Sign In
Create Account
Due to a malware I just downloaded, installed and updated Anti-Malware the free version.
However when I start any type of scan, quick or full, the program thinks for half a second and quits. Thereafter I cannot start Anti-Malware again even though the program files still seem to reside in "c:\windows\program files", however the icon in "Start|Programs|Malwarebytes' Anti-Malware" has gone blank.
What gives?
2
Quits when initiating scan and then program stops working
Started by DKDiveDude, Sep 30 2009 01:40 PM
-
This topic is locked
Back to top
#2
Posted 30 September 2009 - 02:12 PM
-
- Honorary Members
-
- 816 posts
Elite Member
Hi DKDiveDude
Welcome to MBAM Forum.
Experts here will guide & help you to resolve this problem asap.
Please be patient.
Thanks.
Welcome to MBAM Forum.
Experts here will guide & help you to resolve this problem asap.
Please be patient.
Thanks.
#3
Posted 30 September 2009 - 02:21 PM
-
- Members
-
- 7 posts
New Member
Oh well it seems to be a hijack problem as now whenever I click a search result link on a Google search page, the link leads to a random annoying website.
I manually deleted a few registry "run" on startup entries in registry and deleted the files, "a.exe" amd "msb.exe".
I manually deleted a few registry "run" on startup entries in registry and deleted the files, "a.exe" amd "msb.exe".
#4
Posted 30 September 2009 - 02:30 PM
-
- Moderators
-
- 346 posts
True Member
Hi DKDivideDude and Welcome to Malwarebytes.org
Please see this topic and this one to see if you can get it to run.
Some users are also reporting success by trying this, though I doubt this one will be of much use in your particular case.
If these don't work, you'll need to move into the Malware Removal HijackThis Logs forum. Please note the bottom in green.
If you're having Malware related issues with your computer that you're unable to resolve.
Please see this topic and this one to see if you can get it to run.
Some users are also reporting success by trying this, though I doubt this one will be of much use in your particular case.
If these don't work, you'll need to move into the Malware Removal HijackThis Logs forum. Please note the bottom in green.
If you're having Malware related issues with your computer that you're unable to resolve.
- Please read and follow the instructions provided here: I'm infected - What do I do now?
- If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
- When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
- Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
- Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
- Using these other tools often makes the cleanup task more difficult and time consuming.
- If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
- Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
- There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
- NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
#5
Posted 30 September 2009 - 02:31 PM
-
- Members
-
- 7 posts
New Member
Win32Diag log
Running from: C:\My Downloads\Win32kDiag.exe
Log file at : C:\Documents and Settings\DKDiveDude\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB958215\KB958215
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB960714\KB960714
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D.tmp\ZAP1D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F9.tmp\ZAP1F9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AC.tmp\ZAP2AC.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP384.tmp\ZAP384.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38D.tmp\ZAP38D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3B1.tmp\ZAP3B1.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d1\d1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d2\d2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d3\d3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d4\d4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d5\d5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d6\d6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d7\d7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d8\d8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\Microsoft .NET Framework 3.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2002-08-28 23:40:52 49152 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 06:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 06:41:54 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-14 06:41:54 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\Temp\E-CENTER_PLUGIN_CDBURNER_U\InstCab0\InstCab0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\~nsu.tmp\~nsu.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\1220703\1220703
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\60370\60370
Mount point destination : \Device\__max++>\^
Finished!
Running from: C:\My Downloads\Win32kDiag.exe
Log file at : C:\Documents and Settings\DKDiveDude\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB958215\KB958215
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB960714\KB960714
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\AppPatch\Custom\Custom
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D.tmp\ZAP1D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F9.tmp\ZAP1F9.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AC.tmp\ZAP2AC.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP384.tmp\ZAP384.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38D.tmp\ZAP38D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3B1.tmp\ZAP3B1.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d1\d1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d2\d2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d3\d3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d4\d4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d5\d5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d6\d6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d7\d7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d8\d8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109A10090400000000000F01FEC\12.0.6425\12.0.6425
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\Microsoft .NET Framework 3.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2002-08-28 23:40:52 49152 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 06:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 06:41:54 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-14 06:41:54 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\Temp\E-CENTER_PLUGIN_CDBURNER_U\InstCab0\InstCab0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\~nsu.tmp\~nsu.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\1220703\1220703
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\60370\60370
Mount point destination : \Device\__max++>\^
Finished!
#6
Posted 30 September 2009 - 02:36 PM
-
- Honorary Members
-
- 887 posts
Elite Member
- Gender:Male
- Location:South Carolina
Wrong section DKDiveDude, post a new thread in the Malware Removal section.
Desktop ----- AMD Athlon 3700+ (2.64Ghz), 2GB DDR 400, ASUS A8N-SLI Premium, 500GB HD, Windows XP Pro SP3, Avira Antivir Personal, MBAM Pro
Laptop ----- Intel C2D P8400 (2.4 Ghz), 4GB DDR3 1066, Mainboard, 160GB HD, Dualboot: Windows 7/openSUSE 11.1, Avira Antivir Personal
Laptop ----- Intel C2D P8400 (2.4 Ghz), 4GB DDR3 1066, Mainboard, 160GB HD, Dualboot: Windows 7/openSUSE 11.1, Avira Antivir Personal
#7
Posted 30 September 2009 - 02:37 PM
-
- Honorary Members
-
- 816 posts
Elite Member
Hi DKDiveDude
The Logs should be posted in Malware Removal-HijackThis Logs, which is the appropriate place.
So that You will get a quick response.
Thanks.
swagger: He is new na, so he may not be knowing the procedure & in anxiety people post it here.
The Logs should be posted in Malware Removal-HijackThis Logs, which is the appropriate place.
So that You will get a quick response.
Thanks.
swagger: He is new na, so he may not be knowing the procedure & in anxiety people post it here.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
