ziggywiggy Posted May 31, 2012 ID:556387 Share Posted May 31, 2012 I downloaded Malwarebytes Free and, although it seemed to install properly, the update confirmation window said it successfully updated from version 000.000.00.0 to today's version (I'm making up the number of digits, but it was all zeroes) but after I clicked OK, I got the "database missing or corrupt" message and the invitation to download again, which I did. This resulted in the same scenario. I searched for others with this problem in the forum and followed the instructions I found - downloaded and ran mbam-clean, rebooted, re-downloaded mbam from Major Geeks (which, incidentally, is where I downloaded it from the first time) and nothing changed.I am using an ASUS netbook running XP SP3, 1GB RAM. What should I do? Link to post Share on other sites More sharing options...
Quikfix Posted May 31, 2012 ID:556391 Share Posted May 31, 2012 Try to run mbam-clean , then download Malwarebytes again from the official site . Just click download. If it takes you to downloads.cnet.com, don't be surprised, it's where mbam wants you to download from. Download it from there, run and update, make sure your internet connection is running and if the same thing happens again (corrupted), then try disabling your antivirus (if you have one) temporarily and using mbam-clean and then downloading and updating again. If that doesn't work either, then I'm sorry man, all we can do is wait for a mod/admin. Also when you're done and if it works, some antiviruses don't like to work with mbam so you might have to put exclusions. Just visit this page and see if your antivirus is listed here. If not, then most likely your antivirus is fine with mbam. Link to post Share on other sites More sharing options...
ziggywiggy Posted May 31, 2012 Author ID:556401 Share Posted May 31, 2012 Thanks for your reply but if you read my original post, I did all that before posting. Waiting for the admin. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 31, 2012 Root Admin ID:556404 Share Posted May 31, 2012 What Anti-Virus are you running and what type of network connection? Is it wireless broadband or satellite or other?Please run the following scanner and send back the logs.Download DDS from one of the locations below and save to your Desktopdds.scrdds.comTemporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsOnce downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administratorClick the Run button if prompted with an Open File - Security Warning dialog box.A black DOS console should open and run for a moment. When done, DDS will open two (2) logs:DDS.txtAttach.txtSave both reports to your desktopPlease include the following logs in your next reply: DDS.txt and Attach.txtYou can ignore the note about zipping the Attach.txt file in most cases. Link to post Share on other sites More sharing options...
ziggywiggy Posted May 31, 2012 Author ID:556413 Share Posted May 31, 2012 I bought the netbook used with the C drive filling up as eeepcs will (despite loading everything on D), so I deleted the antivirus in favor of something with a smaller footprint. My connection is wireless broadband.Here are the files:dds:.DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24Run by User at 13:21:54 on 2012-05-31Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.219 [GMT -4:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Asus\EeePC ACPI\AsTray.exeC:\Program Files\Asus\EeePC ACPI\AsAcpiSvr.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Atheros\ACU.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\EeeRotate\EeeRotate.exeC:\WINDOWS\system32\igfxext.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.somerset.lib.nj.us/BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [AsusTray] c:\program files\asus\eeepc acpi\AsTray.exemRun: [AsusACPIServer] c:\program files\asus\eeepc acpi\AsAcpiSvr.exemRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [ACU] "c:\program files\atheros\ACU.exe" -noguimRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentStartupFolder: c:\docume~1\user\startm~1\programs\startup\eeerot~1.lnk - c:\program files\eeerotate\EeeRotate.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\asus\asus os cleaner\AsOSCleaner.exeuPolicies-explorer: ForceClassicControlPanel = 1 (0x1)uPolicies-explorer: NoResolveTrack = 1 (0x1)mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)dPolicies-explorer: NoResolveTrack = 1 (0x1)IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214610329727DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabTCP: DhcpNameServer = 10.0.0.1TCP: Interfaces\{D1D29ADB-B327-4C73-A359-11EC0C17DAF3} : DhcpNameServer = 10.0.0.1TCP: Interfaces\{DC5F7EC1-19A5-4159-AF97-EF30910D744A} : DhcpNameServer = 10.0.0.1Notify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\8ocbmjjx.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://delicious.com/zigweegwee?settagview=cloud|http://www.spurgeon.org/morn_eve/this_morning.cgi|http://www.biblegateway.com/quicksearch/?quicksearch=absent+from+the+body&qs_version=50|http://mail.google.com/mail/?shva=1#inbox|http://webmail.verizon.net/signin/|https://twitter.com/|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1221003168&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FTodayLight.aspx%3Fn%3D521720840&id=64855&lc=1033|http://www.lulu.com/browse/preview.php?fCID=2762666|http://www.last.fm/listen/user/zigweegwee/personal#pane=simpleStarterFF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\8ocbmjjx.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dllFF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\8ocbmjjx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dllFF - plugin: d:\program files\foxit reader\plugins\npFoxitReaderPlugin.dllFF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll.============= SERVICES / DRIVERS ===============.R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-31 40776]S2 znxrpr;Time Shell;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-22 257696]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 129976].=============== Created Last 30 ================.2012-05-31 15:51:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2012-05-31 15:51:54 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes2012-05-31 15:51:29 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2012-05-31 15:51:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-31 15:51:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware.==================== Find3M ====================.2012-05-04 22:46:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-05-04 22:46:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe2003-04-24 19:49:00 1119232 ----a-w- c:\program files\gpmonitor.exe2003-04-24 19:48:56 304128 ----a-w- c:\program files\tsscalling.exe2003-04-24 19:48:54 204288 ----a-w- c:\program files\fcsetup.exe2003-04-18 22:08:58 113664 ----a-w- c:\program files\lsview.exe2003-04-18 22:08:24 23552 ----a-w- c:\program files\tsctst.exe2003-04-18 22:08:24 12800 ----a-w- c:\program files\lsreport.exe2003-04-18 22:08:20 107008 ----a-w- c:\program files\mstlsapi.dll2003-04-18 22:06:46 38912 ----a-w- c:\program files\list.exe2003-04-18 22:05:56 9728 ----a-w- c:\program files\mcast.exe2003-04-18 22:03:12 76288 ----a-w- c:\program files\rcontrolad.exe2003-04-18 21:57:18 180736 ----a-w- c:\program files\gpotool.exe2003-04-18 21:55:54 2560 ----a-w- c:\program files\servmess.dll2003-04-18 21:55:10 30152 ----a-w- c:\program files\wins.dll2003-04-18 21:55:08 82 ----a-w- c:\program files\tcmon.bat2003-04-18 21:55:08 1409024 ----a-w- c:\program files\msvbvm60.dll2003-04-18 21:55:04 32768 ----a-w- c:\program files\showpriv.exe2003-04-18 21:55:04 2104 ----a-w- c:\program files\rqs_setup.bat2003-04-18 21:55:02 40448 ----a-w- c:\program files\rpingc.exe2003-04-18 21:55:02 348160 ----a-w- c:\program files\remapkey.exe2003-04-18 21:55:02 29696 ----a-w- c:\program files\rpings.exe2003-04-18 21:55:00 6856 ----a-w- c:\program files\queryad.vbs2003-04-18 21:53:42 174080 ----a-w- c:\program files\mibcc.exe2003-04-18 21:52:30 40960 ----a-w- c:\program files\qtcp.exe2003-04-18 21:52:28 16384 ----a-w- c:\program files\atmarp.exe2003-04-18 21:52:28 13312 ----a-w- c:\program files\atmlane.exe2003-04-18 21:52:24 356352 ----a-w- c:\program files\uddicatschemeeditor.exe2003-04-18 21:52:18 573440 ----a-w- c:\program files\uddidataexport.exe2003-04-18 21:52:08 98304 ----a-w- c:\program files\uddiconfig.exe2003-04-18 21:51:40 44544 ----a-w- c:\program files\dnsdiag.exe2003-04-18 21:51:08 52736 ----a-w- c:\program files\ifilttst.exe2003-04-18 21:51:00 25088 ----a-w- c:\program files\winhttptracecfg.exe2003-04-18 21:50:58 14848 ----a-w- c:\program files\winhttpcertcfg.exe2003-04-18 21:50:56 39936 ----a-w- c:\program files\kerbtray.exe2003-04-18 21:50:56 31744 ----a-w- c:\program files\regview.exe2003-04-18 21:50:54 8192 ----a-w- c:\program files\moveuser.exe2003-04-18 21:50:46 54784 ----a-w- c:\program files\delprof.exe2003-04-18 21:50:46 124416 ----a-w- c:\program files\adlb.exe2003-04-18 21:48:02 200192 ----a-w- c:\program files\diskraid.exe2003-04-18 21:47:38 46592 ----a-w- c:\program files\rpccfg.exe2003-04-18 21:47:34 64000 ----a-w- c:\program files\dh.exe2003-04-18 21:47:34 25088 ----a-w- c:\program files\oh.exe2003-04-18 21:47:06 18944 ----a-w- c:\program files\vrfydsk.exe2003-04-18 21:47:02 104960 ----a-w- c:\program files\kernrate.exe2003-04-18 21:46:58 23040 ----a-w- c:\program files\vadump.exe2003-04-18 21:46:56 20480 ----a-w- c:\program files\showperf.exe2003-04-18 21:46:54 5632 ----a-w- c:\program files\intfiltr.sys2003-04-18 21:46:54 35328 ----a-w- c:\program files\intfiltr.exe2003-04-18 21:46:52 330 ----a-w- c:\program files\intfiltr.reg2003-04-18 21:46:50 40448 ----a-w- c:\program files\confdisk.exe2003-04-18 21:46:48 45568 ----a-w- c:\program files\csccmd.exe2003-04-18 21:46:26 39936 ----a-w- c:\program files\compress.exe.============= FINISH: 13:22:52.59 =============== attach:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 6/27/2008 9:31:15 PMSystem Uptime: 5/31/2012 11:45:10 AM (2 hours ago).Motherboard: ASUSTeK Computer INC. | | 900Processor: Intel® Celeron® M processor 900MHz | CPU 1 | 900/70mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 4 GiB total, 1.157 GiB free.D: is FIXED (NTFS) - 15 GiB total, 7.203 GiB free.E: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Adobe Download ManagerAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAmazon KindleApple Software UpdateAsus ACPI DriverAsus OS CleanerAtheros for Acer Driver v7.6.1.184_Foxconn Installation ProgramCleanUp!e-SwordFoxit Reader 5.1Intel® Graphics Media Accelerator DriverJava Auto UpdaterJava 6 Update 24Malwarebytes Anti-Malware version 1.61.0.1400Microsoft .NET Framework 2.0Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Minute Timer (remove only)Mozilla Firefox 12.0 (x86 en-US)Mozilla Maintenance ServiceOpenOffice.org 3.3OverDrive Media ConsoleRealtek High Definition Audio DriverSecurity Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows XP (KB923789)Visual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01WebFldrs XPWindows Feature Pack for Storage (32-bit) - IMAPI update for Blu-RayWindows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 7Windows Media Format 11 runtimeWindows Media Player 11Windows Resource Kit Tools.==== End Of File =========================== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 1, 2012 Root Admin ID:556533 Share Posted June 1, 2012 It's difficult to say for sure as I don't see anything obvious there to cause an issue but we can try a couple things.STEP 1Please remove the following shortcuts from the Programs/Start Up group temporarily.StartupFolder: c:\docume~1\user\startm~1\programs\startup\eeerot~1.lnk - c:\program files\eeerotate\EeeRotate.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\asus\asus os cleaner\AsOSCleaner.exeSTEP 2Please uninstall the following programsJava Auto UpdaterJava™ 6 Update 24STEP 3What is this?Minute Timer (remove only)You do have an entry that it might be for but a Google search does not confirm it.S2 znxrpr;Time Shell;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]STEP 4Please click on START - RUN and type in the following and press the OK button.CMD.EXE /KThen type in the following and press the Enter keyCHKDSK C: /RIt will prompt you that it can't run right now and ask if you want to run it after reboot. Press the Y key and then then Enter key Now restart your computer and it should run a full disk check on the system.STEP 5Then download the following tool and run it and send me a Private Message with the results.Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 1, 2012 Root Admin ID:556758 Share Posted June 1, 2012 A colleague of mine was able to find quite a few similar instances of that time shell entry that would seem to indicate the box is very likely infected.Here are the steps needed to get your computer cleaned....Please read the following so that you can begin the cleaning process:Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficultYou have 3 Options that you can choose from as listed below: Option 1 —— Free Expert advice in the Malware Removal ForumOption 2 —— Paying customer -- Contact Support via emailOption 3 —— Premium, Fee-Based SupportOPTION 1As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in theMalware Removal forum so a qualified helper can help you fix any malware related problems or infections you may have.Please read and follow the directions here, skipping any steps you are unable to complete.After posting your new post, make sure under options, you select Follow this topic and choose Instantly,so that you're alerted when someone has replied to your post.NOTE: Please do not post back to (bump) your topic within the first 48 hours.Replying to your own posts changes the post count and helpers are looking for topics with zero replies.If you reply to your own post helpers may think that you're already being helped and thus overlook your post.If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.OrYou may send a Private Message to a Moderator asking for assistance.OPTION 2Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.OPTION 3If you would like to use our Malwarebytes Premium Consumer Services partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site. Please be patient, someone will assist you as soon as possible. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now