Getting "needs to close error" with 1.70.0.1100 in Windows XP

[sgbrown68]

Hi,

Running Windows XP, long time malwarebytes user (free version) never had any problems. It just updated to 1.70.0.1100 and now it won't complete the scans. When running a quick scan, whenever it gets to "windows/system/mciavi" in the scannign process, I get the message "Malwarebytes has enountered an error and needs to close" and then prompts me on whether or not I want to send an error report.

I've tried mbam clean and reinstalled several times. No joy.

Please advise further. Thanks!

[sgbrown68]

Ok I figured it out, or at least I've found a work around: I disabled SpyBot teatimer and that took care of it. Strange, never had a problem working with teatimer in previous versions I've had. Oh well, at least I've got it to where it will fully run the scan.

Really enjoy your product.

Best

[AdvancedSetup]

Glad you were able to get it working. If you continue to have an issue please let us know.

Thanks

[sgbrown68]

ok, unfortunately, i spoke too soon. it started happening again. no idea what the catalyst is. i mean, it clearly has to be something w/this new version because i've never had any problems like this before. tried to run it for a full scan today, same thing happened "encountered error and needs to close". done the mbam clean and reinstalled again. no joy.

any suggestions?

[Firefox]

Please provide the following logs so we can assist you further.....

Please post an mbam-check log:

Create an mbam-check log:

• Download mbam-check.exe from here and save it to your desktop
  
• Double-click on mbam-check.exe to run it, it should then open a log file
  
• Please attach the CheckResults.txt file which should now be located on your desktop to your next reply
  

Next, Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

• 
  When done, DDS will open two (2) logs:
  

1. DDS.txt
   
2. Attach.txt
   

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[sgbrown68]

here's the mbam check log:

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ 1.70.0.1100

Date Log Created: 01/15/13

Time Log Created: 18:11:57

User Account type: Administrator

32 bit Operating System

Product Name: REG_SZ Microsoft Windows XP

Current Build Number: 2600

Current Version Number: 5.1

Current CSDVersion: Service Pack 3

OS Product Info: Professional

Proxy Status: No proxy is Set

Proxy Override:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

ProxyOverride REG_SZ *.local

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 4 (The service is running.) (State is stopped)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Service and Driver Status:

==========================

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

MBAMProtector Registry Values:

==============================

MBAMService Registry Values:

============================

MBAMScheduler Registry Values:

==============================

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

advancedheuristics REG_DWORD 1

downloadprogram REG_DWORD 1

hidereg REG_DWORD 0

detectp2p REG_DWORD 0

detectpum REG_DWORD 1

detectpup REG_DWORD 2

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

contextmenu REG_DWORD 1

reportthreats REG_DWORD 1

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

startipdisabled REG_DWORD 0

silentipmode REG_DWORD 0

autoquarantine REG_DWORD 1

notifyinstallprogram REG_DWORD 1

trialpromptshown REG_DWORD 0

autoquarantinenotify REG_DWORD 1

InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

dbdate REG_SZ Tue, 15 Jan 2013 20:46:11 GMT

dbversion REG_SZ v2013.01.15.14

programversion REG_SZ 1.70.0.1100

programbuild REG_SZ consumer

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 0

terminateie REG_DWORD 0

Language REG_SZ English.lng

selectedrives REG_SZ C:\|

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)

Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: No Icons REG_DWORD 1

Inno Setup: User REG_SZ Steve

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.70.0.1100

DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.70.0.1100

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20130114

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 70

Pending File Rename Operations:

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Scheduler Queue:

================

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

MBAM Drivers:

=============

C:\WINDOWS\system32\drivers\mbam.sys File Size: 21104 BYTES FileVersion: 1.60.2.0

C:\WINDOWS\system32\drivers\mbamswissarmy.sys File Size: 40776 BYTES FileVersion: 1.60.0.0

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

Type REG_DWORD 2

Start REG_DWORD 0

ErrorControl REG_DWORD 1

Tag REG_DWORD 4

ImagePath REG_EXPAND_SZ system32\DRIVERS\fltMgr.sys

DisplayName REG_SZ FltMgr

Group REG_SZ FSFilter Infrastructure

Description REG_SZ File System Filter Manager Driver

AttachWhenLoaded REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512

C:\WINDOWS\system32\mscomctl.ocx File Size: 1070352 BYTES FileVersion: 6.1.98.33

C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512

List of MBAM Related Directories:

=================================

C:\Program Files\Malwarebytes' Anti-Malware

changes.txt File Size: 2128 BYTES

license.rtf File Size: 17916 BYTES

mbam.chm File Size: 469873 BYTES

mbam.dll File Size: 508264 BYTES FileVersion: 1.70.0.0

mbam.exe File Size: 824232 BYTES FileVersion: 1.70.0.9

mbamcore.dll File Size: 1091432 BYTES FileVersion: 1.70.0.0

mbamext.dll File Size: 79208 BYTES FileVersion: 1.70.0.0

mbamgui.exe File Size: 512360 BYTES FileVersion: 1.70.0.0

mbamnet.dll File Size: 2171240 BYTES FileVersion: 1.70.0.0

mbampt.exe File Size: 38248 BYTES FileVersion: 1.70.0.0

mbamscheduler.exe File Size: 398184 BYTES FileVersion: 1.70.0.0

mbamservice.exe File Size: 682344 BYTES FileVersion: 1.70.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 14188 BYTES

unins000.exe File Size: 710504 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 11277 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 216424 BYTES

firefox.exe File Size: 216424 BYTES

firefox.pif File Size: 216424 BYTES

firefox.scr File Size: 216424 BYTES

iexplore.exe File Size: 216424 BYTES

mbam-chameleon.com File Size: 216424 BYTES

mbam-chameleon.exe File Size: 216424 BYTES

mbam-chameleon.pif File Size: 216424 BYTES

mbam-chameleon.scr File Size: 216424 BYTES

mbam-killer.exe File Size: 894312 BYTES

rundll32.exe File Size: 216424 BYTES

svchost.exe File Size: 216424 BYTES

winlogon.exe File Size: 216424 BYTES

C:\Program Files\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 21728 BYTES

belarusian.lng File Size: 26766 BYTES

bosnian.lng File Size: 26988 BYTES

bulgarian.lng File Size: 27400 BYTES

catalan.lng File Size: 28114 BYTES

chineseSI.lng File Size: 10970 BYTES

chineseTR.lng File Size: 11894 BYTES

croatian.lng File Size: 26576 BYTES

czech.lng File Size: 24682 BYTES

danish.lng File Size: 26434 BYTES

dutch.lng File Size: 28142 BYTES

english.lng File Size: 24418 BYTES

estonian.lng File Size: 25014 BYTES

finnish.lng File Size: 25770 BYTES

french.lng File Size: 29674 BYTES

german.lng File Size: 29698 BYTES

greek.lng File Size: 29116 BYTES

hebrew.lng File Size: 19202 BYTES

hungarian.lng File Size: 28430 BYTES

italian.lng File Size: 28022 BYTES

japanese.lng File Size: 16140 BYTES

korean.lng File Size: 14096 BYTES

latvian.lng File Size: 26916 BYTES

lithuanian.lng File Size: 27664 BYTES

macedonian.lng File Size: 28864 BYTES

norwegian.lng File Size: 24978 BYTES

polish.lng File Size: 26484 BYTES

portugueseBR.lng File Size: 28544 BYTES

portuguesePT.lng File Size: 28904 BYTES

romanian.lng File Size: 28090 BYTES

russian.lng File Size: 27134 BYTES

serbian.lng File Size: 26662 BYTES

slovak.lng File Size: 25486 BYTES

slovenian.lng File Size: 24696 BYTES

spanish.lng File Size: 29902 BYTES

swedish.lng File Size: 25800 BYTES

thai.lng File Size: 25884 BYTES

turkish.lng File Size: 25800 BYTES

vietnamese.lng File Size: 29400 BYTES

C:\Documents and Settings\Steve\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

C:\Documents and Settings\Steve\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

mbam-log-2013-01-14 (21-08-45).txt File Size: 1852 BYTES

mbam-log-2013-01-14 (21-12-17).txt File Size: 1866 BYTES

C:\Documents and Settings\Steve\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================

END OF FILE

here is the DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37

Run by Steve at 18:13:40 on 2013-01-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1513 [GMT -5:00]

.

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Easy Dock] c:\documents and settings\steve\my documents\rca easyrip\EZDock.exe

uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"

mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [Conime] c:\windows\system32\conime.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Easy Dock] <no file>

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\rlolerzl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\steve\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R3 5U870UVC;Sony Visual Communication Camera VGP-VCC7;c:\windows\system32\drivers\5U870.sys [2012-3-9 90240]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2012-3-12 31104]

R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2012-3-8 71961]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-3-24 6016]

S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2012-3-9 36608]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-15 40776]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-3-24 20480]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-3-24 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-3-24 23424]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2012-3-24 11008]

S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-3-16 389120]

S4 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]

S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]

S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

.

=============== Created Last 30 ================

.

2013-01-15 22:28:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-15 02:06:55 -------- d-----w- c:\documents and settings\steve\application data\Malwarebytes

2013-01-15 02:06:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-01-15 02:06:48 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-15 02:06:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-22 15:23:06 -------- d-----w- c:\program files\Dropbox

2012-12-18 14:28:14 186584 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-12-18 14:28:14 186584 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-01-09 17:59:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-09 17:59:19 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 18:14:07.01 ===============

here is the Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/9/2012 8:20:03 AM

System Uptime: 1/15/2013 6:09:22 PM (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T7500 @ 2.20GHz | N/A | 2194/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 1.579 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® Wireless WiFi Link 4965AGN

Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11008086&REV_61\4&29E2C51B&0&00E1

Manufacturer: Intel Corporation

Name: Intel® Wireless WiFi Link 4965AGN

PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11008086&REV_61\4&29E2C51B&0&00E1

Service: NETw5x32

.

Class GUID:

Description: Toshiba RFBUS Driver

Device ID: BLUETOOTH\TOSRFBD\TOSRFBD

Manufacturer:

Name: Toshiba RFBUS Driver

PNP Device ID: BLUETOOTH\TOSRFBD\TOSRFBD

Service:

.

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}

Description: Windows XP / Windows Server 2003 device driver for the Infineon Trusted Platform Module

Device ID: ACPI\IFX0102\1

Manufacturer: Infineon Technologies AG

Name: Infineon Trusted Platform Module

PNP Device ID: ACPI\IFX0102\1

Service: IFXTPM

.

==== System Restore Points ===================

.

RP226: 10/17/2012 10:07:24 PM - System Checkpoint

RP227: 10/18/2012 11:36:26 AM - Installed Java 6 Update 37

RP228: 10/19/2012 4:28:23 PM - System Checkpoint

RP229: 10/20/2012 4:55:24 PM - System Checkpoint

RP230: 10/21/2012 5:55:20 PM - System Checkpoint

RP231: 10/22/2012 6:04:15 PM - System Checkpoint

RP232: 10/23/2012 8:43:44 AM - Installed QuickTime

RP233: 10/24/2012 5:07:09 PM - System Checkpoint

RP234: 10/25/2012 6:02:48 PM - System Checkpoint

RP235: 10/26/2012 6:04:34 PM - System Checkpoint

RP236: 10/27/2012 7:04:33 PM - System Checkpoint

RP237: 10/28/2012 7:39:47 PM - System Checkpoint

RP238: 10/29/2012 8:04:34 PM - System Checkpoint

RP239: 10/30/2012 8:04:51 PM - System Checkpoint

RP240: 10/31/2012 9:04:52 PM - System Checkpoint

RP241: 11/1/2012 10:04:51 PM - System Checkpoint

RP242: 11/2/2012 11:04:52 PM - System Checkpoint

RP243: 11/3/2012 11:04:52 PM - System Checkpoint

RP244: 11/5/2012 12:04:52 AM - System Checkpoint

RP245: 11/6/2012 1:04:52 AM - System Checkpoint

RP246: 11/7/2012 1:39:07 AM - System Checkpoint

RP247: 11/8/2012 1:59:32 AM - System Checkpoint

RP248: 11/9/2012 2:59:33 AM - System Checkpoint

RP249: 11/10/2012 3:59:32 AM - System Checkpoint

RP250: 11/11/2012 8:30:56 AM - System Checkpoint

RP251: 11/12/2012 5:07:31 PM - System Checkpoint

RP252: 11/13/2012 6:10:28 PM - System Checkpoint

RP253: 11/14/2012 6:41:07 PM - System Checkpoint

RP254: 11/14/2012 10:01:20 PM - Installed WModem_Installer

RP255: 11/15/2012 10:41:08 PM - System Checkpoint

RP256: 11/16/2012 10:42:13 PM - System Checkpoint

RP257: 11/17/2012 11:41:07 PM - System Checkpoint

RP258: 11/19/2012 12:41:07 AM - System Checkpoint

RP259: 11/20/2012 1:04:25 AM - System Checkpoint

RP260: 11/21/2012 1:04:49 AM - System Checkpoint

RP261: 11/22/2012 2:04:49 AM - System Checkpoint

RP262: 11/23/2012 3:04:50 AM - System Checkpoint

RP263: 11/24/2012 4:04:50 AM - System Checkpoint

RP264: 11/25/2012 5:04:49 AM - System Checkpoint

RP265: 11/26/2012 6:04:50 AM - System Checkpoint

RP266: 11/27/2012 3:07:50 PM - System Checkpoint

RP267: 11/28/2012 5:11:11 PM - System Checkpoint

RP268: 11/29/2012 5:25:11 PM - System Checkpoint

RP269: 11/30/2012 6:20:03 PM - System Checkpoint

RP270: 12/1/2012 7:18:57 PM - System Checkpoint

RP271: 12/2/2012 8:18:58 PM - System Checkpoint

RP272: 12/3/2012 8:36:47 PM - System Checkpoint

RP273: 12/4/2012 9:22:32 PM - System Checkpoint

RP274: 12/5/2012 10:22:31 PM - System Checkpoint

RP275: 12/6/2012 10:47:38 PM - System Checkpoint

RP276: 12/7/2012 11:47:02 PM - System Checkpoint

RP277: 12/9/2012 12:47:02 AM - System Checkpoint

RP278: 12/10/2012 12:53:02 AM - System Checkpoint

RP279: 12/10/2012 1:46:30 PM - Removed Claro Chrome Toolbar

RP280: 12/11/2012 6:04:24 AM - Restore Operation

RP281: 12/11/2012 9:27:42 AM - Restore Operation

RP282: 12/12/2012 5:19:26 PM - System Checkpoint

RP283: 12/13/2012 6:18:27 PM - System Checkpoint

RP284: 12/14/2012 7:14:00 PM - System Checkpoint

RP285: 12/15/2012 7:41:41 PM - System Checkpoint

RP286: 12/16/2012 8:09:05 PM - System Checkpoint

RP287: 12/17/2012 8:14:49 PM - System Checkpoint

RP288: 12/18/2012 8:15:03 PM - System Checkpoint

RP289: 12/19/2012 8:26:27 PM - System Checkpoint

RP290: 12/20/2012 9:26:27 PM - System Checkpoint

RP291: 12/21/2012 10:05:52 PM - System Checkpoint

RP292: 12/22/2012 10:24:14 PM - System Checkpoint

RP293: 12/23/2012 11:24:13 PM - System Checkpoint

RP294: 12/24/2012 11:48:22 PM - System Checkpoint

RP295: 12/26/2012 12:48:21 AM - System Checkpoint

RP296: 12/27/2012 1:48:21 AM - System Checkpoint

RP297: 12/28/2012 1:55:02 AM - System Checkpoint

RP298: 12/29/2012 2:27:36 AM - System Checkpoint

RP299: 12/30/2012 3:24:26 AM - System Checkpoint

RP300: 12/31/2012 4:00:46 AM - System Checkpoint

RP301: 1/1/2013 4:48:02 AM - System Checkpoint

RP302: 1/2/2013 5:08:12 AM - System Checkpoint

RP303: 1/3/2013 6:08:11 AM - System Checkpoint

RP304: 1/4/2013 6:37:10 AM - System Checkpoint

RP305: 1/5/2013 7:16:12 AM - System Checkpoint

RP306: 1/6/2013 7:55:12 AM - System Checkpoint

RP307: 1/7/2013 11:27:30 AM - System Checkpoint

RP308: 1/8/2013 5:03:53 PM - System Checkpoint

RP309: 1/9/2013 5:32:23 PM - System Checkpoint

RP310: 1/10/2013 6:21:26 PM - System Checkpoint

RP311: 1/11/2013 7:16:27 PM - System Checkpoint

RP312: 1/12/2013 7:55:08 PM - System Checkpoint

RP313: 1/13/2013 8:08:25 PM - System Checkpoint

RP314: 1/15/2013 10:11:33 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.5)

aioscnnr

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BitTorrent

Bonjour

C4USelfUpdater

calibre

CCleaner

CDisplayEx 1.8

center

Dropbox

essentials

FLAC 1.2.1b (remove only)

Free M4a to MP3 Converter 7.1

Google Chrome

Google Talk Plugin

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB954550-v5)

IrfanView (remove only)

iTunes

Java Auto Updater

Java 6 Update 37

Kodak AIO Printer

KODAK AiO Software

ksDIP

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

mIRC

MotoHelper 2.1.32 Driver 5.4.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.4.0

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSXML 6.0 Parser

ocr

PreReq

QuickTime

RCA Detective™ 3.0.3.0

RCA easyRip 2.5.7.0

RCA Updater 2.1.7.0

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB975558)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2483614)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Setting Utility Series

SigmaTel Audio

Skype Click to Call

Skype™ 5.10

Soft Data Fax Modem with SmartCP

Sony Utilities DLL

Sony Video Shared Library

Sony Visual Communication Camera VGP-VCC7 Ver.6.3000.210.0

Spybot - Search & Destroy

StreamTorrent 1.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update for Windows XP (KB2345886)

Update for Windows XP (KB2641690)

VAIO Camera Capture Utility

VAIO Camera Utility

VAIO Event Service

VAIO Power Management

VLC media player 2.0.1

WBFS Manager 3.0

WBFS to ISO

WebFldrs XP

Winamp

Winamp Detector Plug-in

Windows Driver Package - Alps (ApfiltrService) Mouse (05/25/2007 5.3.512.7)

Windows Driver Package - CXT (winachsf) Modem (07/11/2006 7.50.00.00)

Windows Driver Package - Intel Corporation (ialm) Display (06/22/2007 6.14.10.4847)

Windows Driver Package - Marvell (yukonwxp) Net (05/03/2007 10.14.6.3)

Windows Driver Package - Sony Corporation (SNC) HIDClass (06/04/2002 6.0.0.2)

Windows Driver Package - Sony Corporation (SPI) HIDCLASS (08/20/2002 7.0.3.820)

WinRAR 4.20 (32-bit)

WModem Driver Installer

.

==== Event Viewer Messages From Past Week ========

.

1/15/2013 5:55:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:36 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/15/2013 5:55:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

1/15/2013 5:55:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/13/2013 11:15:24 AM, error: yukonwxp [101] - Driver has encountered an internal error

1/13/2013 11:14:59 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001A8063E391. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

1/13/2013 11:14:13 AM, error: PlugPlayManager [12] - The device 'Docking Station' (ACPI\DockDevice\_SB_.DOCK) disappeared from the system without first being prepared for removal.

1/13/2013 11:14:04 AM, error: yukonwxp [106] - Adapter hardware initialization failed

1/10/2013 6:51:01 PM, error: IFXTPM [3] - IFXTPM: Device driver could not be started - c000009c

1/10/2013 12:10:10 PM, error: PlugPlayManager [12] - The device 'Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller' (PCI\VEN_11AB&DEV_4362&SUBSYS_81FE104D&REV_23\4&1b09a299&0&00E3) disappeared from the system without first being prepared for removal.

.

==== End Of File ===========================

[AdvancedSetup]

The computer appears to possibly be infected.

Please follow the advice from here: Available Assistance for Possibly Infected Computers and someone will assist you with this further.

Thanks

[daledoc1]

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 1.579 GiB free.

It also looks as if you are just about out of space on your hard drive.

Having said that, it appears that you have taken AdvancedSetup's advice to have an expert assist with cleaning your computer of possible infections: http://forums.malwar...howtopic=121105

When you get the "all clear" from your malware helper, you'll probably need to free up some space on your hard drive, in order for Windows and your programs to run properly.

<just a thought>

daledoc1

[sgbrown68]

well, in truth, it's gotten worse. this morning windows wouldn't fully load. it got to where it would load up to the desktop, but the desktop wouldn't fully load (no start button, no icons on desktop, no taskbar, just the wallpaper). i could get taskmanager to run, ran chkdsk from "run" prompt in taskmanager, it found several problems, but on reboot, did the same thing, got the wallpaper but nothing else. rebooted in safe mode and am now attempting to restore to an earlier date. if that doesn't work, i'll go back into safe mode and free up space on my hard drive and see if that helps.

[daledoc1]

Hi:

If I were in your shoes, I'd be reluctant to do any significant "self-medicating", for fear of making the problem worse.

I was just pointing out an observation from your scan log.

It's best to wait for expert help in your other topic over in the malware removal section.

Your helper will guide you through the process.

Please be patient -- someone will be along to assist you soon.

Good luck!

daledoc1

[sgbrown68]

ok will do and thanks