JimHen Posted August 6, 2011 ID:462751 Share Posted August 6, 2011 After the latest update (1.51.1.1800) I can not get Malwarebytes to start. I run Vista 32KB with Mozilla Firefox browser.I receive the following error:An error has occurred. Please report this error code to our support team.PROGRAM_ERROR_LOAD_DATABASE (0,13, CreateSDK) Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 6, 2011 Staff ID:462756 Share Posted August 6, 2011 What is the letter of you main windows drive? Link to post Share on other sites More sharing options...
JimHen Posted August 7, 2011 Author ID:462775 Share Posted August 7, 2011 What is the letter of you main windows drive?C: Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 7, 2011 Staff ID:462780 Share Posted August 7, 2011 Please try below. Show Hidden Files and Folders in Windows Vista and Windows 7: * Click on the Start Posted Image button and select Computer * Press the Alt key on your keyboard and click on Tools * Select Folder Options * Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders * Next, uncheck the box next to Hide protected operating system files (Recommended) * Then, uncheck the box next to Hide extensions for known filetypes * Click Apply then click OKThen go to C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware and delete rules.ref. Once you've done that, start MBAM and when it shows the error and asks to update, let it do so and see if that corrects it. Link to post Share on other sites More sharing options...
JimHen Posted August 7, 2011 Author ID:462975 Share Posted August 7, 2011 Sorry... same results. I think this may be caused by some MS update. It used to work fine. I have the same setup on a laptop and it works. I have even copied all the programdata\malwerebytes\ folder from one pc to the other, same results. Tried un-installing MWB and re-install, same result. Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 7, 2011 Staff ID:462998 Share Posted August 7, 2011 Ok did you try this or just uninstall?Please try a MBAM clean re-install by doing the following:Download and run the latest mbam-clean.exe.It will ask to restart your computer, please allow it to do so - VERY IMPORTANT.After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here.Note: You will need to reactivate the program using the license within the boxed version or were sent via email if using the PRO version.Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.Restart the computer again and verify that MBAM is in the task tray if using the PRO version. Now setup any process/folder/file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it. Link to post Share on other sites More sharing options...
Staff shadowwar Posted August 7, 2011 Staff ID:463006 Share Posted August 7, 2011 Also can you please do this and post results?Create a Batch File: * Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor): @color 48 @echo off if exist "%systemdrive%\Users" dir /a:d /b "%systemdrive%\Users">"%userprofile%\desktop\User Folders.txt" if not exist "%systemdrive%\Users" dir /a:d /b "%systemdrive%\Documents and Settings">"%userprofile%\desktop\User Folders.txt" "%userprofile%\desktop\User Folders.txt" del /f /q "%userprofile%\desktop\User Folders.txt" del /f /q %0Once you've done that click on File and select Save As... * In the Save dialogue box click on the drop down menu next to Save as type and select All Files * Name the file List User Folders.bat (the .bat extension is very important) * Save the file to your desktop and double click it to run it. * Once it finishes it will open the file it created in notepad, please copy and paste the file's contents into your next reply. Link to post Share on other sites More sharing options...
JimHen Posted August 7, 2011 Author ID:463070 Share Posted August 7, 2011 Still fails on the target PCThis is what the batch file returned:All UsersDefaultDefault UserIUSR_NMPRJimPublic{4b67d0e9-23f8-445c-8eef-c049eff25ecd} Link to post Share on other sites More sharing options...
JimHen Posted August 7, 2011 Author ID:463078 Share Posted August 7, 2011 Not sure if this will help but I ran Ad-Aware after this problem started and before I posted the last note.Here is the log file from Ad-Aware:Logfile created: 8/6/2011 20:50:37Ad-Aware version: 9.0.7Extended engine: 3Extended engine version: 3.1.2770User performing scan: Jim*********************** Definitions database information ***********************Lavasoft definition file: 150.523Genotype definition file version: 2011/07/20 16:00:22Extended engine definition file: 10088.0******************************** Scan results: *********************************Scan profile name: Full Scan (ID: full)Objects scanned: 1283537Objects detected: 4Type Detected==========================Processes.......: 0Registry entries: 0Hostfile entries: 0Files...........: 2Folders.........: 0LSPs............: 0Cookies.........: 2Browser hijacks.: 0MRU objects.....: 0Removed items:Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0Quarantined items:Description: i:\system volume information\_restore{01cbdb53-a2a0-41c7-9e9b-d73213e1dbf3}\rp431\a0071823.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ee371762723692787318c8e8ad363104Description: c:\program files\sifxinst\vistamhdc4.5.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: cc75171391e247d728ec769c124f8cbcScan and cleaning complete: Finished correctly after 44188 seconds*********************************** Settings ***********************************Scan profile:ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\,D:\,G:\,H:\,I:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: trueScan global:ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/AScheduled scan settings:<Empty>Update settings:ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Sat Aug 06 19:38:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Sat Aug 06 01:38:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Sat Aug 06 07:38:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Sat Aug 06 13:38:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sat Aug 06 19:38:00 2011 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: true ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: true ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: falseAppearance settings:ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\LanguageRealtime protection settings:ID: realtime, enabled:1 ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true****************************** System information ******************************Computer name: JIMHOMEProcessor name: Intel® Core2 Quad CPU @ 2.40GHzProcessor identifier: x86 Family 6 Model 15 Stepping 7Processor speed: ~2388MHZRaw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3847, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]Physical memory available: 1082724352 bytesPhysical memory total: 3214843904 bytesVirtual memory available: 1932992512 bytesVirtual memory total: 2147352576 bytesMemory load: 66%Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)Windows startup mode:Running processes:PID: 680 name: C:\WINDOWS\System32\smss.exe owner: SYSTEM domain: NT AUTHORITYPID: 952 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITYPID: 1044 name: C:\WINDOWS\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITYPID: 1056 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITYPID: 1088 name: C:\WINDOWS\System32\services.exe owner: SYSTEM domain: NT AUTHORITYPID: 1120 name: C:\WINDOWS\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITYPID: 1128 name: C:\WINDOWS\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITYPID: 1228 name: C:\WINDOWS\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITYPID: 1316 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITYPID: 1360 name: C:\WINDOWS\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITYPID: 1388 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITYPID: 1452 name: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITYPID: 1560 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITYPID: 1588 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITYPID: 1608 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITYPID: 1776 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITYPID: 1792 name: C:\WINDOWS\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITYPID: 1824 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITYPID: 1952 name: C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe owner: SYSTEM domain: NT AUTHORITYPID: 1964 name: C:\WINDOWS\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITYPID: 1060 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITYPID: 2056 name: C:\WINDOWS\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITYPID: 2124 name: C:\WINDOWS\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITYPID: 2156 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITYPID: 2308 name: C:\WINDOWS\System32\taskeng.exe owner: Jim domain: jimhomePID: 2804 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITYPID: 2820 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITYPID: 2836 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITYPID: 2852 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITYPID: 2884 name: C:\Program Files\UCT\HDR Express\HDRExpressService.exe owner: SYSTEM domain: NT AUTHORITYPID: 3052 name: C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe owner: SYSTEM domain: NT AUTHORITYPID: 3068 name: C:\Program Files\Microsoft LifeCam\MSCamS32.exe owner: SYSTEM domain: NT AUTHORITYPID: 3088 name: C:\WINDOWS\System32\nlssrv32.exe owner: SYSTEM domain: NT AUTHORITYPID: 3144 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITYPID: 3172 name: C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe owner: SYSTEM domain: NT AUTHORITYPID: 3200 name: C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe owner: SYSTEM domain: NT AUTHORITYPID: 3256 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITYPID: 3304 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITYPID: 3356 name: C:\WINDOWS\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITYPID: 3488 name: C:\WINDOWS\System32\dwm.exe owner: Jim domain: jimhomePID: 3536 name: C:\WINDOWS\explorer.exe owner: Jim domain: jimhomePID: 3736 name: C:\WINDOWS\System32\iashost.exe owner: NETWORK SERVICE domain: NT AUTHORITYPID: 3928 name: C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe owner: Jim domain: jimhomePID: 3936 name: C:\WINDOWS\vVX1000.exe owner: Jim domain: jimhomePID: 3956 name: C:\WINDOWS\sttray.exe owner: Jim domain: jimhomePID: 3996 name: C:\Program Files\QUICKENW\qagent.exe owner: Jim domain: jimhomePID: 2268 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITYPID: 2208 name: C:\Program Files\Microsoft Security Client\msseces.exe owner: Jim domain: jimhomePID: 252 name: C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe owner: Jim domain: jimhomePID: 2652 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Jim domain: jimhomePID: 2680 name: C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe owner: Jim domain: jimhomePID: 3184 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: Jim domain: jimhomePID: 3312 name: C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe owner: LOCAL SERVICE domain: NT AUTHORITYPID: 1708 name: C:\Program Files\Road Runner\PhotoShow 5\data\Xtras\mssysmgr.exe owner: Jim domain: jimhomePID: 1672 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: Jim domain: jimhomePID: 1808 name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITYPID: 1892 name: C:\WINDOWS\System32\mrtMngr.exe owner: Jim domain: jimhomePID: 1468 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: Jim domain: jimhomePID: 2368 name: C:\WINDOWS\ehome\ehtray.exe owner: Jim domain: jimhomePID: 1916 name: C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe owner: Jim domain: jimhomePID: 3980 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Jim domain: jimhomePID: 2660 name: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE owner: Jim domain: jimhomePID: 3988 name: C:\WINDOWS\ehome\ehmsas.exe owner: Jim domain: jimhomePID: 4108 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITYPID: 4148 name: C:\WINDOWS\ehome\ehsched.exe owner: NETWORK SERVICE domain: NT AUTHORITYPID: 5460 name: C:\WINDOWS\ehome\ehrecvr.exe owner: NETWORK SERVICE domain: NT AUTHORITYPID: 6064 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: Jim domain: jimhomePID: 4384 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITYPID: 4864 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITYPID: 4792 name: C:\Program Files\Microsoft Streets & Trips 2010\StreetsOlkShim.exe owner: Jim domain: jimhomePID: 3124 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITYPID: 4416 name: C:\WINDOWS\System32\UI0Detect.exe owner: SYSTEM domain: NT AUTHORITYPID: 780 name: C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe owner: SYSTEM domain: NT AUTHORITYPID: 2544 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITYPID: 4720 name: C:\WINDOWS\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT AUTHORITYPID: 4236 name: C:\WINDOWS\System32\SearchFilterHost.exe owner: SYSTEM domain: NT AUTHORITYPID: 1240 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITYPID: 2916 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Jim domain: jimhomePID: 4476 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Jim domain: jimhomeStartup items:Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}Name: Malwarebytes' Anti-Malware imagepath: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentName: Adobe ARM imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"Name: XboxStat imagepath: "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrunName: VX1000 imagepath: C:\Windows\vVX1000.exeName: SigmatelSysTrayApp imagepath: sttray.exeName: AdobeCS5ServiceManager imagepath: "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbyloginName: AdobeAAMUpdater-1.0 imagepath: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"Name: QAGENT imagepath: C:\Program Files\QUICKENW\QAGENT.EXEName: MSC imagepath: "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyName: IgfxTray imagepath: C:\WINDOWS\system32\igfxtray.exeName: HotKeysCmds imagepath: C:\WINDOWS\system32\hkcmd.exeName: Persistence imagepath: C:\WINDOWS\system32\igfxpers.exeName: VirtualCloneDrive imagepath: "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /sName: iTunesHelper imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"Name: Reader Library Launcher imagepath: C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exeName: QuickTime Task imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottimeName: SunJavaUpdateSched imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemonName: location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorVisionStartup.lnk imagepath: C:\Program Files\ColorVision\Utility\ColorVisionStartup.exeName: imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.iniName: imagepath: C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.iniBootexecute items:Name: imagepath: autocheck autochk *Running services:Name: Akamai displayname: Akamai NetSession InterfaceName: ALG displayname: Application Layer Gateway ServiceName: Apple Mobile Device displayname: Apple Mobile DeviceName: AudioEndpointBuilder displayname: Windows Audio Endpoint BuilderName: Audiosrv displayname: Windows AudioName: BFE displayname: Base Filtering EngineName: BITS displayname: Background Intelligent Transfer ServiceName: Bonjour Service displayname: Bonjour ServiceName: Browser displayname: Computer BrowserName: BthServ displayname: Bluetooth Support ServiceName: CryptSvc displayname: Cryptographic ServicesName: DcomLaunch displayname: DCOM Server Process LauncherName: Dhcp displayname: DHCP ClientName: Dnscache displayname: DNS ClientName: DPS displayname: Diagnostic Policy ServiceName: EapHost displayname: Extensible Authentication ProtocolName: ehRecvr displayname: Windows Media Center Receiver ServiceName: ehSched displayname: Windows Media Center Scheduler ServiceName: EMDMgmt displayname: ReadyBoostName: Eventlog displayname: Windows Event LogName: EventSystem displayname: COM+ Event SystemName: fdPHost displayname: Function Discovery Provider HostName: FDResPub displayname: Function Discovery Resource PublicationName: FontCache displayname: Windows Font Cache ServiceName: gpsvc displayname: Group Policy ClientName: HDRExpressService displayname: HDRExpressServiceName: hidserv displayname: Human Interface Device AccessName: IKEEXT displayname: IKE and AuthIP IPsec Keying ModulesName: iphlpsvc displayname: IP HelperName: iPod Service displayname: iPod ServiceName: KeyIso displayname: CNG Key IsolationName: KtmRm displayname: KtmRm for Distributed Transaction CoordinatorName: LanmanServer displayname: ServerName: LanmanWorkstation displayname: WorkstationName: lmhosts displayname: TCP/IP NetBIOS HelperName: MDM displayname: Machine Debug ManagerName: MMCSS displayname: Multimedia Class SchedulerName: MpsSvc displayname: Windows FirewallName: MSCamSvc displayname: MSCamSvcName: MsMpSvc displayname: Microsoft Antimalware ServiceName: Netman displayname: Network ConnectionsName: netprofm displayname: Network List ServiceName: NisSrv displayname: Microsoft Network InspectionName: NlaSvc displayname: Network Location AwarenessName: nlsX86cc displayname: Nalpeiron Licensing ServiceName: nsi displayname: Network Store Interface ServiceName: nvsvc displayname: NVIDIA Display Driver ServiceName: PcaSvc displayname: Program Compatibility Assistant ServiceName: PlugPlay displayname: Plug and PlayName: PolicyAgent displayname: IPsec Policy AgentName: ProfSvc displayname: User Profile ServiceName: ProtectedStorage displayname: Protected StorageName: RapiMgr displayname: Windows Mobile-based device connectivityName: RasMan displayname: Remote Access Connection ManagerName: RemoteAccess displayname: Routing and Remote AccessName: RpcSs displayname: Remote Procedure Call (RPC)Name: SamSs displayname: Security Accounts ManagerName: Schedule displayname: Task SchedulerName: ScsiAccess displayname: ScsiAccessName: seclogon displayname: Secondary LogonName: SENS displayname: System Event Notification ServiceName: SharedAccess displayname: Internet Connection Sharing (ICS)Name: ShellHWDetection displayname: Shell Hardware DetectionName: slsvc displayname: Software LicensingName: Spooler displayname: Print SpoolerName: SSDPSRV displayname: SSDP DiscoveryName: SstpSvc displayname: Secure Socket Tunneling Protocol ServiceName: Stereo Service displayname: NVIDIA Stereoscopic 3D Driver ServiceName: stisvc displayname: Windows Image Acquisition (WIA)Name: SysMain displayname: SuperfetchName: TapiSrv displayname: TelephonyName: TermService displayname: Terminal ServicesName: Themes displayname: ThemesName: UI0Detect displayname: Interactive Services DetectionName: upnphost displayname: UPnP Device HostName: UxSms displayname: Desktop Window Manager Session ManagerName: W32Time displayname: Windows TimeName: WcesComm displayname: Windows Mobile-2003-based device connectivityName: WdiSystemHost displayname: Diagnostic System HostName: WerSvc displayname: Windows Error Reporting ServiceName: WinHttpAutoProxySvc displayname: WinHTTP Web Proxy Auto-Discovery ServiceName: Winmgmt displayname: Windows Management InstrumentationName: Wlansvc displayname: WLAN AutoConfigName: WMPNetworkSvc displayname: Windows Media Player Network Sharing ServiceName: wscsvc displayname: Security CenterName: WSearch displayname: Windows SearchName: wuauserv displayname: Windows UpdateName: wudfsvc displayname: Windows Driver Foundation - User-mode Driver FrameworkName: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Link to post Share on other sites More sharing options...
exile360 Posted August 7, 2011 ID:463122 Share Posted August 7, 2011 Please navigate to C:\Users and delete the following folder:{4b67d0e9-23f8-445c-8eef-c049eff25ecd}Once that is done, try running Malwarebytes' Anti-Malware again and let us know if it is able to start or not.Thanks Link to post Share on other sites More sharing options...
JimHen Posted August 7, 2011 Author ID:463141 Share Posted August 7, 2011 After removing that weird user and also removed the IUSR_NMPR I did another clean and re-installed MB. All is working now!I don't know what that was but the weird user folder contained a file named HECI.cat, listed as a Security Catalog that would open with 'Crypto Shell Extensions'Thanks for the help. You can close this dialog. Link to post Share on other sites More sharing options...
exile360 Posted August 7, 2011 ID:463144 Share Posted August 7, 2011 (edited) You're welcome I've seen such folders with names similar to {4b67d0e9-23f8-445c-8eef-c049eff25ecd} pop up from time to time in a wide variety of locations on my PC, even on other partitions/drives. They're temp folders created by Windows Update during update installations and I never have been able to figure out why the locations vary so frequently or why MS doesn't use a static location for them, but I've never had an issue after removing them, even when I had to uninstall or reinstall an update that created the folder during its original installation.The other folder, I'm not too sure about, but it could be similar, a folder created by some installer. Edited August 7, 2011 by exile360 spelling Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 7, 2011 Root Admin ID:463145 Share Posted August 7, 2011 This article should explain the IUSR Account. Possibly due to an application installation. Link to post Share on other sites More sharing options...
JimHen Posted August 8, 2011 Author ID:463197 Share Posted August 8, 2011 That is probably correct as I may have installed IIS at one time but no longer use it. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now