[RESOLVED] Error opening malwarebytes

Started By oldtrig, Mar 27 2011 09:32 PM

You cannot start a new topic
You cannot reply to this topic

17 replies to this topic

#1 oldtrig

Member

216 posts
Joined: April 06, 2010
24 topics
Age: 64
Skin: IP.Board
Local time: 01:26 PM

Zodiac:Aquarius
Gender:Male
OS:Windows 7
Country:

Offline

Time Online: 11h 45m 21s

Posted 27 March 2011 - 09:32 PM

I am not sure whats going on but today when I tried to open malwarebytes I got this error
vbAccelerator SGrid II Control:
Run-time error "0"
I did not find a fix as of yet for this problem. I know I run it last week and it worked perfect. Here are the requested logs.
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-27 16:25:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST31000528AS rev.CC44
Running: 8hu15kts.exe; Driver: C:\DOCUME~1\Thomas\LOCALS~1\Temp\pxtdipow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A513A0, 0x59FFE5, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Thomas at 16:25:22.85 on Sun 03/27/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1539 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
svchost.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Documents and Settings\Thomas\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {25336921-03F9-11CF-8FD0-00AA00686F13} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248655247921
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\thomas\applic~1\mozilla\firefox\profiles\s82zjzzf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\thomas\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2002-8-14 5632]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
R1 MpKsl712b0211;MpKsl712b0211;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6ce30d49-981c-44fe-a938-5b7398884961}\MpKsl712b0211.sys [2011-3-27 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-3 47640]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S1 MpKsl2b678298;MpKsl2b678298;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3ddce8d6-9319-497b-abf8-7e0d9bf3d177}\mpksl2b678298.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3ddce8d6-9319-497b-abf8-7e0d9bf3d177}\MpKsl2b678298.sys [?]
S1 MpKsl6e480350;MpKsl6e480350;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1fc70b45-970e-47b1-88c7-341b76366031}\mpksl6e480350.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1fc70b45-970e-47b1-88c7-341b76366031}\MpKsl6e480350.sys [?]
S1 MpKsl8eb9a644;MpKsl8eb9a644;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba951502-65c8-4763-88d8-0c5025906583}\mpksl8eb9a644.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba951502-65c8-4763-88d8-0c5025906583}\MpKsl8eb9a644.sys [?]
S1 MpKslbe388200;MpKslbe388200;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{08082c62-807d-4cca-921f-c5cf0582f982}\mpkslbe388200.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{08082c62-807d-4cca-921f-c5cf0582f982}\MpKslbe388200.sys [?]
S1 MpKsleac868f4;MpKsleac868f4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5e49823e-bb0e-4025-b6c2-6c2d45d58e4f}\mpksleac868f4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5e49823e-bb0e-4025-b6c2-6c2d45d58e4f}\MpKsleac868f4.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]
S3 1Do5QQ;1Do5QQ;c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s --> c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s [?]
S3 26AA6BED;26AA6BED;c:\windows\system32\26AA6BED.exe [2011-3-25 6656]
S3 ENy01R;ENy01R;c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s --> c:\program files\cpuid\pc wizard 2010\data\pcwizntl.exe -s [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-03-27 19:32:26 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6ce30d49-981c-44fe-a938-5b7398884961}\MpKsl712b0211.sys
2011-03-27 12:00:28 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{6ce30d49-981c-44fe-a938-5b7398884961}\mpengine.dll
2011-03-26 02:37:18 -------- d-----w- c:\program files\MSSOAP
2011-03-26 02:36:57 -------- d-----w- c:\program files\Webroot
2011-03-26 02:10:03 -------- d--h--w- c:\windows\PIF
2011-03-26 02:01:11 6656 ----a-w- c:\windows\system32\26AA6BED.exe
2011-03-12 17:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 17:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-12 03:42:08 -------- d-----w- c:\program files\Glarysoft
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 03:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:25:40.20 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/26/2009 6:58:59 PM
System Uptime: 3/27/2011 2:31:56 PM (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 965P-DS3
Processor: Intel® Core™2 CPU 4300 @ 1.80GHz | Socket 775 | 1808/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 429 GiB total, 411.251 GiB free.
D: is FIXED (NTFS) - 502 GiB total, 360.273 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP56: 12/27/2010 8:29:47 AM - System Checkpoint
RP57: 12/28/2010 5:42:48 AM - Software Distribution Service 3.0
RP58: 12/29/2010 7:20:47 AM - System Checkpoint
RP59: 12/30/2010 5:41:54 AM - Software Distribution Service 3.0
RP60: 12/31/2010 7:18:15 AM - Software Distribution Service 3.0
RP61: 1/1/2011 7:40:48 AM - Software Distribution Service 3.0
RP62: 1/2/2011 7:42:43 AM - Software Distribution Service 3.0
RP63: 1/3/2011 6:10:29 AM - Installed Microsoft Fix it 50199
RP64: 1/4/2011 5:40:39 AM - Installed Java™ 6 Update 23
RP65: 1/4/2011 5:43:17 AM - Software Distribution Service 3.0
RP66: 1/5/2011 5:58:18 AM - Software Distribution Service 3.0
RP67: 1/6/2011 7:05:23 AM - System Checkpoint
RP68: 1/6/2011 8:54:14 PM - Software Distribution Service 3.0
RP69: 1/8/2011 7:14:01 AM - Software Distribution Service 3.0
RP70: 1/9/2011 2:18:19 PM - Software Distribution Service 3.0
RP71: 1/10/2011 2:20:53 PM - System Checkpoint
RP72: 1/11/2011 6:20:45 AM - Software Distribution Service 3.0
RP73: 1/12/2011 6:46:10 AM - Software Distribution Service 3.0
RP74: 1/12/2011 10:32:43 PM - Software Distribution Service 3.0
RP75: 1/14/2011 6:11:38 AM - Software Distribution Service 3.0
RP76: 1/15/2011 7:26:32 AM - Software Distribution Service 3.0
RP77: 1/16/2011 8:37:50 AM - System Checkpoint
RP78: 1/16/2011 10:51:31 PM - Software Distribution Service 3.0
RP79: 1/17/2011 9:52:48 PM - Installed ClearType Tuning Control Panel Applet
RP80: 1/17/2011 9:53:58 PM - Installed HTML Slideshow Powertoy for Windows XP
RP81: 1/17/2011 9:55:34 PM - Installed Calculator Powertoy for Windows XP
RP82: 1/17/2011 9:56:28 PM - Installed CmdHere Powertoy For Windows XP
RP83: 1/18/2011 5:53:06 AM - Software Distribution Service 3.0
RP84: 1/19/2011 5:59:26 AM - Software Distribution Service 3.0
RP85: 1/20/2011 7:05:52 AM - System Checkpoint
RP86: 1/20/2011 8:43:15 PM - Software Distribution Service 3.0
RP87: 1/22/2011 7:41:16 AM - Software Distribution Service 3.0
RP88: 1/23/2011 8:13:36 AM - System Checkpoint
RP89: 1/24/2011 5:52:12 AM - Software Distribution Service 3.0
RP90: 1/25/2011 5:57:30 AM - Software Distribution Service 3.0
RP91: 1/26/2011 6:11:21 AM - Software Distribution Service 3.0
RP92: 1/26/2011 6:16:28 AM - Software Distribution Service 3.0
RP93: 1/26/2011 6:22:21 AM - Software Distribution Service 3.0
RP94: 1/27/2011 3:11:55 PM - Software Distribution Service 3.0
RP95: 1/28/2011 3:31:18 PM - Software Distribution Service 3.0
RP96: 1/29/2011 9:59:50 AM - Software Distribution Service 3.0
RP97: 1/30/2011 10:46:50 AM - System Checkpoint
RP98: 1/30/2011 3:33:09 PM - Revo Uninstaller's restore point - Kodak EasyShare software
RP99: 1/31/2011 7:53:06 AM - Software Distribution Service 3.0
RP100: 2/1/2011 6:44:19 AM - Software Distribution Service 3.0
RP101: 2/2/2011 3:42:35 PM - Software Distribution Service 3.0
RP102: 2/3/2011 4:42:33 PM - System Checkpoint
RP103: 2/3/2011 5:15:23 PM - Software Distribution Service 3.0
RP104: 2/4/2011 6:48:47 AM - Software Distribution Service 3.0
RP105: 2/4/2011 7:22:00 AM - Revo Uninstaller's restore point - WinImage
RP106: 2/5/2011 7:04:51 AM - Software Distribution Service 3.0
RP107: 2/5/2011 9:41:42 AM - Software Distribution Service 3.0
RP108: 2/6/2011 10:00:18 AM - System Checkpoint
RP109: 2/6/2011 10:00:16 PM - Software Distribution Service 3.0
RP110: 2/7/2011 5:45:02 AM - Software Distribution Service 3.0
RP111: 2/8/2011 6:57:54 AM - System Checkpoint
RP112: 2/9/2011 5:44:05 AM - Software Distribution Service 3.0
RP113: 2/9/2011 10:00:19 PM - Software Distribution Service 3.0
RP114: 2/11/2011 7:04:21 AM - System Checkpoint
RP115: 2/12/2011 6:45:38 AM - Software Distribution Service 3.0
RP116: 2/12/2011 9:38:20 AM - Software Distribution Service 3.0
RP117: 2/13/2011 9:44:48 AM - System Checkpoint
RP118: 2/14/2011 6:05:37 AM - Software Distribution Service 3.0
RP119: 2/15/2011 3:36:53 PM - Software Distribution Service 3.0
RP120: 2/16/2011 5:20:59 PM - System Checkpoint
RP121: 2/17/2011 5:45:30 AM - Software Distribution Service 3.0
RP122: 2/17/2011 8:47:52 PM - Installed Java™ 6 Update 24
RP123: 2/18/2011 6:23:53 AM - Software Distribution Service 3.0
RP124: 2/19/2011 6:37:23 AM - Software Distribution Service 3.0
RP125: 2/19/2011 9:47:17 AM - Software Distribution Service 3.0
RP126: 2/20/2011 10:04:29 AM - System Checkpoint
RP127: 2/20/2011 10:19:57 PM - Software Distribution Service 3.0
RP128: 2/22/2011 5:42:59 AM - Software Distribution Service 3.0
RP129: 2/23/2011 6:08:00 AM - Software Distribution Service 3.0
RP130: 2/24/2011 6:59:08 AM - System Checkpoint
RP131: 2/24/2011 8:34:20 PM - Software Distribution Service 3.0
RP132: 2/25/2011 5:55:45 PM - Software Distribution Service 3.0
RP133: 2/26/2011 6:32:23 AM - Software Distribution Service 3.0
RP134: 2/26/2011 9:41:06 AM - Software Distribution Service 3.0
RP135: 2/27/2011 10:36:01 AM - System Checkpoint
RP136: 2/27/2011 8:24:45 PM - Software Distribution Service 3.0
RP137: 3/1/2011 5:54:47 AM - Software Distribution Service 3.0
RP138: 3/2/2011 7:00:06 AM - System Checkpoint
RP139: 3/3/2011 5:53:04 AM - Software Distribution Service 3.0
RP140: 3/4/2011 6:21:52 AM - Software Distribution Service 3.0
RP141: 3/4/2011 6:07:01 PM - Installed LogMeIn
RP142: 3/5/2011 7:02:47 AM - Software Distribution Service 3.0
RP143: 3/5/2011 10:06:31 AM - Software Distribution Service 3.0
RP144: 3/6/2011 3:07:32 PM - Software Distribution Service 3.0
RP145: 3/7/2011 4:33:02 PM - System Checkpoint
RP146: 3/8/2011 5:48:34 AM - Software Distribution Service 3.0
RP147: 3/8/2011 5:53:44 PM - Software Distribution Service 3.0
RP148: 3/9/2011 6:45:05 AM - Software Distribution Service 3.0
RP149: 3/10/2011 5:50:39 AM - Software Distribution Service 3.0
RP150: 3/11/2011 6:26:16 AM - System Checkpoint
RP151: 3/12/2011 6:45:05 AM - Software Distribution Service 3.0
RP152: 3/12/2011 9:38:54 AM - Software Distribution Service 3.0
RP153: 3/13/2011 11:06:39 AM - System Checkpoint
RP154: 3/14/2011 5:48:43 AM - Software Distribution Service 3.0
RP155: 3/15/2011 5:50:23 AM - Software Distribution Service 3.0
RP156: 3/16/2011 6:56:43 AM - System Checkpoint
RP157: 3/17/2011 5:49:02 AM - Software Distribution Service 3.0
RP158: 3/17/2011 8:10:35 PM - Software Distribution Service 3.0
RP159: 3/19/2011 6:43:24 AM - Software Distribution Service 3.0
RP160: 3/20/2011 7:54:55 AM - System Checkpoint
RP161: 3/21/2011 5:46:43 AM - Software Distribution Service 3.0
RP162: 3/22/2011 6:57:59 AM - System Checkpoint
RP163: 3/23/2011 5:48:56 AM - Software Distribution Service 3.0
RP164: 3/24/2011 6:19:17 AM - System Checkpoint
RP165: 3/24/2011 10:02:54 PM - Software Distribution Service 3.0
RP166: 3/25/2011 5:50:45 AM - Software Distribution Service 3.0
RP167: 3/25/2011 9:35:53 PM - before webroot
RP168: 3/26/2011 6:30:22 AM - Software Distribution Service 3.0
RP169: 3/26/2011 6:40:31 AM - Revo Uninstaller's restore point - Spy Sweeper
RP170: 3/27/2011 7:00:27 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player 11.5
Amazon Unbox Video
Apple Application Support
Apple Software Update
Arbortext IsoView 7.0 M010
AutoUpdate
Bomgar Representative Console [remote.sacsinc.com]
BufferChm
Calculator Powertoy for Windows XP
CCleaner
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Compatibility Pack for the 2007 Office system
Copy
Data Lifeguard Diagnostic for Windows 1.22
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DFX for Windows Media Player
Disk SpeedUp 1.2.0.319
DivX
ESET Online Scanner v3
Gigabyte Raid Configurer
GIMP 2.6.10
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB939209)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Drive Key Boot Utility
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
HP Product Detection
HTML Slideshow Powertoy for Windows XP
ieSpell
Image Resizer Powertoy for Windows XP
Java Auto Updater
Java™ 6 Update 24
LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LogMeIn
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.15)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NirSoft BlueScreenView
Norton Ghost
NVIDIA Drivers
NVIDIA nView Desktop Manager
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Panda USB Vaccine 1.0.1.4
PanoStandAlone
PC Wizard 2010.1.94
PE Builder 3.1.10a
PS_AIO_03_C4400_Software_Min
Quick Startup 2.8.0.718
QuickTime
Revo Uninstaller 1.90
Roxio Easy Media Creator 8 Suite
Scan
SeaTools for Windows
Secunia PSI (2.0.0.1003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sound Blaster Live! Web 2K/XP
SpywareBlaster 4.4
Status
SUPERAntiSpyware
System Requirements Lab
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
3/26/2011 6:42:08 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SSIDRV\0000 disappeared from the system without first being prepared for removal.
3/26/2011 6:42:08 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SSHRMD\0000 disappeared from the system without first being prepared for removal.
3/26/2011 6:42:08 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SSFS0BBC\0000 disappeared from the system without first being prepared for removal.
3/26/2011 6:41:59 AM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
3/25/2011 10:20:20 PM, error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
3/22/2011 5:36:10 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
3/21/2011 10:35:22 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:22 PM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:22 PM, error: Service Control Manager [7034] - The RoxUpnpServer service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:22 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:21 PM, error: Service Control Manager [7034] - The RoxMediaDB service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:21 PM, error: Service Control Manager [7034] - The Roxio Hard Drive Watcher service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:21 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:21 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:21 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:21 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:21 PM, error: Service Control Manager [7034] - The GhostStartService service terminated unexpectedly. It has done this 1 time(s).
3/21/2011 10:35:21 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
.
==== End Of File ===========================
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000005d

Kernel Drivers (total 144):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80D8000 jraid.sys
0xB7EF3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB80E8000 disk.sys
0xB80F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7ED3000 fltmgr.sys
0xB7EC1000 sr.sys
0xB7EAC000 drvmcdb.sys
0xB8108000 PxHelp20.sys
0xB7E95000 KSecDD.sys
0xB7E82000 WudfPf.sys
0xB7DF5000 Ntfs.sys
0xB7DC8000 NDIS.sys
0xB7DAE000 Mup.sys
0xB85AE000 JGOGO.sys
0xB8298000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6A51000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6A10000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB83C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB69EC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB69A6000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xB692E000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB690A000 \SystemRoot\system32\drivers\portcls.sys
0xB82A8000 \SystemRoot\system32\drivers\drmk.sys
0xB68E7000 \SystemRoot\system32\drivers\ks.sys
0xB68CE000 \SystemRoot\system32\drivers\ctoss2k.sys
0xB85C2000 \SystemRoot\System32\drivers\ctprxy2k.sys
0xB856C000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xB83D8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8570000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB68BA000 \SystemRoot\system32\DRIVERS\parport.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB874A000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xB874C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB74FE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB857C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB68A3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB74EE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB74DE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6892000 \SystemRoot\system32\DRIVERS\psched.sys
0xB74CE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83F0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83F8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB683A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB74BE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85C6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB67DC000 \SystemRoot\system32\DRIVERS\update.sys
0xB8594000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB74AE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB748E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85D6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB460E000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xB45F9000 \SystemRoot\System32\drivers\ctac32k.sys
0xB45E0000 \SystemRoot\System32\drivers\emupia2k.sys
0xB45C1000 \SystemRoot\System32\drivers\ctsfm2k.sys
0xB8428000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB4588000 \SystemRoot\system32\DRIVERS\RxFilter.sys
0xB4561000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xB8488000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB862A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86B2000 \SystemRoot\System32\Drivers\Null.SYS
0xB862C000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8498000 \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
0xB84A0000 \SystemRoot\System32\drivers\vga.sys
0xB862E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8630000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB84A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB84B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB67B4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB452E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB44D5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB44AD000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB8158000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB4487000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB4465000 \SystemRoot\System32\drivers\afd.sys
0xB8168000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB4443000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB8340000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB4418000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB43A8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8178000 \SystemRoot\System32\Drivers\Fips.SYS
0xB7D76000 \SystemRoot\System32\Drivers\FileDisk.SYS
0xB6872000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB8378000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB8380000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB8388000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB686A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8198000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8390000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB81A8000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB67D8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB67D4000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB81B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB4318000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8632000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB67C0000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8398000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB877B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD61F000 \SystemRoot\System32\ATMFD.DLL
0xB3E13000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3B1B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB3B06000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3BBF000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3803000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB85B2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB393C000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xB375B000 \SystemRoot\system32\DRIVERS\srv.sys
0xB85E4000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xB3AB6000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB860E000 \??\C:\WINDOWS\system32\PfModNT.sys
0xB2F72000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8410000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CE30D49-981C-44FE-A938-5B7398884961}\MpKsl712b0211.sys
0xB2F3E000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0xB2444000 \??\C:\DOCUME~1\Thomas\LOCALS~1\Temp\pxtdipow.sys
0xB2419000 \SystemRoot\system32\drivers\kmixer.sys
0xB2EFA000 \??\C:\DOCUME~1\Thomas\LOCALS~1\Temp\mbr.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
460 C:\WINDOWS\system32\smss.exe
508 csrss.exe
532 C:\WINDOWS\system32\winlogon.exe
576 C:\WINDOWS\system32\services.exe
588 C:\WINDOWS\system32\lsass.exe
756 C:\WINDOWS\system32\nvsvc32.exe
784 C:\WINDOWS\system32\svchost.exe
872 svchost.exe
940 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
976 C:\WINDOWS\system32\svchost.exe
1016 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1416 C:\WINDOWS\system32\spoolsv.exe
1588 C:\WINDOWS\explorer.exe
1700 C:\Program Files\Panda USB Vaccine\USBVaccine.exe
1884 C:\Program Files\Microsoft Security Client\msseces.exe
1892 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
1960 C:\Program Files\Secunia\PSI\psi_tray.exe
304 svchost.exe
480 C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
908 C:\Program Files\Java\jre6\bin\jqs.exe
1072 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
1576 C:\Program Files\LogMeIn\x86\ramaint.exe
836 C:\Program Files\LogMeIn\x86\LogMeIn.exe
2144 C:\WINDOWS\system32\svchost.exe
2208 C:\WINDOWS\system32\svchost.exe
2428 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
2608 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
2704 C:\Program Files\Secunia\PSI\psia.exe
2752 C:\WINDOWS\system32\svchost.exe
2812 C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
3544 alg.exe
3980 C:\Program Files\Secunia\PSI\sua.exe
3608 wmiprvse.exe
504 C:\Documents and Settings\Thomas\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006b`5eb40000 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC44

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

I cannot run malwarebytes or I would supply the log. Thanks for looking at this minor problem. Tom

Back to top

#2 Broni Re: [RESOLVED] Error opening malwarebytes

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 06:26 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 27 March 2011 - 09:40 PM

I can see one, possibly suspicious service running.

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superanti...efinitions.html.)
Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

Open SUPERAntiSpyware.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Post SUPERAntiSpyware log.

Back to top

#3 oldtrig Re: [RESOLVED] Error opening malwarebytes

Member

216 posts
Joined: April 06, 2010
24 topics
Age: 64
Skin: IP.Board
Local time: 01:26 PM

Zodiac:Aquarius
Gender:Male
OS:Windows 7
Country:

Offline

Time Online: 11h 45m 21s

Posted 27 March 2011 - 10:51 PM

It looks good, here is the log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/27/2011 at 05:42 PM

Application Version : 4.45.1000

Core Rules Database Version : 6687
Trace Rules Database Version: 4499

Scan type : Complete Scan
Total Scan Time : 00:33:43

Memory items scanned : 255
Memory threats detected : 0
Registry items scanned : 6954
Registry threats detected : 0
File items scanned : 53316
File threats detected : 0

Back to top

#4 Broni Re: [RESOLVED] Error opening malwarebytes

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 06:26 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 27 March 2011 - 10:59 PM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Back to top

#5 oldtrig Re: [RESOLVED] Error opening malwarebytes

Member

216 posts
Joined: April 06, 2010
24 topics
Age: 64
Skin: IP.Board
Local time: 01:26 PM

Zodiac:Aquarius
Gender:Male
OS:Windows 7
Country:

Offline

Time Online: 11h 45m 21s

Posted 27 March 2011 - 11:20 PM

ComboFix 11-03-27.01 - Thomas 03/27/2011 18:12:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1630 [GMT -5:00]
Running from: c:\documents and settings\Thomas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\dds.pif
.
.
((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 22:46 . 2011-03-27 22:46 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CE30D49-981C-44FE-A938-5B7398884961}\MpKsla690a591.sys
2011-03-27 12:00 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CE30D49-981C-44FE-A938-5B7398884961}\mpengine.dll
2011-03-26 02:37 . 2011-03-26 02:37 -------- d-----w- c:\program files\MSSOAP
2011-03-26 02:36 . 2011-03-26 02:36 -------- d-----w- c:\program files\Webroot
2011-03-26 02:10 . 2011-03-26 02:10 -------- d--h--w- c:\windows\PIF
2011-03-26 02:07 . 2011-03-26 02:07 -------- d-----w- c:\program files\7-Zip
2011-03-26 02:01 . 2011-03-26 02:01 6656 ----a-w- c:\windows\system32\26AA6BED.exe
2011-03-16 02:34 . 2011-03-16 02:34 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Mozilla
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-12 03:42 . 2011-03-12 03:42 -------- d-----w- c:\program files\Glarysoft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2010-04-24 03:00 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 03:40 . 2010-04-24 02:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19 . 2010-10-14 10:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-07-26 23:53 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-07-26 23:53 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-02-28 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-28 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2006-11-17 01:05 1953792 ------r- c:\windows\system32\JMRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2002-08-14 20:21 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 06:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-31 04:44 36864 ------r- c:\windows\JM\JMInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 21:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 21:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-08 04:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2005-11-22 14:34 163840 ----a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 22:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /installquiet
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
.
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 3:11 PM 5632]
R1 MpKsla690a591;MpKsla690a591;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CE30D49-981C-44FE-A938-5B7398884961}\MpKsla690a591.sys [3/27/2011 5:46 PM 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 2:11 PM 374152]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 7:04 AM 987704]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 7:04 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S1 MpKsl2b678298;MpKsl2b678298;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DDCE8D6-9319-497B-ABF8-7E0D9BF3D177}\MpKsl2b678298.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DDCE8D6-9319-497B-ABF8-7E0D9BF3D177}\MpKsl2b678298.sys [?]
S1 MpKsl6e480350;MpKsl6e480350;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC70B45-970E-47B1-88C7-341B76366031}\MpKsl6e480350.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC70B45-970E-47B1-88C7-341B76366031}\MpKsl6e480350.sys [?]
S1 MpKsl8eb9a644;MpKsl8eb9a644;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA951502-65C8-4763-88D8-0C5025906583}\MpKsl8eb9a644.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA951502-65C8-4763-88D8-0C5025906583}\MpKsl8eb9a644.sys [?]
S1 MpKslbe388200;MpKslbe388200;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{08082C62-807D-4CCA-921F-C5CF0582F982}\MpKslbe388200.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{08082C62-807D-4CCA-921F-C5CF0582F982}\MpKslbe388200.sys [?]
S1 MpKsleac868f4;MpKsleac868f4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E49823E-BB0E-4025-B6C2-6C2D45D58E4F}\MpKsleac868f4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E49823E-BB0E-4025-B6C2-6C2D45D58E4F}\MpKsleac868f4.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 11:49 PM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 4:40 PM 12856]
S3 1Do5QQ;1Do5QQ;c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s [?]
S3 26AA6BED;26AA6BED;c:\windows\system32\26AA6BED.exe [3/25/2011 9:01 PM 6656]
S3 ENy01R;ENy01R;c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLA690A591
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 04:49]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 04:49]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-287218729-725345543-1003Core.job
- c:\documents and settings\Thomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-29 01:56]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-287218729-725345543-1003UA.job
- c:\documents and settings\Thomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-29 01:56]
.
2011-03-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
.
2011-03-27 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-01-08 22:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\s82zjzzf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-IntelliPoint - c:\program files\Microsoft IntelliPoint\ipoint.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Thomas\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 18:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-03-27 18:16:42
ComboFix-quarantined-files.txt 2011-03-27 23:16
.
Pre-Run: 441,546,158,080 bytes free
Post-Run: 441,562,505,216 bytes free
.
- - End Of File - - A2ED7AEF77899E0513D135624968B856

Back to top

#6 Broni Re: [RESOLVED] Error opening malwarebytes

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 06:26 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 27 March 2011 - 11:25 PM

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\26AA6BED.exe
c:\windows\Updreg.EXE

Driver::
26AA6BED

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Back to top

#7 oldtrig Re: [RESOLVED] Error opening malwarebytes

Member

216 posts
Joined: April 06, 2010
24 topics
Age: 64
Skin: IP.Board
Local time: 01:26 PM

Zodiac:Aquarius
Gender:Male
OS:Windows 7
Country:

Offline

Time Online: 11h 45m 21s

Posted 27 March 2011 - 11:37 PM

ComboFix 11-03-27.01 - Thomas 03/27/2011 18:30:37.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1551 [GMT -5:00]
Running from: c:\documents and settings\Thomas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Thomas\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\26AA6BED.exe"
"c:\windows\Updreg.EXE"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\26AA6BED.exe
c:\windows\Updreg.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_26AA6BED
-------\Service_26AA6BED
.
.
((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2011-03-27 12:00 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CE30D49-981C-44FE-A938-5B7398884961}\mpengine.dll
2011-03-26 02:37 . 2011-03-26 02:37 -------- d-----w- c:\program files\MSSOAP
2011-03-26 02:36 . 2011-03-26 02:36 -------- d-----w- c:\program files\Webroot
2011-03-26 02:10 . 2011-03-26 02:10 -------- d--h--w- c:\windows\PIF
2011-03-26 02:07 . 2011-03-26 02:07 -------- d-----w- c:\program files\7-Zip
2011-03-16 02:34 . 2011-03-16 02:34 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Mozilla
2011-03-12 17:28 . 2011-03-12 17:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-12 03:42 . 2011-03-12 03:42 -------- d-----w- c:\program files\Glarysoft
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:05 . 2010-04-24 03:00 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 03:40 . 2010-04-24 02:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19 . 2010-10-14 10:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-07-26 23:53 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-07-26 23:53 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-02-28 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-02-28 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-27_23.15.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-27 23:34 . 2011-03-27 23:34 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2011-03-27 23:34 . 2011-03-27 23:34 16384 c:\windows\Temp\Perflib_Perfdata_164.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2010-12-21 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2006-11-17 01:05 1953792 ------r- c:\windows\system32\JMRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
2002-08-14 20:21 94208 ----a-w- c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 06:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-31 04:44 36864 ------r- c:\windows\JM\JMInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 21:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 21:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-08 04:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2005-11-22 14:34 163840 ----a-w- c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 22:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /installquiet
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
.
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [8/14/2002 3:11 PM 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 2:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 4:40 PM 12856]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 7:04 AM 987704]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 7:04 AM 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S1 MpKsl2b678298;MpKsl2b678298;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DDCE8D6-9319-497B-ABF8-7E0D9BF3D177}\MpKsl2b678298.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DDCE8D6-9319-497B-ABF8-7E0D9BF3D177}\MpKsl2b678298.sys [?]
S1 MpKsl6e480350;MpKsl6e480350;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC70B45-970E-47B1-88C7-341B76366031}\MpKsl6e480350.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1FC70B45-970E-47B1-88C7-341B76366031}\MpKsl6e480350.sys [?]
S1 MpKsl8eb9a644;MpKsl8eb9a644;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA951502-65C8-4763-88D8-0C5025906583}\MpKsl8eb9a644.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA951502-65C8-4763-88D8-0C5025906583}\MpKsl8eb9a644.sys [?]
S1 MpKsla690a591;MpKsla690a591;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CE30D49-981C-44FE-A938-5B7398884961}\MpKsla690a591.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CE30D49-981C-44FE-A938-5B7398884961}\MpKsla690a591.sys [?]
S1 MpKslbe388200;MpKslbe388200;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{08082C62-807D-4CCA-921F-C5CF0582F982}\MpKslbe388200.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{08082C62-807D-4CCA-921F-C5CF0582F982}\MpKslbe388200.sys [?]
S1 MpKsleac868f4;MpKsleac868f4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E49823E-BB0E-4025-B6C2-6C2D45D58E4F}\MpKsleac868f4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E49823E-BB0E-4025-B6C2-6C2D45D58E4F}\MpKsleac868f4.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 11:49 PM 135664]
S3 1Do5QQ;1Do5QQ;c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s [?]
S3 ENy01R;ENy01R;c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s --> c:\program files\CPUID\PC Wizard 2010\Data\pcwizntl.exe -s [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 04:49]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 04:49]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-287218729-725345543-1003Core.job
- c:\documents and settings\Thomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-29 01:56]
.
2011-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-287218729-725345543-1003UA.job
- c:\documents and settings\Thomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-29 01:56]
.
2011-03-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
.
2011-03-27 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-01-08 22:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\s82zjzzf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 18:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2096)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\progra~1\Symantec\NORTON~1\GHOSTS~2.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-03-27 18:36:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-27 23:36
ComboFix2.txt 2011-03-27 23:16
.
Pre-Run: 441,571,135,488 bytes free
Post-Run: 441,476,349,952 bytes free
.
- - End Of File - - E7CAA345DC96EF2A3BF92EFD29576135

Back to top

#8 Broni Re: [RESOLVED] Error opening malwarebytes

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 06:26 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 27 March 2011 - 11:45 PM

Looks good now :)

See, if you can run MBAM now.

If still a problem...

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

Back to top

#9 oldtrig Re: [RESOLVED] Error opening malwarebytes

Member

216 posts
Joined: April 06, 2010
24 topics
Age: 64
Skin: IP.Board
Local time: 01:26 PM

Zodiac:Aquarius
Gender:Male
OS:Windows 7
Country:

Offline

Time Online: 11h 45m 21s

Posted 28 March 2011 - 12:01 AM

That got it working. Here is the log. What exactly did I pick up?
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6187

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/27/2011 6:59:50 PM
mbam-log-2011-03-27 (18-59-50).txt

Scan type: Quick scan
Objects scanned: 167217
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Back to top

#10 Broni Re: [RESOLVED] Error opening malwarebytes

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 06:26 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 28 March 2011 - 12:09 AM

Worked after running Combofix, or you had to reinstall MBAM?

Back to top

#11 oldtrig Re: [RESOLVED] Error opening malwarebytes

Member

216 posts
Joined: April 06, 2010
24 topics
Age: 64
Skin: IP.Board
Local time: 01:26 PM

Zodiac:Aquarius
Gender:Male
OS:Windows 7
Country:

Offline

Time Online: 11h 45m 21s

Posted 28 March 2011 - 12:17 AM

I had to reinstall MBAM. I still got the error when I was uninstalling it but I did get it removed. I was on a website looking up something last week and I got a warning that my computer was infected. I shut the PC down manually and when it booted back I updated and run malwarebytes, scanned from ESET and run superantispyware and it came back clean. Tonight I was trying to run malwarebytes again and I got the error.

Back to top

#12 Broni Re: [RESOLVED] Error opening malwarebytes

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 06:26 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 28 March 2011 - 12:20 AM

Oh OK.

We removed some suspicious file (c:\windows\system32\26AA6BED.exe) and its service.
I can't tell, it was any connection between that and MBAM issue.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Back to top

#13 oldtrig Re: [RESOLVED] Error opening malwarebytes

Member

216 posts
Joined: April 06, 2010
24 topics
Age: 64
Skin: IP.Board
Local time: 01:26 PM

Zodiac:Aquarius
Gender:Male
OS:Windows 7
Country:

Offline

Time Online: 11h 45m 21s

Posted 28 March 2011 - 12:25 AM

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 9.4.3
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.15)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Back to top

#14 Broni Re: [RESOLVED] Error opening malwarebytes

Malware Annihilator

24,879 posts
Joined: October 04, 2004
1,859 topics
Age: 57
Skin: IPBoard wide
Local time: 06:26 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 57d 9h 13m 9s

Posted 28 March 2011 - 12:28 AM

Update Adobe Reader

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.