Malwarebytes' Anti-Malware has stopped working error

helpmePLS · February 22, 2010

Hi! I'm new to the forum, and I just used MBAM on my desktop to clean up Vista Guardian 2010 malware, and it worked great. I have some bigger issues (I think) with my laptop. I have no idea what kind of virus is on my laptop, all I know is that it my computer (when it actually decides to run) doesn't open to my usual desktop, but some alternate desktop, with a black background. It's not in SAFE MODE either.

When I try to run the program I get an alert that says Malwarebytes' Anti-Malware has stopped working. I renamed the file and that didn't work either.

Problem details gave me the following information, not quite sure how to proceed from there.

Problem signature:

Problem Event Name: APPCRASH

Application Name: abooyah.exe.exe

Application Version: 1.43.0.0

Application Timestamp: 2a425e19

Fault Module Name: abooyah.exe.exe

Fault Module Version: 1.43.0.0

Fault Module Timestamp: 2a425e19

Exception Code: 80000003

Exception Offset: 00009b24

OS Version: 6.0.6000.2.0.0.768.3

Locale ID: 1033

Additional Information 1: 8d13

Additional Information 2: cdca9b1d21d12b77d84f02df48e34311

Additional Information 3: 8d13

Additional Information 4: cdca9b1d21d12b77d84f02df48e34311

abooyah.exe is what I had renamed the MBAM file as, just FYI. Any suggestions would be greatly welcomed.

Thanks!

helpmePLS · February 22, 2010

Forgot to mention, I have Windows Vista.

JSntgRvr · February 22, 2010

Hi, helpmePLS

:lol:

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
- Change Drivers to All
- Change Standard Registry to All
- Under File Scans, change File age to 30
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
- Please post the contents of these files in your next reply.

kingram · February 22, 2010

mbam.exe keeps getting deleted after the install completes. How can I track down the culprit.

helpmePLS · February 22, 2010

Hello! Thank you for your help. I did what you said, and I'll paste the OTL.txt below. I did change the Drivers and Standard Registry to All, but when I hit Quick Scan, it automatically changed it back to the previous settings. So I ran it again, but then changed Drivers and Standard Registry to All after hitting Quick Scan, only to realize I wasn't going to get the Extras.Txt again. Sorry! Will that affect anything?

OTL.txt

OTL logfile created on: 2/21/2010 10:44:45 PM - Run 3

OTL by OldTimer - Version 3.1.30.1 Folder = D:\

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16982)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 147.00 Mb Available Physical Memory | 15.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 68.21 Gb Total Space | 13.74 Gb Free Space | 20.14% Space Free | Partition Type: NTFS

Drive D: | 3.77 Gb Total Space | 3.76 Gb Free Space | 99.80% Space Free | Partition Type: FAT

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/21 21:56:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\OTL.exe

PRC - [2010/01/14 09:16:05 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/10/16 12:13:04 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe

PRC - [2009/10/16 12:13:03 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys

PRC - [2009/06/05 12:39:22 | 000,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2009/06/05 12:39:14 | 000,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/10/25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

PRC - [2008/02/25 17:23:34 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe

PRC - [2008/02/11 19:13:12 | 000,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe

PRC - [2008/02/11 19:13:10 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe

PRC - [2008/02/11 19:13:08 | 000,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe

PRC - [2008/02/11 19:13:02 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe

PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/11/02 17:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0500Mon.exe

PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007/07/05 17:20:28 | 000,820,520 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2007/07/05 17:00:50 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2007/02/22 07:46:24 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe

PRC - [2007/02/21 16:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe

PRC - [2007/02/14 21:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

PRC - [2007/02/14 21:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lktsrv.exe

PRC - [2007/02/14 21:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkads.exe

PRC - [2007/01/22 10:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe

PRC - [2006/12/25 21:06:00 | 000,037,168 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe

PRC - [2006/12/13 22:13:02 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2006/12/13 21:59:04 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

PRC - [2006/12/13 20:46:08 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

PRC - [2006/12/13 10:52:44 | 000,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

PRC - [2006/11/30 10:10:24 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

PRC - [2006/10/31 23:15:38 | 000,036,392 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe

PRC - [2006/10/16 21:55:20 | 001,097,728 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2006/10/12 20:09:00 | 000,073,256 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2006/10/12 20:08:56 | 000,055,928 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2006/09/05 23:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2006/08/04 00:39:00 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

========== Modules (SafeList) ==========

MOD - [2010/02/21 21:56:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\OTL.exe

MOD - [2006/11/02 01:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/10/16 12:13:03 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)

SRV - [2009/06/15 11:05:40 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009/06/05 12:39:14 | 000,541,992 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009/05/27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2008/11/24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008/11/24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2008/11/24 21:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008/10/20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/06/22 14:46:48 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2007/05/17 23:18:15 | 001,831,936 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)

SRV - [2007/03/25 14:11:47 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2007/03/09 13:23:08 | 000,194,096 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2007/03/09 13:23:02 | 000,083,504 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2007/02/22 07:46:24 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)

SRV - [2007/02/21 16:15:52 | 000,056,096 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)

SRV - [2007/02/14 21:54:06 | 000,207,648 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)

SRV - [2007/02/14 21:49:16 | 000,064,288 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)

SRV - [2007/02/14 21:48:56 | 000,056,096 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds)

SRV - [2007/02/06 21:47:46 | 000,703,264 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)

SRV - [2007/01/29 14:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)

SRV - [2007/01/22 10:38:44 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)

SRV - [2006/12/25 21:06:00 | 000,037,168 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)

SRV - [2006/12/13 22:13:02 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2006/12/13 22:11:14 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)

SRV - [2006/12/13 20:46:08 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)

SRV - [2006/12/13 10:52:44 | 000,722,496 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)

SRV - [2006/11/19 21:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)

SRV - [2006/11/15 15:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2006/11/02 04:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)

SRV - [2006/11/02 04:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006/11/02 01:46:05 | 000,017,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\irmon.dll -- (Irmon)

SRV - [2006/10/31 23:15:38 | 000,036,392 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2006/10/26 23:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/10/24 21:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)

SRV - [2006/10/24 21:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)

SRV - [2006/10/24 21:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2006/10/24 21:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2006/10/13 14:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

SRV - [2006/10/12 20:08:56 | 000,055,928 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2006/09/20 17:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)

SRV - [2006/08/04 00:39:00 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)

SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004/12/02 07:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)

SRV - [2004/08/16 01:43:54 | 000,536,576 | ---- | M] () [Auto | Stopped] -- C:\MATLAB701\webserver\bin\win32\matlabserver.exe -- (matlabserver)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 20:15:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 09:16:36 | 000,000,000 | ---D | M]

[2010/01/20 20:15:38 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Extensions

[2010/02/21 19:41:53 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\t8xk2wp0.default\extensions

[2008/11/19 21:44:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2005/10/12 14:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll

[2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [GrooveMonitor] C:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe ()

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [V0500Mon.exe] C:\Windows\V0500Mon.exe (Creative Technology Ltd.)

O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{163d1cd7-ca22-11dd-88b3-000000000000}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

========== Files - Modified Within 14 Days ==========

[2010/02/21 17:30:41 | 000,668,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/02/21 17:30:40 | 000,786,636 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/02/21 17:30:40 | 000,122,390 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/02/21 17:19:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

========== Files Created - No Company Name ==========

[2010/01/20 20:33:49 | 000,004,608 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/17 14:52:30 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini

[2009/04/29 14:27:07 | 000,311,384 | ---- | C] () -- C:\Windows\System32\disretizer.dll

[2009/04/29 14:27:07 | 000,123,904 | ---- | C] () -- C:\Windows\System32\sdi.dll

[2009/04/29 14:27:07 | 000,094,208 | ---- | C] () -- C:\Windows\System32\sdit.dll

[2009/02/01 22:24:49 | 000,004,903 | ---- | C] () -- C:\ProgramData\qnobttcl.zyf

[2009/01/31 12:31:56 | 000,005,058 | ---- | C] () -- C:\ProgramData\kvdkyhfm.noo

[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2007/04/29 11:00:31 | 000,041,324 | ---- | C] () -- C:\Windows\System32\winio.sys

[2007/04/29 10:59:17 | 000,000,157 | ---- | C] () -- C:\Windows\matlab.ini

[2007/03/25 13:33:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll

[2007/03/25 13:27:28 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS

[2007/02/22 10:19:06 | 000,052,000 | ---- | C] () -- C:\Windows\System32\nipcload.dll

[2007/02/21 18:30:50 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini

[2007/02/21 09:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys

[2006/12/14 10:14:16 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI

[2006/12/14 10:14:10 | 000,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI

[2006/11/30 09:31:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2006/11/29 14:28:54 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 05:02:10 | 000,000,680 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat

[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/09/05 13:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL

[2005/06/10 09:00:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\cviUSI.dll

[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/01/31 14:55:10 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/01/31 14:55:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job

========== Purity Check ==========

< End of report >

Thank you. I hope you are able to help! :lol:

JSntgRvr · February 22, 2010

Lets try another scanner.

Download OTS.exe by OldTimer to your Desktop.

Close any open browsers.
Double-click on OTS.exe to start the program.
Leave all settings as they appear as default, except for the following:
- Under File Age, select 30.
- Under Drivers, select "All".
- Under Registry, select "All".
- Under Additional Scans, click on the "Extras" button.
- Under the Custom Scan box paste this in
  netsvcs
  
  %SYSTEMDRIVE%\*.*
  
  /md5start
  
  eventlog.dll
  
  scecli.dll
  
  netlogon.dll
  
  cngaudit.dll
  
  sceclt.dll
  
  ntelogon.dll
  
  logevent.dll
  
  iaStor.sys
  
  nvstor.sys
  
  atapi.sys
  
  IdeChnDr.sys
  
  viasraid.sys
  
  AGP440.sys
  
  vaxscsi.sys
  
  nvatabus.sys
  
  viamraid.sys
  
  nvata.sys
  
  nvgts.sys
  
  iastorv.sys
  
  ViPrt.sys
  
  eNetHook.dll
  
  ahcix86.sys
  
  KR10N.sys
  
  nvstor32.sys
  
  ahcix86s.sys
  
  nvrd32.sys
  
  /md5stop
  
  %systemroot%\*. /mp /s
  
  CREATERESTOREPOINT
  
  %systemroot%\System32\config\*.sav
  
  %systemroot%\system32\*.dll /lockedfiles
  
  %systemroot%\Tasks\*.job /lockedfiles

[*]Now click the Run Scan button on the toolbar.

[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.

[*]When the scan is complete Notepad will open with the report file loaded in it.

[*]Save that notepad file

Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).

helpmePLS · February 22, 2010

Ok, I followed your steps completely and I'm attaching the text file. Let me know how to proceed from there!

Thank you for your help. I really appreciate it.

OTS.Txt

JSntgRvr · February 23, 2010

No help there.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  -----------------------------------------------------------

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combofix.exe & follow the prompts.

[*]Install the Recovery Console if prompted.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.

helpmePLS · February 23, 2010

I saved ComboFix.exe to my desktop and when I tried to run it, a window pops up saying that ComboFix.exe has stopped working. Is there another way around this?

Thanks again!

JSntgRvr · February 23, 2010

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]Install the Recovery Console if prompted.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" .

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

helpmePLS · February 23, 2010

I'm attaching the Combofix.txt file that I got after running ComboFix.exe. Let me know how to continue! Thank you!

ComboFix.txt

JSntgRvr · February 23, 2010

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply.

Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

Upgrading Java :

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")

helpmePLS · February 25, 2010

Hi there!! I was able to run the MBAM on my computer and it deleted two infections! I've pasted below the log from the program. I haven't had a chance to do the JAVA scan, but I plan to get to it ASAP. I was wondering, what does that scan do? Anyways, thank you so much for your help!! My computer is already up and running again which is a HUGE relief, but just let me know if there are other things I need to do. I'm willing to clean my computer completely. And I'll reply again after I complete the JAVA scan.

Malwarebytes' Anti-Malware 1.44

Database version: 3787

Windows 6.0.6000

Internet Explorer 7.0.6000.16982

2/24/2010 3:59:13 PM

mbam-log-2010-02-24 (15-59-13).txt

Scan type: Quick Scan

Objects scanned: 112512

Time elapsed: 46 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Palak\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

JSntgRvr · February 25, 2010

Hi there!! I was able to run the MBAM on my computer and it deleted two infections! I've pasted below the log from the program. I haven't had a chance to do the JAVA scan, but I plan to get to it ASAP. I was wondering, what does that scan do? Anyways, thank you so much for your help!! My computer is already up and running again which is a HUGE relief, but just let me know if there are other things I need to do. I'm willing to clean my computer completely. And I'll reply again after I complete the JAVA scan.

You will be doing a Kaspersky online anti-virus scan. JAVA is an application used by kaspersky to perform the scan.

helpmePLS · March 1, 2010

Hello there! I ran the Kaspersky online anti-virus scanner and my laptop seems to be back on track and working well. Please let me know if I should be purchasing anti-virus protection, and if so, what kind?

I do have a problem with my desktop however, which I was wondering whether you could help with. My desktop got infected with Vista Internet Security 2010. I had previously used MBAM to clean up that mess, and I thought I'd gotten rid of all the problems, however the POP-ups are back and now it's not letting me open any program, stating that I need to create an association in the Set Associations Control Panel. I've googled this and tried to figure out how the change the associations, but to no avail. I tried Combo_fix, MBAM, AVG, etc.. but the associations seem to be blocked for everything. Do you have any ideas? The OS is Windows Vista.

Thank you again for the help with my laptop. I very much appreciate it.

You will be doing a Kaspersky online anti-virus scan. JAVA is an application used by kaspersky to perform the scan.

JSntgRvr · March 1, 2010

Hi, helpmePLS.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Please download OTC by OldTimer.

Save it to your desktop.
Please double-click OTC.exe to run it. (Vista users, please right click on OTC.exe and select "Run as an Administrator")
This will delete the tools we used in the removal of malware, including this program.
If you are asked to reboot to complete the removal process then please do so

Upon restart, manually remove any remaining tools.

Create a Restore point:

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
In the System Restore dialog box, click Create a restore point, and then click Next.
Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

The full version of Malwarebytes' Anti-Malware protects your computer against many threats.

Malwarebytes use different ways of protecting your computer(s):

Dynamically Blocks Malware Sites & Servers
Malware Execution Prevention

Save yourself the hassle and get protected.

Best wishes!

Malwarebytes' Anti-Malware has stopped working error

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information