Jump to content

Malwarebytes Crashes Soon After Starting


Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07

Run by Bernard Roy at 21:21:36 on 2011-11-06

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.850 [GMT -5:00]

.

AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\3017992546:2635472204.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\AT&T\Internet Security Wizard\ISW.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\BitComet\BitComet.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://meta-finder.com/

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program

files\sophos\sophos anti-virus\SophosBHO.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program

files\bitcomet\tools\BitCometBHO_1.5.4.11.dll

BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07

\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common

files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program

files\bae\BAE.dll

TB: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File

TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common

files\ahead\lib\NMBgMonitor.exe"

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [updateFlow.ATT-SST] c:\program files\att-sst\mccibrowser.exe -appkey=att-sst -

url=file://c:\program files\att-sst\offlineupdate\redirector.htm

uRun: [1840607642] c:\documents and settings\bernard roy\local settings\application data\jao.exe

mRun: [HelpCenter4.1] c:\program files\bellsouth\helpcenter40b\bin\sprtcmd.exe /P HelpCenter4.1

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"

mRun: [iSW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN

mRun: [sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe

/install /silent

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_07\bin\ssv.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} -

c:\windows\system32\Shdocvw.dll

LSP: mswsock.dll

Trusted Zone: motive.com\pattta.att

Trusted Zone: motive.com\patttbc.att

Trusted Zone: zdnet.com\www

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-

8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-

windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {92EB41C4-A271-42C5-999A-4816A3CFCB27} - hxxp://dcs.ebookbank.jp/krm_auto/krins.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142

-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-

windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-

windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-

windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-

windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-

windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-

windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://notes.flvs.net/dwa7W.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{C05F3F03-9A2F-40A8-9170-48D7C3AB18C9} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32

\WPDShServiceObj.dll

LSA: Notification Packages = scecli

Hosts: 91.212.65.122 browser-security.microsoft.com

Hosts: 91.212.65.122 antiwareprotect.com

Hosts: 91.212.65.122 www.antiwareprotect.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\bernard roy\application

data\mozilla\firefox\profiles\ely7rsk6.default\

FF - prefs.js: browser.startup.homepage - hxxp://meta-finder.com/

FF - component: c:\documents and settings\bernard roy\application

data\mozilla\firefox\profiles\ely7rsk6.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}

\components\IBitCometExtension3.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\picasa2\npPicasa2.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.startup.homepage - hxxp://meta-finder.com/

.

============= SERVICES / DRIVERS ===============

.

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-3-23 33824]

R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\nikon\wireless camera setup utility\NkPtpEnum.exe [2005-6

-17 26112]

R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [2005-6-17 17664]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys -->

c:\windows\system32\drivers\MpFilter.sys [?]

S1 MpKsl205a7a4c;MpKsl205a7a4c;\??\c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition updates\{584cf3c6-6dc7-454e-adc5-133137499086}

\mpksl205a7a4c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{584cf3c6-6dc7-454e-adc5-133137499086}\MpKsl205a7a4c.sys [?]

S1 MpKsl96e41a20;MpKsl96e41a20;\??\c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition updates\{129ae583-3cab-47ab-a23a-96ad96834c93}

\mpksl96e41a20.sys --> c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{129ae583-3cab-47ab-a23a-96ad96834c93}\MpKsl96e41a20.sys [?]

S1 MpKslde0c1f23;MpKslde0c1f23;\??\c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition updates\{9428a738-61fa-4968-a18d-b719f97b02db}

\mpkslde0c1f23.sys --> c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{9428a738-61fa-4968-a18d-b719f97b02db}\MpKslde0c1f23.sys [?]

S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys -->

c:\windows\system32\drivers\savonaccesscontrol.sys [?]

S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys -->

c:\windows\system32\drivers\savonaccessfilter.sys [?]

S2 A4SII300;A4SII300;c:\windows\system32\drivers\a4sii300.sys [2009-9-22 25632]

S2 RpcSss;Remote Procedure Call (RPC)Server;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10

14336]

S2 SAVAdminService;Sophos Anti-Virus status reporter;"c:\program files\sophos\sophos anti-

virus\savadminservice.exe" --> c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [?]

S2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-10-21

97520]

S2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;"c:\program files\sophos\autoupdate\alsvc.exe"

--> c:\program files\sophos\autoupdate\ALsvc.exe [?]

S2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web

intelligence\swi_service.exe --> c:\program files\sophos\sophos anti-virus\web

intelligence\swi_service.exe [?]

S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2007-7-6

69120]

S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2007-6-1 32512]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-11-6 27064]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-11

-16 550272]

S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2005-7-28 88080]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\sophosbootdriver.sys -->

c:\windows\system32\drivers\SophosBootDriver.sys [?]

.

=============== Created Last 30 ================

.

2011-11-06 21:17:40 -------- d-----w- c:\windows\system32\CatRoot_bak

2011-11-06 18:48:08 -------- d-----w- c:\documents and settings\bernard roy\local

settings\application data\VS Revo Group

2011-11-06 18:47:50 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-11-06 18:47:48 -------- d-----w- c:\program files\VS Revo Group

2011-11-06 17:44:57 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-11-06 17:44:57 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-06 17:24:29 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2011-11-06 16:59:49 48016 --sha-w- c:\windows\system32\c_31652.nl_

2011-11-06 14:31:19 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll

2011-11-06 14:30:51 -------- d-----w- c:\program files\common files\xing shared

2011-11-06 14:30:35 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll

2011-11-06 14:30:26 107008 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll

2011-11-06 13:51:02 -------- d-----w- c:\documents and settings\all

users\application data\ErrorEND

2011-11-06 13:00:33 -------- d-----w- c:\documents and settings\bernard

roy\application data\Malwarebytes

2011-11-06 13:00:20 -------- d-----w- c:\documents and settings\all

users\application data\Malwarebytes

2011-11-06 13:00:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-06 13:00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-06 12:33:58 -------- d-----w- c:\program files\Microsoft Security Client

2011-11-06 11:41:54 -------- d-sh--w- c:\documents and settings\bernard roy\local

settings\application data\62e9e2b3

2011-11-06 11:41:36 836096 ----a-w- c:\documents and settings\all users\application

data\privacy.exe

.

==================== Find3M ====================

.

2011-11-06 20:33:56 96256 -c--a-w- c:\windows\system32\drivers\sptddrv1.sys

2011-11-06 14:30:17 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-11-06 14:27:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-04 15:32:19 0 ----a-w- c:\documents and settings\all users\application

data\vkdt.exe

2011-09-04 15:32:19 0 ----a-w- c:\documents and settings\all users\application

data\pwes.exe

2011-09-04 15:32:19 0 ----a-w- c:\documents and settings\all users\application

data\ppkp.exe

2011-09-04 15:32:18 0 ----a-w- c:\documents and settings\all users\application

data\flln.exe

.

============= FINISH: 21:22:48.70 ===============

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Sophos and Microsoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Turn off Word Wrap in Notepad please. The logs are impossible to read otherwise.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.