Jump to content

Malwarebytes won't launch. Here is HijackThis Log


Recommended Posts

Hi my problem is that Malwarebytes will install but will not run for more than 8 seconds

In this time I never get to see any GUI.

I followed the instructions and here is the log I received.

Any help would be greatly appreciated

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:39:15 PM, on 7/24/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

D:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Documents and Settings\Jilley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Jilley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\mmc.exe

C:\Documents and Settings\Jilley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

O1 - Hosts: 213.159.117.217 www.0190-dialer.com

O1 - Hosts: 213.159.117.217 www.22469.com

O1 - Hosts: 213.159.117.217 www.3wisp.com

O1 - Hosts: 213.159.117.217 www.adult-cinema.org

O1 - Hosts: 213.159.117.217 www.adultfreehosting.com

O1 - Hosts: 213.159.117.217 www.adulthosting.com

O1 - Hosts: 213.159.117.217 www.adultlinks1.com

O1 - Hosts: 213.159.117.217 www.adultmegamovies.com

O1 - Hosts: 213.159.117.217 www.adultsexmovie.net

O1 - Hosts: 213.159.117.217 www.adultwall.com

O1 - Hosts: 213.159.117.217 www.afro-sex.com

O1 - Hosts: 213.159.117.217 www.agreathost.net

O1 - Hosts: 213.159.117.217 www.alehina.com

O1 - Hosts: 213.159.117.217 www.allnichestgp.com

O1 - Hosts: 213.159.117.217 www.allowednet.com

O1 - Hosts: 213.159.117.217 www.amateurlips.com

O1 - Hosts: 213.159.117.217 www.amateurnudephoto.com

O1 - Hosts: 213.159.117.217 www.amateursgonebad.com

O1 - Hosts: 213.159.117.217 www.ambersamateurhardcore.com

O1 - Hosts: 213.159.117.217 www.anyamateur.com

O1 - Hosts: 213.159.117.217 www.apornhost.com

O1 - Hosts: 213.159.117.217 www.findmodels.com

O1 - Hosts: 213.159.117.217 www.asianscum.com

O1 - Hosts: 213.159.117.217 www.awethumbs.com

O1 - Hosts: 213.159.117.217 www.badassxxx.com

O1 - Hosts: 213.159.117.217 www.badbimbo.com

O1 - Hosts: 213.159.117.217 www.beautifulbondage.com

O1 - Hosts: 213.159.117.217 www.bestpornhost.com

O1 - Hosts: 213.159.117.217 www.biggestdickinporn.net

O1 - Hosts: 213.159.117.217 www1.3wisp.com

O1 - Hosts: 213.159.117.217 www1.kinghost.com

O1 - Hosts: 213.159.117.217 www1.ndhosting.com

O1 - Hosts: 213.159.117.217 www1.sexls.com

O1 - Hosts: 213.159.117.217 www1.toptgphost.com

O1 - Hosts: 213.159.117.217 www1.xfreehosting.com

O1 - Hosts: 213.159.117.217 www10.kinghost.com

O1 - Hosts: 213.159.117.217 www11.kinghost.com

O1 - Hosts: 213.159.117.217 www12.kinghost.com

O1 - Hosts: 213.159.117.217 www2.3wisp.com

O1 - Hosts: 213.159.117.217 www2.kinghost.com

O1 - Hosts: 213.159.117.217 www2.ndhosting.com

O1 - Hosts: 213.159.117.217 www2.toptgphost.com

O1 - Hosts: 213.159.117.217 www2.xfreehosting.com

O1 - Hosts: 213.159.117.217 www2.zpornstars.com

O1 - Hosts: 213.159.117.217 www3.kinghost.com

O1 - Hosts: 213.159.117.217 www3.ndhosting.com

O1 - Hosts: 213.159.117.217 www3.xfreehosting.com

O1 - Hosts: 213.159.117.217 www3.zpornstars.com

O1 - Hosts: 213.159.117.217 www4.kinghost.com

O1 - Hosts: 213.159.117.217 www4.xfreehosting.com

O1 - Hosts: 213.159.117.217 www4.zpornstars.com

O1 - Hosts: 213.159.117.217 www5.kinghost.com

O1 - Hosts: 213.159.117.217 www6.kinghost.com

O1 - Hosts: 213.159.117.217 www7.kinghost.com

O1 - Hosts: 213.159.117.217 www8.kinghost.com

O1 - Hosts: 213.159.117.217 www9.kinghost.com

O1 - Hosts: 213.159.117.217 www.bigmovies.com

O1 - Hosts: 213.159.117.217 www.bigpornvideos.com

O1 - Hosts: 213.159.117.217 www.big-xxx-movies.com

O1 - Hosts: 213.159.117.217 www.samplehosting.com

O1 - Hosts: 213.159.117.217 www.blinghosting.com

O1 - Hosts: 213.159.117.217 www.blitz-hosting.com

O1 - Hosts: 213.159.117.217 www.boyanxxx.com

O1 - Hosts: 213.159.117.217 www.bustyx.com

O1 - Hosts: 213.159.117.217 www.cleanadulthost.com

O1 - Hosts: 213.159.117.217 www.cleanpornhost.com

O1 - Hosts: 213.159.117.217 www.cyberxxxhost.com

O1 - Hosts: 213.159.117.217 www.dialcom.com

O1 - Hosts: 213.159.117.217 www.eldererotica.tv

O1 - Hosts: 213.159.117.217 www.ethniccash.com

O1 - Hosts: 213.159.117.217 www.exploitedblackteens.net

O1 - Hosts: 213.159.117.217 www.exscapeporn.com

O1 - Hosts: 213.159.117.217 www.fantasiegirl.com

O1 - Hosts: 213.159.117.217 www.fastmailer.info

O1 - Hosts: 213.159.117.217 www.filth-hostz.com

O1 - Hosts: 213.159.117.217 www.free-freeporn.com

O1 - Hosts: 213.159.117.217 www.free-xxx-server.com

O1 - Hosts: 213.159.117.217 www.freexxxvideoclip.com

O1 - Hosts: 213.159.117.217 www.fvotd.com

O1 - Hosts: 213.159.117.217 www.galaporn.com

O1 - Hosts: 213.159.117.217 www.18blowjobs.com

O1 - Hosts: 213.159.117.217 www.bigtitsroundasses.com

O1 - Hosts: 213.159.117.217 www.bikinivoyeur.com

O1 - Hosts: 213.159.117.217 www.blacksonblondes.com

O1 - Hosts: 213.159.117.217 www.easydrunkgirls.com

O1 - Hosts: 213.159.117.217 www.markscash.com

O1 - Hosts: 213.159.117.217 www.milfwhore.com

O1 - Hosts: 213.159.117.217 www.springbreakspycam.com

O1 - Hosts: 213.159.117.217 www.sweetmoney.com

O1 - Hosts: 213.159.117.217 www.wildclubvideos.com

O1 - Hosts: 213.159.117.217 www.gallys.camcorderxxx.com

O1 - Hosts: 213.159.117.217 www.gallys.nastydollars.com

O1 - Hosts: 213.159.117.217 www.gayhost4free.com

O1 - Hosts: 213.159.117.217 www.ghostgalleries.com

O1 - Hosts: 213.159.117.217 www.girls2.twistys.net

O1 - Hosts: 213.159.117.217 www.greatfreehost.com

O1 - Hosts: 213.159.117.217 www.hanksgalleries.com

O1 - Hosts: 213.159.117.217 www.hjemmesex.dk

O1 - Hosts: 213.159.117.217 www.hollyheartbreak.com

O1 - Hosts: 213.159.117.217 www.hot3movie.com

O1 - Hosts: 213.159.117.217 www.hot-adult-clips.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll

O2 - BHO: (no name) - {AF3C8211-B6B9-4777-A87C-3161B898ED63} - (no file)

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on JACK] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P43 "Auto EPSON Stylus Photo R200 Series on JACK" /O15 "\\JACK\EPSONSty" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\Quicktime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on JACK (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P52 "Auto EPSON Stylus Photo R200 Series on JACK (Copy 1)" /O13 "\\JACK\EPSONS" /M "Stylus Photo R200"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jilley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\James-stuff\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll

O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab

O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab

O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab

O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.flyordie.com/pub/dl/msjavx86.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120708251000

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\James-stuff\SASWINLO.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Jilley/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Jilley/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

Link to post
Share on other sites

  • Staff

Hi,

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Then, * Download: HostsXpert

Unzip hoster to an own folder, eg C:\HostsXpert

Start HostsExpert.exe, click 'Restore MS Hosts file' and click OK.

Then, First please take a look and see if any of these posts help you to get MBAM running or not.

Potential Malware infection issues to review to get MBAM running

If none of above apply in your case, then try if Malwarebytes works when you rename mbam.exe. This is the file located in the Program Files\Malwarebytes' Anti-Malware folder. So rename mbam.exe to blah.exe (or so). It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so these include system important processes. So that's why it may be a good idea to rename mbam.exe to explorer.exe or so.

Also try to run Mbam from Windows Safe mode.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.