Jump to content

Trouble Running MBAM - Quick Scan Slows and than Locks


jwgnle

Recommended Posts

Copied over from the following thread http://www.malwarebytes.org/forums/index.php?showtopic=30004 per AdvancedSetup (Admin)....

This post/thread is not about malware removal. It's about a fresh install of Windows 7 Ultimate and the subsequent loading of Malwarebytes and it not apparently running correctly (slowing than stopping around the 17,000+/- count which ultimently results in a "not responding" error and a ctrl-alt-del into Task Manager to kill MBAM). The advise provided so far eluded to a possible AVG anti-virus issue/conflict... I tried the suggested remedy which did not solve the issue. I than removed AVG altogether and reinstalled Malwarebytes which did not resolve the issue. So I would have to assume the issue does not lie with AVG anti-virus... In that this is a new install of Windows 7, I doubt that it has anything to do with an infection of malware...

Additionally... I can't complete the request of "Please print out, read and follow the directions here...." because MBAM won't complete to generate a report to post. As mentioned in first post, on other machines in the family (running XP), Quick Scan takes about 5 minutes.... I've had to kill MBAM after more than 60 minutes run time / not responding which did not result in an MBAM report...

Jim

Tucson, AZ

ADDITIONAL Information to add: Following suggestions on a few other Admin Solution posts, I tried the following: Again, this is on a clean install of Windows 7 Ultimate with Office 2007 Student Ed. loaded as well... AVG anti-virus has been removed completely...

Changed file name of MBAM.exe to winlogon.exe and executed the renamed file and ran Quick Scan. Shocking in that this ran and completed right at 5 minutes... No errors, exceptions, etc. found. Changed the name back to MBAM.exe and re-ran... Slows and hangs at around the 17,000+/- count. At the time this happens, the scan is in the Registry scanning Windows / IE records and CPU usage is pegged at 100%... Changed back to winlogon.exe - Runs without issue.... But instead of the CPU being pegged at 100% usage, it's running around 35-40% usage....

Having "success" with that, I re-installed AVG anti-virus... Running MBAM.exe, same results - slows and hangs. Changde the file name to winlogon.exe and it runs without issue... 5 minutes, no issues, errors found...

Summary: MBAM.exe, Quick Scan, slows and locks at 17,000+/- counts, CPU pegged at 100%, Ctrl-Alt-Del required to terminate... MBAM.exe file renamed to winlogon.exe, AVG anti-virus loaded, completes Quick Scan in 5 minutes, CPU usage 35-40%, No errors found...

What can be done in order to get MBAM to run under it's proper file name? Stumped!

Thanks in advance for any help and/or insight that can be provided.

Regards,

Jim

Tucson, AZ

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes,

Please give more information about your Windows installation. Did you format before installing Windows 7, or is it an upgrade from Vista, or an over the top installation? Is it 32 or 64bit?

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

-screen317

Link to post
Share on other sites

Hi and welcome to Malwarebytes,

Please give more information about your Windows installation. Did you format before installing Windows 7, or is it an upgrade from Vista, or an over the top installation? Is it 32 or 64bit?

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post the one that is not minimized.

-screen317

Thank you for your reply... Very much appreciated.

I had XP Pro installed and booted from the Windows 7 CD and installed over the existing XP installation after performing a "delete existing partition", "create partition for new install" and a "quick format"... 32bit

I had trouble with the link you provided for DDS download. When I clicked it, I received a screen full of jibberish. Did a Google search and found a DDS.scr file vs the DSS.pif you had link with. The DDR.scr file created two files as you mentioned and I believe I pasted the correct one below... Let me know what additional information, etc. you need.

Thanks again.... Jim

LOG File

DDS (Ver_09-10-26.01) - NTFSx86

Run by Jim at 23:56:28.36 on Sat 11/07/2009

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1018 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\wltrysvc.exe

C:\Windows\System32\bcmwltry.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Windows\System32\wltray.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Jim\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msnbc.com/

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\wltray

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\users\jim\appdata\roaming\mozilla\firefox\profiles\sbv5b0yz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.com/

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-7 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-7 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-7 53328]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-4 269648]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-4 1153368]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-4-6 88192]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-4 19160]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-4 38224]

R3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2007-3-6 2595840]

R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2009-11-08 00:44:47 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-11-05 20:35:44 29272 ----a-r- c:\windows\system32\AdobePDF.dll

2009-11-05 19:06:27 0 d-----w- c:\programdata\FLEXnet

2009-11-05 19:06:25 0 d-----w- c:\program files\common files\Macrovision Shared

2009-11-05 19:00:49 0 d-----w- c:\programdata\Adobe

2009-11-05 05:23:27 0 d-sh--w- c:\windows\system32\%APPDATA%

2009-11-05 04:22:31 32656 ----a-w- c:\windows\system32\msonpmon.dll

2009-11-05 04:21:22 0 d-----w- c:\windows\PCHEALTH

2009-11-05 04:19:53 0 d-----w- c:\programdata\Microsoft Help

2009-11-05 03:19:49 0 d-----w- c:\program files\VS Revo Group

2009-11-05 03:07:47 23 --sha-w- c:\windows\system32\edacded0.dat

2009-11-05 03:07:47 23 ----a-w- c:\windows\system32\bcdadac7.xml

2009-11-05 03:07:28 0 d-----w- c:\program files\jv16 PowerTools 2009

2009-11-05 02:58:23 0 d-----w- c:\programdata\Acronis

2009-11-05 02:58:10 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2009-11-05 02:58:10 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2009-11-05 02:58:07 129248 ----a-w- c:\windows\system32\drivers\snapman.sys

2009-11-05 02:58:02 368544 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2009-11-05 02:33:51 0 d-----w- c:\program files\Atomic Clock Sync

2009-11-04 17:01:07 0 d-----w- c:\program files\CCleaner

2009-11-04 13:45:29 0 d-----w- c:\programdata\Spybot - Search & Destroy

2009-11-04 13:45:29 0 d-----w- c:\program files\Spybot - Search & Destroy

2009-11-04 13:37:41 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2009-11-04 13:37:36 0 d-----w- c:\program files\Synaptics

2009-11-04 13:16:13 0 d---a-w- c:\programdata\TEMP

2009-11-04 13:16:03 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2009-11-04 13:16:03 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2009-11-04 13:16:02 0 d-----w- c:\program files\SpywareBlaster

2009-11-04 13:08:51 0 d-----w- c:\programdata\WinZip

2009-11-04 12:45:20 0 d-----w- c:\users\jim\appdata\roaming\Malwarebytes

2009-11-04 12:45:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-04 12:45:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-04 12:45:14 0 d-----w- c:\programdata\Malwarebytes

2009-11-04 12:45:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-04 06:45:40 0 ----a-w- c:\windows\ativpsrm.bin

2009-11-04 06:43:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2009-11-04 06:40:59 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2009-11-04 06:40:59 71168 ----a-w- c:\windows\system32\fontsub.dll

2009-11-04 06:40:59 507568 ----a-w- c:\windows\system32\winload.exe

2009-11-04 06:40:59 442920 ----a-w- c:\windows\system32\winresume.exe

2009-11-04 06:40:59 293888 ----a-w- c:\windows\system32\atmfd.dll

2009-11-04 06:40:59 2613248 ----a-w- c:\windows\explorer.exe

2009-11-04 06:40:59 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2009-11-04 06:40:59 108544 ----a-w- c:\windows\system32\t2embed.dll

2009-11-04 06:40:58 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2009-11-04 06:40:06 34816 ----a-w- c:\windows\system32\msasn1.dll

2009-11-04 06:32:08 0 d-----w- c:\programdata\Hewlett-Packard

2009-11-04 06:16:47 0 d-----w- c:\program files\AVG

2009-11-04 05:57:14 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-11-04 05:32:45 86016 ------w- c:\windows\system32\wltrynt.dll

2009-11-04 05:32:45 65536 ------w- c:\windows\system32\WLTRYSVC.EXE

2009-11-04 05:32:45 294912 ------w- c:\windows\system32\BCMLogon.dll

2009-11-04 05:32:45 192512 ------w- c:\windows\system32\AegisI5.exe

2009-11-04 05:32:45 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-11-04 05:32:44 819303 ------w- c:\windows\system32\wltray.EXE

2009-11-04 05:32:43 954474 ------w- c:\windows\system32\BCMWLTRY.EXE

2009-11-04 05:32:43 1953900 ------w- c:\windows\system32\bcmcfg.cpl

2009-11-04 05:32:43 1396831 ------w- c:\windows\system32\AegisE5.dll

2009-11-04 05:32:43 122981 ------w- c:\windows\system32\preflib.dll

2009-11-04 05:25:06 69632 ------w- c:\windows\system32\bcmwlD2K.EXE

2009-11-04 05:25:06 376320 ------w- c:\windows\system32\drivers\BCMWL5.SYS

2009-11-04 05:25:06 176128 ------w- c:\windows\system32\bcmwlu00.exe

2009-11-04 05:17:31 0 d-----w- c:\program files\Analog Devices

2009-11-04 05:14:13 0 d-----w- c:\program files\Broadcom

2009-11-04 05:13:31 0 d-----w- c:\windows\Panther

2009-11-04 05:13:24 8192 --sha-r- C:\BOOTSECT.BAK

2009-11-04 05:13:22 383562 --sha-r- C:\bootmgr

2009-11-04 05:13:21 0 d-sh--w- C:\Boot

2009-11-04 05:12:54 0 d-----w- c:\windows\tiinst

2009-11-04 05:12:27 0 d-sh--w- c:\windows\Installer

2009-11-04 05:12:22 0 d-----w- C:\SWSetup

2009-11-04 05:11:01 0 d-----w- c:\program files\ATI Technologies

2009-11-04 05:10:58 0 d-----w- c:\program files\ATI

2009-11-04 04:31:22 0 --sh--r- C:\winx.ld

2009-11-04 04:31:21 203836 --sh--r- C:\grldr

2009-11-04 04:30:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2009-11-04 04:27:11 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI

2009-11-04 04:26:55 0 d-----w- c:\windows\system32\wbem\Performance

==================== Find3M ====================

2009-08-18 06:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:57:11.79 ===============

Link to post
Share on other sites

  • Staff

Hi,

Usually the symptoms you are describing are indicative of an infection. Theoretically it's possible for malware to survive a "Quick Format" into a new installation, and since you installed a 32bit version of Windows 7, the infection could still be alive. Trouble is, many of the tools we use are not yet compatible with Windows 7. There are a few things I would like to try.

First, please download ATF Cleaner by Atribune from here, and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the whole lot, check Select All.

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

Next, do the following in this order:

1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.

2. Restart your computer (very important).

3. Download and run this utility.

4. It will ask to restart your computer (please allow it to).

5. After the computer restarts, install the latest version from here.

Note: You will need to reactivate the program using the license you were sent via e-mail if you purchased it.

See if it will run now, named as mbam.exe.

If no joy, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-screen317

Link to post
Share on other sites

Thank you Chris for the guidance... Followed the steps to a tee. Results as follows:

Phase I

Ran ATF-Cleaner and cleaned everything... Roughly 86Mb of files.

Uninstalled MBAM and ran the MBAM Cleaner...

Reinstalled MBAM and updated....

Same results... Runs fine until around 16,000, slows down and hangs around 17,000 +/-

Phase II

Ran on-line F-Secure via Firefox...

Found (1) malware... TrackingCookie.2o7 (spyware)... Partial file pasted below, whole file attached. Too large and doesn't look "right"...

Removed with F-Secure Scanner

Ran SecurityCheck... Results posted below....

Attempted a Quick Scan with MBAM again.... Same results

F-Secure Scan Partial:

Scanning Report

Monday, November 9, 2009 18:55:33 - 19:30:19

Computer name: NC8230-JIM-WIN7

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

1 malware found

TrackingCookie.2o7 (spyware)

* System (Disinfected)

Statistics

Scanned:

* Files: 111729

* System: 3538

* Not scanned: 1894

Actions:

* Disinfected: 1

* Renamed: 0

* Deleted: 0

* Not cleaned: 0

* Submitted: 0

SecurityCheck Results

Results of screen317's Security Check version 0.99.0

Windows 7 (UAC is enabled)

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Antivirus

WMIC entry does not exist for antivirus; attempting automatic update.

avast! updated!

``````````````````````````````

Anti-malware/Other Utilities Check:

SpywareBlaster 4.2

Spybot - Search & Destroy

CCleaner

Adobe Flash Player 10

``````````````````````````````

Process Check:

objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe

Alwil Software Avast4 ashServ.exe

Alwil Software Avast4 ashDisp.exe

Alwil Software Avast4 ashMaiSv.exe

Alwil Software Avast4 ashWebSv.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

What do you think? A reinstall of Windows 7 after a complete hard drive format?

Jim

Tucson, AZ

F_Secure_Scan_File.txt

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Let's investigate further.

Please run a GMER Rootkit scan:

Download GMER's application from here:

http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe

Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.

This will copy the results to your clipboard.

Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

-screen317

Link to post
Share on other sites

Hi Chris -

Not a problem... Figured something came up.... Had read a few things in the last couple of days and saw something about installing Windows 7 on a system having run XP.... It mentioned a full format vs a quick format and add your concern mentioned earlier, I bite the bullet today and did just that.... Back up and running... Have loaded MBAM, updated and tried Quick Scan.

Low-and-behold... It works!

Link to post
Share on other sites

That's it for now Chris...

I greatly appreciate your help it helping resolve this perplexing issue... If anything, learned a few things about Windows 7... I'm thinking the file I uploaded says it all. Left behind remnants of XP from a quick format of the hard drive can still be recognized... MBAM must have been getting "lost" in the run-on "file paths" it found.... Thanks again for the help... Malwarebytes and it's volunteer supporters are the best!

Jim

Tucson, AZ

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.