MBAM discrepancy?

[ygor77]

I encountered this while scanning a SD card. MBAM detected no errors where as my AV detected a slew of them (please see attached image).

I am using the free version and the definitions were up-to-date when this occurred.

Did I miss something?

TIA!

[AdvancedSetup]

Malwarebytes Anti-Malware is a complementary solution to a fully installed antivirus application and is not an antivirus product.

It is expected that a full antivirus product can and will find or detect things that our program does not.

Please see the following link for an explanation from one of our forum Experts.

http://forums.malwar...ndpost&p=487311

We can go ahead and do a basic review if you like though.

Please run the following mbam-check tool so that we can get a better look at what's going on.

Create an mbam-check log:

Download mbam-check.exe from here and save it to your desktop

http://data-cdn.mbam...1.10.0.1000.exe

Double-click on mbam-check.exe to run it. When done it should then open a log file

Please copy and paste the entire contents of the log into your next reply, or, if you prefer, you may attach the CheckResults.txt file which should now be located on your desktop to your next reply instead

Next, please download DDS from one of the locations below and save it to your desktop.

here: http://download.blee...om/sUBs/dds.scr

or

here: http://download.blee...om/sUBs/dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

DDS.txt

Attach.txt

Save both reports to your desktop

Please attach the following logs in your next reply: DDS.txt and Attach.txt

You can ignore the note about zipping the Attach.txt file and just attach it to your reply.

Thank you

[ygor77]

Thank you for taking the time to help me with this, Ron!

Attached are the files you requested.

DDS.txt

Attach.txt

CheckResults.txt

[ygor77]

I read the explanation (thank you btw) and I have an additional question please ---

I already ran two separate AV scans (normal, safe-mode, full scan) and a boot-time scan. If both AVs and MBAM came up with negatives, does that guarantee my machine is now totally clean?

[AdvancedSetup]

Well this appears to be a business computer connected to a network domain that has policies set to disable many things. Unless you're the network Admin you're probably not allowed to be working on computer maintenance type stuff. Most businesses prohibit their employees from doing computer repair. You should check with your IT department as there are quite a few issues shown in the Event Logs that should be corrected. Possibly due to configuration issues or an infection.

[ygor77]

Thank you Ron. I already had the IT team look into this, but when I posted this, I was actually trying to make sure my machine is not infected so I don't infect our network.

Q: given that I already scanned and cleaned it prior to IT looking into this [machine], and with the results returning as negative, does this mean it's totally clean?

Also, may I ask you to point out what are the error logs you're referring to? (I'm also trying to clean up my own mess and learn from it as I might be able to use it in the future.)

Much thanks!

[AdvancedSetup]

In a perfect World your Event Logs would never show any errors or warnings. Getting a few every once in while though is normal. To have many errors though is not normal and is often either a sign of software that conflicts with other software or hardware or is a potential sign of an infection or damage left over from an infection.

Your Event Logs show that you need some serious help with the computer. I would highly recommend that you have someone assist you in the HJT forum to look at scanning for an infection.

http://forums.malwarebytes.org/index.php?showtopic=9573

From the attach.txt log file created by DDS

==== Event Viewer Messages From Past Week ========

.

9/23/2012 10:18:35 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

9/23/2012 10:16:11 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

9/23/2012 10:15:20 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

9/23/2012 10:13:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHlpa64

9/23/2012 10:12:38 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ADSDELLCOM due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

9/22/2012 5:37:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

9/22/2012 11:26:11 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The system cannot find the file specified.

9/22/2012 11:08:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/22/2012 11:08:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/22/2012 11:08:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/22/2012 11:07:44 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

9/22/2012 11:07:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/22/2012 11:07:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

9/22/2012 11:07:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache lenovo.smi PxHlpa64 spldr tmtdi TPPWRIF Wanarpv6

9/22/2012 11:07:25 PM, Error: Service Control Manager [7001] - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

9/22/2012 10:57:53 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

9/22/2012 10:27:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

9/22/2012 10:27:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

9/22/2012 10:27:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

9/22/2012 10:03:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/22/2012 10:03:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/22/2012 10:00:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC discache lenovo.smi NetBIOS NetBT nsiproxy Psched PxHlpa64 rdbss spldr tdx tmtdi TPPWRIF vwififlt Wanarpv6 WfpLwf

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The OfficeScan NT Listener service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/22/2012 10:00:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/21/2012 8:54:03 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

9/21/2012 12:26:55 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

9/19/2012 8:02:38 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

9/19/2012 12:30:56 PM, Error: Microsoft-Windows-GroupPolicy [1079] - The processing of Group Policy failed. Windows could not obtain the list of Group Policy objects applicable for this computer or user. View the event details for more information.

9/19/2012 10:23:16 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ADSDELLCOM due to the following: The RPC server is unavailable. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

9/18/2012 11:14:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.

9/16/2012 6:22:58 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the OfficeScan NT RealTime Scan service, but this action failed with the following error: An instance of the service is already running.

9/16/2012 6:21:58 PM, Error: Service Control Manager [7031] - The OfficeScan NT RealTime Scan service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

[KenW]

If this is a Windows 7 computer, the event viewer will show many errors. Win 7 seems to be overly active with throwing errors. I have 4 win 7 computers here and never look at the event viewer unless I notice something wrong.

[AdvancedSetup]

Well no offense Ken but turning a blind eye to an error is not the best way to manage taking care of your computers. The errors are there for a reason to let you know that something is wrong.

[ygor77]

Thank you Ron! I'll look into the HJT forums as you recommended.

Have a great day!