpoint
RP1545: 11/18/2014 2:43:00 AM - System Checkpoint
RP1546: 11/19/2014 3:43:03 AM - System Checkpoint
RP1547: 11/20/2014 4:43:03 AM - System Checkpoint
RP1548: 11/21/2014 5:43:04 AM - System Checkpoint
RP1549: 11/22/2014 6:43:05 AM - System Checkpoint
RP1550: 11/23/2014 7:43:05 AM - System Checkpoint
RP1551: 11/24/2014 9:28:44 AM - System Checkpoint
RP1552: 11/25/2014 10:14:20 AM - System Checkpoint
.
==== Installed Programs ======================
.
6300
6300_Help
6300Trb
Adobe Flash Player 14 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.08)
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
AVG 2015
Batch Thumbs 1.7
BufferChm
CCleaner
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Dropbox
eQUEST 3-63
ESET Online Scanner v3
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet 3000 J310 series Basic Device Software
HP Deskjet 3000 J310 series Help
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
Info Center 1.0.0.10
InstantShareDevices
InstantShareDevicesMFC
Insul7.0
Intel(R) Extreme Graphics Driver
Intel(R) Network Connections 12.4.38.0
Java 7 Update 60
Java Auto Updater
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NewCopy_CDA
Nikon Scan 1.6
OCR Software by I.R.I.S 7.0
PanoStandAlone
PhotoGallery
Polaroid Dust and Scratch Removal v1.0.0.15.2e
ProductContextNPI
QFolder
Quicken 2005
QuickTime
RandMap
Readme
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Copy
Scan
ScannerCopy
Secunia PSI (3.0.0.9016)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
SlideShow
SMS Advanced Client
SolutionCenter
Sonic Update Manager
Sonic_PrimoSDK
SoundMAX
Status
Sybase Adaptive Server Enterprise PC Client
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual Studio 2012 x86 Redistributables
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
11/25/2014 4:47:16 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/25/2014 3:18:34 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The paging file is too small for this operation to complete.
11/25/2014 3:18:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
11/25/2014 3:18:32 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/25/2014 2:57:59 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: Insufficient system resources exist to complete the requested service.
.
==== End Of File ===========================

 

So, what is actual problem?
MBAM not running in normal mode?

 

The computer was running very slow and a virus or something was interfering with MBAM, Chameleon and renaming of MBAM.

This virus (?) would also not allow the computer to start up. After CTL-ALT-DLT computer was unresponsive.

I then went to Safe Mode - MBAM scan made it up to Heuristic Analysis and quarantined something.

I then Restarted in Normal mode and was able to successfully run MBAM.

I posted the logs in the event their might be evidence in the logs of malware lurking or, evidence of an unprotected computer.

Currently - computer running OK.

Thanks

 

Can you post previous MBAM log so I can see what was found?

 

In the MBAM Quarantine section it says -
Vendor: Heuristics.Reserved.Word.Exploit
Date: 11/25/14
Type: File
Location: C:\Documents and Settings\Administrator\Desktop\explorer.exe

On 11/5/14 the same Vendor, Type was quarantined
Location: C:\Documents and Settings\Administrator\Desktop\winlogon.exe



The MBAM log of the scan done in SafeMode was time stamped 12:32pm - the log contents is identical to the scan log of 1:01pm, posted above.

MBAM history has a list of 26 scan logs with different dates and times. The contents of each log is identical to the 1:01pm log. Is there another place the 12:32pm log might be found?

 

I found (by reading another post of yours) the technique to obtain the 12:32pm log:



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/25/2014
Scan Time: 12:32:52 PM
Logfile: 1232MBAMscan.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.25.13
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305668
Time Elapsed: 22 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Heuristics.Reserved.Word.Exploit, C:\Documents and Settings\Administrator\Desktop\explorer.exe, Quarantined, [09f859e71c6052e4c453391fd431728e],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Did you by any chance put those two files (winlogon.exe and explorer.exe) on your Desktop?

 

11/6/14 - When I was trying to get RogueKiller to work - changed file name to winlogon.exe
11/24 or 25/14 - - I changed MBAM to Explorer.exe in an attempt to get it to run. I may have also tried renaming MBAM to winlogon.exe in an attempt to get it to run.

 

In that case you have nothing to worry about.
MBAM just didn't like seeing such files on your Desktop.
Normally those files would be in Windows folder.
MBAM couldn't know that those are some renamed files.

You're good to go.

 

Thank you. Appreciate the help.