JamesKotak
Members-
Posts
4 -
Joined
-
Last visited
Reputation
0 Neutral-
Error Code 1068 - No Posted Remedies Work
JamesKotak replied to JamesKotak's topic in Resolved Malware Removal Logs
It appears the issue has resolved itself after several more restarts. No idea why but it suddenly decided to start working. James -
Error Code 1068 - No Posted Remedies Work
JamesKotak posted a topic in Resolved Malware Removal Logs
Hi, I just upgraded to the most recent version of MBAM 1.51.2.1300 and am getting Error Code 1068 when attempting to start the trial (or activate protection from the app console). I have attempted a complete wipe of my installation using RevoUninstaller on maximum settings/reboot/MBAM Clean Up/Reboot/Disable ESET NOD32 AV/Reinstall MBAM and I am still getting this error code. The code is being generated because "MBAMProtector" is not starting, but I find no MBAMProtector anywhere in the Services list. I recently cleaned a rootkit/boot sector virus from this machine via Combofix. Don't know what kind it was but I have the quarantined files if they are needed. As per a request in another MBAM forum, I am includingattach.zip the 2 DDS logs for your review. Thanks, James Contents of DDS.TXT: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Carol Premone at 1:08:56 on 2011-11-14 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.495 [GMT -8:00] . AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\hkcmd.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Airlink101\AWLL3028\RtWLan.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\awll3028\RtWLan.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{1CD7A291-F68B-4D14-AC7F-4CB7057526E8} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{71F7ECD7-6777-460A-AF47-86A6EE79D841} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 TCP: Interfaces\{D35F8FA0-F704-427F-91F4-63AEE7E7D059} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12 Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-7-1 95896] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2011-11-12 38144] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-7-1 810144] R3 hpnuhst;HP NUSB Host;c:\windows\system32\drivers\hpnuhst.sys [2007-12-26 10752] R3 HPNUHUB;HP NUSB Hub;c:\windows\system32\drivers\hpnuhub.sys [2007-12-26 37120] R3 RTL8187B;Airlink101 802.11g USB 2.0 Adapter;c:\windows\system32\drivers\rtl8187B.sys [2011-11-12 238208] R4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-14 366152] S3 HPNUCMP;HP NUSB Composite;c:\windows\system32\drivers\hpnucmp.sys [2007-12-26 11648] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-14 22216] S3 RTLWUSB;Wireless Adapter;c:\windows\system32\drivers\hpl8187.sys --> c:\windows\system32\drivers\hpl8187.sys [?] . =============== Created Last 30 ================ . 2011-11-14 08:32:07 -------- d-----w- c:\documents and settings\carol premone\application data\Malwarebytes 2011-11-14 08:31:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-11-14 08:31:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-14 08:31:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-14 03:17:45 -------- d-sha-r- C:\cmdcons 2011-11-14 03:14:51 98816 ----a-w- c:\windows\sed.exe 2011-11-14 03:14:51 518144 ----a-w- c:\windows\SWREG.exe 2011-11-14 03:14:51 256000 ----a-w- c:\windows\PEV.exe 2011-11-14 03:14:51 208896 ----a-w- c:\windows\MBR.exe 2011-11-14 03:04:41 -------- d-----w- C:\VundoFix Backups 2011-11-13 18:52:55 -------- d-----w- c:\program files\SpywareBlaster 2011-11-13 18:46:37 -------- d-----w- c:\program files\Trend Micro 2011-11-13 04:39:18 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2011-11-13 04:39:06 238208 ------r- c:\windows\system32\drivers\rtl8187B.sys 2011-11-13 04:38:28 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys 2011-11-13 04:38:27 -------- d-----w- c:\windows\system32\RTL8187 2011-11-13 04:38:10 -------- d-----w- c:\program files\Airlink101 2011-11-13 04:35:31 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-11-13 04:16:38 -------- d-----w- c:\program files\ESET 2011-11-13 03:00:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2011-11-13 02:53:05 -------- d-----w- c:\program files\VS Revo Group . ==================== Find3M ==================== . 2010-01-03 07:00:50 85498808 -c--a-w- c:\program files\regbackup.reg . ============= FINISH: 1:13:38.78 =============== ATTENTION: The attachment "attach.zip" is in there, it's just somehow stuck in the text of my post, way up above the DDS log text. -
Error Code 1068 - No Posted Remedies Work
JamesKotak replied to JamesKotak's topic in Malwarebytes for Windows Support Forum
Please stand by... I just found another thread with similar issue and will post back here when I get done following those instructions. Thanks. James -
Hi, I just upgraded to the most recent version of MBAM 1.51.2.1300 and am getting Error Code 1068 when attempting to start the trial (or activate protection from the app console). I have attempted a complete wipe of my installation using RevoUninstaller on maximum settings/reboot/MBAM Clean Up/Reboot/Disable ESET NOD32 AV/Reinstall MBAM and I am still getting this error code. The code is being generated because "MBAMProtector" is not starting, but I find no MBAMProtector anywhere in the Services list. I recently cleaned a rootkit/boot sector virus from this machine. Don't know what kind but I have the quarantined files if they are needed. This is a client's computer, so I need a resolution to this ASAP or I will have to ditch MBAM altogether. OS: Windows XP SP3 Please help. Thanks. James