Jump to content

MBAM 1.5 Overflow Error


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at ?? 12:56:08, on 2010-12-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AhnLab\V3 365 Clinic\V3LTray.exe

C:\Program Files\KTEC\KTM-9500+\KTMPro.exe

C:\Program Files\LG LIP2610\lednmon.exe

C:\Program Files\LG LIP2610\ezprint.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\AUDIOTRAK\MAYA EX5\SNXUACP.exe

C:\Documents and Settings\OemPc\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\WINDOWS\system32\ledncoms.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AhnLab\V3 365 Clinic\V3LSvc.exe

D:\??? ??? ?? ?? & ???? ??\??? ?? ??\?? ???? ??\?????? 2.2\x86\ProcessHacker.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\AhnLab\V3 365 Clinic\V3Light.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing

O2 - BHO: Loader - {09A1A7FF-47CF-4b75-9449-AC292F4CCAF7} - C:\Documents and Settings\All Users\Application Data\DragSearch\DragSearch.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SiteGuard - {19217B99-F935-4A39-B857-A68A68D5BEBB} - C:\Program Files\AhnLab\SiteGuard2\SGAgenti.dll

O2 - BHO: gsearch - {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AhnLab Tray Process] "C:\Program Files\AhnLab\V3 365 Clinic\V3LTray.exe" /logon

O4 - HKLM\..\Run: [DragSearch] C:\Documents and Settings\All Users\Application Data\DragSearch\Updater.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KTMPro] C:\Program Files\KTEC\KTM-9500+\KTMPro.exe

O4 - HKLM\..\Run: [lednmon.exe] "C:\Program Files\LG LIP2610\lednmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\LG LIP2610\ezprint.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\OemPc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')

O8 - Extra context menu item: ????? ???(&S) - res://C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll/201

O8 - Extra context menu item: ????? ??(&E) - res://C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll/202

O9 - Extra button: ?TV??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dll

O9 - Extra 'Tools' menuitem: ?TV??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dll

O9 - Extra button: ?? ????, 11?? - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmal...;tid=1000105205 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} (Session2 Class) - http://dl.pmang.com/common/pmangctl/pmangax.cab

O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe

O23 - Service: lednCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lednserv.exe

O23 - Service: ledn_device - - C:\WINDOWS\system32\ledncoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SiteGuard Service (sgsvc) - AhnLab, Inc. - C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe

O23 - Service: V3 365 Clinic Service - AhnLab, Inc. - C:\Program Files\AhnLab\V3 365 Clinic\V3LSvc.exe

--

End of file - 5963 bytes

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.