Jump to content

Malwarebytes not responding after trying to remove


Recommended Posts

I was removing the threats on Malwarebytes when it froze and stopped responding. I waited about 10 minutes for it to respond with no luck. I have attached the DDS and Attach files from the dds scanner. Malwarebytes had updated before I scanned.

 

PC info:

Dell Studio 1737 running Windows Vista Home Premium 64 bit, Service Pack 1 Build 6001

Intel® Core 2 Duo CPU 

T6500 @ 2.10GHz, 2100 Mhz

RAM 4gb

Harddrive 300gb

 

If any other info is needed, please ask. 

attach.txt

dds.txt

Link to post
Share on other sites

Hello kisamokichi and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as qBittorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are done, please generate a new fresh DDS log files.

Link to post
Share on other sites

Im sorry. I did not fully comprehend what you said. Here is the copy-pasted DDS

-----

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.45.2
Run by Joe at 20:19:35 on 2014-03-12
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [NPSStartup] <no file>
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{A3B39953-A4AB-4AD2-95A0-7ED431FCA881} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Torntv V9.0: {11111111-1111-1111-1111-110511131190} - 
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\i1uf8m4p.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Joe\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Joe\AppData\Local\Roblox\Versions\version-7cb30356092f43ac\NPRobloxProxy.dll
FF - plugin: C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\plugins\npo1d.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-12-9 28600]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe [2013-12-30 89600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-12-9 440400]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-12-9 440400]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-12-9 108440]
R2 hmip;hmip;C:\Windows\System32\drivers\hmip64.sys [2014-2-11 30056]
R2 lxea_device;lxea_device;C:\Windows\System32\lxeacoms.exe -service --> C:\Windows\System32\lxeacoms.exe -service [?]
R2 UCManSvc;UCManSvc;C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [2010-3-12 241808]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-12-7 172032]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2013-12-7 126464]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-27 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-27 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2013-3-20 6144]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2013-12-8 93184]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2014-3-6 20232]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-27 25928]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2013-3-19 23552]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2013-3-19 27648]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2013-3-20 12288]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\System32\drivers\sscebus.sys [2014-1-26 127488]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\System32\drivers\sscemdfl.sys [2014-1-26 18944]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\System32\drivers\sscemdm.sys [2014-1-26 161280]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2014-1-26 16448]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-12-9 1017424]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-12-27 20:44:39 522224 ----a-w- C:\Windows\DIFxAPI.dll
2013-12-26 19:00:44 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-26 19:00:39 264616 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-12-26 19:00:39 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-12-26 19:00:38 174504 ----a-w- C:\Windows\SysWow64\java.exe
2013-12-18 11:14:58 131576 ----a-w- C:\Windows\System32\drivers\avipbb.sys
2013-12-18 11:14:58 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
.
============= FINISH: 20:20:18.20 ===============
Link to post
Share on other sites

Step 1

Please temporarily disable Avira:

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/?p=649843

Step 2

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites

I have done as you said. Here is the log. The big problem I have is that even though I updated, Malwarebytes is still freezing and not responding even after waiting 10 minutes. 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.11.10
 
Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Joe :: JOE-PC [administrator]
 
3/13/2014 9:47:20 PM
MBAM-log-2014-03-13 (21-55-43).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211555
Time elapsed: 4 minute(s), 9 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 5
C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0 (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js\lib (PUP.Optional.CrossRider.A) -> No action taken.
C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js\lib\popupResource (PUP.Optional.CrossRider.A) -> No action taken.
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

This is the second log I got after I checked PUP settings. The first one was without PUP settings and before I tried updating.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.11.10
 
Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Joe :: JOE-PC [administrator]
 
3/13/2014 9:57:21 PM
mbam-log-2014-03-13 (21-57-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211519
Time elapsed: 3 minute(s), 21 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 5
C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js\lib (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn\1.26.12_0\js\lib\popupResource (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.