21 replies to this topic

[majordomo]

Hello,

I'm unable to run malwarebytes due to runtime error 372.
I've followed multiple workarounds to solve the problem all from this forum but nothing has worked.
So now I post my dss logs as suggested.


Thanks in advance

majordomo



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Reinier at 17:34:54 on 2012-05-03
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.31.1043.18.1976.1103 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Users\Reinier\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Reinier\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Reinier\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.2345.com/?duote
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vz32&d=1208&m=travelmate_7730
mStart Page = hxxp://nl.intl.acer.yahoo.com
mDefault_Page_URL = hxxp://nl.intl.acer.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ECO Bar: {10000000-1000-1000-1000-100000000000} -
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Skytel] "Skytel.exe"
mRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
mRun: [PLFSetI] "c:\windows\PLFSetI.exe"
mRun: [LManager] "c:\progra~1\launch~1\QtZgAcer.EXE"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
TCP: Interfaces\{4BA9FC38-C36B-408A-B299-9266D36FE0ED} : DhcpNameServer = 62.179.104.196 213.46.228.196
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-12-16 43184]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2012-5-1 24576]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-8-1 1201640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-6-12 81296]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-5-3 28488]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-3 40776]
R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-12 3658752]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;"c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe" --> c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [?]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe --> c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [?]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe --> c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-03 15:25:07 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-03 15:24:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-03 15:24:45 -------- d-----w- c:\users\reinier\appdata\roaming\Malwarebytes
2012-05-03 15:24:41 -------- d-----w- c:\programdata\Malwarebytes
2012-05-03 15:24:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-03 15:24:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-01 18:56:45 -------- d-----w- c:\users\reinier\appdata\local\Samsung
2012-05-01 18:35:12 487424 ----a-w- c:\windows\system32\INT15.dll
2012-05-01 18:34:42 17952 ----a-w- c:\windows\system32\drivers\int15_64.sys
2012-05-01 18:34:42 15392 ----a-w- c:\windows\system32\drivers\int15.sys
.
==================== Find3M ====================
.
2012-03-28 20:11:22 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-03-28 20:11:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-02-15 19:11:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 17:35:43,75 ===============

Attached Files

•  Attach.txt   3.35K   5 downloads
•  DDS.txt   9.14K   6 downloads

[LDTate]

Did you read this:
http://forums.malwar...97
Section D
Error Code 732 - Automatically Detect Settings in IE & Note for NetZero Users

I don't see a anti-virus program running. Get a free one.

Only run one Anti-Virus at a time.


Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

• Microsoft Security Essentials
  
• AVAST Home Edition

Run a full scan and let us know what it finds

[majordomo]

LDTate thanks for your response,

I was reffering to runtime error 372 and not error code 732.
At the moment of running dss no anti virus was present. but before and after I had Avast.
Ran a full scan after posting the logs and it found nothing.

Thanks.

[LDTate]

Please do the following to see if it resolves the issue: Post back and let us know please

Go to C:\Program Files\Malwarebytes' Anti-Malware\Chameleon
Double Click Chameleon to open the file.

Try clicking Test until one of them works.
MBAM will open and run a quick scan.

[majordomo]

Hello

I'd already tried that, but have tried it again.
Unfortanately I still get the runtime error for all 11 versions of chameleon.

Regards

[LDTate]

Please do the following to see if it resolves the issue: Post back and let us know please

• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

[majordomo]

Hi,

I also did that before and tried it again.
But i get the same runtime error code.

regards

[LDTate]

If you did that and MBAM still won't run, I doubt it's a MBAM issue.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[majordomo]

Hi,

Below the log from Combofix:


ComboFix 12-05-06.03 - Reinier 06-05-2012 19:42:57.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.31.1043.18.1976.1123 [GMT 2:00]
Gestart vanuit: c:\users\Reinier\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Reinier\AppData\Roaming\020000006f63571b515C.manifest
c:\users\Reinier\AppData\Roaming\020000006f63571b515O.manifest
c:\users\Reinier\AppData\Roaming\020000006f63571b515P.manifest
c:\users\Reinier\AppData\Roaming\020000006f63571b515S.manifest
D:\resycled
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gaopdxserv.sys
-------\Service_gaopdxserv.sys
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-06 to 2012-05-06 ))))))))))))))))))))))))))))))
.
.
2012-05-03 16:18 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-03 16:18 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-03 16:18 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-03 16:18 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-03 16:18 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-03 16:18 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-03 16:18 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-03 16:18 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-03 16:17 . 2012-05-03 16:17 -------- d-----w- c:\programdata\AVAST Software
2012-05-03 15:25 . 2012-05-05 10:40 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-03 15:24 . 2012-05-05 10:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-03 15:24 . 2012-05-03 15:24 -------- d-----w- c:\users\Reinier\AppData\Roaming\Malwarebytes
2012-05-03 15:24 . 2012-05-03 15:24 -------- d-----w- c:\programdata\Malwarebytes
2012-05-03 15:24 . 2012-05-03 15:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-03 15:24 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 18:56 . 2012-05-01 19:07 -------- d-----w- c:\users\Reinier\AppData\Local\Samsung
2012-05-01 18:35 . 2008-08-19 12:27 487424 ----a-w- c:\windows\system32\INT15.dll
2012-05-01 18:34 . 2008-08-19 12:23 17952 ----a-w- c:\windows\system32\drivers\int15_64.sys
2012-05-01 18:34 . 2008-08-19 12:23 15392 ----a-w- c:\windows\system32\drivers\int15.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 20:11 . 2011-07-11 20:52 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-02-15 19:11 . 2010-05-17 09:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"Skytel"="Skytel.exe" [2008-04-21 1826816]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-09-01 858632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe"
"Persistence"="c:\windows\system32\igfxpers.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IgfxTray"="c:\windows\system32\igfxtray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-17 19:06]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088551051-925268556-1652152937-1003Core.job
- c:\users\Reinier\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-01 19:12]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088551051-925268556-1652152937-1003UA.job
- c:\users\Reinier\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-01 19:12]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.2345.com/?duote
mStart Page = hxxp://nl.intl.acer.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
.
- - - - ORPHANS VERWIJDERD - - - -
.
Notify-3e5fda52515 - (no file)
Notify-AWinNotifyVitaKey MC3000 - (no file)
.
.
.
**************************************************************************
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden:
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2088551051-925268556-1652152937-1003\Software\SecuROM\License information*]
"datasecu"=hex:d4,9f,00,0b,af,f5,b4,c5,43,41,e0,28,2f,19,26,88,a8,a4,3a,a4,c2,
af,cf,d9,0b,03,6f,fb,e3,1d,2b,81,a5,ac,67,10,05,88,b8,22,b6,0f,97,b9,9c,2e,\
"rkeysecu"=hex:65,dd,1e,4d,1b,14,b1,2f,e3,ad,53,46,eb,ee,bf,af
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3276)
c:\windows\system32\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\users\Reinier\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-05-06 20:00:16 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-06 18:00
.
Pre-Run: 29.938.798.592 bytes beschikbaar
Post-Run: 29.465.739.264 bytes beschikbaar
.
- - End Of File - - E52CEA0D03A54750CC803C5C273B2134

[majordomo]

Hi

Computer behaves the same as before no obvious issues, except not being able to run malwarebytes.

regards

[LDTate]

Try the clean-uninstall again.

• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

[LDTate]

The following instructions show you how to exclude Avast! 6 and Malwarebytes' Anti-Malware from one another to prevent conflicts and improve performance:

Set Exclusions for Malwarebytes' Anti-Malware in Avast! Antivirus 6 (Free, Pro and Internet Security):

Open Avast! antivirus and click on REAL-TIME SHIELDS on the left
Click on File System Shield on the left and click on Expert Settings
Click the Exclusions section
Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)
In the Select the areas window click on the + next to C:
Click the + next to Program Files Note: For 64 bit Windows versions this will be Program Files (x86)
Click the box next to Malwarebytes' Anti-Malware and click on OK
Click OK again
Click on Web Shield on the left and click Expert Settings
Click on Exclusions and check the box next to URLs to exclude:
Type or copy/paste the following address:

*.mbamupdates.com

Click on OK

Also, for Avast! Internet Security:

Click on Behavior Shield on the left and click Expert Settings
Click on Trusted Processes
Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)
Navigate to C:Program Files\Malwarebytes' Anti-Malware and click once on mbam.exe and click Open Note: For 64 bit Windows versions this will be Program Files (x86)
Do the same for the following files:

mbamgui.exe
mbamservice.exe

Click on OK
Close Avast! antivirus



Set Exclusions for Avast! Antivirus Free, Pro and Internet Security in Malwarebytes' Anti-Malware:

Open Malwarebytes' Anti-Malware and click on the Ignore List tab
Click on the Add button on the lower left
In the small browse window that opens, navigate to C:\Program Files and click once on avast software and click on OK
Close Malwarebytes' Anti-Malware

[majordomo]

Hi,

I did the mbam clean. after restart turned off avast completely and installed mbam.
Ran chameleon, but still the same results.

regards.

[LDTate]

runtime error 372.

Is that everything the error displays?

[majordomo]

Hi

first pop up window says runtime error "0"
clicks ok and second window says "

"runtime error 372 Failed to load control 'vbalgrid' from vbalgrid6.ocx Version of vbalgrid6.ocx is outdated.

Make sure you are using the version of the control that was provided with your application.

regards

[LDTate]

That error with MBAM was fixed awhile back.

Are you running the clean-Uninstall?


Make sure, hidden files are visible.
Check C:\Program Files\Malwarebytes' Anti-Malware folder.
Can you see vbalsgrid6.ocx there?
If so, rename it to vbalsgrid6.old


Open "New Task".
Type in:
regsvr32 vbalsgrid6.ocx
Click OK.

[majordomo]

Hi,

Yes, I've ran mbam clean and re-install 3 or 4 times already.

regards

[LDTate]

LDTate, on 07 May 2012 - 08:13 AM, said:

That error with MBAM was fixed awhile back.

Are you running the clean-Uninstall?


Make sure, hidden files are visible.
Check C:\Program Files\Malwarebytes' Anti-Malware folder.
Can you see vbalsgrid6.ocx there?
If so, rename it to vbalsgrid6.old


Open "New Task".
Type in:
regsvr32 vbalsgrid6.ocx
Click OK.

[majordomo]

Hi

I did the first rename part, but the second part regsvr32 does not work and gives the following reply:
regsvr32 is not recognised as an internal or external command, program or batchfile.

regards

[LDTate]

1. Right click on MY COMPUTER and select PROPERTIES.
2. Select the ADVANCED tab.
3. Now select ENVIRONMENT VARIABLES
4. In the "USER VARIABLES OF (your name)" frame click NEW
5. Enter "Path" in the VARIABLE NAME text box and "C:\WINDOWS\system32" in the VARIABLE VALUE text box(without the quotes).
6. Close COMMAND PROMPT if it's already running and restart it (Start>Accessories>Command Prompt).
7. Path has been set...

now try it and let me know how it's running