Personal Antivirus- can't run Malwarebyte's Anti-Malware

View previous topic View next topic Go down

Personal Antivirus- can't run Malwarebyte's Anti-Malware

Post by madkiwi on Tue Aug 18, 2009 6:18 am

My Dad somehow picked up the PAV hijacker. Probably came from a Facebook page.

Trying to remove it long-distance was an exercise in frustration. I found the instructions here on how to remove it, and could not accomplish anything.

When he first downloaded Malwarebytes Anti-Malware he was able to save it, but when he clicked on the file mbam-setup.exe file he only got as far as the Microsoft Warning- "Do you want to run this file?". Clicked Run- then nothing.

I had him boot into safe mode, tried to install again, nothing. Had him go to Download.com and download it again (still in safe mode), this time instead of saving it I had him Run the program. It looked like it installed correctly, and it put the Malwarebytes icon on his desktop. But trying to run the actual program does nothing (neither clicking the desktop icon nor clicking directly on mbam.exe in the c:\program files\malwarebytes' anti-malware\ folder).

In summary, Anti-Malware program will not install from the drive in either safe or regular mode.
Anti-Malware when installed will not run- safe or regular mode.

He is using XP home, was running AVG Anti-virus. Please don't ask me to have him do a Hi-jack This! logfile. His computer skills are barely adequate for a 73 year old.

I was going to have him do CTRL-ALT-DEL and look for a running app named pav.exe and try shutting it down, then try to run Anti-Malware again.

After that I have him take the damn pc in to a computer store.

Any help greatly appreciated.

madkiwi
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Antivirus- can't run Malwarebyte's Anti-Malware

Post by Belahzur on Tue Aug 18, 2009 3:38 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Antivirus- can't run Malwarebyte's Anti-Malware

Post by madkiwi on Wed Aug 19, 2009 1:41 am

Here is the dds.txt file from my Dad's pc.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Don at 16:09:26.23 on Tue 08/18/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.76 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\PersonalAV\pav.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Don\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: : {a77d3539-581d-450c-9e44-a84c415a6172} - c:\windows\system32\msxmlm.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Yahoo! Pager] 1
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [PersonalAV] c:\program files\personalav\pav.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\don\applic~1\mozilla\firefox\profiles\22abejhk.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPAdbESD.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdjvu.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPMAsst41.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\netscape\communicator\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-30 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-24 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-30 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-30 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-30 297752]
S2 gupdate1c9a5b8adef35e;Google Update Service (gupdate1c9a5b8adef35e);c:\program files\google\update\GoogleUpdate.exe [2009-3-15 133104]

=============== Created Last 30 ================

2009-08-14 14:09 61,440 a------- c:\windows\system32\ndisapi.dll
2009-08-14 14:09 24,576 a------- c:\windows\system32\drivers\ndisrd.sys
2009-08-14 13:03 378,880 a------- c:\windows\system32\msxmlm.dll
2009-08-14 13:03 --d----- c:\program files\common files\Uninstall
2009-08-14 13:02 --d----- c:\program files\PersonalAV
2009-08-01 19:42 560,640 a------- C:\Incredible-1.pps
2009-08-01 18:40 --dsh--- c:\documents and settings\don\IECompatCache
2009-07-29 19:09 --dsh--- c:\documents and settings\don\PrivacIE
2009-07-29 19:07 --dsh--- c:\documents and settings\don\IETldCache
2009-07-29 18:58 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-29 18:58 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 18:58 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 18:58 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-29 18:58 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-29 18:58 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-29 18:58 --d----- c:\windows\ie8updates
2009-07-29 18:57 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-07-29 18:56 -cd-h--- c:\windows\ie8
2009-07-29 18:20 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-07-29 18:18 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-29 18:18 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-07-29 18:18 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-07-29 18:18 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-07-29 18:17 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-07-29 18:16 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-07-29 18:16 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-07-29 18:09 23,576 a------- c:\windows\system32\wuapi.dll.mui

==================== Find3M ====================

2009-08-15 12:16 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 12:16 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-14 18:14 1,682 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-08-05 10:50 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-07-19 06:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 09:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 10:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 10:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 10:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 10:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 10:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 10:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 04:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-26 09:50 81,920 -------- c:\windows\system32\ieencode.dll
2009-06-26 09:50 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 12:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll

============= FINISH: 16:10:06.04 ===============

madkiwi
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Antivirus- can't run Malwarebyte's Anti-Malware

Post by Belahzur on Wed Aug 19, 2009 7:29 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Personal Antivirus- can't run Malwarebyte's Anti-Malware

Post by madkiwi on Fri Aug 21, 2009 1:51 am

I posted this in the first place-

NO INSTALLER WORKS. CANNOT RUN MALWAREBYTES and apparently can't run Hijack This either. (Can't install).

DDS.SCR worked and surely the info you need was there.

Any other ideas? Why didn't you ask for this in the first place? Could have saved a day and another day of frustration trying to deal with my father working on this.

madkiwi
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-08-18
OS OS : XP
Points Points : 26675
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Personal Antivirus- can't run Malwarebyte's Anti-Malware

Post by Belahzur on Fri Aug 21, 2009 2:28 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\program files\PersonalAV
    c:\windows\system32\msxmlm.dll
    c:\program files\common files\Uninstall

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PersonalAV"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum