Jump to content

Security Tool again, dds and gmer log attached


nikux

Recommended Posts

Hello, my system is affected with the "Security Tool" malware, which prevents installation of anti-malware softwares such as malbytes anti-malware.

It has created a random directory in All Users\Application Data and further prevents from running any software.

I can run in safe mode, and delete that directory, but it comes up again. Cant install, MBAM still in safe mode. Infact MalwareBytes installs perfectly, but then when I load it up, a dialog box will appear (entitled "Setup"): Unable to execute file.. (directories) CreateProcces failed; code 2. The system cannot find file specified (the file specified being "mbam.exe").

I have tried to rename the setup, no avail.

I am running off of Windows XP.

I am attaching logs from DDS and GMER.

------------------------------------------------------------------

DDS (Ver_09-09-29.01) - NTFSx86 NETWORK

Run by std at 0:15:34.93 on Sat 10/10/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.727 [GMT -7:00]

AV: avast! antivirus 4.8.1356 [VPS 091009-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe

C:\Documents and Settings\std\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: FlashGet: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\program files\flashget\fgiebar.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [zapesowez] Rundll32.exe "c:\windows\system32\huhomogi.dll",a

mRun: [53291020] c:\docume~1\alluse~1\applic~1\53291020\53291020.exe

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: &WordWeb... - c:\windows\system32\wweb32.dll/lookup.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxsrvc.dll

Notify: QConGina - QConGina.dll

Notify: tphotkey - tphklock.dll

AppInit_DLLs: c:\windows\system32\zuzahovo.dll sugefeso.dll c:\windows\system32\huhomogi.dll

SSODL: dufamujey - {fda0b390-8213-47b0-ad46-ccd028f1afdb} - c:\windows\system32\zuzahovo.dll

SSODL: veroruhov - {eda1e294-3a8a-4260-869a-410ac60e5163} - c:\windows\system32\huhomogi.dll

STS: kupuhivus: {fda0b390-8213-47b0-ad46-ccd028f1afdb} - c:\windows\system32\zuzahovo.dll

STS: mujuzedij: {eda1e294-3a8a-4260-869a-410ac60e5163} - c:\windows\system32\huhomogi.dll

LSA: Notification Packages = scecli tusiheku.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\std\applic~1\mozilla\firefox\profiles\ag98sk9c.default\

FF - prefs.js: browser.startup.homepage - www.gmail.com

FF - plugin: c:\documents and settings\std\application data\move networks\plugins\npqmp071500000347.dll

FF - plugin: c:\documents and settings\std\local settings\application data\google\update\1.2.183.8\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2005-12-16 59776]

R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-12-16 14208]

R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-12-16 6016]

R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1980-1-1 14336]

S1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-12-16 11520]

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-8 114768]

S1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-12-16 2432]

S1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2005-12-16 4608]

S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2005-12-16 4442]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-8 20560]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-8 138680]

S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-4-27 63616]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-8 254040]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-8 352920]

S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-12-16 12288]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-10-10 00:15 388,608 a------- c:\windows\system32\cmd.exe

2009-10-09 22:52 <DIR> --d----- C:\savw_9_sa

2009-10-09 22:37 <DIR> --d----- C:\test

2009-10-09 20:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\53291020

2009-10-09 10:11 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-09 10:11 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-10-09 10:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-10-08 20:51 <DIR> a-dshr-- C:\cmdcons

2009-10-08 20:47 229,888 a------- c:\windows\PEV.exe

2009-10-08 20:47 161,792 a------- c:\windows\SWREG.exe

2009-10-08 20:47 98,816 a------- c:\windows\sed.exe

2009-10-08 20:03 <DIR> --d----- C:\e3fceb7a0f1ba67864346cd4

2009-10-07 23:47 54,156 a---h--- c:\windows\QTFont.qfn

2009-10-07 23:47 1,409 a------- c:\windows\QTFont.for

2009-10-04 15:57 <DIR> --d----- c:\docume~1\std\applic~1\GARMIN

2009-10-04 15:56 <DIR> --d----- c:\program files\Garmin GPS Plugin

2009-10-04 15:56 18,432 a------- c:\windows\system32\drivers\grmngen.sys

2009-10-04 15:56 8,320 a------- c:\windows\system32\drivers\grmnusb.sys

2009-10-04 15:56 <DIR> --d----- c:\program files\Garmin

2009-10-01 17:56 67,804 a---h--- c:\windows\system32\mlfcache.dat

2009-09-16 22:08 153,088 -------- c:\windows\system32\dllcache\triedit.dll

2009-09-16 22:07 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx

2009-09-16 22:05 655,872 -------- c:\windows\system32\dllcache\mstscax.dll

2009-09-16 22:03 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb

2009-09-16 22:03 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

2009-09-11 21:00 78,464 a------- c:\windows\system32\drivers\usbvideo.sys

2009-09-11 21:00 78,464 a------- c:\windows\system32\dllcache\usbvideo.sys

2009-09-11 21:00 20,992 a------- c:\windows\system32\dshowext.ax

2009-09-11 21:00 20,992 a------- c:\windows\system32\dllcache\dshowext.ax

==================== Find3M ====================

2009-08-21 02:46 450,560 -------- c:\windows\system32\dllcache\jscript.dll

2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-28 21:53 119,808 a------- c:\windows\system32\t2embed.dll

2009-07-28 21:53 82,432 a------- c:\windows\system32\fontsub.dll

2009-07-28 21:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll

2009-07-28 21:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll

2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll

2009-07-18 09:00 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll

2009-07-18 09:00 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll

2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll

2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll

2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll

2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll

2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll

2008-08-18 09:07 0 ac------ c:\program files\New Text Document.txt

2006-02-27 00:47 56 -c-shr-- c:\windows\system32\56DF61AA7A.sys

2009-07-09 08:28 50,688 a--sh--- c:\windows\system32\deporare.dll

2009-07-09 08:28 1,011,194 a--sh--- c:\windows\system32\gigivada.exe

2009-07-09 20:28 88,576 a--sh--- c:\windows\system32\huhomogi.dll

2009-07-09 08:28 50,688 a--sh--- c:\windows\system32\husenafe.dll

2006-02-27 00:47 1,682 ac-sh--- c:\windows\system32\KGyGaAvL.sys

2009-07-09 20:28 1,011,271 a--sh--- c:\windows\system32\rahehuvo.exe

2009-07-09 20:28 37,376 a--sh--- c:\windows\system32\rahuguzi.dll

2009-07-09 08:28 50,688 a--sh--- c:\windows\system32\sugefeso.dll

2009-07-07 23:14 1,050,147 a--sh--- c:\windows\system32\teyodalu.exe

2009-07-09 08:28 50,688 a--sh--- c:\windows\system32\tusiheku.dll

2009-07-09 08:28 38,912 a--sh--- c:\windows\system32\wejureke.dll

============= FINISH: 0:16:51.32 ===============

attach.zip

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.