Cannot run MBAM.exe

Help! I have already been to the "Am I Infected" forum. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/263389/cannot-run-mbam/ ~ OB However, I still cannot run MBAM.exe and there are pop ups always appearing on my computer.

I went through the renaming strategy, but that did not work. I then ran Rootrepeal and posted the log. Apparently, there was a rootkit in the log. I was then advised to run Win32kDiag.exe and post the log in this forum. However, there wasn't much of a log. All that was written is as follows:


Running from: C:\Documents and Settings\Brian\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Brian\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!



Help!!!! I want my computer back!!

Pasting in Root Repeal log from other topic. ~ OB

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/10 15:37
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xA8FA8000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF7667000 Size: 60416 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8AFA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C5000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF79F1000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7279000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\sqlite_dvo1dijikckffqd
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_8pv2saa3z8nsjbh
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_9dqv6xumzrza8gn
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_9ujavb4fy5grygt
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\brian\local settings\temp\~df6561.tmp
Status: Allocation size mismatch (API: 24576, Raw: 0)

Path: c:\documents and settings\brian\local settings\temp\~dfd20a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

==EOF==

Edited by Orange Blossom, 11 October 2009 - 12:24 AM.

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Post the contents of C:\ComboFix.txt in your next reply.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Then please post back here with the following:

• Combofix.txt
• log.txt
• info.txt

Thanks

I think I was able to fix the problem. I had another user set up for my computer, and I downloaded Malwarebytes to that user. I guess the virus only applied to one of the two users set up for my computer because I was able to run MBAM.exe on the second user. Once I ran MBAM, it found several viruses, including a couple that seemed to be bypassing my firewall, and cleaned them up. Now, I'm able to run mbam on both users and windows automatic update was reenabled.

Thanks anyway. I'll come back if I have anymore problems.

Ok, thanks for letting me know

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.