update error

JimHen · August 6, 2011

After the latest update (1.51.1.1800) I can not get Malwarebytes to start.

I run Vista 32KB with Mozilla Firefox browser.

I receive the following error:

An error has occurred. Please report this error code to our support team.

PROGRAM_ERROR_LOAD_DATABASE (0,13, CreateSDK)

shadowwar · August 6, 2011

What is the letter of you main windows drive?

JimHen · August 7, 2011

What is the letter of you main windows drive?

C:

shadowwar · August 7, 2011

Please try below.

Show Hidden Files and Folders in Windows Vista and Windows 7:

* Click on the Start Posted Image button and select Computer

* Press the Alt key on your keyboard and click on Tools

* Select Folder Options

* Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders

* Next, uncheck the box next to Hide protected operating system files (Recommended)

* Then, uncheck the box next to Hide extensions for known filetypes

* Click Apply then click OK

Then go to C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware and delete rules.ref. Once you've done that, start MBAM and when it shows the error and asks to update, let it do so and see if that corrects it.

JimHen · August 7, 2011

Sorry... same results. I think this may be caused by some MS update. It used to work fine. I have the same setup on a laptop and it works. I have even copied all the programdata\malwerebytes\ folder from one pc to the other, same results. Tried un-installing MWB and re-install, same result.

shadowwar · August 7, 2011

Ok did you try this or just uninstall?

Please try a MBAM clean re-install by doing the following:

Download and run the latest mbam-clean.exe.
It will ask to restart your computer, please allow it to do so - VERY IMPORTANT.
After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here.
- Note: You will need to reactivate the program using the license within the boxed version or were sent via email if using the PRO version.
- Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
  Restart the computer again and verify that MBAM is in the task tray if using the PRO version. Now setup any process/folder/file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

shadowwar · August 7, 2011

Also can you please do this and post results?

Create a Batch File:

* Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):

@color 48
      @echo off
      if exist "%systemdrive%\Users" dir /a:d /b "%systemdrive%\Users">"%userprofile%\desktop\User Folders.txt"
      if not exist "%systemdrive%\Users" dir /a:d /b "%systemdrive%\Documents and Settings">"%userprofile%\desktop\User Folders.txt"
      "%userprofile%\desktop\User Folders.txt"
      del /f /q "%userprofile%\desktop\User Folders.txt"
      del /f /q %0

Once you've done that click on File and select Save As...

* In the Save dialogue box click on the drop down menu next to Save as type and select All Files

* Name the file List User Folders.bat (the .bat extension is very important)

* Save the file to your desktop and double click it to run it.

* Once it finishes it will open the file it created in notepad, please copy and paste the file's contents into your next reply.

JimHen · August 7, 2011

Still fails on the target PC

This is what the batch file returned:

All Users

Default

Default User

IUSR_NMPR

Jim

Public

{4b67d0e9-23f8-445c-8eef-c049eff25ecd}

JimHen · August 7, 2011

Not sure if this will help but I ran Ad-Aware after this problem started and before I posted the last note.

Here is the log file from Ad-Aware:

Logfile created: 8/6/2011 20:50:37

Ad-Aware version: 9.0.7

Extended engine: 3

Extended engine version: 3.1.2770

User performing scan: Jim

*********************** Definitions database information ***********************

Lavasoft definition file: 150.523

Genotype definition file version: 2011/07/20 16:00:22

Extended engine definition file: 10088.0

******************************** Scan results: *********************************

Scan profile name: Full Scan (ID: full)

Objects scanned: 1283537

Objects detected: 4

Type Detected

==========================

Processes.......: 0

Registry entries: 0

Hostfile entries: 0

Files...........: 2

Folders.........: 0

LSPs............: 0

Cookies.........: 2

Browser hijacks.: 0

MRU objects.....: 0

Removed items:

Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0

Quarantined items:

Description: i:\system volume information\_restore{01cbdb53-a2a0-41c7-9e9b-d73213e1dbf3}\rp431\a0071823.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ee371762723692787318c8e8ad363104

Description: c:\program files\sifxinst\vistamhdc4.5.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: cc75171391e247d728ec769c124f8cbc

Scan and cleaning complete: Finished correctly after 44188 seconds

*********************************** Settings ***********************************

Scan profile:

ID: full, enabled:1, value: Full Scan

ID: folderstoscan, enabled:1, value: C:\,D:\,G:\,H:\,I:\

ID: useantivirus, enabled:1, value: true

ID: sections, enabled:1

ID: scancriticalareas, enabled:1, value: true

ID: scanrunningapps, enabled:1, value: true

ID: scanregistry, enabled:1, value: true

ID: scanlsp, enabled:1, value: true

ID: scanads, enabled:1, value: true

ID: scanhostsfile, enabled:1, value: true

ID: scanmru, enabled:1, value: true

ID: scanbrowserhijacks, enabled:1, value: true

ID: scantrackingcookies, enabled:1, value: true

ID: closebrowsers, enabled:1, value: false

ID: filescanningoptions, enabled:1

ID: archives, enabled:1, value: true

ID: onlyexecutables, enabled:1, value: false

ID: skiplargerthan, enabled:1, value: 20480

ID: scanrootkits, enabled:1, value: true

ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict

ID: usespywareheuristics, enabled:1, value: true

Scan global:

ID: global, enabled:1

ID: addtocontextmenu, enabled:1, value: true

ID: playsoundoninfection, enabled:1, value: false

ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:

<Empty>

Update settings:

ID: updates, enabled:1

ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently

ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall

ID: schedules, enabled:1, value: true

ID: updatedaily1, enabled:1, value: Daily 1

ID: time, enabled:1, value: Sat Aug 06 19:38:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily2, enabled:1, value: Daily 2

ID: time, enabled:1, value: Sat Aug 06 01:38:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily3, enabled:1, value: Daily 3

ID: time, enabled:1, value: Sat Aug 06 07:38:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updatedaily4, enabled:1, value: Daily 4

ID: time, enabled:1, value: Sat Aug 06 13:38:00 2011

ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: false

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: false

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

ID: updateweekly1, enabled:1, value: Weekly

ID: time, enabled:1, value: Sat Aug 06 19:38:00 2011

ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly

ID: weekdays, enabled:1

ID: monday, enabled:1, value: false

ID: tuesday, enabled:1, value: true

ID: wednesday, enabled:1, value: false

ID: thursday, enabled:1, value: false

ID: friday, enabled:1, value: false

ID: saturday, enabled:1, value: true

ID: sunday, enabled:1, value: false

ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31

ID: scanprofile, enabled:1, value:

ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:

ID: appearance, enabled:1

ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource

ID: showtrayicon, enabled:1, value: true

ID: autoentertainmentmode, enabled:1, value: true

ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple

ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:

ID: realtime, enabled:1

ID: layers, enabled:1

ID: useantivirus, enabled:1, value: true

ID: usespywareheuristics, enabled:1, value: true

ID: maintainbackup, enabled:1, value: true

ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

ID: modules, enabled:1

ID: processprotection, enabled:1, value: true

ID: onaccessprotection, enabled:1, value: true

ID: registryprotection, enabled:1, value: true

ID: networkprotection, enabled:1, value: true

****************************** System information ******************************

Computer name: JIMHOME

Processor name: Intel® Core2 Quad CPU @ 2.40GHz

Processor identifier: x86 Family 6 Model 15 Stepping 7

Processor speed: ~2388MHZ

Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3847, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]

Physical memory available: 1082724352 bytes

Physical memory total: 3214843904 bytes

Virtual memory available: 1932992512 bytes

Virtual memory total: 2147352576 bytes

Memory load: 66%

Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)

Windows startup mode:

Running processes:

PID: 680 name: C:\WINDOWS\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 952 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1044 name: C:\WINDOWS\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1056 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1088 name: C:\WINDOWS\System32\services.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1120 name: C:\WINDOWS\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1128 name: C:\WINDOWS\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1228 name: C:\WINDOWS\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1316 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1360 name: C:\WINDOWS\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1388 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 1452 name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1560 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 1588 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1608 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1776 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1792 name: C:\WINDOWS\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 1824 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 1952 name: C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1964 name: C:\WINDOWS\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1060 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 2056 name: C:\WINDOWS\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2124 name: C:\WINDOWS\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2156 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 2308 name: C:\WINDOWS\System32\taskeng.exe owner: Jim domain: jimhome

PID: 2804 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2820 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2836 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2852 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 2884 name: C:\Program Files\UCT\HDR Express\HDRExpressService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3052 name: C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3068 name: C:\Program Files\Microsoft LifeCam\MSCamS32.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3088 name: C:\WINDOWS\System32\nlssrv32.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3144 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 3172 name: C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3200 name: C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3256 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 3304 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3356 name: C:\WINDOWS\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY

PID: 3488 name: C:\WINDOWS\System32\dwm.exe owner: Jim domain: jimhome

PID: 3536 name: C:\WINDOWS\explorer.exe owner: Jim domain: jimhome

PID: 3736 name: C:\WINDOWS\System32\iashost.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 3928 name: C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe owner: Jim domain: jimhome

PID: 3936 name: C:\WINDOWS\vVX1000.exe owner: Jim domain: jimhome

PID: 3956 name: C:\WINDOWS\sttray.exe owner: Jim domain: jimhome

PID: 3996 name: C:\Program Files\QUICKENW\qagent.exe owner: Jim domain: jimhome

PID: 2268 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 2208 name: C:\Program Files\Microsoft Security Client\msseces.exe owner: Jim domain: jimhome

PID: 252 name: C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe owner: Jim domain: jimhome

PID: 2652 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Jim domain: jimhome

PID: 2680 name: C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe owner: Jim domain: jimhome

PID: 3184 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: Jim domain: jimhome

PID: 3312 name: C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 1708 name: C:\Program Files\Road Runner\PhotoShow 5\data\Xtras\mssysmgr.exe owner: Jim domain: jimhome

PID: 1672 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: Jim domain: jimhome

PID: 1808 name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1892 name: C:\WINDOWS\System32\mrtMngr.exe owner: Jim domain: jimhome

PID: 1468 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: Jim domain: jimhome

PID: 2368 name: C:\WINDOWS\ehome\ehtray.exe owner: Jim domain: jimhome

PID: 1916 name: C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe owner: Jim domain: jimhome

PID: 3980 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Jim domain: jimhome

PID: 2660 name: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE owner: Jim domain: jimhome

PID: 3988 name: C:\WINDOWS\ehome\ehmsas.exe owner: Jim domain: jimhome

PID: 4108 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 4148 name: C:\WINDOWS\ehome\ehsched.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 5460 name: C:\WINDOWS\ehome\ehrecvr.exe owner: NETWORK SERVICE domain: NT AUTHORITY

PID: 6064 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: Jim domain: jimhome

PID: 4384 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 4864 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 4792 name: C:\Program Files\Microsoft Streets & Trips 2010\StreetsOlkShim.exe owner: Jim domain: jimhome

PID: 3124 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY

PID: 4416 name: C:\WINDOWS\System32\UI0Detect.exe owner: SYSTEM domain: NT AUTHORITY

PID: 780 name: C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2544 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY

PID: 4720 name: C:\WINDOWS\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 4236 name: C:\WINDOWS\System32\SearchFilterHost.exe owner: SYSTEM domain: NT AUTHORITY

PID: 1240 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY

PID: 2916 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Jim domain: jimhome

PID: 4476 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Jim domain: jimhome

Startup items:

Name: WebCheck

imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

Name: Malwarebytes' Anti-Malware

imagepath: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Name: Adobe ARM

imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Name: XboxStat

imagepath: "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

Name: VX1000

imagepath: C:\Windows\vVX1000.exe

Name: SigmatelSysTrayApp

imagepath: sttray.exe

Name: AdobeCS5ServiceManager

imagepath: "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

Name: AdobeAAMUpdater-1.0

imagepath: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

Name: QAGENT

imagepath: C:\Program Files\QUICKENW\QAGENT.EXE

Name: MSC

imagepath: "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

Name: IgfxTray

imagepath: C:\WINDOWS\system32\igfxtray.exe

Name: HotKeysCmds

imagepath: C:\WINDOWS\system32\hkcmd.exe

Name: Persistence

imagepath: C:\WINDOWS\system32\igfxpers.exe

Name: VirtualCloneDrive

imagepath: "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

Name: iTunesHelper

imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"

Name: Reader Library Launcher

imagepath: C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

Name: QuickTime Task

imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Name: SunJavaUpdateSched

imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}

imagepath: Component Categories cache daemon

Name:

location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorVisionStartup.lnk

imagepath: C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe

Name:

imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Name:

imagepath: C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:

Name:

imagepath: autocheck autochk *

Running services:

Name: Akamai

displayname: Akamai NetSession Interface

Name: ALG

displayname: Application Layer Gateway Service

Name: Apple Mobile Device

displayname: Apple Mobile Device

Name: AudioEndpointBuilder

displayname: Windows Audio Endpoint Builder

Name: Audiosrv

displayname: Windows Audio

Name: BFE

displayname: Base Filtering Engine

Name: BITS

displayname: Background Intelligent Transfer Service

Name: Bonjour Service

displayname: Bonjour Service

Name: Browser

displayname: Computer Browser

Name: BthServ

displayname: Bluetooth Support Service

Name: CryptSvc

displayname: Cryptographic Services

Name: DcomLaunch

displayname: DCOM Server Process Launcher

Name: Dhcp

displayname: DHCP Client

Name: Dnscache

displayname: DNS Client

Name: DPS

displayname: Diagnostic Policy Service

Name: EapHost

displayname: Extensible Authentication Protocol

Name: ehRecvr

displayname: Windows Media Center Receiver Service

Name: ehSched

displayname: Windows Media Center Scheduler Service

Name: EMDMgmt

displayname: ReadyBoost

Name: Eventlog

displayname: Windows Event Log

Name: EventSystem

displayname: COM+ Event System

Name: fdPHost

displayname: Function Discovery Provider Host

Name: FDResPub

displayname: Function Discovery Resource Publication

Name: FontCache

displayname: Windows Font Cache Service

Name: gpsvc

displayname: Group Policy Client

Name: HDRExpressService

displayname: HDRExpressService

Name: hidserv

displayname: Human Interface Device Access

Name: IKEEXT

displayname: IKE and AuthIP IPsec Keying Modules

Name: iphlpsvc

displayname: IP Helper

Name: iPod Service

displayname: iPod Service

Name: KeyIso

displayname: CNG Key Isolation

Name: KtmRm

displayname: KtmRm for Distributed Transaction Coordinator

Name: LanmanServer

displayname: Server

Name: LanmanWorkstation

displayname: Workstation

Name: lmhosts

displayname: TCP/IP NetBIOS Helper

Name: MDM

displayname: Machine Debug Manager

Name: MMCSS

displayname: Multimedia Class Scheduler

Name: MpsSvc

displayname: Windows Firewall

Name: MSCamSvc

displayname: MSCamSvc

Name: MsMpSvc

displayname: Microsoft Antimalware Service

Name: Netman

displayname: Network Connections

Name: netprofm

displayname: Network List Service

Name: NisSrv

displayname: Microsoft Network Inspection

Name: NlaSvc

displayname: Network Location Awareness

Name: nlsX86cc

displayname: Nalpeiron Licensing Service

Name: nsi

displayname: Network Store Interface Service

Name: nvsvc

displayname: NVIDIA Display Driver Service

Name: PcaSvc

displayname: Program Compatibility Assistant Service

Name: PlugPlay

displayname: Plug and Play

Name: PolicyAgent

displayname: IPsec Policy Agent

Name: ProfSvc

displayname: User Profile Service

Name: ProtectedStorage

displayname: Protected Storage

Name: RapiMgr

displayname: Windows Mobile-based device connectivity

Name: RasMan

displayname: Remote Access Connection Manager

Name: RemoteAccess

displayname: Routing and Remote Access

Name: RpcSs

displayname: Remote Procedure Call (RPC)

Name: SamSs

displayname: Security Accounts Manager

Name: Schedule

displayname: Task Scheduler

Name: ScsiAccess

displayname: ScsiAccess

Name: seclogon

displayname: Secondary Logon

Name: SENS

displayname: System Event Notification Service

Name: SharedAccess

displayname: Internet Connection Sharing (ICS)

Name: ShellHWDetection

displayname: Shell Hardware Detection

Name: slsvc

displayname: Software Licensing

Name: Spooler

displayname: Print Spooler

Name: SSDPSRV

displayname: SSDP Discovery

Name: SstpSvc

displayname: Secure Socket Tunneling Protocol Service

Name: Stereo Service

displayname: NVIDIA Stereoscopic 3D Driver Service

Name: stisvc

displayname: Windows Image Acquisition (WIA)

Name: SysMain

displayname: Superfetch

Name: TapiSrv

displayname: Telephony

Name: TermService

displayname: Terminal Services

Name: Themes

displayname: Themes

Name: UI0Detect

displayname: Interactive Services Detection

Name: upnphost

displayname: UPnP Device Host

Name: UxSms

displayname: Desktop Window Manager Session Manager

Name: W32Time

displayname: Windows Time

Name: WcesComm

displayname: Windows Mobile-2003-based device connectivity

Name: WdiSystemHost

displayname: Diagnostic System Host

Name: WerSvc

displayname: Windows Error Reporting Service

Name: WinHttpAutoProxySvc

displayname: WinHTTP Web Proxy Auto-Discovery Service

Name: Winmgmt

displayname: Windows Management Instrumentation

Name: Wlansvc

displayname: WLAN AutoConfig

Name: WMPNetworkSvc

displayname: Windows Media Player Network Sharing Service

Name: wscsvc

displayname: Security Center

Name: WSearch

displayname: Windows Search

Name: wuauserv

displayname: Windows Update

Name: wudfsvc

displayname: Windows Driver Foundation - User-mode Driver Framework

Name: Lavasoft Ad-Aware Service

displayname: Lavasoft Ad-Aware Service

exile360 · August 7, 2011

Please navigate to C:\Users and delete the following folder:

{4b67d0e9-23f8-445c-8eef-c049eff25ecd}

Once that is done, try running Malwarebytes' Anti-Malware again and let us know if it is able to start or not.

Thanks

JimHen · August 7, 2011

After removing that weird user and also removed the IUSR_NMPR I did another clean and re-installed MB.

All is working now!

I don't know what that was but the weird user folder contained a file named HECI.cat, listed as a Security Catalog that would open with 'Crypto Shell Extensions'

Thanks for the help. You can close this dialog.

exile360 · August 7, 2011

You're welcome

I've seen such folders with names similar to {4b67d0e9-23f8-445c-8eef-c049eff25ecd} pop up from time to time in a wide variety of locations on my PC, even on other partitions/drives. They're temp folders created by Windows Update during update installations and I never have been able to figure out why the locations vary so frequently or why MS doesn't use a static location for them, but I've never had an issue after removing them, even when I had to uninstall or reinstall an update that created the folder during its original installation.

The other folder, I'm not too sure about, but it could be similar, a folder created by some installer.

Edited August 7, 2011 by exile360
spelling

AdvancedSetup · August 7, 2011

This article should explain the IUSR Account. Possibly due to an application installation.

JimHen · August 8, 2011

That is probably correct as I may have installed IIS at one time but no longer use it.

update error

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Important Information