Jump to content

jssch

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. http://www.malwarebytes.org/forums/index.p...ost&p=90223 I went through all the steps listed above to get mbam.exe to install and run. When I get to the last one, the CLB Rootkit, I installed RootRepeal and then chose files and scan and c: it sits for about a minute and then I get the good ole' blue error screen: A problem has been detected and Windows has been shut down to prevent damage. KERNEL_STACK_INPAGE_ERROR
  2. AVIRA (download.com) free antiv-virus, (but you have Norton so I don't know that its going to help you any.) did do a full scan in Safe Mode and it removed 10 things. At the end it gives you the option of pulling a report. I still don't know why I couldnt copy and paste that report into this forum though.........hmmm?
  3. I don't know why my copy and paste of the Avira report isnt' working.
  4. I was able to get AVIRA to run a full scan in safe mode. Here is the report: ��
  5. I am looking at the nasty little Security Tools bug. I have tried everything I can and that I have read about Malwarebytes and installing. I have renamed the file, ran the sysinternals to make sure the random #process wasn't running, but every time I run the installation file, it does not have the mbam.exe file. The closest I got was trying in Safe Mode. It opened and then closed immediately. Running Windows XP Pro Here is a Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:57:43 PM, on 10/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070725 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goodsearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070725 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {17959bee-af21-4a18-9f01-68fd622689a0} - penipure.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [kugupigala] Rundll32.exe "sayiwido.dll",s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [40920217] C:\Documents and Settings\All Users\Application Data\40920217\40920217.exe O4 - HKLM\..\Run: [najayebaw] Rundll32.exe "c:\windows\system32\kufubabe.dll",a O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O20 - AppInit_DLLs: c:\windows\system32\migiralu.dll tuvikize.dll c:\windows\system32\gadipefe.dll c:\windows\system32\kufubabe.dll c:\windows\system32\torayiya.dll O21 - SSODL: vuyubadim - {9ea9d58d-8212-4dab-b52c-12dd558dc9a0} - c:\windows\system32\kufubabe.dll O21 - SSODL: buduwitoy - {102f533e-a2d9-4dad-84c1-6df8dce9cd02} - c:\windows\system32\torayiya.dll O21 - SSODL: bozupireb - {be8ce5f7-b271-4798-ab63-b92fad952230} - c:\windows\system32\torayiya.dll O21 - SSODL: hapamevad - {449d07e6-5dfa-40ad-be65-23a1ddfcc570} - c:\windows\system32\torayiya.dll O21 - SSODL: juyimapuw - {67d2149a-938b-4bd5-9017-d99f86ad5c04} - c:\windows\system32\torayiya.dll O21 - SSODL: gezezider - {be6e71fa-25f2-4451-9d47-c487d73fc961} - c:\windows\system32\gadipefe.dll O21 - SSODL: gatifefay - {41ccaec6-b502-4adb-927d-670239032631} - c:\windows\system32\torayiya.dll O21 - SSODL: hekuyilol - {247d8f31-9861-4790-aa70-d4585ef44905} - c:\windows\system32\gadipefe.dll O21 - SSODL: dufazonef - {e3da4d69-9c36-493e-bf23-42bc0eb2d898} - c:\windows\system32\torayiya.dll O21 - SSODL: wowafisik - {a9f4e22e-6860-4e24-8ea9-aed2b67c8deb} - c:\windows\system32\kufubabe.dll O22 - SharedTaskScheduler: kupuhivus - {9ea9d58d-8212-4dab-b52c-12dd558dc9a0} - c:\windows\system32\kufubabe.dll O22 - SharedTaskScheduler: kupuhivus - {cda8a10b-c015-47b7-9d2d-6f79574a5bdc} - c:\windows\system32\migiralu.dll O22 - SharedTaskScheduler: kupuhivus - {102f533e-a2d9-4dad-84c1-6df8dce9cd02} - c:\windows\system32\torayiya.dll O22 - SharedTaskScheduler: jugezatag - {be8ce5f7-b271-4798-ab63-b92fad952230} - c:\windows\system32\torayiya.dll O22 - SharedTaskScheduler: tokatiluy - {449d07e6-5dfa-40ad-be65-23a1ddfcc570} - c:\windows\system32\torayiya.dll O22 - SharedTaskScheduler: kupuhivus - {67d2149a-938b-4bd5-9017-d99f86ad5c04} - c:\windows\system32\torayiya.dll O22 - SharedTaskScheduler: mujuzedij - {be6e71fa-25f2-4451-9d47-c487d73fc961} - c:\windows\system32\gadipefe.dll O22 - SharedTaskScheduler: tokatiluy - {41ccaec6-b502-4adb-927d-670239032631} - c:\windows\system32\torayiya.dll O22 - SharedTaskScheduler: mujuzedij - {247d8f31-9861-4790-aa70-d4585ef44905} - c:\windows\system32\gadipefe.dll O22 - SharedTaskScheduler: kupuhivus - {e3da4d69-9c36-493e-bf23-42bc0eb2d898} - c:\windows\system32\torayiya.dll O22 - SharedTaskScheduler: jugezatag - {a9f4e22e-6860-4e24-8ea9-aed2b67c8deb} - c:\windows\system32\kufubabe.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-max-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8005 bytes Thanks for any help I can get.
  6. I have read through several of the posts regarding this and have all the solutions mentioned that I am aware of. I have been trying to install Malwarebytes on a machine that has the Security Tools bug. I have ran the installation file several times, changing the file name, making sure that the random number process isnt running (using sysinternals) and trying to install from safe mode. When in Safe Mode, i got the closest I had come yet. It installed and then opened just to close immediately. Next attempt to open had Windows looking for mbam.exe. Any other suggestions? I am using Windows XP Professional. Thanks for any help you can give me.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.