MBAM Errors "0" and "440"

[piratesteve83]

hi advancedsetup, i ran dds with no problem, but i tried running GMER twice, and it crashed my computer both times. it said that the problems were caused by these two files:

C:\DOCUME~1\User\LOCALS~1\Temp\WERd57f.dir00\Mini121609-02.dmp

C:\DOCUME~1\User\LOCALS~1\Temp\WERd57f.dir00\sysdata.xml

and this is the error signature (don't know if it helps):

BCCode : 100000d1 BCP1 : 00000000 BCP2 : 0000001C BCP3 : 00000001

BCP4 : 889FD00C OSVer : 5_1_2600 SP : 3_0 Product : 768_1

i'm confused as to why it crashed, because the last time i ran GMER it worked fine. that was before i did all of the malware removal stuff on here, though.

ok, here's the DDS log:

DDS (Ver_09-12-01.01) - NTFSx86

Run by User at 22:35:05.62 on Wed 12/16/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1490 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab

DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\ef2vcnrg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071701000002.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-9 333192]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-9 28424]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-9 360584]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 74480]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-9 906520]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-9 285392]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 CPEb;CPEB;\??\c:\windows\system32\drivers\cpeb.sys --> c:\windows\system32\drivers\CPEB.SYS [?]

=============== Created Last 30 ================

2009-12-17 02:02:31 0 d-----w- c:\program files\2Wallace And Gromit Ep1 - Fright Of The Bumblebees

2009-12-16 17:26:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-16 17:26:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-12-16 17:26:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-16 17:26:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-09 22:52:14 0 d--h--w- c:\windows\msdownld.tmp

2009-12-09 22:32:15 0 d-----w- c:\program files\eMule

2009-12-09 17:11:47 0 d--h--w- C:\$AVG

2009-12-09 17:11:36 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-12-09 17:11:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-12-09 17:11:28 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-12-09 17:11:19 0 d-----w- c:\windows\system32\drivers\Avg

2009-12-09 17:11:02 0 d-----w- c:\program files\AVG

2009-12-09 17:11:00 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9

2009-12-09 06:26:40 270336 ------w- c:\windows\system32\dllcache\oakley.dll

2009-12-09 06:26:34 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll

2009-12-09 06:26:34 265728 ------w- c:\windows\system32\dllcache\http.sys

2009-12-09 06:26:34 25088 ------w- c:\windows\system32\dllcache\httpapi.dll

2009-12-09 06:26:27 79872 ------w- c:\windows\system32\dllcache\raschap.dll

2009-12-09 06:26:27 149504 ------w- c:\windows\system32\dllcache\rastls.dll

2009-12-09 05:33:52 260096 ----a-w- c:\windows\PEV.exe

2009-12-01 01:49:24 0 d-----w- c:\program files\Windows Resource Kits

2009-11-29 18:29:24 0 ----a-w- c:\documents and settings\user\defogger_reenable

2009-11-28 02:21:19 73728 ----a-w- c:\windows\system32\javacpl.cpl

2009-11-27 03:12:55 0 d-----w- c:\program files\Panda Security

2009-11-26 21:30:18 0 d-----w- c:\program files\ESET

2009-11-26 04:02:30 15360 ----a-w- c:\windows\system32\dllcache\ctfmon.exe

2009-11-26 04:02:30 15360 ------w- c:\windows\system32\ctfmon.exe

2009-11-26 01:15:12 50176 ----a-w- c:\windows\system32\proquota.exe

2009-11-26 01:15:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

2009-11-26 01:09:59 0 d-sha-r- C:\cmdcons

2009-11-24 20:21:16 0 d-----w- c:\docume~1\user\applic~1\QuickScan

2009-11-24 19:36:57 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2009-12-02 05:15:45 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys

2009-12-02 05:15:45 96512 ------w- c:\windows\system32\drivers\atapi.sys

2009-11-28 02:20:59 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-29 19:16:58 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll

2009-10-28 14:36:11 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2009-10-28 14:36:11 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe

2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe

2009-10-28 06:52:46 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll

2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll

2008-05-21 20:00:34 92672 ----a-w- c:\program files\KillBox.exe

2008-09-09 03:08:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 22:35:38.18 ===============

Attach.zip

[AdvancedSetup]

Please temporarily disconnect from the Internet and uninstall your Anti-Virus and other Security Software and reboot the computer.

Then run GMER again but do not click on scan. Just let it do it's own basic mini scan as it starts up.

Then hopefully it will produce a mini log that we can review. If needed take screen shot of it if you can't get the log.

Then re-install your AV and security software and reconnect back to the Internet and let me know what you find.

[piratesteve83]

so i followed all your instructions, and there were no files detected in the preliminary scan. so i did a full scan, and it completed without crashing with no infections detected.

[piratesteve83]

i still have the errors, by the way. anything else i can try?