Jump to content

nikux

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, my system is affected with the "Security Tool" malware, which prevents installation of anti-malware softwares such as malbytes anti-malware. It has created a random directory in All Users\Application Data and further prevents from running any software. I can run in safe mode, and delete that directory, but it comes up again. Cant install, MBAM still in safe mode. Infact MalwareBytes installs perfectly, but then when I load it up, a dialog box will appear (entitled "Setup"): Unable to execute file.. (directories) CreateProcces failed; code 2. The system cannot find file specified (the file specified being "mbam.exe"). I have tried to rename the setup, no avail. I am running off of Windows XP. I am attaching logs from DDS and GMER. ------------------------------------------------------------------ DDS (Ver_09-09-29.01) - NTFSx86 NETWORK Run by std at 0:15:34.93 on Sat 10/10/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.727 [GMT -7:00] AV: avast! antivirus 4.8.1356 [VPS 091009-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe C:\Documents and Settings\std\Desktop\dds.scr ============== Pseudo HJT Report =============== uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: FlashGet: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\program files\flashget\fgiebar.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [zapesowez] Rundll32.exe "c:\windows\system32\huhomogi.dll",a mRun: [53291020] c:\docume~1\alluse~1\applic~1\53291020\53291020.exe IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: &WordWeb... - c:\windows\system32\wweb32.dll/lookup.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxsrvc.dll Notify: QConGina - QConGina.dll Notify: tphotkey - tphklock.dll AppInit_DLLs: c:\windows\system32\zuzahovo.dll sugefeso.dll c:\windows\system32\huhomogi.dll SSODL: dufamujey - {fda0b390-8213-47b0-ad46-ccd028f1afdb} - c:\windows\system32\zuzahovo.dll SSODL: veroruhov - {eda1e294-3a8a-4260-869a-410ac60e5163} - c:\windows\system32\huhomogi.dll STS: kupuhivus: {fda0b390-8213-47b0-ad46-ccd028f1afdb} - c:\windows\system32\zuzahovo.dll STS: mujuzedij: {eda1e294-3a8a-4260-869a-410ac60e5163} - c:\windows\system32\huhomogi.dll LSA: Notification Packages = scecli tusiheku.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\std\applic~1\mozilla\firefox\profiles\ag98sk9c.default\ FF - prefs.js: browser.startup.homepage - www.gmail.com FF - plugin: c:\documents and settings\std\application data\move networks\plugins\npqmp071500000347.dll FF - plugin: c:\documents and settings\std\local settings\application data\google\update\1.2.183.8\npGoogleOneClick8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2005-12-16 59776] R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-12-16 14208] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-12-16 6016] R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1980-1-1 14336] S1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-12-16 11520] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-8 114768] S1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-12-16 2432] S1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2005-12-16 4608] S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2005-12-16 4442] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-8 20560] S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-8 138680] S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-4-27 63616] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-8 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-8 352920] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-12-16 12288] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] =============== Created Last 30 ================ 2009-10-10 00:15 388,608 a------- c:\windows\system32\cmd.exe 2009-10-09 22:52 <DIR> --d----- C:\savw_9_sa 2009-10-09 22:37 <DIR> --d----- C:\test 2009-10-09 20:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\53291020 2009-10-09 10:11 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-09 10:11 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-10-09 10:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-10-08 20:51 <DIR> a-dshr-- C:\cmdcons 2009-10-08 20:47 229,888 a------- c:\windows\PEV.exe 2009-10-08 20:47 161,792 a------- c:\windows\SWREG.exe 2009-10-08 20:47 98,816 a------- c:\windows\sed.exe 2009-10-08 20:03 <DIR> --d----- C:\e3fceb7a0f1ba67864346cd4 2009-10-07 23:47 54,156 a---h--- c:\windows\QTFont.qfn 2009-10-07 23:47 1,409 a------- c:\windows\QTFont.for 2009-10-04 15:57 <DIR> --d----- c:\docume~1\std\applic~1\GARMIN 2009-10-04 15:56 <DIR> --d----- c:\program files\Garmin GPS Plugin 2009-10-04 15:56 18,432 a------- c:\windows\system32\drivers\grmngen.sys 2009-10-04 15:56 8,320 a------- c:\windows\system32\drivers\grmnusb.sys 2009-10-04 15:56 <DIR> --d----- c:\program files\Garmin 2009-10-01 17:56 67,804 a---h--- c:\windows\system32\mlfcache.dat 2009-09-16 22:08 153,088 -------- c:\windows\system32\dllcache\triedit.dll 2009-09-16 22:07 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx 2009-09-16 22:05 655,872 -------- c:\windows\system32\dllcache\mstscax.dll 2009-09-16 22:03 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb 2009-09-16 22:03 215,552 -------- c:\windows\system32\dllcache\wordpad.exe 2009-09-11 21:00 78,464 a------- c:\windows\system32\drivers\usbvideo.sys 2009-09-11 21:00 78,464 a------- c:\windows\system32\dllcache\usbvideo.sys 2009-09-11 21:00 20,992 a------- c:\windows\system32\dshowext.ax 2009-09-11 21:00 20,992 a------- c:\windows\system32\dllcache\dshowext.ax ==================== Find3M ==================== 2009-08-21 02:46 450,560 -------- c:\windows\system32\dllcache\jscript.dll 2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-28 21:53 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-28 21:53 82,432 a------- c:\windows\system32\fontsub.dll 2009-07-28 21:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll 2009-07-28 21:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-18 09:00 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll 2009-07-18 09:00 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll 2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll 2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll 2008-08-18 09:07 0 ac------ c:\program files\New Text Document.txt 2006-02-27 00:47 56 -c-shr-- c:\windows\system32\56DF61AA7A.sys 2009-07-09 08:28 50,688 a--sh--- c:\windows\system32\deporare.dll 2009-07-09 08:28 1,011,194 a--sh--- c:\windows\system32\gigivada.exe 2009-07-09 20:28 88,576 a--sh--- c:\windows\system32\huhomogi.dll 2009-07-09 08:28 50,688 a--sh--- c:\windows\system32\husenafe.dll 2006-02-27 00:47 1,682 ac-sh--- c:\windows\system32\KGyGaAvL.sys 2009-07-09 20:28 1,011,271 a--sh--- c:\windows\system32\rahehuvo.exe 2009-07-09 20:28 37,376 a--sh--- c:\windows\system32\rahuguzi.dll 2009-07-09 08:28 50,688 a--sh--- c:\windows\system32\sugefeso.dll 2009-07-07 23:14 1,050,147 a--sh--- c:\windows\system32\teyodalu.exe 2009-07-09 08:28 50,688 a--sh--- c:\windows\system32\tusiheku.dll 2009-07-09 08:28 38,912 a--sh--- c:\windows\system32\wejureke.dll ============= FINISH: 0:16:51.32 =============== attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.