Jump to content

Malwarebytes not starting up with windows 7


Recommended Posts

Virus definitions last updated on :v2013.08.28.03

It said virus definition outdated by 5 days when I click on Update nothing happened. Then killed the process in taskmanager now doesnt start up at all. This happened to me once a few months ago and somebody posted a trick where some entries when deleted in the registry will fix this. That worked then,but forget what they are :( Please help  

Link to post
Share on other sites

Sorry you are having issues with running Malwarebytes, please post the logs below so that someone can review them and see what's going on...

Please run the tools below and ATTACH (do not copy and paste) the logs so someone can better assist you.

Please post an mbam-check log:

Create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please attach the CheckResults.txt file which should now be located on your desktop to your next reply
Next:

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt

    You can ignore the note about zipping the Attach.txt file in most cases.

Link to post
Share on other sites

DDS.txt


DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.21.2

Run by pappus at 20:41:24 on 2013-09-02

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2491.1071 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe

C:\Windows\system32\dmwu.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe

C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe

C:\Program Files\Wajam\Updater\WajamUpdater.exe

C:\Windows\System32\jmdp\stij.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Users\pappus\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe

C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Users\pappus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pappus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pappus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pappus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pappus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pappus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pappus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\TextPad 6\TextPad.exe

C:\Users\pappus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pappus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\pappus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.








BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll

BHO: WebCake: {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - 

BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\pappus\appdata\local\downloadterms\temp.dat

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - c:\program files\updater by sweetpacks\Extension32.dll

BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\users\pappus\appdata\roaming\media finder\extensions\gencrawler_gc.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - 

BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

uRun: [googletalk] c:\users\pappus\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [Google Update] "c:\users\pappus\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"

uRun: [Media Finder] "c:\program files\media finder\Media Finder.exe" /opentotray

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [skytel] c:\program files\realtek\audio\hda\Skytel.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?

 

lic=OABVAFMAUgAtAE4AQgBDAFAATQAtAEwAVQBTADQAQQAtAEIAQQBCAFAAQQAtAFMATQBLAEYARQAtAFAATgBTAFcAUwA"&"inst=NwA2AC0AOAA4ADkANAAzADIAOAA1ADQALQBYAE8AMwA2ACsAMQAtAFAATAArADkA

 

LQBOADEARAArADEALQBEAEQAVAArADAA"&"prod=54"&"ver=9.0.894

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download with &Media Finder - c:\program files\media finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000




TCP: NameServer = 192.168.1.1

TCP: Interfaces\{A2EA1CAA-F744-461D-AAA0-BA229DD84EE6} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C26E2AF7-0BB4-477B-9883-90CADB330F0D} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C26E2AF7-0BB4-477B-9883-90CADB330F0D}\14355535 : DHCPNameServer = 192.168.1.1 172.27.35.1

TCP: Interfaces\{C26E2AF7-0BB4-477B-9883-90CADB330F0D}\348627F6D6563616374743332343 : DHCPNameServer = 192.168.255.249

TCP: Interfaces\{C26E2AF7-0BB4-477B-9883-90CADB330F0D}\354535B4 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C26E2AF7-0BB4-477B-9883-90CADB330F0D}\758425C443 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C26E2AF7-0BB4-477B-9883-90CADB330F0D}\C696E6B6379737 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C26E2AF7-0BB4-477B-9883-90CADB330F0D}\D61637375697 : DHCPNameServer = 192.168.1.1 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\pappus\appdata\roaming\mozilla\firefox\profiles\zwkjrcai.default\


FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.search.defaulturl - 


FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\npjpi170_21.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\users\pappus\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\users\pappus\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\pappus\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\users\pappus\appdata\roaming\mozilla\plugins\npo1d.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.webcake.installId - 14487264-152c-4c5c-a519-080b56e0a983

FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc

.

============= SERVICES / DRIVERS ===============

.

R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2013-6-15 9216]

R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-8-22 1344304]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-18 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-18 701512]

R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-6-24 61440]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-7-24 5120]

R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-3-25 2886528]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-12-15 450848]

R2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\updater by sweetpacks\ExtensionUpdaterService.exe [2013-8-22 188760]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2012-6-19 645088]

R2 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2013-3-28 109064]

R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2012-11-18 299024]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-4-7 34432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-25 22856]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-1-31 22656]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-12-15 15872]

S3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\system32\drivers\9kdUSBXP.sys [2006-12-28 16000]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-15 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-15 1343400]

S3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\drivers\wfmcvad.sys [2013-2-21 19456]

.

=============== Created Last 30 ================

.

2013-09-03 00:31:02 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a99f6c52-316e-4b99-9810-3c969c964b9a}\offreg.dll

2013-08-30 12:34:16 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a99f6c52-316e-4b99-9810-3c969c964b9a}\mpengine.dll

2013-08-22 22:07:06 -------- d-----w- c:\program files\Updater By SweetPacks

2013-08-22 22:06:05 -------- d-----w- c:\program files\SweetIM

2013-08-22 22:05:16 -------- d-----w- c:\windows\system32\jmdp

2013-08-22 22:05:12 773968 ----a-w- c:\windows\system32\msvcr100.dll

2013-08-22 22:05:12 632656 ----a-w- c:\windows\system32\msvcr80.dll

2013-08-22 22:05:12 554832 ----a-w- c:\windows\system32\msvcp80.dll

2013-08-22 22:05:12 479232 ----a-w- c:\windows\system32\msvcm80.dll

2013-08-22 22:05:12 421200 ----a-w- c:\windows\system32\msvcp100.dll

2013-08-22 22:05:12 27136 ----a-w- c:\windows\system32\ImHttpComm.dll

2013-08-22 22:05:12 1344304 ----a-w- c:\windows\system32\dmwu.exe

2013-08-22 22:05:12 -------- d-----w- c:\windows\system32\WNLT

2013-08-22 22:05:12 -------- d-----w- c:\windows\system32\ARFC

2013-08-22 22:04:15 -------- d-----w- c:\users\pappus\appdata\local\Wajam

2013-08-22 22:03:56 -------- d-----w- c:\program files\Wajam

2013-08-22 22:03:32 -------- d-----w- c:\programdata\Tarma Installer

2013-08-22 22:02:53 -------- d-----w- c:\users\pappus\appdata\local\DownloadTerms

2013-08-22 22:02:47 -------- d-----w- c:\users\pappus\appdata\local\SwvUpdater

2013-08-22 22:02:00 -------- d-----w- c:\users\pappus\appdata\roaming\Media Finder

2013-08-14 12:12:07 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-14 12:12:06 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 12:12:05 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 12:12:03 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 12:12:03 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-14 12:11:58 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 12:11:57 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 12:11:56 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 12:11:50 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-14 12:11:48 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 12:11:46 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 12:11:43 918528 ----a-w- c:\windows\system32\rdpcorets.dll

2013-08-14 12:11:43 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

.

==================== Find3M  ====================

.

2013-08-20 19:47:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-08-20 19:47:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 20:42:22.25 ===============

 

Link to post
Share on other sites

ATTACH.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/6/2009 3:42:47 PM
System Uptime: 9/2/2013 7:25:41 PM (1 hours ago)
.
Motherboard: Acer |  | Base Board Product Name
Processor: Intel® Core2 Solo CPU    U3500  @ 1.40GHz | CPU | 1400/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 138.513 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MTP USB Device
Device ID: USB\VID_0BB4&PID_6868&MI_00\6&D2DE815&0&0000
Manufacturer: (Standard MTP Device)
Name: MTP USB Device
PNP Device ID: USB\VID_0BB4&PID_6868&MI_00\6&D2DE815&0&0000
Service: WUDFRd
.
Class GUID: 
Description: TouchPad
Device ID: USB\VID_0BB4&PID_6868&MI_01\6&D2DE815&0&0001
Manufacturer: 
Name: TouchPad
PNP Device ID: USB\VID_0BB4&PID_6868&MI_01\6&D2DE815&0&0001
Service: 
.
==== System Restore Points ===================
.
RP136: 7/9/2013 7:19:03 AM - Windows Update
RP137: 7/11/2013 9:33:06 AM - Installed Windows Mobile Device Center
RP138: 7/11/2013 10:27:11 PM - Windows Update
RP139: 7/12/2013 12:06:52 PM - Installed Windows Mobile Device Center
RP140: 7/16/2013 7:45:47 AM - Windows Update
RP141: 7/21/2013 10:25:34 AM - Installed Eye-Fi Helper 3.0
RP142: 7/21/2013 10:31:53 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP143: 7/21/2013 10:33:09 AM - Installed Eye-Fi Center 3.4
RP144: 7/23/2013 7:05:48 AM - Windows Update
RP145: 7/26/2013 10:53:41 AM - Windows Update
RP147: 7/27/2013 6:46:04 AM - Windows Modules Installer
RP148: 7/27/2013 6:56:39 AM - Windows Modules Installer
RP149: 7/27/2013 8:53:21 AM - Installed Folder Size
RP150: 7/27/2013 9:06:05 AM - Removed Folder Size
RP151: 7/30/2013 8:21:54 PM - Windows Update
RP152: 8/6/2013 7:04:15 AM - Windows Update
RP153: 8/9/2013 7:19:15 AM - Windows Update
RP154: 8/13/2013 6:56:55 AM - Windows Update
RP155: 8/16/2013 7:16:34 AM - Windows Update
RP157: 8/20/2013 5:38:56 AM - Windows Update
RP158: 8/23/2013 6:59:48 AM - Windows Update
RP159: 8/27/2013 7:26:52 AM - Windows Update
RP160: 8/30/2013 7:33:10 AM - Windows Update
RP162: 9/2/2013 7:32:33 PM - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Wireless Router WL-520GU Utilities
Bonjour
CameraHelperMsi
CanoScan LiDE 100 Scanner Driver
CCleaner
ChromecastApp
Cisco AnyConnect VPN Client
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
DownloadTerms
erLT
Eye-Fi Center 3.4
FileZilla Client 3.6.0.1
Folder Size 2.9.0.0
Foxit PDF Editor
Foxit Reader 5.1
Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.0.1
Freemake Youtube Mp3 Converter
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToMeeting 5.5.0.1132
ImgBurn
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Internet Explorer Toolbar 4.9 by SweetPacks
iPhoneBrowser
iTunes
Java 7 Update 21
Java Auto Updater
JavaFX 2.1.0
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 3.1.51
McAfee Security Scan Plus
MediaMonkey 4.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.28)
MultiCam
Novacomd
PDF Creator
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Samsung ML-1740 Series
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.3
SlimCleaner
SmartGlobe Deluxe Edition, V1.01.327090
Software Version Updater
SweetPacks Updater Service
TeamViewer 7
TextPad 6
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Updater By SweetPacks 2.0.0.608
VLC media player 2.0.1
Wajam
Web-Cake 3.00
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1)
WinPcap 4.1.2
WinRAR 4.11 (32-bit)
WinX DVD Ripper Platinum 6.8.5
WinX HD Video Converter Deluxe 3.12.2
.
==== Event Viewer Messages From Past Week ========
.
9/2/2013 7:33:02 PM, Error: Service Control Manager [7034]  - The WebCakeUpdater service terminated unexpectedly.  It has done this 1 time(s).
9/2/2013 7:28:36 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/2/2013 7:27:36 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
9/2/2013 7:27:15 PM, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
9/2/2013 10:45:05 AM, Error: Service Control Manager [7034]  - The WajamUpdater service terminated unexpectedly.  It has done this 1 time(s).
9/2/2013 10:44:36 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.
8/30/2013 7:38:00 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
8/30/2013 3:48:47 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer7 service.
8/27/2013 3:43:25 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
Link to post
Share on other sites

  • Root Admin

That's good but your logs still show you have items that need removal that will require other tools to remove so I would still recommend you follow the advice below.

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Cheers

Link to post
Share on other sites

Machine was infected with PUP, MWB seems to have missed it :( so after the update, ran a quickscan and it caught 100 odd pup traces. Removed restarted ran quickscan again and it caught traces...then ran adw cleaner, jrt which then removed the remaining pup traces. Ran quickscan and found no traces (I will run a complete scan tomorrow). I am shocked that malwarebytes didnt catch the pup from getting onto my PC. I have the pro version and it is enabled for realtime protection :(. Ran mbamcheck & dds scan again (logs attached). Everything looks good now?

CheckResults.txt

attach.txt

dds.txt

Link to post
Share on other sites

  • Root Admin

If you're comfortable editing the Registry please open REGEDIT.EXE and remove the following entry from the Registy.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe



You can also uninstall the mcafee security scan as it was almost certainly installed along with some other program you installed.


You also have an entry from AVG doing an uninstall that appears to not be working

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABVAFMAUgAtAE4AQgBDAFAATQAtAEwAVQBTADQAQQAtAEIAQQBCAFAAQQAtAFMATQBLAEYARQAtAFAATgBTAFcAUwA"&"inst=NwA2AC0AOAA4ADkANAAzADIAOAA1ADQALQBYAE8AMwA2ACsAMQAtAFAATAArADkALQBOADEARAArADEALQBEAEQAVAArADAA"&"prod=54"&"ver=9.0.894
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

You also have an old version of MBAM installed - I highly recommend you run the following to remove older left over files and ensure all the files are the latest versions.

MBAM Clean Removal Process


You have an old compromised version of Java installed - I highly recommend you unistall ALL versions of Java and if possible try to run your computer without Java.


You're running an old version of TeamViewer that runs all the time (okay if you're aware and set it that way but should still be the latest version to prevent a possible attack)

So the box is not as clean as you may think it is but up to you if you don't wish to have someone help you investigate further.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.