Jump to content

Malwarebytes database corrupt or missing


Recommended Posts

I downloaded Malwarebytes Free and, although it seemed to install properly, the update confirmation window said it successfully updated from version 000.000.00.0 to today's version (I'm making up the number of digits, but it was all zeroes) but after I clicked OK, I got the "database missing or corrupt" message and the invitation to download again, which I did. This resulted in the same scenario. I searched for others with this problem in the forum and followed the instructions I found - downloaded and ran mbam-clean, rebooted, re-downloaded mbam from Major Geeks (which, incidentally, is where I downloaded it from the first time) and nothing changed.

I am using an ASUS netbook running XP SP3, 1GB RAM. What should I do?

Link to post
Share on other sites

Try to run mbam-clean , then download Malwarebytes again from the official site . Just click download. If it takes you to downloads.cnet.com, don't be surprised, it's where mbam wants you to download from. Download it from there, run and update, make sure your internet connection is running and if the same thing happens again (corrupted), then try disabling your antivirus (if you have one) temporarily and using mbam-clean and then downloading and updating again. If that doesn't work either, then I'm sorry man, all we can do is wait for a mod/admin. Also when you're done and if it works, some antiviruses don't like to work with mbam so you might have to put exclusions. Just visit this page and see if your antivirus is listed here. If not, then most likely your antivirus is fine with mbam.

Link to post
Share on other sites

  • Root Admin

What Anti-Virus are you running and what type of network connection? Is it wireless broadband or satellite or other?

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Link to post
Share on other sites

I bought the netbook used with the C drive filling up as eeepcs will (despite loading everything on D), so I deleted the antivirus in favor of something with a smaller footprint. My connection is wireless broadband.

Here are the files:

dds:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24

Run by User at 13:21:54 on 2012-05-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.219 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Asus\EeePC ACPI\AsTray.exe

C:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Atheros\ACU.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\EeeRotate\EeeRotate.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.somerset.lib.nj.us/

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AsusTray] c:\program files\asus\eeepc acpi\AsTray.exe

mRun: [AsusACPIServer] c:\program files\asus\eeepc acpi\AsAcpiSvr.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\user\startm~1\programs\startup\eeerot~1.lnk - c:\program files\eeerotate\EeeRotate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\asus\asus os cleaner\AsOSCleaner.exe

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

uPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214610329727

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{D1D29ADB-B327-4C73-A359-11EC0C17DAF3} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{DC5F7EC1-19A5-4159-AF97-EF30910D744A} : DhcpNameServer = 10.0.0.1

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\8ocbmjjx.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://delicious.com/zigweegwee?settagview=cloud|http://www.spurgeon.org/morn_eve/this_morning.cgi|http://www.biblegateway.com/quicksearch/?quicksearch=absent+from+the+body&qs_version=50|http://mail.google.com/mail/?shva=1#inbox|http://webmail.verizon.net/signin/|https://twitter.com/|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1221003168&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FTodayLight.aspx%3Fn%3D521720840&id=64855&lc=1033|http://www.lulu.com/browse/preview.php?fCID=2762666|http://www.last.fm/listen/user/zigweegwee/personal#pane=simpleStarter

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\8ocbmjjx.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll

FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\8ocbmjjx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

FF - plugin: d:\program files\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll

.

============= SERVICES / DRIVERS ===============

.

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-31 40776]

S2 znxrpr;Time Shell;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-22 257696]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 129976]

.

=============== Created Last 30 ================

.

2012-05-31 15:51:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-05-31 15:51:54 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes

2012-05-31 15:51:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-31 15:51:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-31 15:51:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2012-05-04 22:46:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-04 22:46:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2003-04-24 19:49:00 1119232 ----a-w- c:\program files\gpmonitor.exe

2003-04-24 19:48:56 304128 ----a-w- c:\program files\tsscalling.exe

2003-04-24 19:48:54 204288 ----a-w- c:\program files\fcsetup.exe

2003-04-18 22:08:58 113664 ----a-w- c:\program files\lsview.exe

2003-04-18 22:08:24 23552 ----a-w- c:\program files\tsctst.exe

2003-04-18 22:08:24 12800 ----a-w- c:\program files\lsreport.exe

2003-04-18 22:08:20 107008 ----a-w- c:\program files\mstlsapi.dll

2003-04-18 22:06:46 38912 ----a-w- c:\program files\list.exe

2003-04-18 22:05:56 9728 ----a-w- c:\program files\mcast.exe

2003-04-18 22:03:12 76288 ----a-w- c:\program files\rcontrolad.exe

2003-04-18 21:57:18 180736 ----a-w- c:\program files\gpotool.exe

2003-04-18 21:55:54 2560 ----a-w- c:\program files\servmess.dll

2003-04-18 21:55:10 30152 ----a-w- c:\program files\wins.dll

2003-04-18 21:55:08 82 ----a-w- c:\program files\tcmon.bat

2003-04-18 21:55:08 1409024 ----a-w- c:\program files\msvbvm60.dll

2003-04-18 21:55:04 32768 ----a-w- c:\program files\showpriv.exe

2003-04-18 21:55:04 2104 ----a-w- c:\program files\rqs_setup.bat

2003-04-18 21:55:02 40448 ----a-w- c:\program files\rpingc.exe

2003-04-18 21:55:02 348160 ----a-w- c:\program files\remapkey.exe

2003-04-18 21:55:02 29696 ----a-w- c:\program files\rpings.exe

2003-04-18 21:55:00 6856 ----a-w- c:\program files\queryad.vbs

2003-04-18 21:53:42 174080 ----a-w- c:\program files\mibcc.exe

2003-04-18 21:52:30 40960 ----a-w- c:\program files\qtcp.exe

2003-04-18 21:52:28 16384 ----a-w- c:\program files\atmarp.exe

2003-04-18 21:52:28 13312 ----a-w- c:\program files\atmlane.exe

2003-04-18 21:52:24 356352 ----a-w- c:\program files\uddicatschemeeditor.exe

2003-04-18 21:52:18 573440 ----a-w- c:\program files\uddidataexport.exe

2003-04-18 21:52:08 98304 ----a-w- c:\program files\uddiconfig.exe

2003-04-18 21:51:40 44544 ----a-w- c:\program files\dnsdiag.exe

2003-04-18 21:51:08 52736 ----a-w- c:\program files\ifilttst.exe

2003-04-18 21:51:00 25088 ----a-w- c:\program files\winhttptracecfg.exe

2003-04-18 21:50:58 14848 ----a-w- c:\program files\winhttpcertcfg.exe

2003-04-18 21:50:56 39936 ----a-w- c:\program files\kerbtray.exe

2003-04-18 21:50:56 31744 ----a-w- c:\program files\regview.exe

2003-04-18 21:50:54 8192 ----a-w- c:\program files\moveuser.exe

2003-04-18 21:50:46 54784 ----a-w- c:\program files\delprof.exe

2003-04-18 21:50:46 124416 ----a-w- c:\program files\adlb.exe

2003-04-18 21:48:02 200192 ----a-w- c:\program files\diskraid.exe

2003-04-18 21:47:38 46592 ----a-w- c:\program files\rpccfg.exe

2003-04-18 21:47:34 64000 ----a-w- c:\program files\dh.exe

2003-04-18 21:47:34 25088 ----a-w- c:\program files\oh.exe

2003-04-18 21:47:06 18944 ----a-w- c:\program files\vrfydsk.exe

2003-04-18 21:47:02 104960 ----a-w- c:\program files\kernrate.exe

2003-04-18 21:46:58 23040 ----a-w- c:\program files\vadump.exe

2003-04-18 21:46:56 20480 ----a-w- c:\program files\showperf.exe

2003-04-18 21:46:54 5632 ----a-w- c:\program files\intfiltr.sys

2003-04-18 21:46:54 35328 ----a-w- c:\program files\intfiltr.exe

2003-04-18 21:46:52 330 ----a-w- c:\program files\intfiltr.reg

2003-04-18 21:46:50 40448 ----a-w- c:\program files\confdisk.exe

2003-04-18 21:46:48 45568 ----a-w- c:\program files\csccmd.exe

2003-04-18 21:46:26 39936 ----a-w- c:\program files\compress.exe

.

============= FINISH: 13:22:52.59 ===============

attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/27/2008 9:31:15 PM

System Uptime: 5/31/2012 11:45:10 AM (2 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | 900

Processor: Intel® Celeron® M processor 900MHz | CPU 1 | 900/70mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 4 GiB total, 1.157 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 7.203 GiB free.

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Amazon Kindle

Apple Software Update

Asus ACPI Driver

Asus OS Cleaner

Atheros for Acer Driver v7.6.1.184_Foxconn Installation Program

CleanUp!

e-Sword

Foxit Reader 5.1

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 24

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 2.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Minute Timer (remove only)

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

OpenOffice.org 3.3

OverDrive Media Console

Realtek High Definition Audio Driver

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows XP (KB923789)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows Resource Kit Tools

.

==== End Of File ===========================

Link to post
Share on other sites

  • Root Admin

It's difficult to say for sure as I don't see anything obvious there to cause an issue but we can try a couple things.

STEP 1

Please remove the following shortcuts from the Programs/Start Up group temporarily.

StartupFolder: c:\docume~1\user\startm~1\programs\startup\eeerot~1.lnk - c:\program files\eeerotate\EeeRotate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\asus\asus os cleaner\AsOSCleaner.exe

STEP 2

Please uninstall the following programs

Java Auto Updater

Java™ 6 Update 24

STEP 3

What is this?

Minute Timer (remove only)

You do have an entry that it might be for but a Google search does not confirm it.

S2 znxrpr;Time Shell;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]

STEP 4

Please click on START - RUN and type in the following and press the OK button.

CMD.EXE /K

Then type in the following and press the Enter key

CHKDSK C: /R

It will prompt you that it can't run right now and ask if you want to run it after reboot. Press the Y key and then then Enter key

Now restart your computer and it should run a full disk check on the system.

STEP 5

Then download the following tool and run it and send me a Private Message with the results.

Thanks

Link to post
Share on other sites

  • Root Admin

A colleague of mine was able to find quite a few similar instances of that time shell entry that would seem to indicate the box is very likely infected.

Here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the

Malware Removal forum

so a qualified helper can help you fix any malware related problems or infections you may have.
  • Please read and follow the directions here, skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
    so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.


    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at
support@malwarebytes.org
or
here
.

OPTION 3

If you would like to use our
Malwarebytes Premium Consumer Services
partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
Malwarebytes Premium Services
support site.

Please be patient, someone will assist you as soon as possible.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.