Jump to content

MBAM Pro Program_Error_Load_Database(0,13,CreateSDK)


Recommended Posts

Hello MBAM,

I'm running MBAM Pro, latest version.

Several days ago I started getting the error Program_Error_Load_Database(0,13,CreateSDK) and MBAM refuses to run. I'm also getting the error MBAM service terminated unexpectedly at bootup.

I've followed all the instructions in the FAQ. MBAM runs when I boot into safe mode and reinstall (after running MBAM Clean). I did a full scan with no results. Upon reboot, it stops working again.

When I delete rules.ref and update, it still shows the error.

I've followed the steps in the "I'm infected" FAQ. GMER shows nothing. DeFogger had no errors. RKill found nothing wrong.

I use ESET Smart Security version 4.2.71.2 with the latest definitions. A full scan shows nothing.

Windows Update is failing on the .net updates.

It also failed on installing and running the Microsoft Malicious Software Removal Tool. I downloaded it manually and it won't install saying the file is corrupted.

I removed all the old Java buildup on the system, and tried to install the latest JRE. It also says the file is corrupted and will not install.

Here is the contents of my DDS log:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Jeffrey at 17:29:46 on 2011-08-10

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2186 [GMT 8:00]

.

AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Windows\system32\CISVC.EXE

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\nlssrv32.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s

uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {75C9223A-409A-4795-A3CA-08DE6B075B4B} - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - c:\program files\stumbleupon\StumbleUponIEBar.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3D16C3FA-ACC1-4197-B8AD-85124AA78A6C} : NameServer = 8.8.8.8

TCP: Interfaces\{3D16C3FA-ACC1-4197-B8AD-85124AA78A6C} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5415501C-F07D-4EA6-8083-EA8485683C47} : NameServer = 202.126.40.5 222.127.143.5

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jeffrey\appdata\roaming\mozilla\firefox\profiles\s1xwrtqp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll

FF - component: c:\users\jeffrey\appdata\roaming\mozilla\firefox\profiles\s1xwrtqp.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\jeffrey\appdata\roaming\mozilla\firefox\profiles\s1xwrtqp.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\users\jeffrey\appdata\roaming\mozilla\firefox\profiles\s1xwrtqp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\users\jeffrey\appdata\roaming\mozilla\firefox\profiles\s1xwrtqp.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

FF - plugin: e:\program files\canon\zoombrowser ex\program\NPCIG.dll

.

============= SERVICES / DRIVERS ===============

.

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-6-22 66560]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-13 2214504]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-13 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-11 12672]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-7-8 77624]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-7-25 201168]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-13 135664]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-23 15872]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-7-8 181432]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-7 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]

.

=============== Created Last 30 ================

.

2072-04-03 05:13:14 607296 ------w- c:\program files\microsoft games\age of empires iii\deformerdllyD.dll

2071-07-25 01:13:30 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe

2011-08-10 09:08:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-10 09:08:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-10 09:08:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-10 07:52:01 -------- d-----w- c:\users\jeffrey\appdata\local\FixItCenter

2011-08-10 07:04:35 -------- d-----w- c:\users\jeffrey\appdata\roaming\QuickScan

2011-08-10 04:44:11 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 04:44:09 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-10 04:42:58 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-10 04:42:58 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-08-10 04:42:57 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll

2011-08-10 04:42:57 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-10 04:42:57 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-10 04:42:57 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-10 04:42:55 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-10 04:42:43 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-09 17:52:18 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ee3b8cde-c236-4ca7-b3ab-1ed7fe0dbef8}\mpengine.dll

2011-08-07 01:42:07 -------- d-----w- c:\windows\system32\Wat

2011-08-05 06:06:52 -------- d-----w- c:\users\jeffrey\appdata\roaming\Malwarebytes

2011-08-05 06:06:46 -------- d-----w- c:\programdata\Malwarebytes

2011-08-02 05:05:36 -------- d-----w- c:\windows\system32\System32

2011-08-01 08:18:00 54784 ----a-w- c:\windows\system32\msvci70.dll

2011-08-01 08:18:00 518416 ----a-w- c:\windows\system32\msxml.dll

2011-08-01 08:18:00 487424 ----a-w- c:\windows\system32\msvcp70.dll

2011-08-01 08:18:00 344064 ----a-w- c:\windows\system32\msvcr70.dll

2011-08-01 08:18:00 25088 ----a-w- c:\windows\system32\msxml3a.dll

2011-08-01 08:18:00 -------- d-----w- c:\program files\common files\Stardock

2011-07-31 17:11:33 34304 ----a-w- c:\program files\microsoft games\age of empires iii\SetupENU2.dll

2011-07-28 09:35:52 -------- d-----w- c:\programdata\Age of Empires 3

2011-07-28 09:31:49 -------- d-----w- c:\program files\common files\Microsoft Games

2011-07-28 09:21:42 -------- d-----w- c:\program files\Microsoft Games

2011-07-28 09:13:00 -------- d-----w- c:\program files\gBurner

2011-07-25 06:59:20 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2011-07-25 06:59:20 201168 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2011-07-25 06:59:20 103168 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2011-07-25 06:59:20 101120 ----a-w- c:\windows\system32\drivers\ewusbdev.sys

2011-07-21 07:48:28 -------- d-----w- c:\users\jeffrey\vw

2011-07-21 07:48:28 -------- d-----w- c:\users\jeffrey\MyConnection PC

2011-07-21 07:48:26 -------- d-----w- c:\program files\MyConnection PC

2011-07-20 07:56:37 -------- d-----w- c:\users\jeffrey\appdata\local\Samsung

2011-07-20 07:53:04 4659712 ----a-w- c:\windows\system32\Redemption.dll

2011-07-20 07:52:50 821824 ----a-w- c:\windows\system32\dgderapi.dll

2011-07-20 07:52:50 -------- d-----w- c:\program files\MarkAny

2011-07-20 07:52:23 -------- d-----w- c:\users\jeffrey\appdata\roaming\Samsung

2011-07-20 07:52:21 -------- d-----w- c:\programdata\Samsung

2011-07-20 07:52:21 -------- d-----w- c:\program files\Samsung

2011-07-14 02:41:11 -------- d-----w- c:\users\jeffrey\appdata\roaming\Sierra Entertainment

2011-07-14 02:36:58 -------- d-----w- c:\windows\85EBB28365AF4C539EBE7C0A232762F7.TMP

2011-07-14 02:21:25 -------- d-----w- c:\program files\Sierra Entertainment

2011-07-14 02:16:37 -------- d-----w- c:\users\jeffrey\appdata\roaming\DAEMON Tools Lite

2011-07-14 02:16:37 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-07-13 02:21:44 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

.

==================== Find3M ====================

.

2011-08-08 02:44:10 811520 ----a-w- c:\windows\system32\user32.dll

2011-08-08 02:44:10 113594 ----a-w- c:\windows\system32\slmgr.vbs

2011-08-08 02:44:08 53760 ----a-w- c:\windows\system32\sppuinotify.dll

2011-08-08 02:44:08 14336 ----a-w- c:\windows\system32\slwga.dll

2011-08-08 02:44:08 118784 ----a-w- c:\windows\system32\sppwmi.dll

2011-08-08 02:44:07 345088 ----a-w- c:\windows\system32\sppcommdlg.dll

2011-08-08 02:44:06 410624 ----a-w- c:\windows\system32\systemcpl.dll

2011-08-04 11:31:48 443448 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-07 23:20:44 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2011-07-07 23:20:42 77624 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe

2011-06-23 04:59:18 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-06-21 00:45:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-15 15:23:56 227840 ----a-w- c:\windows\system32\Deco_32.dll

2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-06-07 03:13:38 974848 ----a-w- c:\windows\system32\cis-2.4.dll

2011-05-24 11:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7601 Disk: WDC_WD3200AAJS-00VWA0 rev.12.01B02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

1 ntkrnlpa!IofCallDriver[0x8308A52A] -> \Device\Harddisk0\DR0[0x8699F5A8]

3 CLASSPNP[0x8CBAE59E] -> ntkrnlpa!IofCallDriver[0x8308A52A] -> [0x86431918]

5 ACPI[0x8C6C43D4] -> ntkrnlpa!IofCallDriver[0x8308A52A] -> \Device\Ide\IdeDeviceP4T0L0-5[0x864B6330]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user != kernel MBR !!!

.

============= FINISH: 17:30:04.55 ===============

Link to post
Share on other sites

  • Root Admin

Hello Fusionx - please try the following.

Create a Batch File:

  • Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
    @color 48
    @echo off
    if exist "%systemdrive%\Users\*{*" echo At least 1 folder found with { in %systemdrive%\Users>"%userprofile%\desktop\User Folders.txt"
    if exist "%systemdrive%\Users\*}*" echo At least 1 folder found with } in %systemdrive%\Users>>"%userprofile%\desktop\User Folders.txt"
    if exist "%systemdrive%\Users" exit
    if exist "%systemdrive%\Documents and Settings\*{*" echo At least 1 folder found with { in %systemdrive%\Documents and Settings>"%userprofile%\desktop\User Folders.txt"
    if exist "%systemdrive%\Documents and Settings\*}*" echo At least 1 folder found with } in %systemdrive%\Documents and Settings>>"%userprofile%\desktop\User Folders.txt"
    "%userprofile%\desktop\User Folders.txt"
    del /f /q "%userprofile%\User Folders.txt"
    del /f /q %0

    Once you've done that click on File and select Save As...

  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file FolderCheck.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it finishes it will open the file it created in notepad, please copy and paste the file's contents into your next reply.

Link to post
Share on other sites

  • Root Admin

Okay thanks I'll have to review that batch file and see what's up.

Please open your computer and then the C: volume and browse to the C:\Users folder and let me know if any of the folder names there contain any strange characters or numbers

Known bad characters are { or } but it's possible that maybe others are as well.

Link to post
Share on other sites

  • Root Admin

Okay, please try the following.

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

  • 3 months later...

fusionx, I am having the same error message that you were and I was curious if you ever resolved this problem. I've installed Malwarebyte's hundreds of times as an alternative to M$ Essentials or other AV solutions, encouraging users to purchase it as well, and I've never encountered this before.

The system I am attempting to install MBAM on is a brand new install of Win7x64 Ultimate, however I am using NTFS Junctions to symlink my Program Files, Program Files (x86) and Users folders to a secondary drive. As far as the OS is concerned these changes are transparent and I haven't had any other issues installing software until MBAM, but that is the only thing I can think that might be different and be the cause of this issue.

Please let me know if you resolved this or if you made any progress I might be able to build my solution off of.

Thanks!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.