Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes will not run


  • This topic is locked This topic is locked
2 replies to this topic

#1 gharden2911

gharden2911

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 14 September 2009 - 08:18 PM

I'm wondering if I have some sort of Malware on my friends computer I'm working. He has Malwarebytes installed but it will not run. When you click on the MB icon nothing happens. No error messages or anything. I wish I can be more descriptive with the problem but that is all that's wrong. He has Trend Micro it gives an error saying the firewall is disabled and will not let me enable it. Any help would be greatly appreciated. Here are the log files you request.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Bill Bushman at 19:42:03.21 on Mon 09/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.442 [GMT -5:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bill Bushman\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL =
uDefault_Page_URL =
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EPSON Stylus Photo 820 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S0EIC1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218636583791
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1231205156868&h=83be45e55524a0d2c98a38ccec082d1c/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://sslvpn.boeing.com/dana-cached/setup/JuniperSetupSP1.cab
TCP: NameServer = 85.255.112.156,85.255.112.129
TCP: {BA1274BD-5B24-4CCB-A9BA-18C61DA65F2B} = 85.255.112.156,85.255.112.129
TCP: {EA874B2C-534E-4173-A80C-3636F15350A2} = 85.255.112.156,85.255.112.129
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: karna.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpyZooka Service Hook: {d468bce5-d18e-49a4-8ea7-34bd583659d5} - c:\progra~1\spyzooka\spyguard.dll

============= SERVICES / DRIVERS ===============

R2 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-18 36368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-18 333328]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-1-30 52624]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2009-1-30 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-1-30 648456]

=============== Created Last 30 ================

2009-09-14 13:49 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 13:48 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-14 13:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 16:55 <DIR> --d----- c:\program files\STOPzilla!
2009-09-01 16:55 <DIR> --d----- c:\program files\common files\iS3
2009-09-01 16:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-08-25 17:27 <DIR> --d----- c:\docume~1\billbu~1\applic~1\Spyzooka
2009-08-25 15:44 <DIR> --d----- c:\program files\SpyZooka
2009-08-19 17:04 664 a------- c:\windows\system32\d3d9caps.dat
2009-08-19 15:03 4,063,174 a------- c:\windows\pfirewall.log.old

==================== Find3M ====================

2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 18:38 8 a------- c:\program files\wfrix.txt
2009-07-20 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-07-20 14:56 311,296 a----r-- c:\windows\system32\SZBase5.dll
2009-07-20 14:56 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-09 15:52 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-07-09 15:52 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-07-09 15:51 385,024 a----r-- c:\windows\system32\IS3UI5.dll
2009-07-09 15:51 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-07-09 15:51 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-07-09 15:50 225,280 a----r-- c:\windows\system32\IS3Win325.dll
2009-07-09 15:50 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-07-09 15:50 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-07-09 15:47 724,992 a----r-- c:\windows\system32\IS3Base5.dll
2009-06-29 11:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 11:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 11:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-25 03:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 03:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 03:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 03:25 54,272 a------- c:\windows\system32\wdigest.dll
2008-12-20 12:43 454 a------- c:\docume~1\billbu~1\applic~1\wklnhst.dat

============= FINISH: 19:42:30.31 ===============


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/14 19:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xED76E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A96000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA760000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\GameHouse Games\Chuzzle Deluxe\Chuzzle.exe:{F481F5F2-92C4-F710-75C0-9C9FF065B0F6}
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\ESQULhdejpwnmerwbeecbffrmqjxtbwwxkrsw.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\ESQULpfwbwrubrflsvhjrtjlqbugfukpadymx.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\ESQULzxspectrum
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\ESQULosdppbnexyyrvkyxuvovnsclsutqpphq.sys
Status: Invisible to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: ESQULpfwbwrubrflsvhjrtjlqbugfukpadymx.dll]
Process: svchost.exe (PID: 1472) Address: 0x10000000 Size: 32768

Object: Hidden Module [Name: ESQULhdejpwnmerwbeecbffrmqjxtbwwxkrsw.dll]
Process: iexplore.exe (PID: 3304) Address: 0x10000000 Size: 184320

Hidden Services
-------------------
Service Name: ESQULserv.sys
Image Path: C:\WINDOWS\system32\drivers\ESQULosdppbnexyyrvkyxuvovnsclsutqpphq.sys

Service Name: TDSSserv.sys
Image Path: C:\WINDOWS\system32\drivers\TDSSmhxt.sys

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 gharden2911

gharden2911
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 15 September 2009 - 06:53 AM

Hey guys you can close this topic. I have figured out the problem and was able to get Malwarebytes to run. Afterwards, I was able to remove all infections and my friends computer is back to normal. Thanks.

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 15 September 2009 - 05:56 PM

Thanks for letting us know gharden2911. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users