MBAM will not start; Sys Restore will not work - HELP!

[PhotoBone]

I'm not sure what's going on but it sure seems like an infection. MBAM will not start. I get "Run-time errror '372': Failed to load control 'vbalGrid' from 'vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated." I try to run System Restore and I get "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again." Starting in Safe Mode makes no difference. Also, I have no drag and drop capability.

I've run dds.com and get only one log file generated which is pasted below. Your help would be very much appreciated!

Thanks!

Michael

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Administrator at 18:35:51 on 2012-06-03

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\hasplms.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WLSVC.exe

C:\Program Files\X-Rite\Devices\Services\xrdd.exe

C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\ProfileCnt.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe

C:\Documents and Settings\Administrator\Desktop\dds.com

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{8DEB1937-CD33-4162-B5D5-603108C9C500} : DhcpNameServer = 209.18.47.61 209.18.47.62

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\amlako72.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109929&babsrc=adbartrp&mntrId=dc4278cb000000000000001d09098dd6&q=

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\amlako72.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109929

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - dc4278cb000000000000001d09098dd6

FF - user.js: extensions.BabylonToolbar_i.hardId - dc4278cb000000000000001d09098dd6

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15394

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:55:19

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R? fsssvc;Windows Live Family Safety Service

R? i1;i1 Pro

R? MozillaMaintenance;Mozilla Maintenance Service

R? RTL819xp;TRENDnet Wireless N PC Card / PCI Adapter NT Driver

R? scsiscan;SCSI Scanner Driver

R? WDC_SAM;WD SCSI Pass Thru driver

S? fssfltr;fssfltr

S? hasplms;Sentinel HASP License Manager

S? MaxiAcom;MaxiAcom

S? maxivista;Maxi_Vista_DriverA

S? MBAMSwissArmy;MBAMSwissArmy

S? PDIHWCTL;PDIHWCTL

S? TabletServicePen;TabletServicePen

S? TouchServicePen;Wacom Consumer Touch Service

S? wacmoumonitor;Wacom Mode Helper

S? WinI2C-DDC;WinI2C-DDC Kernel Mode Driver

S? WLNdis50;Wireless Lan NDIS Protocol I/O Control

S? WLSVC;WLSVC

S? xrdd.exe;X-Rite Device Services Manager

.

=============== Created Last 30 ================

.

2012-06-02 02:34:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 02:34:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-31 05:04:05 214 ----a-w- c:\windows\system32\tmp.reg

2012-05-31 01:46:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-30 08:29:11 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-05-30 08:29:11 -------- d-----w- c:\windows\system32\wbem\Repository

2012-05-30 08:28:41 -------- d-----w- c:\documents and settings\administrator\.swt

2012-05-17 03:21:02 -------- dc-h--w- c:\documents and settings\all users\application data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}

2012-05-17 03:21:01 -------- d-----w- c:\program files\Uniblue

.

==================== Find3M ====================

.

2012-05-11 04:07:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-11 04:07:31 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-11 17:57:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-04-11 17:57:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 18:36:25.48 ===============

[LDTate]

Please do the following to see if it resolves the issue: Post back and let us know please

• 
  
• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus:
  
• Here's how to do that.
  
• usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  
• Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Next: Install the latest version of Malwarebytes' Anti-Malware from here
  
  • 
    
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.
    

[PhotoBone]

Hi Larry!

Please see my post with the same subject in the Anti-Malware forum. I'd really appreciate some help!

Thanks!

Michael

[LDTate]

One of our Administrators asked you to do this:

Okay it looks like you probably have a registry key that has the permissions set wrong or it is possibly infected.

Please open a ticket on the help desk and ask for me and I'll assist you with fixing this.

http://www.malwarebytes.org/contact_consumer

Cheers

Ron

[PhotoBone]

Right. I've been waiting on a reply from Nan who was the first to respond. Thanks!

Michael

[LDTate]

She'll take care of you