More Run-time Error 0 and 440 trying to open Malwarebytes and others

Please Help....?

I'm getting Run-Time Error "0" and "440" when trying to open Malwarebytes and other apps. I've read the other post on this issue and one gave items to remove from HijackThis then said to reinstall Malwarebytes but the entries stated to remove are not in my HijackThis log, as seen below, and uninstalling and reinstalling the latest version of Malwarebytes (1.41) from the links given still gives me the errors. Again Please help?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:58 AM, on 13/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Multimedia\main\ATISched.EXE
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe
C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://marvel.com/catalog/?date=2009-06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Rogers Online Protection\Rogers Online Protection\pkR.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RogersServicepointAgent.exe] "C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\RemoteCenter\Rc\RcMan.EXE
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Scheduler] D:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKUS\S-1-5-20\..\Run: [zadinowako] Rundll32.exe "C:\WINDOWS\system32\bosonemo.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\TvUSB\EXPLBAR.DLL
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe (file missing)
O23 - Service: Rogers Online Protection (Radialpoint Security Services) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe
O23 - Service: Rogers Online Protection Firewall (RP_FWS) - Rogers - C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9631 bytes

Bump

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [anvshell] anvshell.exe
  O4 - HKUS\S-1-5-20\..\Run: [zadinowako] Rundll32.exe "C:\WINDOWS\system32\bosonemo.dll",s (User 'NETWORK SERVICE')
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Following the instructions as given... I get to Installing Malwarebytes from the link given and when it reaches the "Finishing Installation portion, I get a "vbAccelerator SGrid II Control" box with "Run-time error '0'" - Press OK - get "Malwarebytes' Anti-Malware" box giving "Run-time error '440': Automation error" - press OK and same 2 errors again.

Receive completion page of install and chose Update and Launch options and again same 2 errors given twice. '0' then '440' and '0' then '440' again.

Program shows as successfully installed but unable to launch, it just gives the same 2 errors.

I Get the same errors trying to run other programs as well. For example Uniblue's System Tweaker. Trying to uninstall and reinstall, unlike Malwarebytes', I get no errors but when attempting to at the end of, or after, installation I get the same two error boxes. The difference is the Run-time error '0' is in a "Sys TweakBtn" Box and Run-time error '440': Automation error is in a "System Tweaker" box.

It seems to be that both of these programs are trying to access a system file that is either missing or has been damaged or overwritten but I can't determine which one.

My system does seem to be a little less stable than before but these are the only error's I can pinpoint. Other issue that is most prominent is that CPU usage will jump to 100% and system will really bog down. The process that is causing it is attached to my Anti-Virus/Anti-Spyware suite provided by my ISP but no scans happening when it occurs. Of course these programs run fine if a little slow and scans are not returning any kind of Spyware or virus infection. I'm wondering if what did it could have already been cleaned and now I'm just left with the aftermath?

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-11-17.01 - Ajay 16/11/2009 19:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.1023.599 [GMT -5:00]
Running from: c:\documents and settings\Ajay\Desktop\Combo-Fix.exe
AV: Rogers Online Protection Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Rogers Online Protection Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ajay\Application Data\inst.exe
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.

2009-11-17 00:50 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-17 00:50 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-16 05:26 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 05:26 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-16 05:26 . 2009-11-16 05:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 00:23 . 2009-11-16 01:15 -------- d-----w- c:\documents and settings\Ajay\Application Data\nView_Wallpaper
2009-11-14 04:36 . 2005-10-21 03:31 540672 ----a-w- c:\windows\system32\msvcp80.dll
2009-11-14 04:23 . 2007-11-07 06:19 655872 ----a-w- c:\windows\system32\msvcr90.dll
2009-11-14 04:22 . 2007-04-05 17:16 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-11-13 06:38 . 2009-11-13 06:38 -------- d-----w- c:\program files\Trend Micro
2009-11-13 04:46 . 2009-11-13 04:46 -------- d-sh--w- c:\documents and settings\Ajay\IECompatCache
2009-11-13 04:31 . 2009-11-13 04:31 -------- d-----w- c:\program files\Raxco
2009-11-13 04:31 . 2009-11-13 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-11-13 03:56 . 2009-11-13 03:56 152576 ----a-w- c:\documents and settings\Ajay\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-13 03:55 . 2009-11-13 03:56 79488 ----a-w- c:\documents and settings\Ajay\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-13 02:23 . 2009-11-13 02:23 -------- d-----w- c:\documents and settings\Ajay\Application Data\Uniblue
2009-11-13 02:23 . 2009-11-16 05:41 -------- d-----w- c:\program files\Uniblue
2009-11-12 14:17 . 2009-11-13 03:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-12 14:17 . 2009-11-12 14:17 -------- d-----w- c:\program files\Java
2009-11-12 14:16 . 2009-11-13 00:55 -------- d-----w- c:\program files\PS3 Media Server
2009-11-11 23:56 . 2009-11-11 23:56 -------- d-----w- c:\documents and settings\Ajay\Local Settings\Application Data\Mozilla
2009-11-11 19:40 . 2009-11-11 19:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-11 19:19 . 2009-11-11 19:19 17528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 19:18 . 2009-11-11 19:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-11 19:18 . 2009-10-14 14:59 22696 ----a-w- c:\windows\system32\drivers\povrtdev.sys
2009-11-11 19:18 . 2009-11-11 19:18 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-11 19:17 . 2009-11-11 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMall
2009-10-28 18:40 . 2009-10-28 18:40 -------- d-sh--w- c:\documents and settings\Ajay\PrivacIE
2009-10-28 18:37 . 2009-10-28 18:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-28 18:36 . 2009-10-28 18:36 -------- d-sh--w- c:\documents and settings\Ajay\IETldCache
2009-10-28 18:08 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-28 18:07 . 2009-11-11 17:04 -------- d-----w- c:\windows\ie8updates
2009-10-28 18:07 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-28 18:07 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-28 18:05 . 2009-10-28 18:06 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 00:59 . 2009-08-13 16:40 217888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-17 00:58 . 2009-08-13 16:40 19989792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-16 23:49 . 2004-07-22 07:58 15771 ----a-w- c:\windows\system32\tablet.dat
2009-11-16 23:48 . 2009-08-13 16:40 274256 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-16 23:48 . 2009-08-13 16:40 24200 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-16 23:48 . 2006-01-01 16:12 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000002-80611102}.dat
2009-11-16 23:48 . 2006-01-01 16:12 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000002-80611102}.dat
2009-11-16 05:04 . 2004-07-22 05:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 13:35 . 2004-08-27 13:15 17144 ----a-w- c:\documents and settings\Ajay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 04:51 . 2004-07-22 07:08 -------- d-----w- c:\program files\Norton Utilities
2009-11-13 03:51 . 2006-07-01 15:13 -------- d-----w- c:\program files\DC++
2009-11-13 00:52 . 2007-09-18 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G4
2009-11-13 00:40 . 2007-08-13 05:21 -------- d-----w- c:\documents and settings\Ajay\Application Data\Vso
2009-11-13 00:40 . 2007-08-13 05:21 47360 ----a-w- c:\documents and settings\Ajay\Application Data\pcouffin.sys
2009-11-13 00:40 . 2007-08-13 05:21 47360 ----a-w- c:\documents and settings\Ajay\Application Data\pcouffin.sys
2009-09-11 14:18 . 2003-11-08 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2003-11-08 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2003-11-08 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\RemoteCenter\Rc\RcMan.EXE" [2002-04-03 122880]
"ATI Scheduler"="d:\program files\ATI Multimedia\main\ATISched.EXE" [2001-10-02 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"RogersServicepointAgent.exe"="c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2004-07-22 1257472]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-13 149280]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-02 24576]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-02-24 1495040]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-03-10 28160]

c:\documents and settings\Ajay\Start Menu\Programs\Startup\
Norton System Doctor.LNK - c:\program files\Norton Utilities\SYSDOC32.EXE [2004-7-22 24614]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-22 113664]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2005-10-13 438272]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Norton System Doctor.lnk - c:\program files\Norton Utilities\SYSDOC32.EXE [2004-7-22 24614]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2004-7-22 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"d:\\LightWave [8]\\Programs\\hub.exe"=
"d:\\LightWave [8]\\Programs\\lightwav.exe"=
"d:\\LightWave [8]\\Programs\\modeler.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\DFX Plus\\DFXPlus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:web
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21:TCP"= 21:TCP:FTP

R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [23/10/2004 2:10 PM 233816]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton Utilities\NPROTECT.EXE [22/07/2004 2:10 AM 135168]
R3 msvad_simple;PlayOn Virtual Audio Device;c:\windows\system32\drivers\povrtdev.sys [11/11/2009 2:18 PM 22696]
S3 Httpcyerr;Httpcyerr; [x]
S3 Ndismeupam;Ndismeupam; [x]
S3 nuvaudio;NUVision Audio Service;c:\windows\system32\drivers\nuvaudio.sys [16/09/2001 10:26 AM 21152]
S3 NUVision;%ServiceDescription%;c:\windows\system32\drivers\NUVision.sys [16/09/2001 10:32 AM 154976]
S3 Radialpoint Security Services;Rogers Online Protection;c:\program files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe [27/02/2009 9:52 PM 97520]
S4 PS3 Media Server;PS3 Media Server;"c:\program files\PS3 Media Server\win32\service\wrapper.exe" -s "c:\program files\PS3 Media Server\win32\service\wrapper.conf" --> c:\program files\PS3 Media Server\win32\service\wrapper.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://marvel.com/catalog/?date=2009-06
IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm
IE: Download &all with DAP - c:\progra~1\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: TruePass EPF 7,0,100,730 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
FF - ProfilePath - c:\documents and settings\Ajay\Application Data\Mozilla\Firefox\Profiles\4xgasusu.default\
FF - prefs.js: browser.startup.homepage - hxxp://marvel.com/catalog/?date=2009-06|http://spiderfan.org/comics/year/1997.html
FF - plugin: c:\program files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
FF - plugin: d:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Start WingMan Profiler - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 20:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys >>UNKNOWN [0x8778AE30]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8778ae30
\Driver\ACPI -> ACPI.sys @ 0xf757ecb8
\Driver\atapi -> atapi.sys @ 0xf7513b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: ASUSTeK/Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7408bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7415a21
SendHandler -> NDIS.sys @ 0xf73f387b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
Completion time: 2009-11-16 20:03
ComboFix-quarantined-files.txt 2009-11-17 01:03

Pre-Run: 13,254,156,288 bytes free
Post-Run: 14,972,936,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 535A47734CCFBBCF36086E50FF1501EF

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Still getting same erros trying to open MalwareBytes.

Same after uninstall reboot and reinstall.

The speed seems to be up again and lot seeing tyhe huge lag I was but on restart I'm getting an error indicating unable to find "C:\program". Wondering if it's a start up key looking for something that was in "C:\program files\..." but has been truncated? (Nothing in startup folder or startup in MSconfig that shows it's been truncated or isn't starting though.)

Not sure how much this will help but... issues all started after uninstalling Codecs and Nero and running registry cleaner following instructions here to set up Media Server. After first reboot found first registry cleaner wouldn't run (no errors) and then found that Malware Bytes and other software wouldn't run and giving these errors. This is what led me here.

Not sure what that errors about, we can look at that soon if it continues. Since we don't have MBAM, lets use this.

Please use the Internet Explorer and run a BitDefender Online scan from Here

• Please check I agree with the Terms and Conditions and click Start Here
  
• You will need to allow an Active X install for the scan to run.
  
• Leave the scanning options at default and click Start Scan
  

Please post the results in your next reply.

Found another infection but still getting original errors on Malwarebytes'

BitDefender Online Scanner - Real Time Virus Report

Generated at: Tue, Nov 17, 2009 - 21:50:07

Scan Info

Scanned Files

488642

Infected Files

3

Virus Detected

Gen:Trojan.Heur.GM.000480A108

1

Gen:Trojan.Heur.fq4@IvrKhWk

2

Is that a full log? did it remove what it found?

Oops, there were 3 different logs saying the same thing, I grabbed the shortest, and may have missed some but yes, it said 3 files found and deleted all 3.

Can you copy and paste what those files were? just want to take a quick peek.

Unfortunately I can't get the first log back. I was able to find the log I posted, located in my history, and I didn't miss any of it, that was all that was in it. I can't find or reproduce any of the other completion pages that popped up during the scan. I can only tell you what I remember from watching it.

It removed a file called sasquatch.p which was a plugin for a 3D animation application I haven't used in a couple of years (found on my apps drive D:). It also removed 2 copies of a .dll file, I can't remember the name of, that was found both on my current C: drive under Windows\System32 and in the same location on a secondary drive that was a clone of my C: drive from over 2yrs. ago. (H:)

Although it's nice to know that I'm finally rid of infected files that nȯne of my Anti-Malware, Anti-Spyware, AntiVirus programs found in over 2 yrs. I'm sure that they have nothing to do with the issue that started happening this past week.

I wish that I had continued with cloning my C: drive after each update or application change as it would have made solving this issue a lot easier.

We live, we learn!.

Still having problems?

Yes, still getting the same error messages when trying to open Malwarebytes' Anti-Malware and Uniblue's System Tweaker.

Not getting the unable to find C:\program error on startup anymore though.