Jump to content

Malwarebytes stuck in a loop


Recommended Posts

@ Legendofham+

You can try to install it again... see what happens, it won't harm the pc, I'm trying to check and see if Malwarebytes is supported by your XP Ulitimate version. So I have appx: 2-3 windows open. No harm in doing an install, unless someone higher that me says stop.... see what I mean

Link to post
Share on other sites

  • Replies 77
  • Created
  • Last Reply

Top Posters In This Topic

@ Legendofham+

You can try to install it again... see what happens, it won't harm the pc, I'm trying to check and see if Malwarebytes is supported by your XP Ulitimate version. So I have appx: 2-3 windows open. No harm in doing an install, unless someone higher that me says stop.... see what I mean

okay i'm going to retry.

Link to post
Share on other sites

my computer is just fine, just that malwarebytes quick scan has the same problem as when this whole thing started

I know we have 65 posts, I need the admins or upper staff to reply to you now. Those instructions came from up-stairs... If you want to remove the Malwarebytes program. I'll repost the instructions... but bookmark this so you can see replies from the upper staff....

Link to post
Share on other sites

I know we have 65 posts, I need the admins or upper staff to reply to you now. Those instructions came from up-stairs... If you want to remove the Malwarebytes program. I'll repost the instructions... but bookmark this so you can see replies from the upper staff....

okay, someone reply to me called shadowwar but i can't see the post, is this thread full?

Link to post
Share on other sites

  • Root Admin

For now please simply stop scanning with the program if it's causing an issue.

Run the following scanner and post back the results please.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

Just to add to or clear up the problem... This XP Ultimate is a custom made BOOTLEG version of windows distributed via bittorrent. I will not provide links google can do that, If some friend or shop put that on this computer then he should demand a legal version be installed.

Link to post
Share on other sites

Hi -

Go to the start of the topic and click on options and select an email of yours - You will get an email reply each time you get a response here -

Or just press F5 every few mins and the new items will be shown -

Thank You -

Anybody reading any thread can select while using FULL EDITOR when replying. If one is in the middle and decides it's interesting, he/she can join in; the original TOPIC starter can enable it from the git go and so on. Just check the box where my arrow is pointing. (this option ONLY appears when using the full editor.)

@John: Some more interesting stuff in the 2012/southern lights thread - FYI :(

~Shy

Link to post
Share on other sites

okay here is the reports the admin requested

DDS (Ver_10-03-17.01) - NTFSx86

Run by Wong at 15:25:37.25 on Mon 10/04/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1236 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

svchost.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nero\Nero8\InCD\InCD.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Firefox\firefox.exe

C:\Program Files\Firefox\plugin-container.exe

c:\program files\avira\antivir desktop\avcenter.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Users\Wong\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = *.local

mWinlogon: UIHost=%SystemRoot%\System32\ultlogonui.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll

TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll

TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll

uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup

mRun: [ultimateServices] c:\windows\system32\ultsvcs.exe /startup

mRun: [inCD] c:\program files\nero\nero8\incd\InCD.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

dPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\wong\applic~1\mozilla\firefox\profiles\altmiiaw.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: c:\program files\firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-27 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-27 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-27 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-27 60936]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176]

S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\ava\binaries\gameguard\dump_wmimmc.sys --> c:\ijji\english\ava\binaries\gameguard\dump_wmimmc.sys [?]

S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SQTECH9051;DB VGA Cam;c:\windows\system32\drivers\Capt9051.sys [2010-8-10 38656]

S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]

S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]

S3 XDva358;XDva358;\??\c:\windows\system32\xdva358.sys --> c:\windows\system32\XDva358.sys [?]

S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]

S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-6-10 53032]

=============== Created Last 30 ================

2010-09-24 00:27:22 0 d-----w- c:\program files\iPod

2010-09-24 00:27:19 0 d-----w- c:\program files\iTunes

2010-09-06 21:18:50 0 d-----w- c:\users\alluse~1\applic~1\NexonUS

2010-09-06 21:18:50 0 d-----w- C:\Nexon

2010-09-06 05:20:22 2101017712 ----a-w- C:\MSSetupv89.exe

2010-09-06 05:19:04 0 d-----w- c:\users\alluse~1\applic~1\PMB Files

2010-09-06 05:18:29 0 d-----w- c:\program files\Pando Networks

==================== Find3M ====================

2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2008-01-22 03:51:13 121 ---ha-w- c:\program files\desktop.ini

2010-04-27 00:06:32 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat

2010-04-27 00:06:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat

2010-04-27 00:06:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010042620100427\index.dat

2010-04-27 00:06:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 15:25:56.79 ===============

Attach.zip

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.