cgrammie2 Posted December 27, 2011 ID:509953 Share Posted December 27, 2011 Received this message after updating MBAM - "The database was successfully updated from version 911122306 to 911122605". The version numbers seem way out of line - these large numbers have appeared the last several times I've updated MBAM. Could this indicate the presence of a virus/malware? Also in August I downloaded CutePDF Writer software which converts my completed Excel file into a PDF file. Ever since this download I receive the following message: "Internet Explorer - Seach Provider Default - A program on your computer has corrupted your default search provider setting for Internet Explorer. Internet Explorer has rset this setting to your original search provider, Google (www.google.com). Internet search will now open search settings where you can change this setting or install more seach providers". I then click "OK" and a new screen appears "Manage Add Ons - View and manage your Internet Explorer add-ons", etc. I have uninstalled and reinstalled the software and still unsuccessful in getting rid of this screen. Possible presence of virus/malware? THANK YOU for your help! Logs follow below:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Linda Cross at 16:05:55 on 2011-12-27Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.500 [GMT -7:00].AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEsvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\explorer.exeC:\WINDOWS\system32\wscntfy.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://phoenix.cox.net/cci/homeuDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.htmluSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = iexploremURLSearchHooks: H - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dlluRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /noguimRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"StartupFolder: c:\docume~1\lindac~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXEIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.htmlIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cabDPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238559981937DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5957/mcfscan.cabTCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12TCP: Interfaces\{F92EE20A-73A9-4E7F-8699-A4ADDA1C9EF3} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12Notify: igfxcui - igfxsrvc.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dllHosts: 127.0.0.1 www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-5 385536]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-4 435032]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-16 314456]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-16 20568]R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 44768]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-31 366152]R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-31 22216]S1 MpKsla3c22b50;MpKsla3c22b50;\??\c:\windows\system32\mpenginestore\mpksla3c22b50.sys --> c:\windows\system32\mpenginestore\MpKsla3c22b50.sys [?]S2 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" --> c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [?]S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-16 79816]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-5 35272]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-5 34248]S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-5 40552].=============== Created Last 30 ================.2011-12-27 14:48:51 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{5367492a-04d0-4bff-af6b-79560a9a2606}\offreg.dll2011-12-27 09:08:23 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{5367492a-04d0-4bff-af6b-79560a9a2606}\mpengine.dll.==================== Find3M ====================.2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-05 15:26:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-05 17:41:20 72080 ----a-w- c:\documents and settings\linda cross\g2mdlhlpx.exe2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-03 09:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl.============= FINISH: 16:07:50.29 ===============MBAM Log07:50:27 (null) MESSAGE Protection started successfully07:50:43 Linda Cross MESSAGE IP Protection started successfully07:50:43 Linda Cross MESSAGE IP Protection stopped12:28:01 Linda Cross MESSAGE Database updated successfullyattach.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 8, 2012 ID:524881 Share Posted February 8, 2012 Save and close any work documents, close any apps that you started.Start your MBAM MalwareBytes' Anti-Malware.Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button.If prompted for a Restart, do that.When done, click the Scanner tab.Do a FULL Scan.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy & Paste the contents of the last scan log into your reply. If we do not hear from you in 3 days, the topic will be closed. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 12, 2012 ID:526146 Share Posted February 12, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts