majordomo

Runtime error 372 unable to run malwarebytes

22 posts in this topic

Hello,

I'm unable to run malwarebytes due to runtime error 372.

I've followed multiple workarounds to solve the problem all from this forum but nothing has worked.

So now I post my dss logs as suggested.

Thanks in advance

majordomo

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000

Run by Reinier at 17:34:54 on 2012-05-03

Microsoft® Windows Vista™ Business 6.0.6001.1.1252.31.1043.18.1976.1103 [GMT 2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Users\Reinier\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Reinier\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Reinier\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.2345.com/?duote

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vz32&d=1208&m=travelmate_7730

mStart Page = hxxp://nl.intl.acer.yahoo.com

mDefault_Page_URL = hxxp://nl.intl.acer.yahoo.com

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: ECO Bar: {10000000-1000-1000-1000-100000000000} -

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"

mRun: [RtHDVCpl] "RtHDVCpl.exe"

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [skytel] "Skytel.exe"

mRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"

mRun: [PLFSetI] "c:\windows\PLFSetI.exe"

mRun: [LManager] "c:\progra~1\launch~1\QtZgAcer.EXE"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: NoFileAssociate = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: NoDispSettingsPage = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

TCP: Interfaces\{4BA9FC38-C36B-408A-B299-9266D36FE0ED} : DhcpNameServer = 62.179.104.196 213.46.228.196

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL

LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

.

============= SERVICES / DRIVERS ===============

.

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-12-16 43184]

R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2012-5-1 24576]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-8-1 1201640]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-6-12 81296]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-5-3 28488]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-3 40776]

R3 NETw5v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-12 3658752]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;"c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe" --> c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [?]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe --> c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [?]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe --> c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-03 15:25:07 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-05-03 15:24:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-03 15:24:45 -------- d-----w- c:\users\reinier\appdata\roaming\Malwarebytes

2012-05-03 15:24:41 -------- d-----w- c:\programdata\Malwarebytes

2012-05-03 15:24:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-03 15:24:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-01 18:56:45 -------- d-----w- c:\users\reinier\appdata\local\Samsung

2012-05-01 18:35:12 487424 ----a-w- c:\windows\system32\INT15.dll

2012-05-01 18:34:42 17952 ----a-w- c:\windows\system32\drivers\int15_64.sys

2012-05-01 18:34:42 15392 ----a-w- c:\windows\system32\drivers\int15.sys

.

==================== Find3M ====================

.

2012-03-28 20:11:22 4659712 ----a-w- c:\windows\system32\Redemption.dll

2012-03-28 20:11:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

2012-02-15 19:11:15 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 17:35:43,75 ===============

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

:welcome:

Did you read this:

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162097entry162097

Section D

Error Code 732 - Automatically Detect Settings in IE & Note for NetZero Users

I don't see a anti-virus program running. Get a free one.

Only run one Anti-Virus at a time.

Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

Run a full scan and let us know what it finds

Share this post


Link to post
Share on other sites

LDTate thanks for your response,

I was reffering to runtime error 372 and not error code 732.

At the moment of running dss no anti virus was present. but before and after I had Avast.

Ran a full scan after posting the logs and it found nothing.

Thanks.

Share this post


Link to post
Share on other sites

Please do the following to see if it resolves the issue: Post back and let us know please

Go to C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Double Click Chameleon to open the file.

Try clicking Test until one of them works.

MBAM will open and run a quick scan.

Share this post


Link to post
Share on other sites

Hello

I'd already tried that, but have tried it again.

Unfortanately I still get the runtime error for all 11 versions of chameleon.

Regards

Share this post


Link to post
Share on other sites

Please do the following to see if it resolves the issue: Post back and let us know please


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Share this post


Link to post
Share on other sites

Hi,

I also did that before and tried it again.

But i get the same runtime error code.

regards

Share this post


Link to post
Share on other sites

If you did that and MBAM still won't run, I doubt it's a MBAM issue.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Hi,

Below the log from Combofix:

ComboFix 12-05-06.03 - Reinier 06-05-2012 19:42:57.1.2 - x86

Microsoft® Windows Vista™ Business 6.0.6001.1.1252.31.1043.18.1976.1123 [GMT 2:00]

Gestart vanuit: c:\users\Reinier\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Reinier\AppData\Roaming\020000006f63571b515C.manifest

c:\users\Reinier\AppData\Roaming\020000006f63571b515O.manifest

c:\users\Reinier\AppData\Roaming\020000006f63571b515P.manifest

c:\users\Reinier\AppData\Roaming\020000006f63571b515S.manifest

D:\resycled

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_gaopdxserv.sys

-------\Service_gaopdxserv.sys

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-06 to 2012-05-06 ))))))))))))))))))))))))))))))

.

.

2012-05-03 16:18 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-05-03 16:18 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-05-03 16:18 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-05-03 16:18 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-05-03 16:18 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-05-03 16:18 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-05-03 16:18 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-05-03 16:18 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-05-03 16:17 . 2012-05-03 16:17 -------- d-----w- c:\programdata\AVAST Software

2012-05-03 15:25 . 2012-05-05 10:40 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-05-03 15:24 . 2012-05-05 10:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-03 15:24 . 2012-05-03 15:24 -------- d-----w- c:\users\Reinier\AppData\Roaming\Malwarebytes

2012-05-03 15:24 . 2012-05-03 15:24 -------- d-----w- c:\programdata\Malwarebytes

2012-05-03 15:24 . 2012-05-03 15:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-03 15:24 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-01 18:56 . 2012-05-01 19:07 -------- d-----w- c:\users\Reinier\AppData\Local\Samsung

2012-05-01 18:35 . 2008-08-19 12:27 487424 ----a-w- c:\windows\system32\INT15.dll

2012-05-01 18:34 . 2008-08-19 12:23 17952 ----a-w- c:\windows\system32\drivers\int15_64.sys

2012-05-01 18:34 . 2008-08-19 12:23 15392 ----a-w- c:\windows\system32\drivers\int15.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-28 20:11 . 2011-07-11 20:52 4659712 ----a-w- c:\windows\system32\Redemption.dll

2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

2012-02-15 19:11 . 2010-05-17 09:00 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"Skytel"="Skytel.exe" [2008-04-21 1826816]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-09-01 858632]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe"

"Persistence"="c:\windows\system32\igfxpers.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"IgfxTray"="c:\windows\system32\igfxtray.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

.

Inhoud van de 'Gedeelde Taken' map

.

2012-05-06 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-08-17 19:06]

.

2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088551051-925268556-1652152937-1003Core.job

- c:\users\Reinier\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-01 19:12]

.

2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2088551051-925268556-1652152937-1003UA.job

- c:\users\Reinier\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-01 19:12]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.2345.com/?duote

mStart Page = hxxp://nl.intl.acer.yahoo.com

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

.

- - - - ORPHANS VERWIJDERD - - - -

.

Notify-3e5fda52515 - (no file)

Notify-AWinNotifyVitaKey MC3000 - (no file)

.

.

.

**************************************************************************

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden:

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2088551051-925268556-1652152937-1003\Software\SecuROM\License information*]

"datasecu"=hex:d4,9f,00,0b,af,f5,b4,c5,43,41,e0,28,2f,19,26,88,a8,a4,3a,a4,c2,

af,cf,d9,0b,03,6f,fb,e3,1d,2b,81,a5,ac,67,10,05,88,b8,22,b6,0f,97,b9,9c,2e,\

"rkeysecu"=hex:65,dd,1e,4d,1b,14,b1,2f,e3,ad,53,46,eb,ee,bf,af

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(3276)

c:\windows\system32\btncopy.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Acer\Empowering Technology\Service\ETService.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\RtHDVCpl.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Launch Manager\QtZgAcer.EXE

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\users\Reinier\AppData\Local\Temp\RtkBtMnt.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Voltooingstijd: 2012-05-06 20:00:16 - machine werd herstart

ComboFix-quarantined-files.txt 2012-05-06 18:00

.

Pre-Run: 29.938.798.592 bytes beschikbaar

Post-Run: 29.465.739.264 bytes beschikbaar

.

- - End Of File - - E52CEA0D03A54750CC803C5C273B2134

Share this post


Link to post
Share on other sites

Hi

Computer behaves the same as before no obvious issues, except not being able to run malwarebytes.

regards

Share this post


Link to post
Share on other sites

Try the clean-uninstall again.


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Share this post


Link to post
Share on other sites

The following instructions show you how to exclude Avast! 6 and Malwarebytes' Anti-Malware from one another to prevent conflicts and improve performance:

Set Exclusions for Malwarebytes' Anti-Malware in Avast! Antivirus 6 (Free, Pro and Internet Security):

Open Avast! antivirus and click on REAL-TIME SHIELDS on the left

Click on File System Shield on the left and click on Expert Settings

Click the Exclusions section

Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)

In the Select the areas window click on the + next to C:

Click the + next to Program Files Note: For 64 bit Windows versions this will be Program Files (x86)

Click the box next to Malwarebytes' Anti-Malware and click on OK

Click OK again

Click on Web Shield on the left and click Expert Settings

Click on Exclusions and check the box next to URLs to exclude:

Type or copy/paste the following address:

*.mbamupdates.com

Click on OK

Also, for Avast! Internet Security:

Click on Behavior Shield on the left and click Expert Settings

Click on Trusted Processes

Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)

Navigate to C:Program Files\Malwarebytes' Anti-Malware and click once on mbam.exe and click Open Note: For 64 bit Windows versions this will be Program Files (x86)

Do the same for the following files:

mbamgui.exe

mbamservice.exe

Click on OK

Close Avast! antivirus

Set Exclusions for Avast! Antivirus Free, Pro and Internet Security in Malwarebytes' Anti-Malware:

Open Malwarebytes' Anti-Malware and click on the Ignore List tab

Click on the Add button on the lower left

In the small browse window that opens, navigate to C:\Program Files and click once on avast software and click on OK

Close Malwarebytes' Anti-Malware

Share this post


Link to post
Share on other sites

Hi,

I did the mbam clean. after restart turned off avast completely and installed mbam.

Ran chameleon, but still the same results.

regards.

Share this post


Link to post
Share on other sites

runtime error 372.

Is that everything the error displays?

Share this post


Link to post
Share on other sites

Hi

first pop up window says runtime error "0"

clicks ok and second window says "

"runtime error 372 Failed to load control 'vbalgrid' from vbalgrid6.ocx Version of vbalgrid6.ocx is outdated.

Make sure you are using the version of the control that was provided with your application.

regards

Share this post


Link to post
Share on other sites

That error with MBAM was fixed awhile back.

Are you running the clean-Uninstall?

Make sure, hidden files are visible.

Check C:\Program Files\Malwarebytes' Anti-Malware folder.

Can you see vbalsgrid6.ocx there?

If so, rename it to vbalsgrid6.old

Open "New Task".

Type in:

regsvr32 vbalsgrid6.ocx

Click OK.

Share this post


Link to post
Share on other sites

Hi,

Yes, I've ran mbam clean and re-install 3 or 4 times already.

regards

Share this post


Link to post
Share on other sites

That error with MBAM was fixed awhile back.

Are you running the clean-Uninstall?

Make sure, hidden files are visible.

Check C:\Program Files\Malwarebytes' Anti-Malware folder.

Can you see vbalsgrid6.ocx there?

If so, rename it to vbalsgrid6.old

Open "New Task".

Type in:

regsvr32 vbalsgrid6.ocx

Click OK.

Share this post


Link to post
Share on other sites

Hi

I did the first rename part, but the second part regsvr32 does not work and gives the following reply:

regsvr32 is not recognised as an internal or external command, program or batchfile.

regards

Share this post


Link to post
Share on other sites

1. Right click on MY COMPUTER and select PROPERTIES.

2. Select the ADVANCED tab.

3. Now select ENVIRONMENT VARIABLES

4. In the "USER VARIABLES OF (your name)" frame click NEW

5. Enter "Path" in the VARIABLE NAME text box and "C:\WINDOWS\system32" in the VARIABLE VALUE text box(without the quotes).

6. Close COMMAND PROMPT if it's already running and restart it (Start>Accessories>Command Prompt).

7. Path has been set...

now try it and let me know how it's running

Share this post


Link to post
Share on other sites

Do you still need help with this?

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.