not able to run your program

[georgegrr]

I was not able to run MalwareBytes. I have been trying to solve that problem for a while now and I was changing names, using kill.exe program to kill the malware process that was suppose to be blocking it etc but I did not get anywhere with that. I get several messages:

During installation:

An error has occurred. Please report this error code to our support team.

MBAM_ERROR_EXPANDING_VARIABLES (0, 9)

-> I press ok and it starts loading updates

MBAM_ERROR_LOAD_DATABASE (3, 0)

The system cannot find the path specified.

-> I press ok

An error has occurred. Please report this error code to our support team.

MBAM_ERROR_EXPANDING_VARIABLES (0, 9)

-> I press ok

MBAM_ERROR_MISSING_FILE (3, 0, mbamswissarmy.sys)

The system cannot find the path specified

[Firefox]

Hello georgegrr, and welcome to malwarebytes.org

malwarebytes.org has a team of experts who will help you fix any remaining malware problems on your system.

But we can only work on malware in the Malware Removal - HijackThis Logs forum, not in the general forums.

If you would like a malware removal expert to give you personal assistance, please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

[georgegrr]

I am actually getting help somewhere else (Major Geeks Forum) and from what I know it is not good to start multiple threa ads in different places. I was just trying to see what is going on with that Malware Bytes problem. I was trying everything possible (renaming files, killing a malware process with a program etc) but nothing worked. It seems like MB would be a really good program for what I have right now:

http://forums.majorgeeks.com/showthread.php?t=214065

Everybody recommends it and it is being blocked by a virus too so it looks like it would work. Would you be able to tell me what to do to try to resolve that MB situation? Thanks.

[georgegrr]

This is DDS.TXT

DDS (Ver_10-03-17.01) - NTFSx86

Run by conkon at 11:08:34.08 on Wed 04/14/2010

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.383.191 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\conkon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\conkon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\conkon\Desktop\dds (1).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266890942375

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R0 47816122;47816122 Boot Guard Driver;c:\windows\system32\drivers\47816122.sys [2010-4-12 37392]

R1 47816121;47816121;c:\windows\system32\drivers\47816121.sys [2010-4-12 128016]

R1 setup_9.0.0.722_12.04.2010_21-09drv;setup_9.0.0.722_12.04.2010_21-09drv;c:\windows\system32\drivers\4781612.sys [2010-4-12 315408]

=============== Created Last 30 ================

2010-04-14 19:06:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-14 19:06:13 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-14 02:26:42 0 d-----w- C:\MGtools

2010-04-14 02:07:08 261632 ----a-w- c:\windows\PEV.exe

2010-04-14 01:38:04 2389388 ----a-w- C:\MGtools.exe

2010-04-13 00:14:39 0 d-----w- C:\New Folder

2010-04-12 20:13:35 37392 ----a-w- c:\windows\system32\drivers\47816122.sys

2010-04-12 20:13:35 315408 ----a-w- c:\windows\system32\drivers\4781612.sys

2010-04-12 20:13:35 128016 ----a-w- c:\windows\system32\drivers\47816121.sys

2010-04-12 06:27:50 0 d-----w- c:\program files\CCleaner

2010-04-11 23:26:38 0 ----a-w- c:\documents and settings\conkon\defogger_reenable

2010-04-11 20:52:57 0 d-----w- c:\docume~1\conkon\applic~1\QuickScan

2010-04-11 19:34:48 0 d-----w- c:\program files\aba

2010-04-11 07:47:23 0 d-sha-r- C:\cmdcons

2010-04-11 07:45:53 98816 ----a-w- c:\windows\sed.exe

2010-04-11 07:45:53 77312 ----a-w- c:\windows\MBR.exe

2010-04-11 07:45:53 161792 ----a-w- c:\windows\SWREG.exe

2010-04-11 06:59:02 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-04-11 06:50:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-04-11 06:50:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-11 05:56:20 0 d-----w- c:\windows\pss

2010-04-11 04:30:33 0 d-----w- c:\program files\Free Window Registry Repair

2010-04-11 04:30:27 616 ----a-w- c:\windows\RegGenie.ini

2010-04-11 04:24:15 0 d-----w- c:\docume~1\alluse~1\applic~1\ReviverSoft

2010-04-11 04:17:06 0 d-----w- c:\docume~1\conkon\applic~1\Uniblue

2010-04-10 06:10:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications

2010-04-09 05:09:28 0 d-----w- c:\program files\Yahoo!

2010-04-09 03:52:00 0 d-----w- c:\program files\Kaspersky Lab

2010-04-09 02:19:54 0 d-----w- c:\program files\SymNetDrv

2010-04-09 02:00:11 0 d-----w- c:\docume~1\conkon\applic~1\Symantec

2010-04-08 17:39:34 0 d-----w- c:\program files\SkanerOnline

2010-04-07 02:53:06 0 d-----w- c:\documents and settings\conkon\Microsoft

==================== Find3M ====================

2010-02-04 05:31:31 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-04 04:28:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 11:08:49.82 ===============

and ATTACH.TXT (from DDS also)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/3/2010 8:33:48 PM

System Uptime: 4/14/2010 11:03:50 AM (0 hours ago)

Motherboard: Hewlett-Packard | | 089C

Processor: Intel® Pentium® 4 CPU 2.80GHz | JP8 | 2799/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 6 GiB total, 0.34 GiB free.

D: is FIXED (NTFS) - 50 GiB total, 14.425 GiB free.

E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Broadcom 54g MaxPerformance 802.11g

Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_12F4103C&REV_03\3&6F49253&0&10A4

Manufacturer: Broadcom

Name: Broadcom 54g MaxPerformance 802.11g #2

PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_12F4103C&REV_03\3&6F49253&0&10A4

Service: BCM43XX

Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}

Description: Standard floppy disk controller

Device ID: ROOT\*PNP0700\1_0_13_0_0_0

Manufacturer: (Standard floppy disk controllers)

Name: Standard floppy disk controller

PNP Device ID: ROOT\*PNP0700\1_0_13_0_0_0

Service: fdc

==== System Restore Points ===================

RP81: 4/9/2010 12:44:29 AM - Removed Kaspersky Anti-Virus 7.0.

RP82: 4/10/2010 1:24:48 AM - System Checkpoint

RP83: 4/10/2010 8:56:44 AM - Cleaned registry with Windows Live OneCare safety scanner

RP84: 4/10/2010 10:50:21 AM - Cleaned registry with Windows Live OneCare safety scanner

RP85: 4/10/2010 8:26:41 PM - RegGenie Safe Scan Backup

RP86: 4/11/2010 10:08:50 AM - Cleaned registry with Windows Live OneCare safety scanner

RP87: 4/11/2010 2:17:26 PM - OTL Restore Point

RP88: 4/11/2010 2:24:29 PM - OTL Restore Point

RP89: 4/12/2010 4:37:21 PM - System Checkpoint

RP90: 4/13/2010 10:19:51 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 7.0

Adobe Reader 7.0.5

Agere Systems AC'97 Modem

ALPS Touch Pad Driver

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Broadcom 802.11 Driver

CCleaner

CuteFTP 7 Home

Google Chrome

HijackThis 2.0.2

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 17

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft Office XP Professional z programem FrontPage

Notepad++

PCI 1620 Cardbus Controller and Software

Realtek RTL8139/810x Fast Ethernet NIC Driver Setup

RecordNow!

Sonic Update Manager

SoulSeek Client 156c

SoundMAX

TI1620/1520

WebFldrs XP

Winamp

Windows Genuine Advantage Validation Tool (KB892130)

Windows XP Service Pack 2

Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/9/2010 9:47:04 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

4/9/2010 9:46:54 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

4/9/2010 9:46:50 AM, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).

4/9/2010 5:24:45 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 000FB004FADF has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

4/9/2010 4:58:10 PM, error: Dhcp [1002] - The IP address lease 70.173.152.144 for the Network Card with network address 000FB004FADF has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

4/9/2010 1:05:49 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file msisip.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.0.2600.0, the version of the system file is 3.0.3790.2180.

4/9/2010 1:05:49 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file msimsg.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.0.2600.0, the version of the system file is 3.0.3790.2180.

4/9/2010 1:05:49 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file msihnd.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.0.2600.1106, the version of the system file is 3.0.3790.2180.

4/9/2010 1:05:49 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file msiexec.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.0.2600.1106, the version of the system file is 3.0.3790.2180.

4/8/2010 8:27:17 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

4/8/2010 7:50:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.

4/8/2010 7:50:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the navapsvc service.

4/8/2010 7:47:37 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).

4/8/2010 7:47:30 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).

4/8/2010 7:47:28 PM, error: Service Control Manager [7034] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s).

4/8/2010 6:22:38 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).

4/8/2010 6:22:35 PM, error: Service Control Manager [7034] - The Norton AntiVirus Auto Protect Service service terminated unexpectedly. It has done this 1 time(s).

4/8/2010 6:15:34 PM, error: Service Control Manager [7034] - The SAVScan service terminated unexpectedly. It has done this 1 time(s).

4/8/2010 11:36:46 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

4/8/2010 11:36:39 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).

4/12/2010 9:15:58 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

4/12/2010 11:25:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips

4/11/2010 9:13:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

4/11/2010 8:29:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:

4/11/2010 4:25:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

4/11/2010 4:25:25 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2010 4:25:25 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2010 4:25:24 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2010 4:25:24 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2010 4:22:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/11/2010 4:22:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/11/2010 4:07:01 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 82b06da0, parameter3 82b06f14, parameter4 805fa7a8.

4/11/2010 3:14:31 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 82ab7398, parameter3 82ab750c, parameter4 805fa7a8.

4/10/2010 8:16:52 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

4/10/2010 8:10:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

4/10/2010 8:08:28 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/10/2010 10:46:53 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).

4/10/2010 10:46:53 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).

4/10/2010 10:46:53 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).

4/10/2010 10:46:53 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

4/10/2010 10:15:37 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.

4/10/2010 10:15:37 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/10/2010 10:15:37 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

28968271 Fips setup_9.0.0.722_11.04.2010_23-10drv

==== End Of File ===========================

[Maniac]

As Firefox already tell you: "But we can only work on malware in the Malware Removal - HijackThis Logs forum, not in the general forums.". You receive assistance in the Major Geeks, so follow the instructions there, they are committed to you.

[georgegrr]

Also, I have mbam.sys and mbamswissarmy.sys in C:\WINDOWS\system32\drivers

[georgegrr]

I was just trying to see if you can tell me whatig to do about that particular program. I am searching the internet for the error codes that I get also (expanding variables 0, 9; cannot load database; mbamswissarmy cannot be located etc). It takes a long time to get answers and I am trying to see what I can do by myself (at least get this mbam running)

As Firefox already tell you: "But we can only work on malware in the Malware Removal - HijackThis Logs forum, not in the general forums.". You receive assistance in the Major Geeks, so follow the instructions there, they are committed to you.

[Maniac]

Most importantly your system to be cleared. Then, will be considered your problem with errors.

[Firefox]

Hello georgegrr, and welcome to the forums here at Malwarebytes.org

As stated above by myself, you can get all that malware removed from your computer, but an expert has to help you do that in the right section see below:

Please read the following so that you can begin the cleaning process:

We don't work on Malware removal in the general forums.

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help.

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

If you are a corporate customer please send an email to corporate-support@malwarebytes.org. (NOTE: An order number is required for corporate support.)

Also, when replying, please use the "ADD REPLY" button or erase what the person you are replying to said, as this makes the forum easier to read.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Thank you