pvonkaenel

I do still need help with this situation. I have already followed the instructions on what to do before you post, the logs are above. Also above is an explanation of what I am dealing with. Basically I have PC antivirus 2010 on an XP machine. I was able to download, install, and update malwarebytes. However when I tried to run the scan the Malwarebytes program shutdown after about 3 seconds and I am unable to restart the malwarebytes program again. Thanks,

Hi, I could really use some guidance. My PC is infected with PC antivirus 2010, I was able to install and update Malwarebytes, however when I tried to start the scan Malwarebytes closed after about 3 seconds and now I am unable to open Malwarebytes again. I have already tried to re-install malwarebytes and change the file extensions from .exe to .com on both mbam_setup for the install and then to Mbam to run the program, the end result was the same as listed above. I do have the DDS.txt, attach.txt, and ark.txt files I will attach them. DDS (Ver_09-12-01.01) - NTFSx86 Run by Administrator at 16:11:44.28 on Mon 03/15/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.203 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\administrator.SESC\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mSearchAssistant = hxxp://www.google.com TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [PC Antispyware 2010] "c:\program files\pc_antispyware2010\PC_Antispyware2010.exe" /hide mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxdev.dll AppInit_DLLs: cru629.dat SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll Hosts: 172.16.1.73 dena07 Hosts: 172.16.1.24 dena05 ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-7 130936] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-8-7 348752] R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-8-7 1097096] S2 AntipPro2009_12;AntipyPro_12;c:\windows\svchast.exe --> c:\windows\svchast.exe [?] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] =============== Created Last 30 ================ 2010-03-15 20:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-15 20:00:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-15 19:56:10 11264 ----a-w- c:\windows\braviax.exe 2010-03-15 19:08:24 6144 ----a-w- c:\windows\system32\cru629.dat 2010-03-15 19:08:24 6144 ----a-w- c:\windows\cru629.dat 2010-03-15 19:08:24 11264 ----a-w- c:\windows\system32\braviax.exe 2010-03-15 18:32:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware ==================== Find3M ==================== 2010-03-15 19:08:24 11264 ----a-w- c:\windows\braviax.exe.vir 2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-01-07 14:43:44 17537 ----a-w- c:\docume~1\alluse~1\applic~1\zotatoh.exe 2009-10-27 14:37:10 15297 ----a-w- c:\program files\common files\qemyv.ban 2009-08-07 19:21:44 19817 ----a-w- c:\program files\common files\ujuvakym.reg 2009-08-07 19:21:44 15500 ----a-w- c:\program files\common files\umer.sys ============= FINISH: 16:12:30.56 =============== GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-15 16:18:38 Windows 5.1.2600 Service Pack 2 Running: 3g457n4l.exe; Driver: C:\DOCUME~1\ADMINI~1.SES\LOCALS~1\Temp\uxdyapoc.sys ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF82AD514] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF829C282] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF829C474] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF82ADD00] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF82ADFB8] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF82AC3FA] SSDT \SystemRoot\System32\Drivers\Beep.SYS ZwQuerySystemInformation [0xF85171A0] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF82AE422] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF82AD7D8] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF829BF32] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [648] 0x35670000 Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [952] 0x35670000 Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1056] 0x35670000 Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1176] 0x35670000 Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1256] 0x35670000 Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [1300] 0x35670000 Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1416] 0x35670000 Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [1672] 0x02070000 Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\Program Files\Spyware Doctor\pctsSvc.exe [1808] 0x35670000 Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2032] 0x35670000 Process C:\WINDOWS\system32\braviax.exe (*** hidden *** ) 2460 Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3900] 0x35670000 ---- EOF - GMER 1.0.15 ---- Attach.zip

Thanks, I will follow the instructions

I am trying to remove PC Antispyware 2010, I was allowed to install and run the Mbam.exe file and update Malwarebytes. When I tried to start the scan Malwarebytes closed and now I am unable to open Malwarebytes at all. Please help. Thanks in advance,