Jump to content

Database Line 0 Error


Recommended Posts

I have a major problem with trying to load malwayebytes. I always get error loading database line 0 and I can not proceed forward. I have searched for solutions with nothing positive to report so now I am asking for help. I am including my hijack log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:37:49 AM, on 3/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

D:\Omneon\Apache2\Bin\httpd.exe

D:\Omneon\Apache2\Bin\httpd.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\FLEXlm\lmgrd.exe

D:\Omneon\system32\portmap.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\FLEXlm\omneon.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Omneon\apache\apache.exe

C:\WINDOWS\system32\tlntsvr.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\PROGRA~1\vdhcp\vdhcpsvc.exe

C:\PROGRA~1\vdhcp\vDHCP.EXE

C:\WINDOWS\system32\mqsvc.exe

D:\Upgrades\omneon.release-5.2\2008.12.16-5.2.0.4\pcapps\monitor.exe

C:\WINDOWS\system32\mqtgsvc.exe

D:\Omneon\apache\apache.exe

C:\Program Files\Symantec\pcAnywhere\awhost32.exe

C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\yoyo.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%windir%\system32\userinit.exe,

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: {2d65b9b9-2d97-2b3b-99f4-c3e02cf9d721} - {127d9fc2-0e3c-4f99-b3b2-79d29b9b56d2} - C:\WINDOWS\system32\zzvaoa.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7dd14632-760f-4c07-bb33-629c2d004585} - (no file)

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\system32\rundll32 bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\msrstart.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EBF405C0-0AA1-41AC-A92F-C34FA5037291}: NameServer = 192.168.1.1

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\raveyeku.dll (file missing)

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\raveyeku.dll (file missing)

O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe

O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Omneon FlexService (httpd) - Apache Software Foundation - D:\Omneon\Apache2\Bin\httpd.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe

O23 - Service: DataBases Management Service (mscpcosd) - Unknown owner - C:\WINDOWS\system32\mscpco.exe

O23 - Service: Network Time Protocol Daemon (NTP) - Unknown owner - C:\Program Files\NTP\bin\ntpd.exe

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: Flexlm License Manager (Omneon License Manager) - Macrovision Corporation - C:\Program Files\FLEXlm\lmgrd.exe

O23 - Service: Portmap - Unknown owner - D:\Omneon\system32\portmap.exe

O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe

O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe

O23 - Service: Omneon SystemManager (SystemManager) - Unknown owner - D:\Omneon\apache\apache.exe

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

O23 - Service: Terminal Services Session Directory (Tssdis) - Unknown owner - C:\WINDOWS\System32\tssdis.exe (file missing)

O23 - Service: vDHCP DHCP Server (vDHCP) - Unknown owner - C:\PROGRA~1\vdhcp\vdhcpsvc.exe

O23 - Service: WMI-Bus NOptic (WMIBUSn) - Unknown owner - C:\WINDOWS\system\wmibusn.exe (file missing)

O23 - Service: Wmi Syc Bus (WMISBUS) - Unknown owner - C:\WINDOWS\system\wmisbus.exe (file missing)

--

End of file - 7348 bytes

hijackthislog.txt

hijackthislog.txt

Link to post
Share on other sites

I noticed your using a software firewall. Are you permitting malwarebytes to access the internet? Anytime a database error comes up, usually having malwarebytes do another update via the update button will correct this.

Please let me know if it does not.

Link to post
Share on other sites

I can never get to that point because it always brings up the error. The software firewall is called Trendmicro Worry Free Small Biz. It runs from the server onto each client in the network.

Have you tried reinstalling malwarebytes then? It'll replace the bad databasefile.

Is this a business computer or something?

Link to post
Share on other sites

I have tried to reinstall with no luck.

Are you installing under a administrator account?

Are you getting any errors during the installation?

Can you tempoarily disable your antivirus during installation, and if you can, does it make a difference?

Link to post
Share on other sites

Are you installing under a administrator account?

I am administrator already

Are you getting any errors during the installation?

No errors to report

Can you tempoarily disable your antivirus during installation, and if you can, does it make a difference?

I have tried this with no luck

Link to post
Share on other sites

Are you installing under a administrator account?

Do you know if the machine your using has global policy settings or anything? Obviously something is going on with the computer, but before we go too much further.. We really do need to know if your using a business computer, or if its your own for personal use?

Link to post
Share on other sites

I am going to assume that if this is a business computer then you will not help me. But yes, it is for business.

Personal/Business is a matter of licensing, one or the other doesn't mean you can't get help from us. :P .I'm trying to determine how we can get it up and running for you. Do you know if the machine has policy settings?

And, the account you login with, has full permissions on the host drive? No restrictions?

Link to post
Share on other sites

After doing a bit of experimenting, The problem isn't with our software per say, but something that's present and running on your machine. You need to post in the forums for malware removal assistance. Without first cleaning your computer up some, We won't ever be able to start malwarebytes.

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

  • Root Admin

Please try to run the following program.

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.