Cannot enable Protection Malwarebytes PRO 1.65.0.1400

[rwtrekker]

Since every computer is different, I'm going to post a new thread rather than rely on fixes that may have worked for others.

I'm using Windows XP Pro SP3. One of the programs running in my systray is TeaTimer, Spybot's resident protection program. I have installed Malwarebytes 1.65.0.1400 courtesy of an automatic update. I'd been running my system with Pro in the systray, set to auto-protect (both file system and malicious website blocking).

The automatic update to 1.65 caused the top 2 check boxes on the Protection tab to clear out as well as refuse replacment checkmarks. Apparently I am therefore running without file system and malicious website blocking now.

I have never configured Malwarebytes to refrain from starting the Protection Module at Windows startup. It's still accepting the check box here, and Task Manager reports mbamservice is a running process.

I have tried multiple cold boots and warm boots between each of the steps below, and the Malwarebytes icon still does not appear in the systray as it did before the automatic upgrade.

I have used mbam-clean to uninstall Malwarebytes completely from my system, have rebooted as prompted, and reinstalled using this link.

I then reactivated the product with my valid ID and Key. This granted me Pro again but did not solve the checkbox problem.

I have run a Full Scan after updating my databases. No infection is found.

There are no other anti-virus programs running on my machine to conflict with Malwarebytes. I am not aware of any script blockers active on my system.

Turning off TeaTimer did not allow me to put checkmarks in The Two Boxes of Malwarebytes Pro 1.65.

I looked up my Terminal Services in Windows. My startup value is set to Manual. My Profile1 is Enabled.

I used mbam-check to generate a log just before posting this message. The log file is attached.

The only Protection Log available on my system is attached as well.

I have also run the DDS program. The Attach.txt file has been zipped and attached. Below is the data from the DDS report.

Thank you for your time & advice.

rwtrekker

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by User at 15:15:56 on 2012-09-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3807.3028 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Ahead\InCD\InCDsrv.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\program files\real\realplayer\update\realsched.exe

C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/webhp?complete=1&hl=en

uSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp

mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

{31c5b04f-5354-4a41-9f61-1709ee9a882b}

{3fa2a876-9c21-43d8-857e-147bb1b03eee}

{402298e1-0d51-432a-a121-fe2bcb736325}

{416defa2-b336-4854-ad0d-aa317b910aaf}

{449497ea-466c-4d64-871c-13bc68a5db54}

{51cf8a3e-a4dd-4598-a750-20701c0c2a7e}

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

{55d2d2b1-44bb-48bd-9377-4b58bfa9e837}

{59084763-cc10-42de-bcdd-3089480fbf28}

{6b90da66-ddfc-40a9-8cf1-7149fcc0a506}

{6ba1cca5-c3d6-430d-a796-8418698ec98d}

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

{79b4db19-a8e7-4e80-b9e1-46fd6545451d}

BHO: DataVault Object: {8373adc0-6330-11dd-9d77-22c856d89593} - c:\program files\avanquest\systemsuite\IE_ContextMenu_Vault.dll

{85ab479e-81b6-4331-b0c0-cce2c389ca20}

{8cf3b09c-434c-423b-9027-974f2b0c66ef}

{8f9d70e8-f79f-46a4-9877-c298d5c4f2cb}

{933a2822-cc8f-432d-9a0c-3b2634b410ac}

{95de9494-578c-447a-814c-c2f87404d7f3}

{9a4f4743-4ee9-40b5-8620-58d9584bef81}

{a459a550-2510-4335-b84e-a5f200131ff7}

{a75613f5-5781-44f6-8cdf-7772aaae9720}

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

{b13895a7-c769-4f8e-a63e-80089021e060}

{c5f98f5d-3f00-4077-b237-c338fbc5e1cd}

{c9e1045e-391f-4c33-b517-47cad3817de6}

{d01a5674-b8b6-4e30-b73a-df1148d06abd}

{d4cae1a9-f94c-4db3-9aca-0aec0e43eec6}

{d6cc44c6-99c3-4b04-9c2a-68a60b388bd4}

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

{e738240a-18b7-4dc1-80ac-d6a849b20d50}

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{e8274214-1d33-4822-af8d-ab26dacade86}

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

mRun: [smapp] c:\program files\analog devices\soundmax\SMTray.exe

mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe

mRun: [srmclean] c:\cpqs\scom\srmclean.exe

mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

mRun: [CPQEASYACC] c:\program files\compaq\easy access button support\StartEAK.exe

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [statusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto

mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe

mRun: [HPLJ Config] c:\program files\hewlett-packard\hp laserjet 1150_1300\SetConfig.exe -c Network -p hpLaserJet1300 -pn "hp LaserJet 1300 PCL 6" -n 0 -l 1033 -sl 120000

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe

mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227667786390

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345076437890

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/Autodesk%20Architectural%20Desktop%203/AcDcToday.ocx

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/Autodesk%20Architectural%20Desktop%203/InstBanr.ocx

DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///C:/Program%20Files/Autodesk%20Architectural%20Desktop%203/InstFred.ocx

DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/Autodesk%20Architectural%20Desktop%203/AcPreview.ocx

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3D66CC26-F72F-4003-8C85-6C6B671510D0} : DhcpNameServer = 192.168.1.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\zcl2djuq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=1&hl=en

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-7-31 238952]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-6-8 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-6-15 47640]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-14 399432]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-14 676936]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-31 36608]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-14 22856]

S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250568]

S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2006-5-15 79304]

S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2006-5-15 35240]

S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2008-8-18 33832]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-22 114144]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\drivers\ssecbus.sys [2010-7-31 86528]

S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\drivers\ssecmdfl.sys [2010-7-31 14976]

S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\drivers\ssecmdm.sys [2010-7-31 114304]

S3 TFilter;TFilter;\??\c:\progra~1\avanqu~1\system~1\tfilter.sys --> c:\progra~1\avanqu~1\system~1\TFilter.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2012-09-15 02:54:58 937984 ------w- c:\windows\system32\asrecmms.ocx

2012-09-15 02:54:58 73728 ------w- c:\windows\system32\vbzlib1.dll

2012-09-15 02:54:58 667648 ------w- c:\windows\system32\PictureViewer.ocx

2012-09-15 02:54:58 536576 ------w- c:\windows\system32\amp3dj.ocx

2012-09-15 02:54:58 200704 ------w- c:\windows\system32\threed32.ocx

2012-09-15 02:54:58 143360 ------w- c:\windows\system32\asrecmms.oca

2012-09-15 02:54:58 135168 ------w- c:\windows\system32\id3vx_ocx.dll

2012-09-15 02:54:58 1028096 ------w- c:\windows\system32\NCTAudioInformation2.dll

2012-09-15 02:54:57 145408 ------w- c:\windows\system32\Lame.exe

2012-09-15 02:54:57 1422336 ------w- c:\windows\system32\AdjMmsEng.dll

2012-09-15 02:54:57 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

2012-09-15 02:49:55 -------- d-----w- c:\program files\Free M4a to MP3 Converter

2012-09-15 02:06:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-09-15 02:06:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-15 02:06:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-15 01:59:47 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes

2012-08-28 22:52:17 -------- d-----w- c:\program files\AMR Player

.

==================== Find3M ====================

.

2012-09-07 00:43:20 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-07 00:43:19 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-31 23:36:02 900 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ------w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40:15 1866112 ------w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

1997-07-22 01:30:54 1045776 --sha-w- c:\windows\system32\Msjet35.dll

1997-06-23 09:00:00 123664 --sha-w- c:\windows\system32\Msjint35.dll

1997-06-23 18:06:50 24848 --sha-w- c:\windows\system32\Msjter35.dll

1997-06-23 18:06:50 252176 --sha-w- c:\windows\system32\Msrd2x35.dll

1997-06-23 18:06:50 287504 --sha-w- c:\windows\system32\Msxbse35.dll

.

============= FINISH: 15:17:12.23 ===============

CheckResults.txt

Attach.zip

protection-log-2012-09-14.txt

[daledoc1]

Thank you very much for posting the logs, rwtrekker.

Please wait for assistance from a qualified expert member or MBAM staffer.

They will help to get you back in proper working order.

Thanks for your patience and understanding,

daledoc1

[AdvancedSetup]

Hello and welcome to Malwarebytes

The computer shows signs of a possible infection.

Here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

• Option 1 —— Free Expert advice in the Malware Removal Forum
  
• Option 2 —— Paying customer -- Contact Support via email
  
• Option 3 —— Premium, Fee-Based Support
  

OPTION 1

As we don't deal with malware removal in the

General Malwarebytes' Anti-Malware Forum

, you need to start a topic in the

Malware Removal forum

so a qualified helper can help you fix any malware related problems or infections you may have.

• Please read and follow the directions here, skipping any steps you are unable to complete.
  
• After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
  so that you're alerted when someone has replied to your post.
  

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

• 
  
  • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
    Or
    
  • You may send a Private Message to a Moderator asking for assistance.
    

OPTION 2

Alternatively, as a paying customer, you can contact the help desk

here

OPTION 3

If you would like to use our

Malwarebytes Premium Consumer Services

partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our

Malwarebytes Premium Services

support site.

Please be patient, someone will assist you as soon as possible.

[rwtrekker]

Thanks - I have selected Option 1 & started a HelpDesk forum topic here.

[daledoc1]

Very good!

Thanks for letting us know.

The experts over there should be able to get you back up and running.

(It's been quite busy over there for the past few days, but someone will be along ASAP to help you.)

Best regards,

daledoc1

[AdvancedSetup]

I will go ahead and close this topic now as user has a topic open in the HJT forum.