Malware bytes does not open or update

Malwarebytes does not open. I’ve done several clean reinstalls and it works for a day or so and then no longer updates or opens.

I ran aswMBR and gmer but don’t know what to do next. I did not click on aswMBR yet (Should I?) . Here are the results:

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-02 03:50:46

03:50:46.723 OS Version: Windows x64 6.1.7601 Service Pack 1
03:50:46.723 Number of processors: 4 586 0x2502
03:50:46.738 ComputerName: DAVID-THINK UserName: David
03:50:47.050 Initialize success
03:50:47.081 VM: driver load error: 2
03:59:14.315 AVAST engine defs: 14090102
04:00:29.443 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
04:00:29.448 Disk 0 Vendor: TOSHIBA_ AGLA Size: 122104MB BusType: 3
04:00:29.470 Disk 0 MBR read successfully
04:00:29.491 Disk 0 MBR scan
04:00:29.500 Disk 0 unknown MBR code
04:00:29.507 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
04:00:29.515 Disk 0 Boot: NTFS code=1
04:00:29.527 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110901 MB offset 2459648
04:00:29.564 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 229586944
04:00:29.598 Disk 0 scanning C:\Windows\system32\drivers
04:00:41.091 Service scanning
04:01:13.266 Modules scanning
04:01:13.269 Disk 0 trace - called modules:
04:01:13.272 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
04:01:13.273 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8006e2a060]
04:01:13.273 3 CLASSPNP.SYS[fffff88001ec743f] → nt!IofCallDriver → [0xfffffa8003b14950]
04:01:13.273 5 ACPI.sys[fffff88000f0e7a1] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa8004959050]
04:01:13.603 AVAST engine scan C:\Windows
04:01:14.813 AVAST engine scan C:\Windows\system32
04:05:51.418 AVAST engine scan C:\Windows\system32\drivers
04:06:01.549 AVAST engine scan C:\Users\David
04:10:30.400 AVAST engine scan C:\ProgramData
04:13:08.192 Scan finished successfully
04:15:41.577 Disk 0 MBR has been saved successfully to “C:\Users\David\Desktop\MBR.dat”
04:15:41.589 The log file has been saved successfully to “C:\Users\David\Desktop\aswMBR.txt”

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-05 07:04:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AGLA 119.24GB
Running: 4d020k7s.exe; Driver: C:\Users\David\AppData\Local\Temp\pglcipob.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [780:9108] 000007fefbe32070
Thread C:\Windows\System32\svchost.exe [780:7916] 000007fef8505fd0
Thread C:\Windows\System32\svchost.exe [1028:1336] 000007fefa58331c
Thread C:\Windows\System32\svchost.exe [1028:1528] 000007fef9d959a0
Thread C:\Windows\System32\svchost.exe [1028:4992] 000007feeb1820c0
Thread C:\Windows\System32\svchost.exe [1028:5008] 000007feeb1826a8
Thread C:\Windows\System32\svchost.exe [1028:7060] 000007feed4688f8
Thread C:\Windows\System32\svchost.exe [1028:5472] 000007feeab98a4c
Thread C:\Windows\System32\svchost.exe [1028:6432] 000007feea913efc
Thread C:\Windows\System32\svchost.exe [1028:8844] 000007feeb1829dc
Thread C:\Windows\system32\svchost.exe [1068:1124] 000007fefb3c034c
Thread C:\Windows\system32\svchost.exe [1068:1128] 000007fefb3bfb90
Thread C:\Windows\system32\svchost.exe [1068:4688] 000007fef37f0ea8
Thread C:\Windows\system32\svchost.exe [1068:4692] 000007fef37e9db0
Thread C:\Windows\system32\svchost.exe [1068:4804] 000007fef37f1c94
Thread C:\Windows\system32\svchost.exe [1068:3280] 000007feeb2038e4
Thread C:\Windows\system32\svchost.exe [1068:5164] 000007feeb20ccc4
Thread C:\Windows\system32\svchost.exe [1068:2204] 000007fef37eaa10
Thread C:\Windows\system32\svchost.exe [1068:7372] 000007fef228d3c8
Thread C:\Windows\system32\svchost.exe [1068:5268] 000007fef228d3c8
Thread C:\Windows\system32\svchost.exe [1068:2872] 000007fef228d3c8
Thread C:\Windows\system32\svchost.exe [1068:1564] 000007fef228d3c8
Thread C:\Windows\system32\svchost.exe [1232:1364] 000007fefaa98274
Thread C:\Windows\system32\svchost.exe [1232:2928] 000007fefaa98274
Thread C:\Windows\system32\svchost.exe [1380:3424] 000007feed4abd88
Thread C:\Windows\system32\svchost.exe [1380:3232] 000007feec6900cc
Thread C:\Windows\system32\svchost.exe [1380:5208] 000007feed405124
Thread C:\Windows\system32\svchost.exe [1380:5416] 000007fef7645170
Thread C:\Windows\System32\spoolsv.exe [1760:2664] 000007fef5e110c8
Thread C:\Windows\System32\spoolsv.exe [1760:2652] 000007fef4ef6144
Thread C:\Windows\System32\spoolsv.exe [1760:2648] 000007fef8505fd0
Thread C:\Windows\System32\spoolsv.exe [1760:2632] 000007fef42d3438
Thread C:\Windows\System32\spoolsv.exe [1760:2628] 000007fef85063ec
Thread C:\Windows\System32\spoolsv.exe [1760:1584] 000007fef42d3438
Thread C:\Windows\System32\spoolsv.exe [1760:2688] 000007fef85063ec
Thread C:\Windows\System32\spoolsv.exe [1760:2680] 000007fef75a5e5c
Thread C:\Windows\System32\spoolsv.exe [1760:2756] 000007fef7915074
Thread C:\Windows\System32\spoolsv.exe [1760:2856] 000007fef5ec8760
Thread C:\Windows\System32\spoolsv.exe [1760:4924] 0000000074871e74
Thread C:\Windows\System32\spoolsv.exe [1760:4644] 000007fef7982288
Thread C:\Windows\system32\svchost.exe [1788:1812] 000007fefc951a70
Thread C:\Windows\system32\svchost.exe [1788:1820] 000007fefc951a70
Thread C:\Windows\system32\svchost.exe [1788:1836] 000007fefc951a70
Thread C:\Windows\system32\svchost.exe [1788:1844] 000007fef8e62c70
Thread C:\Windows\system32\svchost.exe [1788:1860] 000007fef8e6fb40
Thread C:\Windows\system32\svchost.exe [1788:1876] 000007fef8e81d20
Thread C:\Windows\system32\svchost.exe [1788:1880] 000007fef8e6f6f0
Thread C:\Windows\system32\svchost.exe [1788:1976] 000007fef8aa35c0
Thread C:\Windows\system32\svchost.exe [1788:4884] 000007fef8aa5600
Thread C:\Windows\system32\svchost.exe [1788:3300] 000007feeae92888
Thread C:\Windows\system32\svchost.exe [1788:3208] 000007fefbd82940
Thread C:\Windows\system32\svchost.exe [2008:2076] 000007fef8505fd0
Thread C:\Windows\system32\svchost.exe [2008:2092] 000007fef85063ec
Thread C:\Windows\system32\svchost.exe [2008:5128] 000007fee8eb8470
Thread C:\Windows\system32\svchost.exe [2008:3200] 000007fee8ec2418
Thread C:\Windows\system32\svchost.exe [2008:5976] 000007feed405124
Thread C:\Windows\system32\svchost.exe [2008:6980] 000007fee8ec976c
Thread C:\Windows\system32\svchost.exe [3172:2184] 000007fef8505fd0
Thread C:\Windows\system32\svchost.exe [3172:2188] 000007fef42d3438
Thread C:\Windows\system32\svchost.exe [3172:2192] 000007fef85063ec
Thread C:\Windows\system32\svchost.exe [4896:5000] 000007fef9602f9c
Thread C:\Windows\System32\StikyNot.exe [5532:5564] 000007fefb202bf8
Thread C:\Windows\system32\rundll32.exe [5712:5824] 0000000002ea55c0
Thread C:\Windows\system32\rundll32.exe [5712:5740] 0000000002ea55c0
Thread C:\Windows\system32\rundll32.exe [5712:4852] 0000000002ea55c0
Thread c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [1324:1612] 000007fefdefa808
Thread C:\Windows\explorer.exe [3416:6716] 000007fef9602f9c
Thread C:\Windows\explorer.exe [3416:3904] 000007fedc552118
Thread C:\Windows\explorer.exe [3416:6384] 000007feea2ba3f8
Thread C:\Windows\explorer.exe [3416:5404] 000007fef9602f9c
Thread C:\Windows\explorer.exe [3416:6840] 000007fef9602f9c
Thread C:\Windows\explorer.exe [3416:6636] 000007fefa7b1010
Thread C:\Windows\explorer.exe [3416:6456] 000007fedc3ef5bc
Thread C:\Windows\System32\svchost.exe [5828:5668] 000007feed409874

---- EOF - GMER 2.1 ----

I’d appreciate any help you can provide.

Thank you

David Y

follow instructions here https://forum.avast.com/index.php?topic=53253.0
scroll down to Farbar Recovery Scan Tool and attach logs

Could be a conflict with Norton 360
Removal tool:
http://www.ache.nl/index.php?location=mal-01#n

essexboy is notified and will check your logs … it may take a few hours before he is online

As Eddy said remove Norton, also when you did a clean install did you use the MBAM removal tool ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {64F7F9D9-A4DE-4465-A651-1A5892089D46} URL = SearchScopes: HKCU - {FFDF7B17-B4DB-4756-B4F6-488E5F260919} URL = BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO-x32: No Name -> {54B02808-B60E-44CD-A72D-9865117E4E62} -> No File BHO-x32: No Name -> {74F6C5A9-0EAD-4a71-891E-376A838DF1F0} -> No File BHO-x32: No Name -> {96CEA57F-AC68-4618-A1A2-DCF5428AF18B} -> No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Toolbar: HKCU - No Name - {D99F55AC-3BC6-45A9-95AC-AE07F0CDF943} - No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION U3 pglcipob; \??\C:\Users\David\AppData\Local\Temp\pglcipob.sys [X] EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Thank you very much for your help.

I did use the MBAM removal time each time I reinstalled

log files are attached

I will be without internet access for the next 24 hours or so. I’ll check this page again as soon as I return.

Thanks again

Once Norton has gone could you let me know if MBAM is working

Norton is gone. rebooted. Still can’t get MBAM to launch.

What error do you get when you try to launch MBAM

I get the request to allow mbam to open but nothing happens after that

Could I have a fresh FRST scan please

Scan is attached.

I can see nothing amiss there, I would suggest that you ask on the MBAM forum as they know the programme better than I

thanks. I will

And please keep us informed on how things are going.

I will. I did another clean install and will see how long this one lasts now that I’ve removed Norton.

24 hours later and MBAM still works.

Thanks for the advice