Jump to content

bobbyrae

Members
  • Posts

    9
  • Joined

  • Last visited

Posts posted by bobbyrae

  1. OOPS! Looks like I was wrong. It quit working and I cannot get it going again. Even using the same procedure I tried before. I was browsing, had around 10 FireFox windows open, and the icon in the tray went from red to gray. Checkboxes WILL NOT respond to clicks again. It's almost as if some malware is turning it off. I HAVE run the mbam scanner, plus Avira. I found some viruses, but they are gone now.

    What now?

  2. Suddenly it is working! amazing!

    Here's what I did:

    I opened the scanner, went to the protections tab and disabled every checkbox there.

    Then I went to the settings tab, scanner settings subtab and disabled every checkbox there.

    Then I rebooted.

    I opened the scanner and turned all the checkboxes back on, (except the two main protection checkboxes because they just won't respond)

    Then I rebooted again. There may have been an extra reboot in there, I forget.

    But, the last reboot had MBam working!

    And just to make I wasn't dreaming or experiencing random flukes, I rebooted again and it was still working. Let's cross our fingers because that make actually make a difference!

    This tells me a couple of things:

    1. There is no problem on my system and all these logs I am asked to generate won't tell us anything.
    2. There is some strange user interface problem with MBam that requires resetting the checkboxes and rebooting many times. It SHOULD work like it used to, that is, correctly.

  3. Something odd has just happened! I am now partially protected. The filesystem box is now checked, but the website checkbox refuses to respond when I click on it. Until now, neither box would check. I wonder what changed?

    I CANNOT get DDS to run to completion! I had this same problem months ago when trying to recover from a virus. I downloaded the latest version and tried today, but got the exact same result. It seems to run for a minute then stops and eventually the system becomes locked up and I have to press the reset button.

    I have copied in two logs however...

    2012/09/23 03:00:34 -0700 RIONXP Rion MESSAGE Starting protection

    2012/09/23 03:00:34 -0700 RIONXP Rion MESSAGE Protection started successfully

    2012/09/23 03:00:34 -0700 RIONXP Rion MESSAGE Starting IP protection

    2012/09/23 03:00:53 -0700 RIONXP Rion ERROR IP protection failed: PfBindInterfaceToIPAddress failed with error code 87

    2012/09/10 01:23:34 -0700 RIONXP MESSAGE Starting protection

    2012/09/10 01:23:42 -0700 RIONXP MESSAGE Protection started successfully

    2012/09/10 01:23:45 -0700 RIONXP MESSAGE Starting IP protection

    2012/09/10 01:24:04 -0700 RIONXP Rion MESSAGE IP Protection started successfully

    2012/09/10 01:26:12 -0700 RIONXP Rion MESSAGE Starting database refresh

    2012/09/10 01:26:12 -0700 RIONXP Rion MESSAGE Stopping IP protection

    2012/09/10 01:26:12 -0700 RIONXP Rion MESSAGE IP Protection stopped

    2012/09/10 01:26:41 -0700 RIONXP Rion MESSAGE Database refreshed successfully

    2012/09/10 01:26:41 -0700 RIONXP Rion MESSAGE Starting IP protection

    2012/09/10 01:26:58 -0700 RIONXP Rion MESSAGE IP Protection started successfully

    2012/09/10 02:25:18 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:25:19 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:25:21 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:25:22 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:25:27 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:25:28 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:25:40 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:25:43 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:25:49 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:27:36 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:27:37 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:27:39 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:27:40 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:27:45 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:27:46 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:27:58 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:27:58 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:27:58 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:28:01 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:28:01 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:28:01 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:28:07 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:28:07 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:28:07 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:28:19 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:28:22 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:28:28 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:29:12 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:29:12 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:29:14 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:29:15 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:29:20 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:29:21 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:29:33 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:29:36 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:29:42 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:30:10 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:30:10 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:30:13 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:30:13 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:30:19 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:30:19 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:30:31 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:30:34 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:30:40 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing)

    2012/09/10 02:31:12 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:12 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:12 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:15 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:15 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:15 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:15 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:21 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:21 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:21 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:21 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:33 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:33 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:33 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:33 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:33 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:36 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:36 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:36 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:42 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:42 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:54 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:31:57 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:32:03 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:37:20 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:37:20 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:37:23 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:37:23 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:37:29 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:37:29 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:37:41 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:37:41 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:37:44 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:37:50 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:38:02 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:38:05 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:38:11 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:38:23 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:38:26 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:38:32 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:39:31 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:39:31 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:39:33 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:39:34 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:39:39 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:39:40 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:39:52 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:39:55 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:40:01 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:40:13 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:40:16 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:40:22 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing)

    2012/09/10 02:40:34 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:40:37 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:40:43 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing)

    2012/09/10 02:44:54 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing)

    2012/09/10 02:44:54 -0700 RIONXP Rion IP-BLOCK 89.248.174.55 (Type: outgoing)

    2012/09/10 02:44:55 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing)

    2012/09/10 02:44:57 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing)

    2012/09/10 02:44:57 -0700 RIONXP Rion IP-BLOCK 89.248.174.55 (Type: outgoing)

    2012/09/10 02:44:58 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing)

    2012/09/10 02:45:03 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing)

    2012/09/10 02:45:03 -0700 RIONXP Rion IP-BLOCK 89.248.174.55 (Type: outgoing)

    2012/09/10 02:45:04 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing)

    2012/09/10 02:45:16 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing)

    2012/09/10 02:45:19 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing)

    2012/09/10 02:45:25 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing)

    2012/09/10 02:45:34 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:45:34 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:45:37 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:45:37 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:45:37 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:45:43 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:45:43 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:45:55 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:45:58 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 02:46:04 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 03:02:15 -0700 RIONXP Rion MESSAGE Stopping IP protection

    2012/09/10 03:02:15 -0700 RIONXP Rion MESSAGE IP Protection stopped

    2012/09/10 03:27:05 -0700 RIONXP Rion MESSAGE Starting IP protection

    2012/09/10 03:27:25 -0700 RIONXP Rion MESSAGE IP Protection started successfully

    2012/09/10 03:29:53 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:29:53 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:29:56 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:29:56 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:30:02 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:30:02 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:30:05 -0700 RIONXP Rion MESSAGE Stopping IP protection

    2012/09/10 03:30:05 -0700 RIONXP Rion MESSAGE IP Protection stopped

    2012/09/10 03:32:50 -0700 RIONXP Rion MESSAGE Starting IP protection

    2012/09/10 03:33:11 -0700 RIONXP Rion MESSAGE IP Protection started successfully

    2012/09/10 03:33:11 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:33:19 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: incoming)

    2012/09/10 03:33:27 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:33:27 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:33:30 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:33:30 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:33:35 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:33:36 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:33:36 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:33:48 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:33:51 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:33:57 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:34:23 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:35:59 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 03:37:41 -0700 RIONXP Rion IP-BLOCK 212.117.164.245 (Type: incoming)

    2012/09/10 03:37:59 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 04:01:17 -0700 RIONXP Rion IP-BLOCK 218.10.19.83 (Type: incoming)

    2012/09/10 04:39:27 -0700 RIONXP Rion IP-BLOCK 60.190.222.198 (Type: incoming)

    2012/09/10 14:02:45 -0700 RIONXP MESSAGE Starting protection

    2012/09/10 14:02:52 -0700 RIONXP MESSAGE Protection started successfully

    2012/09/10 14:02:55 -0700 RIONXP Rion MESSAGE Starting IP protection

    2012/09/10 14:03:09 -0700 RIONXP Rion MESSAGE IP Protection started successfully

    2012/09/10 14:42:54 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 14:42:55 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 14:42:57 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 14:42:58 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 14:43:03 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 14:43:04 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 14:43:16 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 14:43:19 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 14:43:25 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 14:51:16 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:51:16 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:51:16 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:51:19 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:51:19 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:51:19 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:51:25 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:51:25 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:51:37 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:51:37 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:51:37 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:51:37 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:51:40 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:51:40 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:51:46 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:51:46 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:51:58 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:51:58 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:51:59 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:01 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:01 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:02 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:07 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:07 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:08 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:19 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:19 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:20 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:20 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:22 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:22 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:23 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:28 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:28 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:29 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:52:34 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:34 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:37 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:37 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:40 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:40 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:40 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:41 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:41 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:43 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:43 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:43 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:43 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:44 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:44 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:49 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:49 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:52:50 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:50 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:55 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:52:58 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:53:01 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:53:01 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:53:03 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:53:04 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:53:04 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:53:06 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:53:10 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:53:12 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing)

    2012/09/10 14:53:22 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:53:25 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:53:32 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing)

    2012/09/10 14:53:44 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:53:44 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:53:47 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 14:53:53 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing)

    2012/09/10 15:03:44 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:03:44 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:03:46 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:03:47 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:03:53 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:03:53 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:05 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:08 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:11 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:11 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:14 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:14 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:14 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:20 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:20 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:32 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:35 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:04:42 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing)

    2012/09/10 15:26:07 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 15:26:08 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 15:26:10 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 15:26:10 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 15:26:11 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 15:26:16 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 15:26:16 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 15:26:17 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 15:26:29 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 15:26:32 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 15:26:38 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing)

    2012/09/10 16:01:41 -0700 RIONXP Rion IP-BLOCK 60.173.11.147 (Type: incoming)

    2012/09/10 19:23:52 -0700 RIONXP Rion MESSAGE Starting protection

    2012/09/10 19:23:52 -0700 RIONXP Rion MESSAGE Protection started successfully

    2012/09/10 19:23:52 -0700 RIONXP Rion MESSAGE Starting IP protection

    2012/09/10 19:24:07 -0700 RIONXP Rion MESSAGE IP Protection started successfully

    2012/09/10 19:25:14 -0700 RIONXP Rion MESSAGE Starting database refresh

    2012/09/10 19:25:14 -0700 RIONXP Rion MESSAGE Stopping IP protection

    2012/09/10 19:25:14 -0700 RIONXP Rion MESSAGE IP Protection stopped successfully

    2012/09/10 19:25:37 -0700 RIONXP Rion MESSAGE Database refreshed successfully

    2012/09/10 19:25:37 -0700 RIONXP Rion MESSAGE Starting IP protection

    2012/09/10 19:25:49 -0700 RIONXP Rion MESSAGE IP Protection started successfully

  4. Below is the mbam check log. Hopefully it tells you how to get mbam working on my system again.

    I've had the product working on my system since 2009. The failure started IMMEDIATELY after the upgrade and there is no message indicating a problem, but it is impossible to turn on protection. The checkboxes to enable protection WILL NOT check! It really looks like a user interface bug.

    mbam-check result log version: 1.10.0.1000

    Malwarebytes Version: REG_SZ 1.65.0.1400

    Date Log Created: 09/19/12

    Time Log Created: 07:51:02

    32 bit Operating System

    Product Name: REG_SZ Microsoft Windows XP

    Current Build Number: 2600

    Current Version Number: 5.1

    Current CSDVersion: Service Pack 3

    OS Product Info: Professional

    Proxy Status: No proxy is Set

    Proxy Server:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

    ProxyServer REG_SZ :0

    LAN Settings:

    =============

    No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY

    SystemPartition:

    ================

    HKEY_LOCAL_MACHINE\SYSTEM\Setup\

    SystemPartition REG_SZ \Device\HarddiskVolume1

    Balloon Tips Status:

    ====================

    Enabled

    Time Format Settings:

    =====================

    Should be:

    h:mm:ss tt

    AM

    PM

    :

    Currently:

    REG_SZ h:mm:ss tt

    REG_SZ AM

    REG_SZ PM

    REG_SZ :

    Language and Regional Settings:

    ===============================

    ACP: Language is English (United States)

    MACCP: Language is English (United States)

    OEMCP: Language is English (United States)

    Startup Folders for Error_Expanding_Variables Check:

    ====================================================

    All Users Startup Folder Exists.

    Current User's startup Folder Exists.

    Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

    ===============================================================================

    TERMService:

    ==============

    Type : 32

    State : 4 (The service is running.) (State is stopped)

    WIN32_EXIT_CODE : 0

    SERVICE_EXIT_CODE : 0

    CHECKPOINT : 0

    WAIT_HINT : 0

    TermService Start is set to: 3 (Manual Startup)

    Compatibility Flag Settings (Any MBAM file listings should be removed):

    =======================================================================

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

    C:\WINDOWS\system32\nvsvc32.exeREG_SZ DisableNXShowUI

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

    Malwarebytes Anti-Malware Shell Extension Block Check:

    ======================================================

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

    MBAM Startup Entries:

    =====================

    Service and Driver Status:

    ==========================

    MBAMProtector:

    ==============

    Type : 2

    State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

    WIN32_EXIT_CODE : 0

    SERVICE_EXIT_CODE : 0

    CHECKPOINT : 0

    WAIT_HINT : 0

    MBAMService:

    ==============

    Type : 16

    State : 4 (The service is running.)

    WIN32_EXIT_CODE : 0

    SERVICE_EXIT_CODE : 0

    CHECKPOINT : 0

    WAIT_HINT : 0

    MBAMProtector Registry Values:

    ==============================

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

    Type REG_DWORD 2

    Start REG_DWORD 3

    ErrorControl REG_DWORD 1

    ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys

    Group REG_SZ FSFilter Anti-Virus

    DependOnService REG_MULTI_SZ FltMgr

    DependOnGroup REG_DWORD 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances

    DefaultInstance REG_SZ MBAMProtector Instance

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance

    Altitude REG_SZ 328800

    Flags REG_DWORD 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security

    Security REG_BINARY Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum

    0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000

    Count REG_DWORD 1

    NextInstance REG_DWORD 1

    MBAMService Registry Values:

    ============================

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService

    Type REG_DWORD 16

    Start REG_DWORD 2

    ErrorControl REG_DWORD 1

    ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"

    DependOnService REG_MULTI_SZ MBAMProtector

    DependOnGroup REG_DWORD 0

    ObjectName REG_SZ LocalSystem

    Description REG_SZ Malwarebytes Anti-Malware service

    DisplayName REG_SZ MBAMService

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security

    Security REG_BINARY Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum

    0 REG_SZ Root\LEGACY_MBAMSERVICE\0000

    Count REG_DWORD 1

    NextInstance REG_DWORD 1

    MBAM DLL's and Runtime Files:

    =============================

    HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

    (Default): REG_SZ vbAccelerator Grid Control

    HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

    (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

    HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

    (Default): REG_SZ SSubTimer6.GSubclass

    HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

    (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

    HKEY_CLASSES_ROOT\SSubTimer6.CTimer

    (Default): REG_SZ SSubTimer6.CTimer

    HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

    (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

    HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

    (Default): REG_SZ SSubTimer6.ISubclass

    HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

    (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

    HKEY_CLASSES_ROOT\mbam.script

    (Default): REG_SZ Malwarebytes' Anti-Malware script

    HKEY_CLASSES_ROOT\mbam.script\shell

    HKEY_CLASSES_ROOT\mbam.script\shell\open

    HKEY_CLASSES_ROOT\mbam.script\shell\open\command

    (Default): REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" %1

    HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

    (Default): REG_SZ SSubTimer6.ISubclass

    HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

    HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

    HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

    (Default): REG_SZ SSubTimer6.ISubclass

    HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

    HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

    (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

    HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

    (Default): REG_SZ 1.0

    HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

    (Default): REG_SZ SSubTimer6.GSubclass

    HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

    HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

    HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

    (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

    ThreadingModel REG_SZ Apartment

    HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

    (Default): REG_SZ SSubTimer6.GSubclass

    HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

    HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

    (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

    HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

    (Default): REG_SZ 1.0

    HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

    (Default): REG_SZ SSubTimer6.CTimer

    HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

    HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

    HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

    (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

    ThreadingModel REG_SZ Apartment

    HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

    (Default): REG_SZ SSubTimer6.CTimer

    HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

    HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

    (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

    HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

    (Default): REG_SZ 1.0

    HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

    HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

    (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

    HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

    HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

    (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

    HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

    (Default): REG_SZ 2

    HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

    (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

    HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

    HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

    (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

    HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

    HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

    (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

    HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

    (Default): REG_SZ 0

    HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

    (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

    HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

    (Default): REG_SZ ISubclass

    HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

    (Default): REG_SZ {00020424-0000-0000-C000-000000000046}

    HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

    (Default): REG_SZ {00020424-0000-0000-C000-000000000046}

    HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

    (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

    Version REG_SZ 1.0

    HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

    (Default): REG_SZ CTimer

    HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

    (Default): REG_SZ {00020420-0000-0000-C000-000000000046}

    HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

    (Default): REG_SZ {00020420-0000-0000-C000-000000000046}

    HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

    (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

    Version REG_SZ 1.0

    HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

    (Default): REG_SZ vbalGrid

    HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

    (Default): REG_SZ {00020420-0000-0000-C000-000000000046}

    HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

    (Default): REG_SZ {00020420-0000-0000-C000-000000000046}

    HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

    (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

    Version REG_SZ 1.1

    MBAM Registry Settings and License Info:

    ========================================

    HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

    InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

    Affiliate REG_SZ https://www.cleverbr...kout&cart=29945

    ID XXXXX This is hidden data.

    Key XXXX-XXXX-XXXX-XXXX This is hidden data.

    updating REG_DWORD 1

    scanreboot REG_DWORD 1

    dbversion REG_SZ v2012.09.19.05

    programversion REG_SZ 1.65.0.1400

    dbdate REG_SZ Wed, 19 Sep 2012 07:28:06 GMT

    hidereg REG_DWORD 0

    startipdisabled REG_DWORD 0

    useproxy REG_DWORD 0

    useauthentication REG_DWORD 0

    downloadprogram REG_DWORD 0

    advancedheuristics REG_DWORD 1

    detectpup REG_DWORD 2

    detectpum REG_DWORD 1

    detectp2p REG_DWORD 0

    updatewarn REG_DWORD 1

    updatewarndays REG_DWORD 7

    notifyinstallprogram REG_DWORD 1

    contextmenu REG_DWORD 1

    reportthreats REG_DWORD 1

    silentipmode REG_DWORD 0

    trialpromptshown REG_DWORD 0

    startwithwindows REG_DWORD 1

    startfsdisabled REG_DWORD 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware\UUID

    There is data here but it is hidden.

    HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

    language REG_SZ english.lng

    firstrun REG_DWORD 1

    defaultscan REG_DWORD 0

    selectedrives REG_SZ C:\|D:\|E:\|

    terminateie REG_DWORD 1

    autosavelog REG_DWORD 1

    alwaysscanmemory REG_DWORD 1

    alwaysscanregistry REG_DWORD 1

    alwaysscanfiles REG_DWORD 1

    alwaysscanheuristics REG_DWORD 1

    startminimized REG_DWORD 0

    autoupdate REG_DWORD 0

    autoscan REG_DWORD 0

    updatetime REG_DWORD 1

    scantime REG_DWORD 1

    updating REG_DWORD 1

    openlog REG_DWORD 1

    alwaysscanstartups REG_DWORD 1

    HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware

    alwaysscanfiles REG_DWORD 1

    alwaysscanheuristics REG_DWORD 1

    alwaysscanmemory REG_DWORD 1

    alwaysscanregistry REG_DWORD 1

    alwaysscanstartups REG_DWORD 1

    autosavelog REG_DWORD 1

    openlog REG_DWORD 1

    contextmenu REG_DWORD 1

    defaultscan REG_DWORD 0

    reportthreats REG_DWORD 1

    terminateie REG_DWORD 0

    startwithwindows REG_DWORD 1

    startfsdisabled REG_DWORD 0

    silentipmode REG_DWORD 0

    trialpromptshown REG_DWORD 0

    HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware

    alwaysscanfiles REG_DWORD 1

    alwaysscanheuristics REG_DWORD 1

    alwaysscanmemory REG_DWORD 1

    alwaysscanregistry REG_DWORD 1

    alwaysscanstartups REG_DWORD 1

    autosavelog REG_DWORD 1

    openlog REG_DWORD 1

    contextmenu REG_DWORD 1

    defaultscan REG_DWORD 0

    reportthreats REG_DWORD 1

    terminateie REG_DWORD 0

    startwithwindows REG_DWORD 1

    startfsdisabled REG_DWORD 0

    silentipmode REG_DWORD 0

    trialpromptshown REG_DWORD 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

    Inno Setup: Setup Version REG_SZ 5.4.3 (a)

    Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

    InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

    Inno Setup: Icon Group REG_SZ Anti-Malware

    Inno Setup: User REG_SZ Rion

    Inno Setup: Selected Tasks REG_SZ desktopicon

    Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

    Inno Setup: Language REG_SZ English

    DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.0.1400

    DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

    QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

    DisplayVersion REG_SZ 1.65.0.1400

    Publisher REG_SZ Malwarebytes Corporation

    URLInfoAbout REG_SZ http://www.malwarebytes.org

    NoModify REG_DWORD 1

    NoRepair REG_DWORD 1

    InstallDate REG_SZ 20120910

    MajorVersion REG_DWORD 1

    MinorVersion REG_DWORD 65

    Context Menu Entries:

    =====================

    HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

    (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

    HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

    (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

    (Default): REG_SZ MBAMShlExt Class

    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

    (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

    (Default): REG_SZ MBAMExt.MBAMShlExt.1

    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

    (Default): REG_SZ MBAMShlExt Class

    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

    (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

    HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

    (Default): REG_SZ IMBAMShlExt

    HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid

    (Default): REG_SZ {00020424-0000-0000-C000-000000000046}

    HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

    (Default): REG_SZ {00020424-0000-0000-C000-000000000046}

    HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

    (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

    Version REG_SZ 1.0

    HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

    (Default): REG_SZ MBAMShlExt Class

    HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

    (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

    ThreadingModel REG_SZ Apartment

    HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

    (Default): REG_SZ MBAMExt.MBAMShlExt.1

    HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

    (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

    HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

    (Default): REG_SZ MBAMExt.MBAMShlExt

    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

    (Default): REG_SZ MBAMExt 1.0 Type Library

    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32

    (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

    (Default): REG_SZ 0

    HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

    (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

    MBAM Drivers:

    =============

    C:\WINDOWS\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0

    Required Dependencies:

    ======================

    fltmgr:

    ==============

    Type : 2

    State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

    WIN32_EXIT_CODE : 0

    SERVICE_EXIT_CODE : 0

    CHECKPOINT : 0

    WAIT_HINT : 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

    Description REG_SZ File System Filter Manager Driver

    DisplayName REG_SZ FltMgr

    ErrorControl REG_DWORD 1

    Group REG_SZ FSFilter Infrastructure

    ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

    Start REG_DWORD 0

    Type REG_DWORD 2

    Tag REG_DWORD 1

    AttachWhenLoaded REG_DWORD 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

    0 REG_SZ Root\LEGACY_FLTMGR\0000

    Count REG_DWORD 1

    NextInstance REG_DWORD 1

    C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512

    C:\WINDOWS\system32\mscomctl.ocx File Size: 1081616 BYTES FileVersion: 6.1.97.82

    C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512

    List of MBAM Related Directories:

    =================================

    C:\Program Files\Malwarebytes' Anti-Malware

    unins000.dat File Size: 175715 BYTES

    mbamnet.dll File Size: 2168392 BYTES FileVersion: 1.62.0.0

    mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140

    changes.rtf File Size: 785 BYTES

    mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0

    mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0

    mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0

    mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0

    mbamext.dll File Size: 80968 BYTES FileVersion: 1.61.0.0

    mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0

    mbam.chm File Size: 582708 BYTES

    license.txt File Size: 11141 BYTES

    changes.txt File Size: 2780 BYTES

    unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0

    ssubtmr6.dll File Size: 44688 BYTES FileVersion: 1.1.0.3

    vbalsgrid6.ocx File Size: 495248 BYTES FileVersion: 2.0.0.40

    mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0

    unins000.msg File Size: 10550 BYTES

    C:\Program Files\Malwarebytes' Anti-Malware\Languages

    russian.lng File Size: 26352 BYTES

    hungarian.lng File Size: 27548 BYTES

    serbian.lng File Size: 25970 BYTES

    slovak.lng File Size: 24752 BYTES

    ukrainian.lng File Size: 13097 BYTES

    spanish.lng File Size: 29010 BYTES

    swedish.lng File Size: 25132 BYTES

    turkish.lng File Size: 25046 BYTES

    norwegian.lng File Size: 24216 BYTES

    arabic.lng File Size: 21110 BYTES

    bosnian.lng File Size: 26236 BYTES

    catalan.lng File Size: 27226 BYTES

    slovenian.lng File Size: 23998 BYTES

    croatian.lng File Size: 25844 BYTES

    czech.lng File Size: 23894 BYTES

    bulgarian.lng File Size: 26678 BYTES

    danish.lng File Size: 25750 BYTES

    dutch.lng File Size: 27282 BYTES

    english.lng File Size: 23742 BYTES

    estonian.lng File Size: 24112 BYTES

    finnish.lng File Size: 24990 BYTES

    french.lng File Size: 28790 BYTES

    german.lng File Size: 28870 BYTES

    greek.lng File Size: 28316 BYTES

    hebrew.lng File Size: 18714 BYTES

    italian.lng File Size: 27186 BYTES

    latvian.lng File Size: 26208 BYTES

    chineseSI.lng File Size: 10642 BYTES

    lithuanian.lng File Size: 26920 BYTES

    macedonian.lng File Size: 27830 BYTES

    chineseTR.lng File Size: 11588 BYTES

    polish.lng File Size: 25726 BYTES

    portugueseBR.lng File Size: 27720 BYTES

    portuguesePT.lng File Size: 28056 BYTES

    romanian.lng File Size: 27308 BYTES

    thai.lng File Size: 25190 BYTES

    vietnamese.lng File Size: 28574 BYTES

    belarusian.lng File Size: 26026 BYTES

    korean.lng File Size: 13710 BYTES

    japanese.lng File Size: 15814 BYTES

    albanian.lng File Size: 13924 BYTES

    C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

    mbam-killer.exe File Size: 984648 BYTES FileVersion: 1.60.0.47

    chameleon.chm File Size: 186068 BYTES

    mbam-chameleon.exe File Size: 218696 BYTES

    mbam-chameleon.com File Size: 218696 BYTES

    mbam-chameleon.pif File Size: 218696 BYTES

    mbam-chameleon.scr File Size: 218696 BYTES

    svchost.exe File Size: 218696 BYTES

    firefox.exe File Size: 218696 BYTES

    firefox.com File Size: 218696 BYTES

    firefox.pif File Size: 218696 BYTES

    firefox.scr File Size: 218696 BYTES

    iexplore.exe File Size: 218696 BYTES

    winlogon.exe File Size: 218696 BYTES

    rundll32.exe File Size: 218696 BYTES

    C:\Documents and Settings\Rion\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

    C:\Documents and Settings\Rion\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

    mbam-log-2009-03-23 (07-04-33).txt File Size: 3733 BYTES

    mbam-log-2009-03-23 (07-33-02).txt File Size: 1219 BYTES

    mbam-log-2009-03-23 (08-15-18).txt File Size: 1157 BYTES

    mbam-log-2009-03-23 (08-19-37).txt File Size: 1157 BYTES

    mbam-log-2009-03-23 (08-23-42).txt File Size: 1143 BYTES

    mbam-log-2009-03-23 (09-32-19).txt File Size: 1291 BYTES

    mbam-log-2010-01-26 (16-10-10).txt File Size: 943 BYTES

    mbam-log-2010-06-17 (19-19-23).txt File Size: 891 BYTES

    mbam-log-2010-07-24 (16-25-14).txt File Size: 905 BYTES

    mbam-log-2010-08-18 (18-02-13).txt File Size: 889 BYTES

    mbam-log-2010-08-18 (18-03-14).txt File Size: 890 BYTES

    mbam-log-2010-08-18 (18-31-40).txt File Size: 906 BYTES

    mbam-log-2010-09-07 (17-24-35).txt File Size: 905 BYTES

    mbam-log-2011-01-03 (01-49-00).txt File Size: 912 BYTES

    mbam-log-2011-01-06 (22-54-37).txt File Size: 883 BYTES

    mbam-log-2011-01-06 (22-57-37).txt File Size: 898 BYTES

    mbam-log-2011-01-21 (16-20-33).txt File Size: 898 BYTES

    mbam-log-2011-01-21 (16-42-04).txt File Size: 913 BYTES

    mbam-log-2011-01-24 (00-44-21).txt File Size: 913 BYTES

    mbam-log-2011-01-24 (00-46-47).txt File Size: 899 BYTES

    mbam-log-2011-01-28 (01-19-32).txt File Size: 898 BYTES

    mbam-log-2011-06-10 (06-51-49).txt File Size: 1127 BYTES

    mbam-log-2011-07-12 (03-36-20).txt File Size: 1496 BYTES

    mbam-log-2011-07-12 (04-39-23).txt File Size: 885 BYTES

    mbam-log-2011-07-12 (04-42-07).txt File Size: 897 BYTES

    mbam-log-2011-07-26 (16-34-59).txt File Size: 913 BYTES

    mbam-log-2011-08-26 (22-24-19).txt File Size: 1370 BYTES

    mbam-log-2011-09-04 (23-27-54).txt File Size: 898 BYTES

    mbam-log-2011-09-09 (12-50-28).txt File Size: 1038 BYTES

    mbam-log-2011-09-12 (10-45-00).txt File Size: 899 BYTES

    mbam-log-2011-10-17 (17-15-11).txt File Size: 913 BYTES

    mbam-log-2011-11-28 (11-48-20).txt File Size: 915 BYTES

    mbam-log-2012-01-03 (07-05-20).txt File Size: 1920 BYTES

    mbam-log-2012-01-03 (07-23-04).txt File Size: 1904 BYTES

    mbam-log-2012-01-12 (20-59-24).txt File Size: 2418 BYTES

    mbam-log-2012-01-12 (21-07-20).txt File Size: 1882 BYTES

    mbam-log-2012-01-12 (21-08-49).txt File Size: 1906 BYTES

    mbam-log-2012-01-25 (13-00-37).txt File Size: 1880 BYTES

    mbam-log-2012-02-02 (07-24-00).txt File Size: 1880 BYTES

    mbam-log-2012-02-07 (12-33-09).txt File Size: 1904 BYTES

    mbam-log-2012-02-07 (12-43-49).txt File Size: 1904 BYTES

    mbam-log-2012-03-18 (21-15-07).txt File Size: 1904 BYTES

    mbam-log-2012-03-18 (21-16-31).txt File Size: 1906 BYTES

    mbam-log-2012-03-24 (11-29-22).txt File Size: 1884 BYTES

    mbam-log-2012-04-10 (07-59-16).txt File Size: 1904 BYTES

    mbam-log-2012-04-30 (16-42-02).txt File Size: 2094 BYTES

    mbam-log-2012-06-13 (05-28-50).txt File Size: 1882 BYTES

    mbam-log-2012-06-13 (05-33-44).txt File Size: 1904 BYTES

    mbam-log-2012-07-17 (01-34-28).txt File Size: 1906 BYTES

    mbam-log-2012-07-17 (01-36-06).txt File Size: 1906 BYTES

    mbam-log-2012-07-25 (23-36-45).txt File Size: 2250 BYTES

    mbam-log-2012-08-06 (20-34-08).txt File Size: 1904 BYTES

    mbam-log-2012-08-20 (03-54-26).txt File Size: 1904 BYTES

    mbam-log-2012-09-12 (00-17-17).txt File Size: 1910 BYTES

    mbam-log-2012-09-13 (16-21-21).txt File Size: 1906 BYTES

    mbam-log-2012-09-15 (05-04-56).txt File Size: 1908 BYTES

    mbam-log-2012-09-17 (13-36-31).txt File Size: 1906 BYTES

    C:\Documents and Settings\Rion\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

    QUAR3.18578 File Size: 192 BYTES

    BACKUP3.18578 File Size: 85 BYTES

    QUAR3.72880 File Size: 661 BYTES

    BACKUP3.72880 File Size: 122 BYTES

    QUAR3.29283 File Size: 382 BYTES

    BACKUP3.29283 File Size: 168 BYTES

    QUAR3.18814 File Size: 165 BYTES

    BACKUP3.18814 File Size: 191 BYTES

    QUAR3.90667 File Size: 143 BYTES

    BACKUP3.90667 File Size: 87 BYTES

    QUAR3.14882 File Size: 196 BYTES

    BACKUP3.14882 File Size: 124 BYTES

    QUAR1.17363 File Size: 94724 BYTES

    BACKUP1.17363 File Size: 68 BYTES

    QUAR1.12323 File Size: 94724 BYTES

    BACKUP1.12323 File Size: 68 BYTES

    QUAR1.81344 File Size: 94724 BYTES

    BACKUP1.81344 File Size: 68 BYTES

    QUAR1.62579 File Size: 94724 BYTES

    BACKUP1.62579 File Size: 68 BYTES

    QUAR1.15092 File Size: 94724 BYTES

    BACKUP1.15092 File Size: 68 BYTES

    QUAR1.63342 File Size: 94724 BYTES

    BACKUP1.63342 File Size: 68 BYTES

    QUAR1.84558 File Size: 94724 BYTES

    BACKUP1.84558 File Size: 68 BYTES

    QUAR1.50786 File Size: 94724 BYTES

    BACKUP1.50786 File Size: 68 BYTES

    BACKUP2.79138 File Size: 103 BYTES

    BACKUP2.74090 File Size: 121 BYTES

    BACKUP2.88099 File Size: 126 BYTES

    QUAR1.43918 File Size: 1776 BYTES

    BACKUP1.43918 File Size: 135 BYTES

    QUAR3.21811 File Size: 831 BYTES

    BACKUP3.21811 File Size: 91 BYTES

    BACKUP4.57637 File Size: 176 BYTES

    QUAR1.13868 File Size: 280 BYTES

    BACKUP1.13868 File Size: 111 BYTES

    QUAR3.37381 File Size: 2826 BYTES

    BACKUP3.37381 File Size: 90 BYTES

    BACKUP4.40230 File Size: 179 BYTES

    QUAR3.28182 File Size: 156 BYTES

    BACKUP3.28182 File Size: 98 BYTES

    QUAR3.47048 File Size: 158 BYTES

    BACKUP3.47048 File Size: 99 BYTES

    QUAR1.36734 File Size: 8152 BYTES

    BACKUP1.36734 File Size: 75 BYTES

    QUAR1.81641 File Size: 126468 BYTES

    BACKUP1.81641 File Size: 83 BYTES

    QUAR3.64056 File Size: 577 BYTES

    BACKUP3.64056 File Size: 92 BYTES

    QUAR1.77801 File Size: 19528 BYTES

    BACKUP1.77801 File Size: 130 BYTES

    QUAR1.95211 File Size: 20096 BYTES

    BACKUP1.95211 File Size: 110 BYTES

    QUAR1.28749 File Size: 91136 BYTES

    BACKUP1.28749 File Size: 76 BYTES

    BACKUP4.35422 File Size: 193 BYTES

    BACKUP4.73602 File Size: 193 BYTES

    QUAR3.90026 File Size: 278 BYTES

    BACKUP3.90026 File Size: 144 BYTES

    BACKUP2.64532 File Size: 82 BYTES

    QUAR1.64121 File Size: 40489 BYTES

    BACKUP1.64121 File Size: 96 BYTES

    QUAR1.92336 File Size: 91136 BYTES

    BACKUP1.92336 File Size: 114 BYTES

    QUAR1.90496 File Size: 91136 BYTES

    BACKUP1.90496 File Size: 114 BYTES

    QUAR1.59768 File Size: 267442 BYTES

    BACKUP1.59768 File Size: 117 BYTES

    QUAR1.32915 File Size: 267442 BYTES

    BACKUP1.32915 File Size: 117 BYTES

    QUAR1.41705 File Size: 264704 BYTES

    BACKUP1.41705 File Size: 145 BYTES

    9326624216.data File Size: 916 BYTES

    0961083979.data File Size: 813 BYTES

    0554451680.data File Size: 779 BYTES

    0554451680.quar File Size: 2339840 BYTES

    9184066120.data File Size: 832 BYTES

    1844460524.data File Size: 741 BYTES

    1844460524.quar File Size: 614 BYTES

    ===============================================================

    END OF FILE

  5. I ALSO have windowsXP and MB 1.65. I am seeing THE EXACT SAME PROBLEM. I AM ALSO GETTING TIRED OF ALL THE STRANGE STARTUP PROBLEMS WITH THIS PRODUCT!!!

    A couple of weeks ago the right-click popup menu was not working and it was doing something in the background that bogged my system down for about 5 minutes. It took a week of updates before it finally went away. There are frequently messages at startup about MB failing to take off. So a little more testing on the basics is in order. It sounds like some <expletive> is just ASSUMING certain things work instead of testing them properly, undoubtedly in an effort to save time.

  6. Thanks again, guys! Again this is post fix.

    Here is the HijackThis file:

    ***********************************************************************

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 4:51:55 PM, on 3/26/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Anvshell.exe

    C:\WINDOWS\shicoxp.exe

    C:\WINDOWS\System32\NILaunch.exe

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

    C:\WINDOWS\System32\inetsrv\inetinfo.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

    C:\PROGRA~1\AVG\AVG8\avgtray.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\totalcmd\TOTALCMD.EXE

    C:\Program Files\Dantz\Retrospect\retrorun.exe

    C:\WINDOWS\System32\tcpsvcs.exe

    C:\WINDOWS\System32\snmp.exe

    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\AVG\AVG8\avgemc.exe

    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    C:\PROGRA~1\AVG\AVG8\avgnsx.exe

    C:\WINDOWS\system32\notepad.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

    N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\RION\Application Data\Mozilla\Profiles\default\gy9pacdk.slt\prefs.js)

    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RION\Application Data\Mozilla\Profiles\default\gy9pacdk.slt\prefs.js)

    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\My Program Files\TechSmith\SnagIt6\SnagItBHO.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\My Program Files\TechSmith\SnagIt6\SnagItIEAddin.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe

    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe

    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

    O4 - HKLM\..\Run: [Xerox PanelMgr] C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe /autorun

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader80\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\My Program Files\quicktime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

    O4 - Startup: Shortcut to TOTALCMD.lnk = C:\totalcmd\TOTALCMD.EXE

    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rion\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: HushEncryptionEngine - https://mailserver5.hushmail.com/shared/Hus...ptionEngine.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O20 - AppInit_DLLs:

    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

    --

    End of file - 7604 bytes

    ***************************************************************************

    here is the log file from comfix:

    ****************************************************************************

    ComboFix 09-03-22.01 - Rion 2009-03-26 16:48:09.2 - FAT32x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.186 [GMT -7:00]

    Running from: e:\installs\ComboFix.exe

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

    .

    ((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))

    .

    2009-03-25 02:10 . 2009-03-25 02:10 <DIR> d-------- c:\program files\Twisted Pair Computer Based Training

    2009-03-25 02:10 . 2006-04-19 02:08 68,496 --a------ c:\windows\UnDeploy.exe

    2009-03-23 08:58 . 2009-03-23 08:58 <DIR> d-------- c:\program files\Trend Micro

    2009-03-23 06:31 . 2009-03-23 06:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

    2009-03-23 06:31 . 2009-03-23 06:31 <DIR> d-------- c:\documents and settings\Rion\Application Data\Malwarebytes

    2009-03-23 06:31 . 2009-03-23 06:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

    2009-03-23 06:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

    2009-03-23 06:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

    2009-03-23 04:34 . 2009-03-23 04:34 3,153,920 --a------ c:\windows\system32\secsetup.sdb

    2009-03-23 00:49 . 2009-03-23 00:49 <DIR> d--h----- C:\$AVG8.VAULT$

    2009-03-23 00:41 . 2009-03-23 00:41 <DIR> d-------- c:\windows\system32\drivers\Avg

    2009-03-23 00:41 . 2009-03-23 00:41 <DIR> d-------- c:\program files\AVG

    2009-03-23 00:41 . 2009-03-23 00:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

    2009-03-23 00:41 . 2009-03-23 00:41 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys

    2009-03-23 00:41 . 2009-03-23 00:41 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys

    2009-03-23 00:41 . 2009-03-23 00:41 10,520 --a------ c:\windows\system32\avgrsstx.dll

    2009-03-09 04:26 . 2009-03-09 04:26 <DIR> d--hs---- C:\FOUND.004

    2009-03-05 04:46 . 2009-03-05 04:46 <DIR> d--hs---- C:\FOUND.003

    2009-03-04 00:44 . 2009-03-04 00:44 <DIR> d--hs---- C:\FOUND.002

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys

    2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys

    2009-02-03 01:00 --------- d-----w c:\documents and settings\All Users\Application Data\Comcast

    2009-01-17 04:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll

    2008-08-19 01:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080819\index.dat

    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-23_12.58.29.31 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2009-03-23 19:57:14 219,244 ----a-w c:\windows\system32\inetsrv\MetaBase.bin

    + 2009-03-26 23:41:54 219,249 ----a-w c:\windows\system32\inetsrv\MetaBase.bin

    + 2009-03-26 23:37:48 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_1e8.dat

    + 2009-03-26 23:38:04 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_530.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-11 2356088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Anvshell"="c:\windows\Anvshell.exe" [2002-10-21 331776]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

    "shicoxp"="c:\windows\shicoxp.exe" [2003-05-14 45056]

    "Net-It Launcher"="c:\windows\System32\NILaunch.exe" [1998-02-05 24576]

    "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]

    "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2005-03-18 589824]

    "Xerox PanelMgr"="c:\windows\Xerox\PanelMgr\ssmmgr.exe" [2006-12-01 520192]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader80\Reader\Reader_sl.exe" [2008-01-11 39792]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

    "QuickTime Task"="c:\my program files\quicktime\qttask.exe" [2008-05-27 413696]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-23 1932568]

    "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

    c:\documents and settings\Rion\Start Menu\Programs\Startup\

    Shortcut to TOTALCMD.lnk - c:\totalcmd\TOTALCMD.EXE [2003-08-15 691748]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

    2009-03-23 00:41 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.asv2"= asusasv2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\WINDOWS\\System32\\ftp.exe"=

    "c:\\WINDOWS\\System32\\mmc.exe"=

    "c:\\Program Files\\Messenger\\MSMSGS.EXE"=

    "c:\\Program Files\\Palm\\HOTSYNC.EXE"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "e:\\RC40 Scale\\RC40 Rate Update.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2003-05-09 89749]

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-23 325640]

    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-23 107912]

    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-23 908056]

    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-23 298264]

    R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2003-08-15 15968]

    R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2003-08-15 13776]

    S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [2003-08-15 7888]

    S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2008-07-31 32840]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

    \Shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"

    .

    .

    ------- Supplementary Scan -------

    .

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

    uStart Page = about:blank

    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Rion\Start Menu\Programs\IMVU\Run IMVU.lnk

    DPF: DirectAnimation Java Classes

    DPF: HushEncryptionEngine - hxxps://mailserver5.hushmail.com/shared/HushEncryptionEngine.cab

    DPF: Microsoft XML Parser for Java

    FF - ProfilePath - c:\documents and settings\Rion\Application Data\Mozilla\Firefox\Profiles\6mo1uipe.default\

    FF - prefs.js: browser.startup.homepage - about:blank

    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

    FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin.dll

    FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin2.dll

    FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin3.dll

    FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin4.dll

    FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin5.dll

    FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin6.dll

    FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin7.dll

    FF - plugin: c:\program files\Adobe\Reader80\Reader\browser\nppdf32.dll

    FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-03-26 16:49:45

    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-789336058-287218729-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    .

    Completion time: 2009-03-26 16:50:55

    ComboFix-quarantined-files.txt 2009-03-26 23:50:54

    ComboFix2.txt 2009-03-23 19:59:18

    Pre-Run: 5,053,038,592 bytes free

    Post-Run: 5,146,378,240 bytes free

    148 --- E O F --- 2009-03-23 12:15:24

  7. For some unfortunate reason, I am one of the few who end up getting completely ignored! Well, nevertheless, I am really grateful that this forum is here because I found someone with a similar issue where combofix.exe was the recommended solution. I tried it and it seems to have worked.

    If anyone wants to see the log files afterward, I would be glad to upload.

  8. I apologize for starting this thread as I see there are similar currently being addressed. I am a first-time EVER poster to anything! I just need to confirm that my system is okay. I have logs from DDS report, Attach report, Java Report, MBAM log, Hijack this. I have run Malware Bytes which found two registry files Userinit.exe that keep coming back.

    ...

    What symptoms were you having? Since I seem to have the same issue with two registry entries regarding userinit.exe, I am wondering if it might even be the same spyware. In my case, I was watching the registry entries while I ran malwarebytes and tried to delete, but I saw no change. That is, the quarantine and delete operation apparently did nothing. At first I thought that the spyware was somehow restoring the entries, but now I don't think so.

  9. I get alerts about a security problem followed by prompts to download some software. I initially used AVG virus scan version 8.5 and it removed some files, but issue persisted. Rogue spyware type 621? It was also claiming that IEXPLORE.EXE was infected, so I uninstalled IE7, then reinstalled, but issue persists.

    Then a kind soul suggested your software, which initially found 17 objects and removed, but wait, two reg entries don't seem to change. Issue persists. So here are the logs... sorry about all the extra stuff I have going!

    *********************************************************************

    Malwarebytes' Anti-Malware 1.34

    Database version: 1888

    Windows 5.1.2600 Service Pack 3

    3/23/2009 9:32:19 AM

    mbam-log-2009-03-23 (09-32-19).txt

    Scan type: Quick Scan

    Objects scanned: 70400

    Time elapsed: 3 minute(s), 33 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 2

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. [2666712424696817196720701818696620682069192570177125211768717120]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. [2666712424696817196720701818696620682069192570177125211768717120]

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    ***************************************************************************

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 9:39:36 AM, on 3/23/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\userinit.exe

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\WINDOWS\System32\inetsrv\inetinfo.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Dantz\Retrospect\retrorun.exe

    C:\WINDOWS\System32\tcpsvcs.exe

    C:\WINDOWS\System32\snmp.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

    C:\PROGRA~1\AVG\AVG8\avgnsx.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\AVG\AVG8\avgemc.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    C:\WINDOWS\Anvshell.exe

    C:\WINDOWS\shicoxp.exe

    C:\WINDOWS\System32\NILaunch.exe

    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

    C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

    C:\PROGRA~1\AVG\AVG8\avgtray.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\totalcmd\TOTALCMD.EXE

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

    N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\RION\Application Data\Mozilla\Profiles\default\gy9pacdk.slt\prefs.js)

    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RION\Application Data\Mozilla\Profiles\default\gy9pacdk.slt\prefs.js)

    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\My Program Files\TechSmith\SnagIt6\SnagItBHO.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\My Program Files\TechSmith\SnagIt6\SnagItIEAddin.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe

    O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe

    O4 - HKLM\..\Run: [windows auto update] msblast.exe

    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

    O4 - HKLM\..\Run: [Xerox PanelMgr] C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe /autorun

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader80\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [QuickTime Task] "C:\My Program Files\quicktime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

    O4 - Startup: Shortcut to TOTALCMD.lnk = C:\totalcmd\TOTALCMD.EXE

    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rion\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O16 - DPF: HushEncryptionEngine - https://mailserver5.hushmail.com/shared/Hus...ptionEngine.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O20 - AppInit_DLLs:

    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

    --

    End of file - 7961 bytes

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.