Jump to content

Mbam won't run after install


Recommended Posts

Hi,

MBAM doesn't run on a computer that has many malwares, even after a complete clean with Ad-aware. Spybot S&D doesn't run either.

The major problem is that each time I run IE ou Firefox, there is that annoying A360 toolbar that I can't remove, and it seems that this A360 breaks the internet connection.

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:06:28, on 14/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\documents and settings\jpc\local settings\application data\gyiiawo.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSI\Core Center\CoreCenter.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\jpc\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: (no name) - {04E9A1B5-CF6A-483D-9D6D-EF340E5874E8} - C:\WINDOWS\system32\tuvUNeed.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: (no name) - {AC542286-80FB-4B06-9463-F97E2D9C5F05} - C:\WINDOWS\system32\fccbBRLc.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: &Research - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\WINDOWS\system32\winconfig.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min

O4 - HKLM\..\Run: [MDRV_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe"

O4 - HKLM\..\Run: [b4fc4d1f] rundll32.exe "C:\WINDOWS\system32\rwunjnhq.dll",b

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [gyiiawo] "c:\documents and settings\jpc\local settings\application data\gyiiawo.exe" gyiiawo

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE R

Edited by AdvancedSetup
Removed QUOTE tags
Link to post
Share on other sites

  • Root Admin

STEP 01

With all other applications closed (Taskbar empty), open HijackThis again

and run Do a system scan only and place a check mark on the following items.

  • O2 - BHO: (no name) - {04E9A1B5-CF6A-483D-9D6D-EF340E5874E8} - C:\WINDOWS\system32\tuvUNeed.dll (file missing)
  • O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  • O2 - BHO: (no name) - {AC542286-80FB-4B06-9463-F97E2D9C5F05} - C:\WINDOWS\system32\fccbBRLc.dll (file missing)
  • O2 - BHO: &Research - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\WINDOWS\system32\winconfig.dll
  • O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
  • O4 - HKLM\..\Run: [b4fc4d1f] rundll32.exe "C:\WINDOWS\system32\rwunjnhq.dll",b
  • O4 - HKCU\..\Run: [gyiiawo] "c:\documents and settings\jpc\local settings\application data\gyiiawo.exe" gyiiawo
  • O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  • O20 - AppInit_DLLs: pqzfql.dll
  • O20 - Winlogon Notify: fccbBRLc - fccbBRLc.dll (file missing)
  • O24 - Desktop Component 0: (no name) - http://www.lueur.org/e-cartes/thumbec/mont.../monteau001.jpg
    Then Quit All Browsers including the one you're reading this in now.
    Then click on Fix checked and then quit HJT

STEP 02

  • Open the Control Panel and click on (classic view).
  • Double Click on the Ease of Access Center icon.
  • Double Click on the Make the computer easier to see link.
  • Place a check mark on Remove background images (where available) box.
  • Click on Save.

STEP 03

Restart the computer in SAFE MODE by tapping the F8 key while it boots.

Then see if you can run either Spybot or Malwarebytes or both and scan and clean.

Restart into Normal Mode and see if you can now Update and scan with MBAM.

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Link to post
Share on other sites

  • Root Admin

Sorry about that.

Click on START -> CONTROL PANEL -> Display -> Desktop -> Customize Desktop... -> Web tab

Then uncheck and delete everything you find in there (except for "My Current Home Page")

Remove the checkmark from the the Lock Desktop Items box if it is checked.

Click OK and Exit the Display properties.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.