Jump to content

Recommended Posts

TRIED INSTALLING THE DDS FILES BUT MY OPERATING SYSTEM IS NOT SUPPORTED. I HAVE WINDOWS XP 64 BIT. WHAT SHOULD I DO?

 

The computer is infected with viruses that won't allow me to install Malwarebytes. I would get the 372 run-ime error: failed to load control "vbalGrid" from vbalsgrid6.ocs. Your version of vbalsgrid6.ocs may be oudated. Make sure you are using the version of the control that was provided with your application.

 

The DDS file I was referring to is from a tutorial in malware removal help. Can someone please help me?!

 

 

Thanks in advance!

Link to post
Share on other sites

Hello Jb1234 and welcome to Malwarebytes forum.

 

Download Random's System Information Tool (RSIT)
from http://images.malwareremoval.com/random/RSIT.exe
and save it to your desktop.

Start on RSIT.exe   Do a RIGHT-Click on RSIT and select Run as Administrator and allow to run.
Accept the disclaimer:
Click "Continue" at the disclaimer screen.
Once it has finished, two logs will open. Please attach the logs in your next reply:
 both "log.txt" (<<will be maximized) and "info.txt" (<<will be minimized)
 

2

Download mbam-check.exe and save it to your desktop    from  http://downloads.malwarebytes.org/file/mbam_check

Double-click on mbam-check.exe to run it.
It should then open a log file CheckResults.txt
You should attach the CheckResults.txt file located on your desktop so that I can review.

Link to post
Share on other sites

Thank you so much for your help. Here are the files requested:

 

Log:

 

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2014-02-10 08:03:50
WIN_XP Service Pack 2
System drive C: has 23 GB (38%) free of 60 GB
Total RAM: 1015 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:04:10 AM, on 2/10/2014
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\SysWOW64\brsvc01a.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\SysWOW64\brss01a.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Spybot - Search & Destroy 2\SDWelcome.exe
D:\Spybot - Search & Destroy 2\SDScan.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Productivity 3.1 Toolbar - {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbPro2.dll
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Productivity 3.1 - {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbPro2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O3 - Toolbar: Productivity 3.1 Toolbar - {9427041a-a8dc-4d06-9a68-93873486e957} - C:\Program Files (x86)\Productivity_3.1\prxtbPro2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\Run: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sDTray] "D:\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\SysWow64\regedit.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-1767285634-1054598288-2392127687-1003\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks Web Connector.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBW32.EXE


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-help-qb6 - {6898B29B-BF49-43CB-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\SysWOW64\brsvc01a.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - D:\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - D:\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - D:\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 9100 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1767285634-1054598288-2392127687-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1767285634-1054598288-2392127687-500UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vgtofv6t.default

prefs.js - "extensions.enabledItems" -  "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@macromedia.com/FlashPlayer9]
"Description"=Adobe Flash Player 9.0
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/npracplug;version=1.0.0.0]
"Description"=Scriptable Plugin for RealArcade
"Path"=C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1]
"Description"=Yahoo VerInfo for Mozilla
"Path"=C:\Program Files (x86)\Yahoo!\Shared\npYVerInfo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\plugins\
NPOFFICE.DLL
nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-12-18 68480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9427041a-a8dc-4d06-9a68-93873486e957}]
Productivity 3.1 Toolbar - C:\Program Files (x86)\Productivity_3.1\prxtbPro2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-18 194128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-09 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9427041a-a8dc-4d06-9a68-93873486e957} - Productivity 3.1 Toolbar - C:\Program Files (x86)\Productivity_3.1\prxtbPro2.dll [2011-05-09 176936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-18 194128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"=C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"Intuit SyncManager"=C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2013-03-11 2778424]
"IndexSearch"=C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [2008-07-09 46368]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SDTray"=D:\Spybot - Search & Destroy 2\SDTray.exe [2013-07-25 5624784]
"Regedit32"=C:\WINDOWS\SysWow64\regedit.exe [2007-02-18 147456]
"PaperPort PTD"=C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [2008-07-09 29984]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Intuit Data Protect.lnk - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
QuickBooks Update Agent.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
QuickBooks Web Connector.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
QuickBooks_Standard_21.lnk - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBW32.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\EFS]
C:\WINDOWS\system32\sclgntfy.dll [2006-03-29 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon]
SDWinLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=lsass.exe []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp276c54cd\/load50.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp276c54cd\/load50.exe:*:Enabled:Microsoft Office"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9925c4b1\/bX7.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9925c4b1\/bX7.exe:*:Enabled:Microsoft Office"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpd5a5ce12\loadh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpd5a5ce12\loadh.exe:*:Enabled:Microsoft Office"
"D:\Spybot - Search & Destroy 2\SDTray.exe"="D:\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"D:\Spybot - Search & Destroy 2\SDFSSvc.exe"="D:\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"D:\Spybot - Search & Destroy 2\SDUpdate.exe"="D:\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"D:\Spybot - Search & Destroy 2\SDUpdSvc.exe"="D:\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iv50"=C:\WINDOWS\SysWOW64\ir50_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.l3acm"=C:\WINDOWS\SysWOW64\l3codeca.acm

======List of files/folders created in the last 1 month======

2014-02-10 08:03:51 ----D---- C:\Program Files (x86)\trend micro
2014-02-10 08:03:50 ----D---- C:\rsit
2014-02-09 18:11:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2014-02-09 18:11:12 ----A---- C:\Adaware_Installer.exe
2014-02-06 17:00:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-02-06 17:00:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2014-02-06 17:00:38 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

======List of files/folders modified in the last 1 month======

2014-02-10 08:03:51 ----RD---- C:\Program Files (x86)
2014-02-10 08:02:48 ----D---- C:\WINDOWS\SysWOW64
2014-02-10 08:01:49 ----SH---- C:\boot.ini
2014-02-10 07:33:58 ----A---- C:\WINDOWS\ntbtlog.txt
2014-02-09 18:59:43 ----A---- C:\WINDOWS\win.ini
2014-02-09 18:59:43 ----A---- C:\WINDOWS\SYSTEM.INI
2014-02-09 18:57:58 ----D---- C:\WINDOWS
2014-02-09 18:31:34 ----D---- C:\Temp
2014-02-09 18:25:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2014-02-09 18:21:40 ----D---- C:\WINDOWS\Temp
2014-02-09 18:17:17 ----HD---- C:\WINDOWS\inf
2014-02-09 18:15:29 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2014-02-09 18:15:24 ----D---- C:\WINDOWS\system32
2014-02-06 12:12:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-06 12:12:17 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-02-06 11:06:30 ----A---- C:\WINDOWS\Brownie.ini
2014-02-05 17:16:10 ----D---- C:\Program Files (x86)\Common Files\Real
2014-02-05 17:14:43 ----D---- C:\My Download Files
2014-02-05 16:24:35 ----D---- C:\WINDOWS\pss
2014-02-05 16:09:50 ----SD---- C:\WINDOWS\Tasks
2014-02-05 16:09:31 ----A---- C:\WINDOWS\imsins.BAK
2014-02-05 11:52:12 ----A---- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-05 11:52:08 ----A---- C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-02-05 10:52:27 ----D---- C:\WINDOWS\Prefetch
2014-01-22 16:59:39 ----D---- C:\WINDOWS\Minidump
2014-01-16 16:30:34 ----SHD---- C:\WINDOWS\Installer
2014-01-16 16:30:34 ----D---- C:\Config.Msi
2014-01-16 16:30:08 ----D---- C:\Program Files (x86)\Common Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys []
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys []
R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys []
R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys []
R3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys []
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL39A64.SYS []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys []
R3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys []
S2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS []
S4 adpu320;adpu320; C:\WINDOWS\SysWOW64\drivers\adpu320.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\SysWOW64\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\SysWOW64\drivers\arc.sys []
S4 iirsp;iirsp; C:\WINDOWS\SysWOW64\drivers\iirsp.sys []
S4 symmpi;symmpi; C:\WINDOWS\SysWOW64\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Brother XP spl Service;BrSplService; C:\WINDOWS\SysWOW64\brsvc01a.exe [2004-06-14 57344]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2013-03-11 45056]
R2 QBVSS;QBIDPService; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-12-22 1248256]
S2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-03 136176]
S2 SDScannerService;Spybot-S&D 2 Scanner Service; D:\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service; D:\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service; D:\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-03 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-21 194032]
S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2007-02-18 14848]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 859648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-06 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2012-12-22 61440]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-03-29 39424]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe []
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
 

info:

 

info.txt logfile of random's system information tool 1.09 2014-02-10 08:04:12

======Uninstall list======

Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 12 ActiveX-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe -maintain activex
Adobe Flash Player 12 Plugin-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_44_Plugin.exe -maintain plugin
Adobe Reader X (10.1.9)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Amyuni PDF Converter-->C:\Program Files (x86)\Amyuni PDF Converter\Setup.exe /u
AT&T Yahoo! Applications-->C:\PROGRA~2\Yahoo!\Common\uninstall.exe
Avance AC'97 Audio-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Brother HL-2140-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4F620D6A-8619-425B-9C4F-8B3B05A67A6B}\setup.exe" -l0x9  -removeonly /uninst
Brother HL-2700CN-->"C:\Program Files (x86)\Brother\BRHL2700\IsUninst.exe" -f"C:\Program Files (x86)\Brother\BRHL2700\DeIsL1.isu" -cbruninst.dll
Brother MFC-8680DN-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D92A4B88-9CBF-4149-B34F-0DD45EF4A760}\setup.exe" -l0x9  -removeonly /uninst
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_231F3FD17DB59CFD.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Malwarebytes Anti-Malware version 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2698023)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2698023\M2698023Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB2742597)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2742597\M2742597Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office 2003 Primary Interop Assemblies-->MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual Studio 2005 Tools for Office Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
Mozilla Firefox 26.0 (x86 en-US)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Productivity 3.1 Toolbar-->C:\Program Files (x86)\Productivity_3.1\uninstall.exe
QODBC Driver-->C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 7.0\Components\QODBC\UNINST.BAT
QuickBooks Enterprise Solutions: Mfg and Whsle Edition 13.0-->msiexec.exe /I {31566BB1-C43D-4D96-9504-57E42B1FD86D} UNIQUE_NAME="belwholesale" QBFULLNAME="QuickBooks Enterprise Solutions: Mfg and Whsle Edition 13.0" ADDREMOVE=1
QuickBooks Product Listing Service-->MsiExec.exe /I{55584E16-4D70-44EE-93DD-F144E8B7D4B7}
QuickBooks-->MsiExec.exe /I{31566BB1-C43D-4D96-9504-57E42B1FD86D}
ScanSoft PaperPort 11-->MsiExec.exe /I{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {480E8A87-3B8C-3ECE-8CEA-6B2349AE1C1F} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {897A5D64-963A-3C11-A176-F6766BD09D16} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {2B41E73E-C850-36E1-8BF6-D286EF80688D} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {BA941BCD-BC45-3D64-AB89-0F737907515C} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Extended
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Spybot - Search & Destroy-->"D:\Spybot - Search & Destroy 2\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

======Hosts File======

127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=EM64T Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
 

 

 

CheckResults:

 

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ        1.75.0.1300

Date Log Created: 02/10/14
Time Log Created: 08:05:05

User Account type: Administrator

64 bit Operating System

Product Name: REG_SZ        Microsoft Windows XP

Current Build Number: 3790

Current Version Number: 5.2

Current CSDVersion: Service Pack 2

OS Product Info: Professional

Proxy Status: No proxy is Set

LAN Settings:
=============

No Settings are Set        <--NOT DETECTING SETTING AUTOMATICALLY

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM
        PM
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's startup Folder Exists.


Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

TERMService:
==============
Type             : 32
State             : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE        : 1068
SERVICE_EXIT_CODE    : 0
CHECKPOINT        : 0
WAIT_HINT        : 0


TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================






Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

MBAM Startup Entries:
=====================





Service and Driver Status:
==========================

        <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector


        <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService


        <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler


        <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon


MBAMProtector Registry Values:
==============================


MBAMService Registry Values:
============================


MBAMScheduler Registry Values:
==============================



MBAM DLL's and Runtime Files:
=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
    (Default):                    REG_SZ        vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
    (Default):                    REG_SZ        {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}
HKEY_CLASSES_ROOT\Wow6432Node\vbAcceleratorSGrid6.vbalGrid
    (Default):                    REG_SZ        vbAccelerator Grid Control
HKEY_CLASSES_ROOT\Wow6432Node\vbAcceleratorSGrid6.vbalGrid\Clsid
    (Default):                    REG_SZ        {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
    (Default):                    REG_SZ        SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
    (Default):                    REG_SZ        {71A27032-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\SSubTimer6.GSubclass
    (Default):                    REG_SZ        SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\SSubTimer6.GSubclass\Clsid
    (Default):                    REG_SZ        {71A27032-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\SSubTimer6.CTimer
    (Default):                    REG_SZ        SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
    (Default):                    REG_SZ        {71A27034-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\SSubTimer6.CTimer
    (Default):                    REG_SZ        SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\SSubTimer6.CTimer\Clsid
    (Default):                    REG_SZ        {71A27034-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
    (Default):                    REG_SZ        SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
    (Default):                    REG_SZ        {71A2702F-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\SSubTimer6.ISubclass
    (Default):                    REG_SZ        SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\SSubTimer6.ISubclass\Clsid
    (Default):                    REG_SZ        {71A2702F-C7D8-11D2-BEF8-525400DFB47A}



HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
    (Default):                    REG_SZ        SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
    (Default):                    REG_SZ        1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
    (Default):                    REG_SZ        SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
    (Default):                    REG_SZ        1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
    (Default):                    REG_SZ        SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
    (Default):                    REG_SZ        1.0


HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
    (Default):                    REG_SZ        vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
    (Default):                    REG_SZ        2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
    (Default):                    REG_SZ        vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
    (Default):                    REG_SZ        2
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
    (Default):                    REG_SZ        vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
    (Default):                    REG_SZ        vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
    (Default):                    REG_SZ        CTimer
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
    (Default):                    REG_SZ        {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
    (Default):                    REG_SZ        vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
    (Default):                    REG_SZ        {DE8CE233-DD83-481D-844C-C07B96589D3A}
    Version                       REG_SZ        1.1
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
    (Default):                    REG_SZ        vbalGrid
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
    (Default):                    REG_SZ        {DE8CE233-DD83-481D-844C-C07B96589D3A}
    Version                       REG_SZ        1.1
MBAM Registry Settings and License Info:
========================================





HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
    alwaysscanfiles               REG_DWORD        1
    alwaysscanheuristics          REG_DWORD        1
    alwaysscanmemory              REG_DWORD        1
    alwaysscanregistry            REG_DWORD        1
    alwaysscanstartups            REG_DWORD        1
    autosavelog                   REG_DWORD        1
    openlog                       REG_DWORD        1
    defaultscan                   REG_DWORD        0
    terminateie                   REG_DWORD        0
    Language                      REG_SZ        English.lng




Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Scheduler Queue:
================



Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\Wow6432Node\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\Wow6432Node\Folder\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\Wow6432Node\MBAMExt.MBAMShlExt
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\Wow6432Node\MBAMExt.MBAMShlExt\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\Wow6432Node\MBAMExt.MBAMShlExt\CurVer
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\Wow6432Node\MBAMExt.MBAMShlExt.1
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\Wow6432Node\MBAMExt.MBAMShlExt.1\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
    (Default):                    REG_SZ        IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes' Anti-Malware\


MBAM Drivers:
=============



Required Dependencies:
======================

fltmgr:
==============
Type             : 2
State             : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE        : 0
SERVICE_EXIT_CODE    : 0
CHECKPOINT        : 0
WAIT_HINT        : 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    Type                          REG_DWORD        2
    Start                         REG_DWORD        0
    ErrorControl                  REG_DWORD        1
    Tag                           REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    DisplayName                   REG_SZ        FltMgr
    Group                         REG_SZ        FSFilter Infrastructure
    Description                   REG_SZ        File System Filter Manager Driver
    AttachWhenLoaded              REG_DWORD        1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security
    Security                      REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
    0                             REG_SZ        Root\LEGACY_FLTMGR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1
C:\WINDOWS\system32\comctl32.ocx    File Size: 608448    BYTES    FileVersion: 6.0.81.5
C:\WINDOWS\system32\mscomctl.ocx    File Size: 1070152   BYTES    FileVersion: 6.1.98.34
C:\WINDOWS\system32\olepro32.dll    File Size: 84480     BYTES    FileVersion: 5.2.3790.3959


List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes' Anti-Malware
7z.dll                            File Size:    914432 BYTES    FileVersion: 9.20.0.0
changes.txt                       File Size:       200 BYTES
license.rtf                       File Size:     17916 BYTES
mbam.chm                          File Size:    474148 BYTES
mbam.dll                          File Size:    527944 BYTES    FileVersion: 1.70.0.0
mbam.exe                          File Size:    887432 BYTES    FileVersion: 1.75.0.1
mbamcore.dll                      File Size:   1127496 BYTES    FileVersion: 1.70.0.0
mbamext.dll                       File Size:     95304 BYTES    FileVersion: 1.70.0.0
mbamgui.exe                       File Size:    532040 BYTES    FileVersion: 1.70.0.0
mbamnet.dll                       File Size:   2191944 BYTES    FileVersion: 1.70.0.0
mbampt.exe                        File Size:     40008 BYTES    FileVersion: 1.70.0.0
mbamscheduler.exe                 File Size:    418376 BYTES    FileVersion: 1.70.0.0
mbamservice.exe                   File Size:    701512 BYTES    FileVersion: 1.70.0.0
ssubtmr6.dll                      File Size:     46416 BYTES    FileVersion: 1.1.0.3
unins000.dat                      File Size:     31459 BYTES
unins000.exe                      File Size:    712264 BYTES    FileVersion: 51.52.0.0
unins000.msg                      File Size:     11277 BYTES
vbalsgrid6.ocx                    File Size:    496976 BYTES    FileVersion: 2.0.0.40

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon
chameleon.chm                     File Size:    186068 BYTES
firefox.com                       File Size:    218184 BYTES
firefox.exe                       File Size:    218184 BYTES
firefox.pif                       File Size:    218184 BYTES
firefox.scr                       File Size:    218184 BYTES
iexplore.exe                      File Size:    218184 BYTES
mbam-chameleon.com                File Size:    218184 BYTES
mbam-chameleon.exe                File Size:    218184 BYTES
mbam-chameleon.pif                File Size:    218184 BYTES
mbam-chameleon.scr                File Size:    218184 BYTES
mbam-killer.exe                   File Size:    896072 BYTES
rundll32.exe                      File Size:    218184 BYTES
svchost.exe                       File Size:    218184 BYTES
winlogon.exe                      File Size:    218184 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages
arabic.lng                        File Size:     21894 BYTES
belarusian.lng                    File Size:     26884 BYTES
bosnian.lng                       File Size:     27108 BYTES
bulgarian.lng                     File Size:     27574 BYTES
catalan.lng                       File Size:     28252 BYTES
chineseSI.lng                     File Size:     11024 BYTES
chineseTR.lng                     File Size:     11952 BYTES
croatian.lng                      File Size:     26670 BYTES
czech.lng                         File Size:     24874 BYTES
danish.lng                        File Size:     26582 BYTES
dutch.lng                         File Size:     28342 BYTES
english.lng                       File Size:     24542 BYTES
estonian.lng                      File Size:     25146 BYTES
finnish.lng                       File Size:     25950 BYTES
french.lng                        File Size:     29830 BYTES
german.lng                        File Size:     29894 BYTES
greek.lng                         File Size:     29300 BYTES
hebrew.lng                        File Size:     19362 BYTES
hungarian.lng                     File Size:     28666 BYTES
indonesian.lng                    File Size:     26854 BYTES
italian.lng                       File Size:     28194 BYTES
japanese.lng                      File Size:     16266 BYTES
korean.lng                        File Size:     14188 BYTES
latvian.lng                       File Size:     27100 BYTES
lithuanian.lng                    File Size:     27838 BYTES
norwegian.lng                     File Size:     25116 BYTES
polish.lng                        File Size:     26644 BYTES
portugueseBR.lng                  File Size:     28654 BYTES
portuguesePT.lng                  File Size:     29062 BYTES
romanian.lng                      File Size:     28290 BYTES
russian.lng                       File Size:     27302 BYTES
serbian.lng                       File Size:     26804 BYTES
slovak.lng                        File Size:     25644 BYTES
slovenian.lng                     File Size:     24852 BYTES
spanish.lng                       File Size:     30060 BYTES
swedish.lng                       File Size:     25992 BYTES
thai.lng                          File Size:     26092 BYTES
turkish.lng                       File Size:     25876 BYTES
vietnamese.lng                    File Size:     29528 BYTES

C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================
END OF FILE
 

Link to post
Share on other sites

Please do the following to see if it fixes the error:

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):

    pushd\windows\system32@color 48if exist "%programfiles(x86)%" regsvr32 "%programfiles(x86)%\Malwarebytes' Anti-Malware\mbamext.dll"if exist "%programfiles(x86)%" regsvr32 "%programfiles(x86)%\Malwarebytes' Anti-Malware\ssubtmr6.dll"if exist "%programfiles(x86)%" regsvr32 "%programfiles(x86)%\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"if not exist "%programfiles(x86)%" regsvr32 "%programfiles%\Malwarebytes' Anti-Malware\mbamext.dll"if not exist "%programfiles(x86)%" regsvr32 "%programfiles%\Malwarebytes' Anti-Malware\ssubtmr6.dll"if not exist "%programfiles(x86)%" regsvr32 "%programfiles%\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"
  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file MBAM Fix.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it on XP. For Vista please right click on it and choose Run As Admin
  • Click OK to each of the 3 dialog boxes that should show a success message for each file registered
  • If you get an error that REGSVR32 "is not recognized as an internal or external command, operable program or batch file", then ensure that the file REGSVR32.EXE exists in the %WINDIR%\SYSTEM32 folder. If it's not found there you can copy if from another Computer running the same operating system and service pack level.

    If that doesn't fix it then please download and install the Microsoft Visual Basic Common Controls from here to see if it helps.

Link to post
Share on other sites

Hi,

 

Thank you so much for the prompt response.

 

The files were successfully registered but the problem is not resolved. I proceeded to install the Microsoft Visual Basic Common Controls and restarted but the problem persists.

 

Is there something else I can try? Thanks!

Link to post
Share on other sites

Hello,

 

Keep in mind, that some XP 64-bit systems ( having been made a stepchild by MS as far as operating system updates) cannot always live well with our anti-malware program.

You could try just once, a different way of doing a new setup.

 

First, use mbam-clean to fully uninstall the program.

Download and SAVE & then run mbam-clean.exe from  http://www.malwarebytes.org/mbam-clean.exe

It will ask to restart your computer, please allow it to do so very important

 

Then another round of insuring a "clean boot" startup   ( a barebones Windows XP startup with barebones services and no auto-start user apps).

Take notes on what you do since after all is done, you will need to "undo" and put back.

 

Put XP in a clean boot state.
"How to configure Windows XP to start in a "clean boot" state"
http://support.microsoft.com/kb/310353

 

Once the system is started in a Clean Boot, try a new setup.

Download & SAVE  the latest version of Malwarebytes' Anti-Malware from http://downloads.malwarebytes.org/file/mbam
        
Run the mbam-setup.  IF your Windows is Vista / Windows 7 / 8, then do a Right-click on mbam-setup.exe and select Run as Administrator and allow to run.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version


Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.  

You may use the guides posted in the FAQ's { Frequently Asked Questions } http://forums.malwarebytes.org/index.php?showtopic=10138

 

AFTER all is done, go back and put back into normal Startup.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.