Jump to content

Emergency Help - can't work until safe. Virus/Malware issues


Recommended Posts

  • Replies 219
  • Created
  • Last Reply

It didn't finish. I've attached a pic of where it got stuck in case it helps. Also, all the sudden my monitor settings keep popping up and disappearing on its own. The same screen that pops up when you hit the settings button on the front where you can adjust contrast etc. You can't get rid of it. It just comes and goes on it's own. This is a new thing...

mbam-check result log version: 1.10.0.1000

Malwarebytes Version: REG_SZ 1.70.0.1100

Date Log Created: 04/03/13

Time Log Created: 10:40:41

32 bit Operating System

Product Name: REG_SZ Microsoft Windows XP

Current Build Number: 2600

Current Version Number: 5.1

Current CSDVersion: Service Pack 3

OS Product Info: Home Edition

Proxy Status: No proxy is Set

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume2

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 1077

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 4 (Disabled) <-- TERMSERVICE SHOULD NOT BE DISABLED

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\WINDOWS\explorer.exe REG_SZ EnableNXShowUI

C:\WINDOWS\system32\rundll32.exeREG_SZ EnableNXShowUI

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

MBAM Startup Entries:

=====================

Service and Driver Status:

==========================

Can not open SC_HANDLE, Service not running for MBAMProtector

Can not open SC_HANDLE, Service not running for MBAMService

MBAMProtector Registry Values:

==============================

MBAMService Registry Values:

============================

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

advancedheuristics REG_DWORD 1

downloadprogram REG_DWORD 1

hidereg REG_DWORD 0

detectp2p REG_DWORD 1

detectpum REG_DWORD 1

detectpup REG_DWORD 2

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

contextmenu REG_DWORD 1

reportthreats REG_DWORD 1

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

startipdisabled REG_DWORD 0

silentipmode REG_DWORD 0

autoquarantine REG_DWORD 1

notifyinstallprogram REG_DWORD 1

trialpromptshown REG_DWORD 0

autoquarantinenotify REG_DWORD 1

InstallPath REG_SZ C:\downloads\Malwarebytes' Anti-Malware

dbdate REG_SZ Fri, 14 Dec 2012 20:56:34 GMT

dbversion REG_SZ v2012.12.14.11

programversion REG_SZ 1.70.0.1100

programbuild REG_SZ consumer

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 1

terminateie REG_DWORD 0

Language REG_SZ English.lng

selectedrives REG_SZ C:\|

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)

Inno Setup: App Path REG_SZ C:\downloads\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\downloads\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Mom

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.70.0.1100

DisplayIcon REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\downloads\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\downloads\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.70.0.1100

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20130401

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 70

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\

MBAM Drivers:

=============

C:\WINDOWS\system32\drivers\mbam.sys File Size: 21104 BYTES FileVersion: 1.60.2.0

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

Type REG_DWORD 2

Start REG_DWORD 0

ErrorControl REG_DWORD 1

Tag REG_DWORD 1

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

DisplayName REG_SZ FltMgr

Group REG_SZ FSFilter Infrastructure

Description REG_SZ File System Filter Manager Driver

AttachWhenLoaded REG_DWORD 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512

C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5

C:\WINDOWS\system32\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34

C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512

List of MBAM Related Directories:

=================================

C:\downloads\Malwarebytes' Anti-Malware

changes.txt File Size: 2128 BYTES

license.rtf File Size: 17916 BYTES

mbam.chm File Size: 469873 BYTES

mbam.dll File Size: 508264 BYTES FileVersion: 1.70.0.0

mbam.exe File Size: 824232 BYTES FileVersion: 1.70.0.9

mbamcore.dll File Size: 1091432 BYTES FileVersion: 1.70.0.0

mbamext.dll File Size: 79208 BYTES FileVersion: 1.70.0.0

mbamgui.exe File Size: 512360 BYTES FileVersion: 1.70.0.0

mbamnet.dll File Size: 2171240 BYTES FileVersion: 1.70.0.0

mbampt.exe File Size: 38248 BYTES FileVersion: 1.70.0.0

mbamscheduler.exe File Size: 398184 BYTES FileVersion: 1.70.0.0

mbamservice.exe File Size: 682344 BYTES FileVersion: 1.70.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 15036 BYTES

unins000.exe File Size: 710504 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 11277 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\downloads\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 216424 BYTES

firefox.exe File Size: 216424 BYTES

firefox.pif File Size: 216424 BYTES

firefox.scr File Size: 216424 BYTES

iexplore.exe File Size: 216424 BYTES

mbam-chameleon.com File Size: 216424 BYTES

mbam-chameleon.exe File Size: 216424 BYTES

mbam-chameleon.pif File Size: 216424 BYTES

mbam-chameleon.scr File Size: 216424 BYTES

mbam-killer.exe File Size: 894312 BYTES

rundll32.exe File Size: 216424 BYTES

svchost.exe File Size: 216424 BYTES

winlogon.exe File Size: 216424 BYTES

C:\downloads\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 21728 BYTES

belarusian.lng File Size: 26766 BYTES

bosnian.lng File Size: 26988 BYTES

bulgarian.lng File Size: 27400 BYTES

catalan.lng File Size: 28114 BYTES

chineseSI.lng File Size: 10970 BYTES

chineseTR.lng File Size: 11894 BYTES

croatian.lng File Size: 26576 BYTES

czech.lng File Size: 24682 BYTES

danish.lng File Size: 26434 BYTES

dutch.lng File Size: 28142 BYTES

english.lng File Size: 24418 BYTES

estonian.lng File Size: 25014 BYTES

finnish.lng File Size: 25770 BYTES

french.lng File Size: 29674 BYTES

german.lng File Size: 29698 BYTES

greek.lng File Size: 29116 BYTES

hebrew.lng File Size: 19202 BYTES

hungarian.lng File Size: 28430 BYTES

italian.lng File Size: 28022 BYTES

japanese.lng File Size: 16140 BYTES

korean.lng File Size: 14096 BYTES

latvian.lng File Size: 26916 BYTES

lithuanian.lng File Size: 27664 BYTES

macedonian.lng File Size: 28864 BYTES

norwegian.lng File Size: 24978 BYTES

polish.lng File Size: 26484 BYTES

portugueseBR.lng File Size: 28544 BYTES

portuguesePT.lng File Size: 28904 BYTES

romanian.lng File Size: 28090 BYTES

russian.lng File Size: 27134 BYTES

serbian.lng File Size: 26662 BYTES

slovak.lng File Size: 25486 BYTES

slovenian.lng File Size: 24696 BYTES

spanish.lng File Size: 29902 BYTES

swedish.lng File Size: 25800 BYTES

thai.lng File Size: 25884 BYTES

turkish.lng File Size: 25800 BYTES

vietnamese.lng File Size: 29400 BYTES

C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

mbam-log-2013-04-01 (23-21-38).txt File Size: 1886 BYTES

C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================

END OF FILE

freeze.bmp

Link to post
Share on other sites

As to the OTL scan, I should have asked you to turn OFF Avast before starting that run.

As to the screen display just now, this must be a one-off from who-knows-what.

Do this.

Do a Windows shutdown.

Then power off on only the monitor.

Then wait about 1 minute.

Power on the monitor.

Restart the system.

I am not going to abandon you; but I am really needing a short respite. Seems like we are on a never ending treadmill.

I will get back with you later.

Meantime, please remember to not get any tools on your own; nor make any changes or tweaks or adds on your own.

Please do not do any websurfing nor un-needed online transactions.

Link to post
Share on other sites

Hello,

It's me again. :)

Let's see if we can start MBAM's Chameleon.

First, see about turning off Avast {yes, it is running}

Click on the Avast ball in Taskbar notification area. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

IF and only if you cannot see Avast, then start Task Manager.

CTRL+ALT+Del

Look for any process Avast and select it & End it.

Now, Copy all of this command-line so that it is in system clipboard

C:\downloads\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe

Then press Windows-key+R key to get to RUN option

In the text box, do a paste { CTRL+V } so that the above code is in the run line.

then press Enter

Once MBAM starts, do a FULL scan

Kindly copy & paste the new MBAM log

Now, using Windows Explorer, tell me whether you see a folder by this name

C:\Windows\system32\GroupPolicy <<<-- this folder

Link to post
Share on other sites

I need also for you to do this too, at the next opportune time.

Please click on START - RUN and copy/paste the following and click OK - then restart the computer.

CMD /k sc config termservice start= demand

You should get a message similar to this.

[sC] ChangeServiceConfig SUCCESS

Do advise me after this step has been done.

credit Advancedsetup for this snippet

Link to post
Share on other sites

Ok, so before I saw your new instructions, disabled Avast shields, tried the scan again but this time removed flash drive (forgot it was in there), scanned with last 3 additions only, scan completeted, but no log popped up. All but 3 desktop icons disappeared and got new error message.

"DW20.EXE - Application Error" The application failed to initialize properly (0xc000012d). Click on OK to terminate

Rebooted....

Following new instructions.... be right back...

Link to post
Share on other sites

No Group Policy Folder in that location...

No options for Additional Protection or anything Sandbox anywhere on my version of Avast. I disabled shields until reboot, via right click. I also checked Task Mgr and Avast is still running and it will not let me terminate the process. I am currently running Chameleon, however I get an error right away on the 2nd step (Updating) because I have no internet connection on the pc. I click OK on the error and Chameleon is continuing to run the next step. Do you want me to uninstall Avast for now? I don't know how else to completely disable it. I don't know if it running (even disabled) is interfering with these scans...

Link to post
Share on other sites

Another quick update... Chameleon is proceeding and started MBAM and started a quick scan on it's own, it's currently running. I will do a full scan upon completion.

ETA - Quick scan found nothing. Now running full scan. I'm assuming when I close MBAM, that Chameleon will continue or close? Will post logs when done.

Link to post
Share on other sites

Once the next scan has completed, get & post that log for review.

Do not do any more scans. I will need to follow-up shortly with you with the next fix.

Link to post
Share on other sites

Sorry it took so long. Almost 2.5 hours. Here's the log. One other thing I wanted to mention was that I have not done the "change services config" thing yet. Let me know if you still want that done.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.14.11

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

:: FAMILY [administrator]

4/3/2013 4:58:19 PM

mbam-log-2013-04-03 (16-58-19).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 475067

Time elapsed: 2 hour(s), 20 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Kstmommy only. If you are a casual viewer, do NOT try this on your system!

If you are not Kstmommy and have a similar problem, do NOT post here; start your own topic

Please click on START - RUN and copy/paste the following and click OK - then restart the computer.

CMD /k sc config termservice start= demand

You should get a message similar to this.

[sC] ChangeServiceConfig SUCCESS

Do advise me after this step has been done.

credit Advancedsetup for that snippet.

  • Temporarily disable your antivirus program and close any programs that you started.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Download the attached file KSTM2.txt and SAVE to your DESKTOP
  • Open the KSTM2.txt that you saved
  • Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT:

First, delete the mbam-check that I had you get earlier.

  • Download mbam-check.exe from >>> here <<<and save it to your desktop
  • On Vista/Windows 7, Right-click on mbam-check.exe & select Run as Administrator & allow to Run.
    On XP,Double-click on mbam-check.exe to run it.
  • It should then open a log file CheckResults.txt
  • Please copy and paste the entire contents of the log into your next post, or, if you prefer, you may attach the CheckResults.txt file located on your desktop instead

Link to post
Share on other sites

Did Change Services thing sucessfully...

Both scans completed...

All processes killed

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers\\C:\WINDOWS\explorer.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers\\C:\WINDOWS\system32\rundll32.exe deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Mom

->Temp folder emptied: 90059 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 25992 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Owner

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: UpdatusUser.D563PSC1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 28310 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: LocalService

->Flash cache emptied: 0 bytes

User: Mom

->Flash cache emptied: 0 bytes

User: NetworkService

->Flash cache emptied: 0 bytes

User: Owner

User: UpdatusUser

->Flash cache emptied: 0 bytes

User: UpdatusUser.D563PSC1

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Mom

->Java cache emptied: 0 bytes

User: NetworkService

User: Owner

User: UpdatusUser

User: UpdatusUser.D563PSC1

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04032013_195549

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ 1.70.0.1100

Date Log Created: 04/03/13

Time Log Created: 19:59:39

User Account type: Administrator

32 bit Operating System

Product Name: REG_SZ Microsoft Windows XP

Current Build Number: 2600

Current Version Number: 5.1

Current CSDVersion: Service Pack 3

OS Product Info: Home Edition

Proxy Status: No proxy is Set

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume2

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 4 (The service is running.) (State is stopped)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Service and Driver Status:

==========================

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

MBAMProtector Registry Values:

==============================

MBAMService Registry Values:

============================

MBAMScheduler Registry Values:

==============================

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

advancedheuristics REG_DWORD 1

downloadprogram REG_DWORD 1

hidereg REG_DWORD 0

detectp2p REG_DWORD 1

detectpum REG_DWORD 1

detectpup REG_DWORD 2

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

contextmenu REG_DWORD 1

reportthreats REG_DWORD 1

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

startipdisabled REG_DWORD 0

silentipmode REG_DWORD 0

autoquarantine REG_DWORD 1

notifyinstallprogram REG_DWORD 1

trialpromptshown REG_DWORD 0

autoquarantinenotify REG_DWORD 1

InstallPath REG_SZ C:\downloads\Malwarebytes' Anti-Malware

dbdate REG_SZ Fri, 14 Dec 2012 20:56:34 GMT

dbversion REG_SZ v2012.12.14.11

programversion REG_SZ 1.70.0.1100

programbuild REG_SZ consumer

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 1

terminateie REG_DWORD 0

Language REG_SZ English.lng

selectedrives REG_SZ C:\|

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)

Inno Setup: App Path REG_SZ C:\downloads\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\downloads\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Mom

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.70.0.1100

DisplayIcon REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\downloads\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\downloads\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.70.0.1100

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20130401

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 70

Pending File Rename Operations:

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Scheduler Queue:

================

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\

MBAM Drivers:

=============

C:\WINDOWS\system32\drivers\mbam.sys File Size: 21104 BYTES FileVersion: 1.60.2.0

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

Type REG_DWORD 2

Start REG_DWORD 0

ErrorControl REG_DWORD 1

Tag REG_DWORD 1

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

DisplayName REG_SZ FltMgr

Group REG_SZ FSFilter Infrastructure

Description REG_SZ File System Filter Manager Driver

AttachWhenLoaded REG_DWORD 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512

C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5

C:\WINDOWS\system32\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34

C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512

List of MBAM Related Directories:

=================================

C:\downloads\Malwarebytes' Anti-Malware

changes.txt File Size: 2128 BYTES

license.rtf File Size: 17916 BYTES

mbam.chm File Size: 469873 BYTES

mbam.dll File Size: 508264 BYTES FileVersion: 1.70.0.0

mbam.exe File Size: 824232 BYTES FileVersion: 1.70.0.9

mbamcore.dll File Size: 1091432 BYTES FileVersion: 1.70.0.0

mbamext.dll File Size: 79208 BYTES FileVersion: 1.70.0.0

mbamgui.exe File Size: 512360 BYTES FileVersion: 1.70.0.0

mbamnet.dll File Size: 2171240 BYTES FileVersion: 1.70.0.0

mbampt.exe File Size: 38248 BYTES FileVersion: 1.70.0.0

mbamscheduler.exe File Size: 398184 BYTES FileVersion: 1.70.0.0

mbamservice.exe File Size: 682344 BYTES FileVersion: 1.70.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 15036 BYTES

unins000.exe File Size: 710504 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 11277 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\downloads\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 216424 BYTES

firefox.exe File Size: 216424 BYTES

firefox.pif File Size: 216424 BYTES

firefox.scr File Size: 216424 BYTES

iexplore.exe File Size: 216424 BYTES

mbam-chameleon.com File Size: 216424 BYTES

mbam-chameleon.exe File Size: 216424 BYTES

mbam-chameleon.pif File Size: 216424 BYTES

mbam-chameleon.scr File Size: 216424 BYTES

mbam-killer.exe File Size: 894312 BYTES

rundll32.exe File Size: 216424 BYTES

svchost.exe File Size: 216424 BYTES

winlogon.exe File Size: 216424 BYTES

C:\downloads\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 21728 BYTES

belarusian.lng File Size: 26766 BYTES

bosnian.lng File Size: 26988 BYTES

bulgarian.lng File Size: 27400 BYTES

catalan.lng File Size: 28114 BYTES

chineseSI.lng File Size: 10970 BYTES

chineseTR.lng File Size: 11894 BYTES

croatian.lng File Size: 26576 BYTES

czech.lng File Size: 24682 BYTES

danish.lng File Size: 26434 BYTES

dutch.lng File Size: 28142 BYTES

english.lng File Size: 24418 BYTES

estonian.lng File Size: 25014 BYTES

finnish.lng File Size: 25770 BYTES

french.lng File Size: 29674 BYTES

german.lng File Size: 29698 BYTES

greek.lng File Size: 29116 BYTES

hebrew.lng File Size: 19202 BYTES

hungarian.lng File Size: 28430 BYTES

italian.lng File Size: 28022 BYTES

japanese.lng File Size: 16140 BYTES

korean.lng File Size: 14096 BYTES

latvian.lng File Size: 26916 BYTES

lithuanian.lng File Size: 27664 BYTES

macedonian.lng File Size: 28864 BYTES

norwegian.lng File Size: 24978 BYTES

polish.lng File Size: 26484 BYTES

portugueseBR.lng File Size: 28544 BYTES

portuguesePT.lng File Size: 28904 BYTES

romanian.lng File Size: 28090 BYTES

russian.lng File Size: 27134 BYTES

serbian.lng File Size: 26662 BYTES

slovak.lng File Size: 25486 BYTES

slovenian.lng File Size: 24696 BYTES

spanish.lng File Size: 29902 BYTES

swedish.lng File Size: 25800 BYTES

thai.lng File Size: 25884 BYTES

turkish.lng File Size: 25800 BYTES

vietnamese.lng File Size: 29400 BYTES

C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

mbam-log-2013-04-01 (23-21-38).txt File Size: 1886 BYTES

mbam-log-2013-04-03 (16-52-38).txt File Size: 1842 BYTES

mbam-log-2013-04-03 (16-58-19).txt File Size: 1878 BYTES

C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================

END OF FILE

Link to post
Share on other sites

Knock wood & hope I am not being pre-mature in saying colors_zps5cee088f.gifyahoo.gif Hurra :D

You should be able to Start MBAM and then do an Update run & get fully up-to-date with definitions.

There were 1 or 2 "settings" that had to be the "cause" of the so-called "policy restrictions" that were haunting this machine.

Start your MBAM MalwareBytes' Anti-Malware.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

Close MBAM after you are done.

You should be able to start MBAM normally, whenever you need to.

I would urge you to get the MBAM PRO license, given the fact that you work from home, plus that you do financial type applications.

see http://www.malwareby...lwarebytes_pro/

I need feedback as to whether your starting-original issue has now "disappeared".

Do not go away, as I will need to give you guidance for cleanups.

Plus you seriously need to beef-up your system security a lot more, again, given the importance of this system.

I need a run of Securitycheck.

If you do not have it already, then Download Security Check by screen317 from >>here<<.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

I hope we're close too! I'm so annoyed with this machine!

Since I installed MBAM in the downloads directory, I can open it just fine right now. When it's in the correct location (Program Files) is when I wasn't able to run it. Should I uninstall this one, and install a new one in the correct directory, and THEN try to open it normally? I can't do updates yet until I get either a new networking card or USB wireless or something, as it has no internet. I'm downloading whatever I need, saving it to the flash drive, then to the pc.

Another concern is the malingering presence of Microsoft Security Essentials. I can't get rid of it, or use it. I tried that Fix it for me thing you had me do, but it's still there as far as I know. There's still a directory for it and files, so IDK. Should I go in the regedit and delete stuff manually (with instruction ONLY) or what?

What beefing up do you suggest? I was always told that a good free Antivirus like MSE or Avast along with Windows Firewall was efficient enough?

Scan results are below... please advise of next steps.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.61

Windows XP Service Pack 3 x86

Internet Explorer 7 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Free Antivirus

ESET Online Scanner v3

OPSWAT AntiVirus and Firewall Integration Libraries

iolo technologies' System Mechanic

`````````Anti-malware/Other Utilities Check:`````````

Deal Spy

SUPERAntiSpyware

Windows Defender

Malwarebytes Anti-Malware version 1.70.0.1100

CCleaner

Adobe Flash Player 11.6.602.180

Google Chrome 25.0.1364.152

Google Chrome 25.0.1364.172

Google Chrome plugins...

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

I hope we're close too! I'm so annoyed with this machine!

Since I installed MBAM in the downloads directory, I can open it just fine right now. When it's in the correct location (Program Files) is when I wasn't able to run it. Should I uninstall this one, and install a new one in the correct directory, and THEN try to open it normally? I can't do updates yet until I get either a new networking card or USB wireless or something, as it has no internet. I'm downloading whatever I need, saving it to the flash drive, then to the pc.

Another concern is the malingering presence of Microsoft Security Essentials. I can't get rid of it, or use it. I tried that Fix it for me thing you had me do, but it's still there as far as I know. There's still a directory for it and files, so IDK. Should I go in the regedit and delete stuff manually (with instruction ONLY) or what?

What beefing up do you suggest? I was always told that a good free Antivirus like MSE or Avast along with Windows Firewall was efficient enough?

Scan results are below... please advise of next steps.

I am going to answer these last posts of yours separately .

Yes, you can use Add-or-Remove Programs to Uninstall MBAM.

Then get and do a new setup, .....and .... use the default setup locations.

as to MSE, I may have to create a unique way of removing.

abd definitely, NO do not use the Registry editor to delete stuff on your own !!!

Not while I am helping you.

I will give you a set of safer practices to beef-up. when we reach the closure point.

Link to post
Share on other sites

Oops forgot to mention...

I tried running a few MSE files, like setup, the main exe, and am still getting the software policy error...

DO NOT run any MSE please.

Link to post
Share on other sites

Uninstalled MBAM, reinstalled in the correct path, got error message. I've attached it since I'm not sure you've seen this one.

Will wait for beefing up info.. Won't touch regedit, not even confident enough without instruction. Won't touch MSE files again, I just was trying to see if I got the same software errors. I wasn't going to run any scans or anything, just see if anything would open.

Edited to clarify above..

error2.bmp

Link to post
Share on other sites

You have VEW from before. That is the event viewer help tool.

Double click on VEW.exe to start the program.

In the Select log to query section, check (tick):

  • Application
  • System

In the Select type to list section, check:

  • Critical (not XP)
  • Error
  • Information
  • Warning

In the Number or date of events section, check:

Number of events... then enter 20 in the entry box beside it.

Press the Run button.

A Notepad report will open when done, please Copy >Paste the contents of this report.

It is located at %systemdrive%\VEW.txt, usually C:\VEW.txt.

This will be it for this evening.

Link to post
Share on other sites

Thanks again. Talk to you tomorrow...

Vino's Event Viewer v01c run on Windows XP in English

Report run at 03/04/2013 10:27:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 29/03/2013 12:02:06 AM

Type: error Category: 0

Event: 5000 Source: MPSampleSubmission

EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 NIL, P10 NIL.

Log: 'Application' Date/Time: 27/03/2013 11:25:04 PM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application i4gxdtvj.exe, version 2.1.19155.0, faulting module i4gxdtvj.exe, version 2.1.19155.0, fault address 0x00012288.

Log: 'Application' Date/Time: 17/03/2013 10:26:06 PM

Type: error Category: 0

Event: 5000 Source: Microsoft Security Client

The event description cannot be found.

Log: 'Application' Date/Time: 22/02/2013 11:03:25 AM

Type: error Category: 0

Event: 1000 Source: Microsoft Office 12

Faulting application winword.exe, version 12.0.6661.5000, stamp 4f7cd9da, faulting module mso.dll, version 12.0.6662.5000, stamp 4fd67dd1, debug? 0, fault address 0x00208953.

Log: 'Application' Date/Time: 06/01/2013 10:04:43 PM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a.

Log: 'Application' Date/Time: 30/12/2012 6:18:44 PM

Type: error Category: 100

Event: 1000 Source: Application Error

Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Log: 'Application' Date/Time: 30/12/2012 6:18:34 PM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00011689.

Log: 'Application' Date/Time: 16/11/2012 8:59:04 AM

Type: error Category: 0

Event: 5000 Source: MPSampleSubmission

EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 NIL, P10 NIL.

Log: 'Application' Date/Time: 24/10/2012 9:55:05 AM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a.

Log: 'Application' Date/Time: 24/10/2012 9:36:34 AM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a.

Log: 'Application' Date/Time: 24/10/2012 9:33:33 AM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application lxdulscn.exe, version 0.0.0.0, faulting module lxdudrs.dll, version 0.1.25.0, fault address 0x0006735a.

Log: 'Application' Date/Time: 24/10/2012 9:27:59 AM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a.

Log: 'Application' Date/Time: 01/10/2012 1:28:42 PM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application realplay.exe, version 12.0.1.652, faulting module nevideohd.ax, version 4.6.15.0, fault address 0x00008b89.

Log: 'Application' Date/Time: 23/09/2012 1:19:05 PM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application smsystemanalyzer.exe, version 11.0.5.2, faulting module smsystemanalyzer.exe, version 11.0.5.2, fault address 0x000e0c23.

Log: 'Application' Date/Time: 17/09/2012 10:07:36 PM

Type: error Category: 0

Event: 1000 Source: Application Error

Faulting application b3vviewer.exe, version 1.0.0.1, faulting module wdmaud.drv, version 5.1.2600.5512, fault address 0x0000461f.

Log: 'Application' Date/Time: 14/09/2012 7:11:49 AM

Type: error Category: 0

Event: 1103 Source: .NET Runtime Optimization Service

.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - information Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 03/04/2013 10:12:29 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 10:12:19 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 9:12:29 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 9:12:19 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 8:12:29 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 8:12:19 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 7:58:05 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 7:57:54 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 7:57:48 PM

Type: information Category: 0

Event: 1800 Source: SecurityCenter

The Windows Security Center Service has started.

Log: 'Application' Date/Time: 03/04/2013 7:57:48 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 7:57:47 PM

Type: information Category: 0

Event: 105 Source: ATI Smart

The service was started.

Log: 'Application' Date/Time: 03/04/2013 7:53:42 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 7:53:24 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 7:53:00 PM

Type: information Category: 0

Event: 1800 Source: SecurityCenter

The Windows Security Center Service has started.

Log: 'Application' Date/Time: 03/04/2013 7:53:00 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 7:52:59 PM

Type: information Category: 0

Event: 105 Source: ATI Smart

The service was started.

Log: 'Application' Date/Time: 03/04/2013 7:45:25 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 7:45:15 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 6:45:27 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

Log: 'Application' Date/Time: 03/04/2013 6:45:16 PM

Type: information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 03/04/2013 10:26:44 PM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 03/04/2013 10:10:12 PM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 03/04/2013 9:46:59 PM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client

Log: 'Application' Date/Time: 03/04/2013 9:46:55 PM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Microsoft Security Client\Setup.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client

Log: 'Application' Date/Time: 03/04/2013 9:46:25 PM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client

Log: 'Application' Date/Time: 03/04/2013 3:22:29 PM

Type: warning Category: 0

Event: 1517 Source: Userenv

Windows saved user FAMILY\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 02/04/2013 6:10:34 PM

Type: warning Category: 0

Event: 1517 Source: Userenv

Windows saved user FAMILY\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 02/04/2013 6:10:19 PM

Type: warning Category: 0

Event: 1524 Source: Userenv

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Log: 'Application' Date/Time: 02/04/2013 11:40:24 AM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client

Log: 'Application' Date/Time: 02/04/2013 6:38:24 AM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client

Log: 'Application' Date/Time: 01/04/2013 10:07:24 PM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 01/04/2013 5:52:54 PM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 01/04/2013 5:48:11 PM

Type: warning Category: 0

Event: 1517 Source: Userenv

Windows saved user FAMILY\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 01/04/2013 5:47:41 PM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 01/04/2013 10:13:17 AM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 29/03/2013 10:13:49 PM

Type: warning Category: 0

Event: 1517 Source: Userenv

Windows saved user D563PSC1\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 29/03/2013 8:05:38 PM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 29/03/2013 8:01:52 PM

Type: warning Category: 0

Event: 1517 Source: Userenv

Windows saved user D563PSC1\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 29/03/2013 3:08:27 PM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 29/03/2013 9:59:11 AM

Type: warning Category: 0

Event: 866 Source: Software Restriction Policies

Access to C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 03/04/2013 8:07:56 PM

Type: error Category: 0

Event: 2001 Source: Microsoft Antimalware

Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9302.0&avdelta=1.147.662.0&asdelta=1.147.662.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 03/04/2013 8:07:56 PM

Type: error Category: 0

Event: 2001 Source: Microsoft Antimalware

Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9302.0&avdelta=1.147.662.0&asdelta=1.147.662.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 03/04/2013 8:07:56 PM

Type: error Category: 0

Event: 2001 Source: Microsoft Antimalware

Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Log: 'System' Date/Time: 03/04/2013 7:57:50 PM

Type: error Category: 0

Event: 7026 Source: Service Control Manager

The following boot-start or system-start driver(s) failed to load: nvatabus nvraid

Log: 'System' Date/Time: 03/04/2013 7:57:48 PM

Type: error Category: 0

Event: 7000 Source: Service Control Manager

The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 03/04/2013 7:57:48 PM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The 6to4 service terminated with the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 03/04/2013 7:55:50 PM

Type: error Category: 0

Event: 7031 Source: Service Control Manager

The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/04/2013 7:55:50 PM

Type: error Category: 0

Event: 7031 Source: Service Control Manager

The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/04/2013 7:55:50 PM

Type: error Category: 0

Event: 7034 Source: Service Control Manager

The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 03/04/2013 7:55:50 PM

Type: error Category: 0

Event: 7031 Source: Service Control Manager

The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Log: 'System' Date/Time: 03/04/2013 7:55:50 PM

Type: error Category: 0

Event: 7034 Source: Service Control Manager

The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 03/04/2013 7:53:03 PM

Type: error Category: 0

Event: 7026 Source: Service Control Manager

The following boot-start or system-start driver(s) failed to load: nvatabus nvraid

Log: 'System' Date/Time: 03/04/2013 7:53:00 PM

Type: error Category: 0

Event: 7000 Source: Service Control Manager

The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 03/04/2013 7:53:00 PM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The 6to4 service terminated with the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 03/04/2013 4:46:25 PM

Type: error Category: 0

Event: 2001 Source: Microsoft Antimalware

Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9302.0&avdelta=1.147.662.0&asdelta=1.147.662.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 03/04/2013 4:46:25 PM

Type: error Category: 0

Event: 2001 Source: Microsoft Antimalware

Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9302.0&avdelta=1.147.662.0&asdelta=1.147.662.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 03/04/2013 4:46:24 PM

Type: error Category: 0

Event: 2001 Source: Microsoft Antimalware

Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Log: 'System' Date/Time: 03/04/2013 4:36:23 PM

Type: error Category: 0

Event: 7026 Source: Service Control Manager

The following boot-start or system-start driver(s) failed to load: nvatabus nvraid

Log: 'System' Date/Time: 03/04/2013 4:36:11 PM

Type: error Category: 0

Event: 7000 Source: Service Control Manager

The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 03/04/2013 4:36:11 PM

Type: error Category: 0

Event: 7023 Source: Service Control Manager

The 6to4 service terminated with the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - information Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 03/04/2013 10:12:29 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdate) service entered the stopped state.

Log: 'System' Date/Time: 03/04/2013 10:12:19 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdate) service entered the running state.

Log: 'System' Date/Time: 03/04/2013 10:12:19 PM

Type: information Category: 0

Event: 7035 Source: Service Control Manager

The Google Update Service (gupdate) service was successfully sent a start control.

Log: 'System' Date/Time: 03/04/2013 9:12:29 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdate) service entered the stopped state.

Log: 'System' Date/Time: 03/04/2013 9:12:19 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdate) service entered the running state.

Log: 'System' Date/Time: 03/04/2013 9:12:19 PM

Type: information Category: 0

Event: 7035 Source: Service Control Manager

The Google Update Service (gupdate) service was successfully sent a start control.

Log: 'System' Date/Time: 03/04/2013 8:12:29 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdate) service entered the stopped state.

Log: 'System' Date/Time: 03/04/2013 8:12:19 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdate) service entered the running state.

Log: 'System' Date/Time: 03/04/2013 8:12:19 PM

Type: information Category: 0

Event: 7035 Source: Service Control Manager

The Google Update Service (gupdate) service was successfully sent a start control.

Log: 'System' Date/Time: 03/04/2013 7:58:43 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 03/04/2013 7:58:39 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The Remote Access Connection Manager service entered the running state.

Log: 'System' Date/Time: 03/04/2013 7:58:29 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 03/04/2013 7:58:29 PM

Type: information Category: 0

Event: 7035 Source: Service Control Manager

The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 03/04/2013 7:58:27 PM

Type: information Category: 0

Event: 7035 Source: Service Control Manager

The Remote Access Connection Manager service was successfully sent a start control.

Log: 'System' Date/Time: 03/04/2013 7:58:27 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The Telephony service entered the running state.

Log: 'System' Date/Time: 03/04/2013 7:58:26 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The SSDP Discovery Service service entered the running state.

Log: 'System' Date/Time: 03/04/2013 7:58:25 PM

Type: information Category: 0

Event: 7035 Source: Service Control Manager

The SSDP Discovery Service service was successfully sent a start control.

Log: 'System' Date/Time: 03/04/2013 7:58:05 PM

Type: information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdate) service entered the stopped state.

Log: 'System' Date/Time: 03/04/2013 7:58:04 PM

Type: information Category: 0

Event: 2 Source: nvata

Device identified.

Log: 'System' Date/Time: 03/04/2013 7:58:04 PM

Type: information Category: 0

Event: 2 Source: nvata

Device identified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 03/04/2013 7:51:06 AM

Type: warning Category: 0

Event: 36 Source: W32Time

The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 01/04/2013 11:35:15 AM

Type: warning Category: 0

Event: 4 Source: bcm4sbxp

Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 01/04/2013 11:29:43 AM

Type: warning Category: 0

Event: 1007 Source: Dhcp

Your computer has automatically configured the IP address for the Network Card with network address 00188B6FB993. The IP address being used is 169.254.13.98.

Log: 'System' Date/Time: 29/03/2013 1:31:14 PM

Type: warning Category: 0

Event: 4226 Source: Tcpip

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 29/03/2013 1:06:54 PM

Type: warning Category: 0

Event: 4226 Source: Tcpip

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 28/03/2013 2:12:29 PM

Type: warning Category: 0

Event: 4226 Source: Tcpip

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 27/03/2013 7:19:36 PM

Type: warning Category: 0

Event: 1073 Source: USER32

The attempt to power off D563PSC1 failed

Log: 'System' Date/Time: 27/03/2013 7:19:15 PM

Type: warning Category: 0

Event: 1073 Source: USER32

The attempt to reboot D563PSC1 failed

Log: 'System' Date/Time: 27/03/2013 6:07:30 PM

Type: warning Category: 0

Event: 1116 Source: Microsoft Antimalware

Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AgentBypass.gen!K&threatid=2147599269 Name: Trojan:Win32/AgentBypass.gen!K ID: 2147599269 Severity: Severe Category: Trojan Path: file:_C:\Documents and Settings\All Users\Application Data\izihyh.dat;regkey:_HKCU@S-1-5-21-706684962-979399936-124493050-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\izihyh;runkey:_HKCU@S-1-5-21-706684962-979399936-124493050-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\izihyh Detection Origin: Local machine Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.147.594.0, AS: 1.147.594.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9302.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 27/03/2013 6:04:39 PM

Type: warning Category: 0

Event: 1116 Source: Microsoft Antimalware

Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AgentBypass.gen!K&threatid=2147599269 Name: Trojan:Win32/AgentBypass.gen!K ID: 2147599269 Severity: Severe Category: Trojan Path: file:_C:\Documents and Settings\All Users\Application Data\izihyh.dat Detection Origin: Local machine Detection Type: Heuristics Detection Source: Real-Time Protection User: D563PSC1\Mom Process Name: C:\WINDOWS\system32\regsvr32.exe Signature Version: AV: 1.147.594.0, AS: 1.147.594.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9302.0, NIS: 0.0.0.0

Log: 'System' Date/Time: 18/03/2013 7:01:19 AM

Type: warning Category: 0

Event: 4226 Source: Tcpip

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 18/03/2013 6:29:33 AM

Type: warning Category: 0

Event: 4226 Source: Tcpip

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 17/03/2013 2:59:41 PM

Type: warning Category: 0

Event: 4226 Source: Tcpip

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Link to post
Share on other sites

While in Windows Explorer, navigate to the folder C:\Program Files

then do a right-click on the folder, and select Properties.

Look down to the Attributes line

Make sure the Read-only checkbox is clear

Let me know what you find.

Then still in Properties of C:\Program Files

click on the Security tab

For each of these "user names" one by one

System

Administrators

click each in turn, then press the Edit button at the permissions line

click the Allow box at the Full Control line so that it is checked {selected}

Click Apply

Do that for each 1 of Administrators & System

Then click OK & Close

You may be prompted 1 final time to OK.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.