Jump to content

MBAM, Avira, GMER all disabled by malware


Recommended Posts

I'm not sure what it is I've become infected with, but it seems to redirect my browser activity when I try to go to security websites such as malwarebytes. I am able to install, update, and run Malwarebytes Anti-Malware, but the program crashes a few seconds into a scan, and thereafter mbam.exe cannot be opened. I can install, update again, but the same thing happens. I can install, update, and run Avira Anti-Virus, but it produces errors when trying to activate guard functions or initiate a scan. I have run Defogger, but there appears to be something it couldn't shut down. Here's the log:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 01:45 on 28/06/2011 (Administrator)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

Unable to read 1291140862.sys

SPTD -> Already disabled

-=E.O.F=-

Here is the dds.txt log from DDS. Also, attached is the attach.txt log from DDS. I cannot include the ark.txt log from GMER, as it crashes immediately after pressing the scan button, generating no log.

.

DDS (Ver_2011-06-23.01) - NTFSx86 MINIMAL

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24

Run by Administrator at 1:46:18 on 2011-06-28

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1311 [GMT -5:00]

.

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup

mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\v6\BelkinWCUI.exe

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\New Text Document

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{07772C4C-47D7-4B7C-A038-BB456A8C6700} : DhcpNameServer = 192.168.1.254

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-6-27 11608]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-27 136360]

S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-27 269480]

S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-27 61960]

S2 Belkin Wifi Service;Belkin Wifi Service;c:\program files\belkin\f5d8053\v6\WifiSvc.exe [2010-11-30 274432]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-30 584832]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-06-27 21:31:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-27 21:31:47 -------- d-----w- c:\program files\Avira

2011-06-27 21:31:47 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-06-27 18:41:15 15872 ----a-w- c:\windows\system32\drivers\1291140862.sys

2011-06-16 20:07:52 -------- d-----w- c:\program files\mp3splt-gtk

2011-06-16 20:07:28 -------- d-----w- c:\program files\mp3splt

2011-06-16 19:57:02 -------- d-----w- C:\Mp3 Output

2011-06-16 19:57:00 8676883 ----a-w- c:\windows\system32\mp3Media2.dll

2011-06-16 19:57:00 -------- d-----w- c:\program files\Smallvideosoft

2011-06-01 23:07:32 -------- d-----w- c:\program files\The Free YouTube Downloader

2011-06-01 08:14:38 -------- d-----w- c:\program files\eMule

2011-05-29 10:22:16 -------- d-----w- c:\documents and settings\all users\application data\Nexon

2011-05-29 10:13:10 -------- d-----w- c:\program files\BandiMPEG1

2011-05-29 10:08:06 -------- d-----w- C:\_vindictus stuff

2011-05-29 10:05:39 -------- d-----w- c:\documents and settings\all users\application data\NexonUS

2011-05-29 07:32:46 -------- d-----w- c:\documents and settings\all users\application data\PMB Files

2011-05-29 07:32:21 -------- d-----w- c:\program files\Pando Networks

.

==================== Find3M ====================

.

2011-06-28 06:40:56 769536 ----a-w- c:\windows\system32\drivers\update.sys

2011-06-28 06:40:42 104960 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 1:46:49.28 ===============

attach.zip

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.