Jump to content

Malwaryebyes closing during scan


Recommended Posts

Hello

I have been having trouble with Google redirecting. When I ran Malwarebytes it starts to scan for about 10-20 seconds then closes. After I try to open Malwarebytes I get the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". When I reinstall Malwarebytes, the same process happens again. It scans for a few seconds then closes, ect.

Any advice?

Link to post
Share on other sites

I ran the mbam-clean.exe and installed malwarebytes again. It offered a free trial version which I tried to accept but got the error: [startService] Failed to perform desired action. Error Code: 1084

I tried to scan and the same thing happened, the scan ran for a few seconds then closed.

Link to post
Share on other sites

So I did the DDS scan and which completed with no problem. When I tried to scan with GMER it scanned for a while then I got an error message. When I tried to open GMER again I get the same message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". Thanks for replying.

Here is the DDS log

-------------------------

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19

Run by Emanuel at 22:24:11 on 2011-08-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1176 [GMT -4:00]

.

AV: Antivirus Scan *Enabled/Updated* {6653DE35-8917-478e-A9EB-658B4269D56F}

AV: Security Solutions 2011 *Enabled/Updated* {BDAE6AF4-3CF8-4A56-A8B5-633EB4E558F2}

FW: Security Solutions 2011 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\3330503011:2626583609.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\cdmodem32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\loghours32.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll

BHO: {0137aa8b-106c-4de4-9278-9d70bf482928} - c:\windows\system32\atmpvcno3232.dll

BHO: {0236516f-0782-46ce-b2c6-a99f6bc75ed6} - c:\windows\system32\atmpvcno32.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\emanuel\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 71.252.0.12

TCP: Interfaces\{3FFEE1ED-266C-4F04-BCFC-322CBCCCAB9E} : DhcpNameServer = 192.168.1.1 71.252.0.12

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\emanuel\application data\mozilla\firefox\profiles\w55b9j7d.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm262YYUS&ptb=lS0YRLZCbe0TT3ek2HftSA&ind=2010122116&ptnrS=ZLxdm262YYUS&si=&n=77d00784&psa=&st=kwd&searchfor=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\emanuel\application data\move networks\plugins\071802000001\npqmp071802000001.dll

FF - plugin: c:\documents and settings\emanuel\application data\mozilla\plugins\npoctoshape.dll

FF - plugin: c:\documents and settings\emanuel\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\emanuel\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-17 218592]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-17 112592]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-22 366640]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\cdmodem32.exe [2011-8-14 710144]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-22 22712]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-17 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-17 1142224]

.

=============== Created Last 30 ================

.

2011-08-22 19:05:48 -------- d-----w- c:\documents and settings\emanuel\application data\Malwarebytes

2011-08-22 19:05:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-22 19:05:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-22 19:05:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 19:05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-22 18:56:45 327680 ----a-w- c:\windows\system32\atmpvcno3232.dll

2011-08-22 15:33:23 -------- d--h--w- c:\windows\PIF

2011-08-22 02:33:31 892928 ----a-w- c:\documents and settings\all users\application data\defender.exe

2011-08-15 01:44:52 0 ---ha-w- c:\documents and settings\emanuel\fpurxpixtw.tmp

2011-08-15 01:41:18 710144 ----a-w- c:\windows\system32\loghours32.exe

2011-08-15 01:41:18 710144 ----a-w- c:\windows\system32\cdmodem32.exe

2011-08-15 01:41:18 155648 ----a-w- c:\windows\system32\mll_hp32.dll

2011-08-14 23:16:10 -------- d-----w- c:\windows\Hewlett-Packard

2011-08-14 22:46:44 970880 ----a-r- c:\windows\system32\hpost_p04d.dll

2011-08-14 22:46:44 892032 ----a-r- c:\windows\system32\hposwia_p04d.dll

2011-08-14 22:46:44 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2011-08-14 22:46:44 319616 ----a-r- c:\windows\system32\hposc_p04a.dll

2011-08-14 22:46:44 309760 ----a-r- c:\windows\system32\difxapi.dll

2011-08-14 22:41:47 -------- d-----w- c:\program files\common files\HP

2011-08-14 21:41:20 -------- d-----w- c:\documents and settings\emanuel\local settings\application data\HP

2011-08-14 21:40:16 452736 ----a-r- c:\windows\system32\hpzids01.dll

2011-08-14 21:40:16 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp101.dll

2011-08-14 21:40:16 125952 ----a-w- c:\windows\system32\hpf3l101.dll

2011-08-14 21:39:34 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-08-14 21:39:34 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2011-08-14 21:37:24 -------- d-----w- c:\windows\Cache

2011-08-14 21:37:23 -------- d-----w- c:\program files\Coupons

2011-08-14 21:36:48 -------- d-----w- c:\program files\HP Photo Creations

2011-08-14 21:36:48 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations

2011-08-14 21:36:39 -------- d-----w- c:\documents and settings\emanuel\application data\HpUpdate

2011-08-14 21:32:55 -------- d-----w- c:\program files\common files\Hewlett-Packard

2011-08-14 21:30:15 -------- d-----w- c:\program files\HP

2011-08-12 13:34:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-08-04 20:55:40 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2011-08-04 20:55:40 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2011-08-04 20:55:39 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2011-08-04 20:55:37 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2011-08-04 20:55:23 -------- d-----w- c:\program files\Heroes of Newerth

2011-07-26 23:19:14 -------- d-----w- c:\documents and settings\emanuel\riotsGamesLogs

.

==================== Find3M ====================

.

2011-05-27 11:44:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 22:25:18.21 ===============

Attach.txt

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.