MBAM Shuts Down after 10 seconds

[EverettE]

I have some sort of virus!!!! Help!

Running MBAM shuts down after 5 or 10 seconds with latest updates. Ran DDS and it completed. That log is below. Ran GMER and it quit after 5 seconds, not generating any logs.

Please help!

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 8.0.6001.18702

Run by Everett at 20:09:57 on 2011-08-25

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.664 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\929075084:1936760776.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/default.asp?affid=105-36&dtag=4h3xt61

uInternet Settings,ProxyServer = http=127.0.0.1:6092

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\supertoolbar\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: {E3215F20-3212-11D6-9F8B-00D0B743919D} - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll

TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\supertoolbar\GenericAskToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll

EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [security Protection] c:\documents and settings\all users\application data\defender.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [iAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\point32.exe"

mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{3e5562ed-69ab-4cec-91e2-64e18ec5acc6}\Icon3E5562ED7.ico

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab

DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://project/projectserver/objects/pjclient.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258220304250

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://project/projectserver/objects/1033/pjcintl.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1 68.238.96.12

TCP: Interfaces\{AA3595E4-AC9E-41BA-A855-CB749387BFC1} : DhcpNameServer = 192.168.1.1 68.238.96.12

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-11 40840]

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]

R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-11 66952]

R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-11 81288]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-11 356920]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]

S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]

S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\microsoft.net\framework\v4.0.21006\mscorsvw.exe [2009-10-7 129856]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-9-10 156968]

S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-11 1079176]

S2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\compact wireless-g usb network adapter with speedbooster\WLService.exe [2007-1-15 53307]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2011-1-2 33792]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]

S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-9-15 47616]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [2009-10-7 752984]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2011-08-25 21:50:16 -------- d-----w- c:\program files\ESET

2011-08-25 21:38:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-25 21:38:40 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-25 21:38:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-25 19:03:38 -------- d-----w- c:\program files\common files\iS3

2011-08-24 22:02:42 546256 ----a-r- c:\windows\system32\SZComp5.dll

2011-08-24 22:02:42 456144 ----a-r- c:\windows\system32\SZBase5.dll

2011-08-24 22:02:42 22992 ----a-r- c:\windows\system32\SZIO5.dll

2011-08-24 22:02:42 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll

2011-08-24 22:02:40 99792 ----a-r- c:\windows\system32\IS3Svc5.dll

2011-08-24 22:02:40 99792 ----a-r- c:\windows\system32\IS3Inet5.dll

2011-08-24 22:02:40 67024 ----a-r- c:\windows\system32\IS3Hks5.dll

2011-08-24 22:02:40 398800 ----a-r- c:\windows\system32\IS3DBA5.dll

2011-08-24 22:02:40 28624 ----a-r- c:\windows\system32\IS3XDat5.dll

2011-08-24 22:02:38 738768 ----a-r- c:\windows\system32\IS3Base5.dll

2011-08-24 22:02:38 390608 ----a-r- c:\windows\system32\IS3UI5.dll

2011-08-24 22:02:38 230864 ----a-r- c:\windows\system32\IS3Win325.dll

2011-08-21 23:18:36 -------- d-----w- c:\windows\9E23819E8AF44D25A7FE7756C9E3DBB9.TMP

2011-08-16 17:46:16 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-16 17:45:55 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys

.

==================== Find3M ====================

.

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-30 00:18:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 20:10:12.57 ===============

[daledoc1]

Hello, and welcome to Malwarebytes, EverettE:

Sorry to hear that your computer may be infected -- when MBAM shuts down like that after starting a scan, that is a likely sign of infection.

Alas, we cannot review scan logs or work on malware detection/removal in this part of the General MBAM forum.

The following information will help you get started on the cleaning process.

Excellent, self-help troubleshooting info for getting MBAM to run on an infected machine can be found here.

And there are specific, self-help malware removal instructions here.

If you would like expert assistance with cleaning your system, there are 3 support options from which to choose:

• Option 1 -- Free, Expert advice in the Malware Removal Forum
  
• Option 2 -- Free support for paying customers using MBAM PRO -- Contact MBAM Support via email
  
• Option 3 -- Premium, Fee-Based Support
  

OPTION 1

As we don't deal with malware removal in this General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware related problems/infections you may have.

• First, please print out, read and follow the directions here, skipping any steps you are unable to complete.
  
• If the infection has so crippled the computer that you cannot follow most/all of the requested steps, then please just proceed as advised below:
  
• Then please post a NEW topic here.
  
• When posting your new thread, please make sure that, under "options", you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  
• One of the expert helpers there will give you free, one-on-one assistance when one becomes available.
  
• Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  

IMPORTANT NOTE:Please DO NOT post back to your topic or "bump" it within the first 48 hours.

Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.

• 
  o If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  Or
  o You may send a Private Message to a Moderator asking for assistance.
  

OPTION 2

Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3

If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient -- someone will assist you as soon as it is possible.

Thanks very much!

daledoc1

PS: Please use the button instead of other ones when you reply here and at the other forums, so that it will be easier to read.