Jump to content

Malwarebytes

Can not get Malwrebytes to start

Started by Pops55, Aug 09 2009 04:24 PM

2 replies to this topic

#1
Pops55
Posted 09 August 2009 - 04:24 PM

    New Member

  • Members
  • Pip
  • 2 posts
Unable to start Malwarebytes Anti-Malware, the attached files are as you requested, I couldn't upload the GMER file. Thanks.


GMER 1.0.15.15020 [b2ddm2yd[1].exe] - http://www.gmer.net
Rootkit scan 2009-08-09 12:10:40
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA1D64EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAA1D6581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA1D6498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA1D64AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA1D6595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA1D65C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA1D662F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA1D6619]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA1D652A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA1D665B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA1D656D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA1D6470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA1D6484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA1D64FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA1D6697]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA1D6603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA1D65ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA1D65AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA1D6683]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA1D666F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA1D64D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA1D64C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAA1D65D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA1D6559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA1D6645]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA1D6540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA1D6514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A880CD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\WMPNetwk.exe [280] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [668] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [936] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1268] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1308] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1352] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\Program Files\McAfee\MPF\MPFSrv.exe [1368] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1476] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\LEXPPS.EXE [1808] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1816] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [2392] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2604] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2616] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [3056] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [3296] 0x35670000
Library \\?\globalroot\Device\__max++>\25B79FD2.x86.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [4004] 0x35670000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

Attached Files


#2
prairie dog
Posted 09 August 2009 - 04:30 PM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,548 posts
Hi and welcome to the forum! :(

Have a look here and read #5 to see if any of those fixes help resolve your issue. If not, than please follow this set of instructions:



Scan and post logs - read note at bottom in green
If you're having Malware related issues with your computer that you're unable to resolve.

1. Please read and follow the instructions provided here: I'm infected - What do I do now?
2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.


* Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
* Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
* Using these other tools often makes the cleanup task more difficult and time consuming.
* If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
* Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
* There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review


* NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Avira Antivir Personal and MBAM Pro
On demand: SAS and Hitman Pro
Firewall-Online Armor Premium
FF3-adblock plus, noscript, betterprivacy, WOT, Keyscrambler, TrackMeNot
Sandboxie

ONE DAY AT A TIME!

#3
AdvancedSetup
Posted 09 August 2009 - 07:59 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,574 posts
  • Gender:Male
  • Location:US
Please create a NEW post in the HJT forum as shown below even if you can not run any scanners. We don't work on Malware and Logs in the General forum.
Also please note that we are VERY busy at the moment and though we would love to assist you immediately, there are too many users requesting help at this time which has caused response times to greatly increase. It could be a few days before someone responds to your post so please try to be patient while we catch up to the requests.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.
Back to General Malwarebytes Anti-Malware Forum · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malwarebytes Anti-Malware Support
  3. General Malwarebytes Anti-Malware Forum

Products

About

Partners

Follow Us