Jump to content

MBAM doesn't run


Recommended Posts

Hi

I came across your software whilst fixing an AV360 infected machine for a friend and was impressed with the quick easy way it cleaned it. I decided to install it on my machine which it appeared to do fine. But for some unknown reason I cannot run the software, every time I do nothing happens. I've tried safe mode, renaming exe file but no luck. I do not believe I am infected with any virus or malware as I have seen no signs of this. I have also completed a scan with Avast AV ok. Any help appreciated.

Link to post
Share on other sites

  • Root Admin

Were there any errors during install? Please start here if there were no errors during the install and all program files appear to be there.

Hello and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

Hi thanks for your reply. It appears to have installed ok and no errors are displayed. After the dialogue with update and run tick boxes appear I click yes and nothing happens. I try running the program and nothing. I've tried to install Hi Jack this and the same thing is happening which is starting to worry me now! Also Windows defender wont run. Is something stopping them from running? Surely they should work in safe mode if this is the case?

Link to post
Share on other sites

  • Root Admin

I've moved your post into the HJT forum. Please try to download and run this program.

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:
how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.

Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

Note:

The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

Hi I did a scan with combofix and couldn't see anything harmfull myself but I'll leave it to the experts to decide...

ComboFix 09-03-06.02 - The Prophet 2009-03-09 18:09:32.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1382 [GMT 0:00]

Running from: c:\documents and settings\The Prophet\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning disabled* (Updated)

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))

.

2009-03-08 18:20 . 2009-03-08 18:20 <DIR> d-------- c:\program files\Trend Micro

2009-03-08 18:19 . 2009-03-08 18:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-08 18:19 . 2009-03-08 18:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-08 18:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-08 18:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-04 22:19 . 2009-03-04 22:19 <DIR> d-------- c:\program files\Windows Defender

2009-02-24 21:03 . 2008-06-17 19:02 8,461,312 --------- c:\windows\system32\dllcache\shell32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-09 18:11 --------- d-----w c:\documents and settings\The Prophet\Application Data\Skype

2009-03-09 17:35 --------- d-----w c:\documents and settings\The Prophet\Application Data\skypePM

2009-02-08 21:05 --------- d-----w c:\documents and settings\The Prophet\Application Data\Winamp

2009-02-08 18:36 --------- d-----w c:\program files\GoldWave

2009-02-01 14:00 --------- d-----w c:\program files\TVAnts

2009-01-24 19:20 --------- d-----w c:\program files\Crown Software

2009-01-16 16:24 3,596,288 ------w c:\windows\system32\dllcache\mshtml.dll

2009-01-14 17:38 --------- d-----w c:\documents and settings\The Prophet\Application Data\Azureus

2009-01-11 20:44 --------- d-----w c:\program files\USB Safely Remove

2009-01-11 20:44 --------- d-----w c:\documents and settings\All Users\Application Data\USBSRService

2009-01-11 20:31 --------- d-----w c:\documents and settings\The Prophet\Application Data\USBSafelyRemove

2009-01-11 19:46 --------- d-----w c:\program files\Azureus

2009-01-11 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus

2009-01-10 13:54 --------- d-----w c:\program files\MIDI Rules Prototype 2007-08-09

2008-12-28 13:00 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-12-26 15:21 361,600 ----a-w c:\windows\system32\dllcache\TCPIP.SYS

2008-12-20 23:56 827,904 ----a-w c:\windows\system32\wininet.dll

2008-12-20 23:56 827,904 ------w c:\windows\system32\dllcache\wininet.dll

2008-12-19 09:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-12-19 09:41 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe

2008-12-19 05:24 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2007-02-01 17:02 313,344 ----a-w c:\program files\hjsplit.exe

2008-08-29 18:56 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

2008-08-29 18:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

2008-08-29 18:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082920080830\index.dat

2008-08-29 18:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

------- Sigcheck -------

2008-06-20 11:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

2008-06-20 11:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

2008-06-20 10:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$NtServicePackUninstall$\tcpip.sys

2008-04-13 19:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys

2008-02-29 03:47 360832 ce3ec03c9f65302e44af5c452d20a86f c:\windows\$NtUninstallKB951748_0$\tcpip.sys

2008-04-13 19:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS

2008-12-26 15:21 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\dllcache\TCPIP.SYS

2008-12-26 15:21 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\drivers\TCPIP.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"MSN Webcam Recorder"="c:\program files\MSN Webcam Recorder\ml20gui.exe" [2006-01-31 131072]

"SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 626688]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2008-12-15 1100048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"BCD2000"="c:\windows\system32\bcd2kcpan.exe" [2008-08-25 532480]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-28 136600]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1024000]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]

"SmAudio"="c:\program files\Conexant\SmartAudio\SmAudio.exe" [2008-02-05 2737480]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"muBlinder"="c:\program files\mublinder\muBlinder.exe" [2008-10-08 1463808]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi3"= mapledxp.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=

"c:\\Program Files\\Icecast2 Win32\\Icecast2win.exe"=

"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\TVAnts\\Tvants.exe"=

"c:\\Program Files\\SopCast\\SopCast.exe"=

"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-23 114768]

R1 mapledxp;mapledxp;c:\windows\system32\drivers\mapledxp.sys [2008-08-25 24720]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-23 20560]

R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [2008-09-18 417792]

R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [2008-12-08 147456]

R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [2008-12-08 233472]

R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [2008-12-08 217088]

R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [2008-12-08 368640]

R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [2009-01-11 208144]

R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-08-25 732160]

R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [2008-12-08 1302528]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-09-07 48472]

R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-05-29 6912]

S3 BCD2000;Behringer BCD2000 V1.1.1.0;c:\windows\system32\drivers\BCD2000.SYS [2008-08-25 42400]

S3 BCD2000WDM;Behringer BCD2000WDM V1.1.1.0;c:\windows\system32\drivers\BCD2000WDM.SYS [2008-08-25 21632]

S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2008-11-25 15104]

S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6598d7e-8a16-11dd-bd9e-001e685d57f1}]

\Shell\AutoRun\command - I:\TPPlayer.exe /t

.

Contents of the 'Scheduled Tasks' folder

2008-11-30 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = socks=

uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\elsawin\bin\wiprot.dll

FF - ProfilePath - c:\documents and settings\The Prophet\Application Data\Mozilla\Firefox\Profiles\gmd0doc7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - plugin: c:\documents and settings\The Prophet\Application Data\Mozilla\Firefox\Profiles\gmd0doc7.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-09 18:11:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-03-09 18:13:03

ComboFix-quarantined-files.txt 2009-03-09 18:12:56

Pre-Run: 17,771,864,064 bytes free

Post-Run: 17,915,379,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

186 --- E O F --- 2009-03-08 18:22:31

Link to post
Share on other sites

  • Root Admin

Well I'm sorry but since you have evidence of cracked or pirated software you're using on the system I have no choice but to close this thread now.

If you feel this is inaccurate information please send any Moderator a private message explaining in detail and they will review your information in private.

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This computer is not running a legal version of Windows.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.