Jump to content

Cant run Malwarebytes, spybot, hijackthis etc.,.....


Recommended Posts

I can not run Malwarebytes, spybot , hijackthis etc...... I tried changing the exe file to a different name with no success because i cant see which one actually is the exe file in the program folder. I can post any logs because the programs needed to run them wont run. Also, when im in google and i type a website like yours in the address bar it seems to always go back to google. I am on a another computer tight now and i am currently running vipre antivirus software and so far it has picked up two items

packed.win32.tdss.f and octoshape, it seems like it cant get rid of them.

I also ran AVIRA and below is the report i received

Avira AntiVir Personal

Report file date: Saturday, March 07, 2009 11:31

Scanning for 1288155 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: KEVIN

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 17:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 19:30:15

ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 19:30:19

ANTIVIR3.VDF : 7.1.2.135 157696 Bytes 3/7/2009 19:30:22

Engineversion : 8.2.0.105

AEVDF.DLL : 8.1.1.0 106868 Bytes 3/7/2009 19:30:39

AESCRIPT.DLL : 8.1.1.57 356729 Bytes 3/7/2009 19:30:37

AESCN.DLL : 8.1.1.8 127346 Bytes 3/7/2009 19:30:36

AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 22:58:38

AEPACK.DLL : 8.1.3.10 397686 Bytes 3/7/2009 19:30:35

AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/7/2009 19:30:33

AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/7/2009 19:30:31

AEHELP.DLL : 8.1.2.2 119158 Bytes 3/7/2009 19:30:27

AEGEN.DLL : 8.1.1.25 336243 Bytes 3/7/2009 19:30:26

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 19:05:56

AECORE.DLL : 8.1.6.6 176501 Bytes 3/7/2009 19:30:24

AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 19:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 21:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: Saturday, March 07, 2009 11:31

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'HJTInstall.exe' - '1' Module(s) have been scanned

Scan process 'HJTInstall.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'PMSHost.exe' - '1' Module(s) have been scanned

Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'RegManServ.exe' - '1' Module(s) have been scanned

Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned

Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned

Scan process 'Apache.exe' - '1' Module(s) have been scanned

Scan process 'sqlservr.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'Apache.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'LBTServ.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

38 processes with 38 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '55' files ).

Starting the file scan:

Begin scan in 'C:\' <Backup Drive>

C:\Downloads\Incomplete\T-3545425-neighbor sex.mpg

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

C:\Downloads\Music\Britney Spears - I love Rock n Roll.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[WARNING] The file was ignored!

C:\Downloads\Music\Romantic Love Songs of the 90's - By the time this night is over.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[WARNING] The file was ignored!

C:\Downloads\Music\sex music.mp3

[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

[NOTE] The file was deleted!

Begin scan in 'D:\'

D:\pagefile.sys

[WARNING] The file could not be opened!

D:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\Quarantine\{31346D60-D187-4B33-A928-BE18F49FCEAD}

[DETECTION] Is the TR/PCK.Tdss.F.264 Trojan

[NOTE] A backup was created as '49e3cdf1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\Quarantine\{C556219E-4867-4232-A4A6-AF6171823AD5}

[DETECTION] Is the TR/PCK.Tdss.F.135 Trojan

[NOTE] A backup was created as '49e7ce02.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\Documents and Settings\Kruschmann\Local Settings\Temporary Internet Files\Content.IE5\05IRUP0J\3308[1].gif

[DETECTION] Contains recognition pattern of the HTML/PicFrame.Gen HTML script virus

[NOTE] A backup was created as '49e2ce5f.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\Documents and Settings\Kruschmann\Local Settings\Temporary Internet Files\Content.IE5\3BI71ZDE\tomi[1].htm

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] A backup was created as '4a1fced9.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\System Volume Information\_restore{6CDE6ED9-E002-4068-AF48-7651E99ADDEA}\RP587\A0036394.dll

[DETECTION] Is the TR/Tibs.15360 Trojan

[NOTE] A backup was created as '49e2d388.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\System Volume Information\_restore{6CDE6ED9-E002-4068-AF48-7651E99ADDEA}\RP587\A0036395.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '4bb98bf1.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\System Volume Information\_restore{6CDE6ED9-E002-4068-AF48-7651E99ADDEA}\RP587\A0036396.exe

[DETECTION] Is the TR/Drop.Softomat.AN Trojan

[NOTE] A backup was created as '49e2d389.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\System Volume Information\_restore{6CDE6ED9-E002-4068-AF48-7651E99ADDEA}\RP587\A0036401.dll

[DETECTION] Is the TR/Inject.GHT Trojan

[NOTE] A backup was created as '4bb98bf2.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\System Volume Information\_restore{6CDE6ED9-E002-4068-AF48-7651E99ADDEA}\RP599\A0036592.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '49e2d393.qua' ( QUARANTINE )

[NOTE] The file was deleted!

D:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

End of the scan: Saturday, March 07, 2009 12:12

Used time: 41:36 Minute(s)

The scan has been done completely.

10328 Scanning directories

401786 Files were scanned

13 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

11 files were deleted

0 files were repaired

9 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

401771 Files not concerned

2197 Archives were scanned

4 Warnings

11 Notes

Please Help

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.