Jump to content

problems and can't get mbam.exe to install


jssch
 Share

Recommended Posts

I am looking at the nasty little Security Tools bug. I have tried everything I can and that I have read about Malwarebytes and installing. I have renamed the file, ran the sysinternals to make sure the random #process wasn't running, but every time I run the installation file, it does not have the mbam.exe file. The closest I got was trying in Safe Mode. It opened and then closed immediately.

Running Windows XP Pro

Here is a Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:57:43 PM, on 10/15/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070725

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goodsearch.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070725

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {17959bee-af21-4a18-9f01-68fd622689a0} - penipure.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [kugupigala] Rundll32.exe "sayiwido.dll",s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [40920217] C:\Documents and Settings\All Users\Application Data\40920217\40920217.exe

O4 - HKLM\..\Run: [najayebaw] Rundll32.exe "c:\windows\system32\kufubabe.dll",a

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O20 - AppInit_DLLs: c:\windows\system32\migiralu.dll tuvikize.dll c:\windows\system32\gadipefe.dll c:\windows\system32\kufubabe.dll c:\windows\system32\torayiya.dll

O21 - SSODL: vuyubadim - {9ea9d58d-8212-4dab-b52c-12dd558dc9a0} - c:\windows\system32\kufubabe.dll

O21 - SSODL: buduwitoy - {102f533e-a2d9-4dad-84c1-6df8dce9cd02} - c:\windows\system32\torayiya.dll

O21 - SSODL: bozupireb - {be8ce5f7-b271-4798-ab63-b92fad952230} - c:\windows\system32\torayiya.dll

O21 - SSODL: hapamevad - {449d07e6-5dfa-40ad-be65-23a1ddfcc570} - c:\windows\system32\torayiya.dll

O21 - SSODL: juyimapuw - {67d2149a-938b-4bd5-9017-d99f86ad5c04} - c:\windows\system32\torayiya.dll

O21 - SSODL: gezezider - {be6e71fa-25f2-4451-9d47-c487d73fc961} - c:\windows\system32\gadipefe.dll

O21 - SSODL: gatifefay - {41ccaec6-b502-4adb-927d-670239032631} - c:\windows\system32\torayiya.dll

O21 - SSODL: hekuyilol - {247d8f31-9861-4790-aa70-d4585ef44905} - c:\windows\system32\gadipefe.dll

O21 - SSODL: dufazonef - {e3da4d69-9c36-493e-bf23-42bc0eb2d898} - c:\windows\system32\torayiya.dll

O21 - SSODL: wowafisik - {a9f4e22e-6860-4e24-8ea9-aed2b67c8deb} - c:\windows\system32\kufubabe.dll

O22 - SharedTaskScheduler: kupuhivus - {9ea9d58d-8212-4dab-b52c-12dd558dc9a0} - c:\windows\system32\kufubabe.dll

O22 - SharedTaskScheduler: kupuhivus - {cda8a10b-c015-47b7-9d2d-6f79574a5bdc} - c:\windows\system32\migiralu.dll

O22 - SharedTaskScheduler: kupuhivus - {102f533e-a2d9-4dad-84c1-6df8dce9cd02} - c:\windows\system32\torayiya.dll

O22 - SharedTaskScheduler: jugezatag - {be8ce5f7-b271-4798-ab63-b92fad952230} - c:\windows\system32\torayiya.dll

O22 - SharedTaskScheduler: tokatiluy - {449d07e6-5dfa-40ad-be65-23a1ddfcc570} - c:\windows\system32\torayiya.dll

O22 - SharedTaskScheduler: kupuhivus - {67d2149a-938b-4bd5-9017-d99f86ad5c04} - c:\windows\system32\torayiya.dll

O22 - SharedTaskScheduler: mujuzedij - {be6e71fa-25f2-4451-9d47-c487d73fc961} - c:\windows\system32\gadipefe.dll

O22 - SharedTaskScheduler: tokatiluy - {41ccaec6-b502-4adb-927d-670239032631} - c:\windows\system32\torayiya.dll

O22 - SharedTaskScheduler: mujuzedij - {247d8f31-9861-4790-aa70-d4585ef44905} - c:\windows\system32\gadipefe.dll

O22 - SharedTaskScheduler: kupuhivus - {e3da4d69-9c36-493e-bf23-42bc0eb2d898} - c:\windows\system32\torayiya.dll

O22 - SharedTaskScheduler: jugezatag - {a9f4e22e-6860-4e24-8ea9-aed2b67c8deb} - c:\windows\system32\kufubabe.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-max-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 8005 bytes

Thanks for any help I can get.

Link to post
Share on other sites

I am getting the exact same trouble.. please let me know what the AVIRA scan is and where can I get it ???

I have tried the mbam.exe with flash drive - will install, with name change, still wont run. I get error of cannot execute this file., etc... I have removed 'Security Tool' and my Norton scan says there are no threats -- obviously it is still hidden on my laptop.

Please Help!!

Link to post
Share on other sites

I am getting the exact same trouble.. please let me know what the AVIRA scan is and where can I get it ???

I have tried the mbam.exe with flash drive - will install, with name change, still wont run. I get error of cannot execute this file., etc... I have removed 'Security Tool' and my Norton scan says there are no threats -- obviously it is still hidden on my laptop.

Please Help!!

AVIRA (download.com) free antiv-virus, (but you have Norton so I don't know that its going to help you any.) did do a full scan in Safe Mode and it removed 10 things. At the end it gives you the option of pulling a report. I still don't know why I couldnt copy and paste that report into this forum though.........hmmm?

Link to post
Share on other sites

http://www.malwarebytes.org/forums/index.p...ost&p=90223

I went through all the steps listed above to get mbam.exe to install and run. When I get to the last one, the CLB Rootkit, I installed RootRepeal and then chose files and scan and c: it sits for about a minute and then I get the good ole' blue error screen:

A problem has been detected and Windows has been shut down to prevent damage.

KERNEL_STACK_INPAGE_ERROR

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.