Jump to content

antivirus soft, Mbam Wont update


Recommended Posts

Once again, another rogue spyware program gets through superantispyware, mbam, symantec, etc. Tried em all.

Issues : mbam will not update, I am getting an error code 732 (12029,0). Woke up today to the antivirus soft spyware program running. Followed a few suggestions (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft) but it didnt work. Below is my dds.txt file result pasted into email, as well as the attached zip file with the ark.txt and attach.txt in it. The only thing that is not pasted into this posting is the MBAM results, obviously because I cant update the program. I tried to uninstall and then reinstall but it didnt work. I tried running the setup from a flash drive, but I dont know if that would make a difference or not. That didnt work either, update gave me same error message.

I am going to try pulling the HD out and installing it into an enclosure to scan from another computer.

While I am trying that any help would be greatly appreciated.

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK

Run by Administrator at 12:39:21.60 on Fri 02/19/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2558.2287 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: antimalwareguard.com

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 192.168.1.2 test.bleepingcomputer.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\12wahz4g.default\

FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

S0 dapycevv;dapycevv;c:\windows\system32\drivers\velt.sys --> c:\windows\system32\drivers\velt.sys [?]

S0 jgnthfre;jgnthfre;c:\windows\system32\drivers\howbo.sys --> c:\windows\system32\drivers\howbo.sys [?]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]

S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]

S1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]

S2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-1-12 12672]

S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-9-10 1373480]

S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]

S3 diskmgr;diskmgr;\??\c:\windows\system32\diskmgr.sys --> c:\windows\system32\diskmgr.sys [?]

S3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\common files\symantec shared\eengine\EraserUtilDrvI9.sys [2010-1-8 102448]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\b.tmp --> c:\windows\system32\B.tmp [?]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100108.002\naveng.sys [2010-1-8 84912]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100108.002\navex15.sys [2010-1-8 1323568]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]

S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]

S4 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]

=============== Created Last 30 ================

2010-02-19 17:30:17 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-02-19 00:09:12 0 d-----w- c:\program files\MSECache

2010-02-16 23:47:24 266360 ----a-w- c:\windows\system32\TweakUI.exe

2010-02-16 23:47:24 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf

2010-02-13 05:09:20 0 d-----w- c:\program files\PowerISO

2010-02-11 01:42:06 0 d-----w- c:\docume~1\admini~1\applic~1\Elluminate

2010-02-08 15:57:39 54 ----a-w- c:\windows\system32\rp_stats.dat

2010-02-08 15:57:39 39 ----a-w- c:\windows\system32\rp_rules.dat

2010-01-29 06:40:26 0 d-----w- C:\cabs

2010-01-29 04:54:25 0 d-----w- c:\program files\Lavasoft

2010-01-29 04:51:28 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-01-26 00:41:24 29 ----a-w- c:\windows\DEBUGSM.INI

2010-01-25 06:17:39 8 ----a-w- c:\windows\system32\nvModes.dat

2010-01-25 05:52:40 54988 ----a-w- c:\windows\system32\nvmob.chm

2010-01-25 05:52:40 182347 ----a-w- c:\windows\system32\nvapps.nvb

2010-01-25 05:52:40 181895 ----a-w- c:\windows\system32\nvdsp.chm

2010-01-25 05:52:40 121529 ----a-w- c:\windows\system32\nvcpl.chm

2010-01-25 05:52:40 116384 ----a-w- c:\windows\system32\nv3d.chm

2010-01-25 05:47:58 0 d-----w- c:\windows\nvidia icons

2010-01-25 05:47:43 177348 ----a-w- c:\windows\system32\nvapps.xml

2010-01-25 05:47:42 442368 ----a-w- c:\windows\system32\nvudisp.exe

2010-01-25 05:47:42 18070 ----a-w- c:\windows\system32\nvdisp.nvu

2010-01-25 05:47:42 0 d-----w- c:\windows\nview

2010-01-25 05:47:24 442368 ----a-w- c:\windows\system32\NVUNINST.EXE

2010-01-25 05:47:18 0 d-----w- C:\NVIDIA

2010-01-24 09:36:26 0 d--h--w- c:\windows\system32\GroupPolicy

2010-01-24 09:01:18 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-01-24 09:01:07 0 d-----w- c:\program files\SUPERAntiSpyware

2010-01-24 09:01:07 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com

2010-01-24 03:42:57 563 ----a-w- c:\windows\system32\drivers\Shortcut to etc.lnk

2010-01-23 11:36:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-23 11:36:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-23 11:36:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-22 01:53:24 0 d-sh--w- c:\docume~1\admini~1\applic~1\SystemProc

2010-01-20 19:11:38 0 d-----w- c:\program files\Sophos

2010-01-20 17:58:03 0 d-----w- c:\documents and settings\administrator\Desktophelp

2010-01-20 17:47:23 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys

==================== Find3M ====================

2010-02-15 05:04:25 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2002-07-31 23:55:12 108 --sh--w- c:\windows\WSYS049.SYS

============= FINISH: 12:39:37.48 ===============

attach.zip

Link to post
Share on other sites

First, please uninstall "Lavasoft Ad-Aware"..

Please download The Avenger by Swandog46 and unzip it to your Desktop

Please open The Avenger. Then, please copy/paste the script inside the codebox into the Input script here: box..

Begin copying here:
Drivers to disable:
dapycevv
jgnthfre

Drivers to delete:
dapycevv
jgnthfre

Files to delete:
c:\windows\system32\drivers\velt.sys
c:\windows\system32\drivers\howbo.sys
c:\windows\WSYS049.SYS

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Now, click on Execute. Just say Yes at every prompted

The Avenger will automatically do the following:

[*]It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

[*]On reboot, it will briefly open a black command window on your desktop, this is normal.

[*]After the restart, it creates a log file that should open with the results of Avenger

Link to post
Share on other sites

Thank you for the reply. I had some luck with Spybot, made a couple of connection adjustments and then was able to update and run MBAM. Seems to be working like it was b4 i got hit. Whats the point of all this software if it doesnt work? THanks for your help.

First, please uninstall "Lavasoft Ad-Aware"..

Please download The Avenger by Swandog46 and unzip it to your Desktop

Please open The Avenger. Then, please copy/paste the script inside the codebox into the Input script here: box..

Begin copying here:
Drivers to disable:
dapycevv
jgnthfre

Drivers to delete:
dapycevv
jgnthfre

Files to delete:
c:\windows\system32\drivers\velt.sys
c:\windows\system32\drivers\howbo.sys
c:\windows\WSYS049.SYS

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Now, click on Execute. Just say Yes at every prompted

The Avenger will automatically do the following:

[*]It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

[*]On reboot, it will briefly open a black command window on your desktop, this is normal.

[*]After the restart, it creates a log file that should open with the results of Avenger

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.