Jump to content


Photo

MBAM not updating


  • Please log in to reply
40 replies to this topic

#1 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 21 June 2017 - 09:14 AM

I recently saw MBAM warning me that it was out of date.  I tried manually updating and it would get "searching for updates" but then would go back to the out of date warning.  I uninstalled and reinstalled MBAM from my original install set and it ran an update on install but less than an hour later it was warning me of being out of date and not updating.  I found a more recent version of MBAM at Bleeping Computer and installed that successfully but, again, I soon got the "out of date" warning.

 

Logs:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/21/17
Scan Time: 2:19 AM
Log File: mbam.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2060
License: Premium

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296886
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2017 01
Ran by user (administrator) on ASM17 (20-06-2017 17:53:32)
Running from C:\Documents and Settings\user\Desktop\Security
Loaded Profiles: user (Available Profiles: user & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
(Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\n360.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Realtek) C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Insight Software Solutions) C:\Program Files\Keyboard Express 3\keyexp.exe
(Symantec) C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE
() C:\Program Files\ACT\SideACT.exe
(WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mcomm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1767\g2mlauncher.exe
() C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\davcdata.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16806912 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [Norton Ghost 15.0] => C:\Program Files\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [233304 2009-02-03] (Microsoft Corp.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
HKLM\...\Run: [GhostStartTrayApp] => C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [94208 2003-12-17] (Symantec Corporation)
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-09-25] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [8169Diag] => C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe [909312 2008-02-26] (Realtek)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-07-21] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\...\Run: [GoToMeeting] => C:\Program Files\Citrix\GoToMeeting\1767\g2mstart.exe [40304 2014-09-26] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssbezier.scr [19968 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2009-12-31]
ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-08-05]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to announce.lnk [2013-06-12]
ShortcutTarget: Shortcut to announce.lnk -> C:\announce.txt ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk [2009-08-31]
ShortcutTarget: SideACT!.lnk -> C:\Program Files\ACT\SideACT.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2009-08-31]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2010-08-18]
ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe ()
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk [2009-09-16]
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
BootExecute: autocheck autochk /r \??\J:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB12FE0F-6522-40FD-BDB9-31B29FE52F51}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USSMB/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.9.3.13&locale=en_US&guid=98A651A1-8908-40FD-9AAE-6060FD3D8424&doi=2016-09-01&gct=sb&qsrc=2869
BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll => No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll => No File
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll => No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\coIEPlg.dll [2017-05-26] (Symantec Corporation)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249575361234
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2000-12-23] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5hp6q9e0.default-1438895758359 [2017-06-20]
FF Homepage: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5hp6q9e0.default-1438895758359 -> hxxp://www.asmicro.com/Corporate/burkhead.htm
FF Session Restore: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5hp6q9e0.default-1438895758359 -> is enabled.
FF Extension: (Norton Identity Safe) - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\5hp6q9e0.default-1438895758359\Extensions\idsafe@norton.com.xpi [2017-06-02]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-12-14] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-28] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.7.0.76\coFFAddon [2017-05-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-20] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2011-11-02] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1081035915-1334999037-3880933879-1005: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\user\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2013-07-26] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npcosmop211.dll [2007-09-23] (PLATINUM technology, inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-06-20]
CHR Extension: (Google Slides) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-19]
CHR Extension: (Google Docs) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-04]
CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-22]
CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-11-22]
CHR Extension: (Google Sheets) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-04]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-04]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-05-04]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-04]
CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-06-20] (Adobe Systems Incorporated) [File not signed]
R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed]
S3 GenericMount Helper Service; C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
R2 GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [200704 2003-12-17] (Symantec Corporation) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\N360.exe [288520 2017-05-26] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528 2009-09-21] (Symantec)
S3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S3 Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe /Processid:{541078A4-D4C1-42FA-BA83-F0039487567F}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [327808 2005-07-20] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [100096 2005-07-20] (Aladdin Knowledge Systems Ltd.)
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2003-12-17] (Adaptec)
R1 BHDrvx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\BASHDefs\20170616.005\BHDrvx86.sys [1359488 2017-06-13] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1609040.008\ccSetx86.sys [137880 2017-05-11] (Symantec Corporation)
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [392352 2017-05-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [124576 2017-05-10] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-05-31] ()
R3 GenericMount; C:\WINDOWS\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)
R1 GhPciScan; C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [5632 2003-12-17] (Symantec Corporation) [File not signed]
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
R3 IDSxpx86; C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\IPSDefs\20170619.001\IDSxpx86.sys [756864 2017-05-20] (Symantec Corporation)
R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [79960 2008-08-18] (JMicron Technology Corp.)
S2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation)
R0 MBAMChameleon; C:\WINDOWS\System32\drivers\MBAMChameleon.sys [147232 2017-06-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39840 2017-06-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220576 2017-06-20] (Malwarebytes)
R0 MtxDma0; C:\WINDOWS\System32\drivers\MtxDma0.sys [179164 2001-12-13] (Matrox Electronic Systems Ltd.) [File not signed]
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1609040.008\SRTSP.SYS [624280 2017-05-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1609040.008\SRTSPX.SYS [41112 2017-05-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\1609040.008\SYMEFASI.SYS [1344664 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [89296 2017-05-20] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1609040.008\Ironx86.SYS [232600 2017-05-11] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1609040.008\SYMTDI.SYS [382008 2017-02-20] (Symantec Corporation)
S3 VProEventMonitor; C:\WINDOWS\System32\DRIVERS\vproeventmonitor.sys [15096 2009-09-21] (Symantec Corporation)
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [X]
S0 cccllq; System32\drivers\qvilowj.sys [X]
S3 Diag69xp; System32\Drivers\Diag69xp.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20170116.017\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20170116.017\NAVEX15.SYS [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
U2 V2iMount; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-20 17:53 - 2017-06-20 17:53 - 00000000 ____D C:\FRST
2017-06-20 17:52 - 2017-06-20 17:53 - 00000000 ____D C:\Documents and Settings\user\Desktop\Security
2017-06-12 10:08 - 2017-06-20 16:35 - 00147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-12 10:08 - 2017-06-20 16:35 - 00039840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-12 10:08 - 2017-06-20 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-06-12 10:08 - 2017-05-31 11:09 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-06-12 10:06 - 2017-06-20 16:35 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-12 10:06 - 2017-06-12 10:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-20 17:55 - 2013-09-23 10:39 - 00000000 ____D C:\Documents and Settings\user\Local Settings\temp
2017-06-20 17:41 - 2014-08-26 14:55 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2017-06-20 17:41 - 2012-04-05 14:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-06-20 17:40 - 2012-04-05 14:07 - 00803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-06-20 17:40 - 2011-06-07 10:06 - 00144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-06-20 17:40 - 2008-04-25 17:27 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-20 17:12 - 2013-10-16 09:55 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-06-20 13:30 - 2008-04-25 17:32 - 00032470 _____ C:\WINDOWS\SchedLgU.Txt
2017-06-20 09:37 - 2009-08-31 14:36 - 00000000 ____D C:\Documents and Settings\user\My Documents\My PSP8 Files
2017-06-20 09:12 - 2013-10-16 09:55 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-06-20 08:23 - 2016-11-21 17:41 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2017-06-20 00:16 - 2008-04-25 05:17 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-19 22:19 - 2010-08-18 12:33 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\BounceBack Express
2017-06-19 15:17 - 2014-03-26 17:28 - 00000220 ____N C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-06-19 15:17 - 2013-09-23 10:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-06-19 15:17 - 2009-12-30 13:57 - 00000000 ____D C:\Program Files\Keyboard Express 3
2017-06-19 15:17 - 2009-07-21 17:21 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory
2017-06-19 15:17 - 2008-04-25 17:26 - 00000000 ____D C:\WINDOWS\Registration
2017-06-19 15:17 - 2008-04-25 12:16 - 00002206 ____N C:\WINDOWS\system32\wpa.dbl
2017-06-19 15:16 - 2009-08-31 16:09 - 08405015 ____N C:\WINDOWS\TempFile
2017-06-19 15:16 - 2008-04-25 17:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-19 11:19 - 2009-10-05 13:06 - 00000000 ____D C:\Program Files\dtpdemotest
2017-06-16 14:19 - 2009-08-31 17:37 - 00029184 ____N C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-16 13:31 - 2012-04-26 10:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-16 09:34 - 2016-12-14 23:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-15 20:02 - 2010-01-31 17:18 - 00000000 ____D C:\David
2017-06-12 10:08 - 2010-07-01 09:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-06-12 10:04 - 2009-08-31 16:01 - 00000000 ____D C:\Temp
2017-06-09 15:07 - 2017-01-16 12:14 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360
2017-06-09 15:06 - 2017-01-16 12:14 - 00002002 ____N C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
2017-06-09 15:06 - 2017-01-16 12:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
2017-06-09 15:03 - 2009-07-21 17:21 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
2017-06-09 15:03 - 2009-07-11 20:22 - 00524288 ____N C:\WINDOWS\system32\config\ACEEvent.evt
2017-06-08 15:00 - 2014-03-26 17:28 - 00000214 ____N C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-06-07 12:59 - 2008-04-25 17:27 - 00000117 ____N C:\WINDOWS\vbaddin.ini
2017-05-30 15:02 - 2009-08-31 16:19 - 00000000 ____D C:\source
2017-05-30 12:12 - 2015-02-09 12:05 - 00135168 ____N C:\WINDOWS\system32\MSCOMCT2.oca
2017-05-30 12:12 - 2015-02-09 12:05 - 00035328 ____N C:\WINDOWS\system32\COMCT332.oca
2017-05-30 12:01 - 2009-09-21 12:32 - 00000000 ____D C:\arwork
2017-05-27 13:30 - 2013-02-16 17:26 - 00000000 ____D C:\Documents and Settings\user\My Documents\SQL Server Management Studio Express

==================== Files in the root of some directories =======

2010-01-12 12:33 - 2010-01-14 19:08 - 0006772 ____N () C:\Documents and Settings\user\Local Settings\Application Data\admin.anduril
2010-01-15 15:27 - 2010-03-17 10:41 - 0009686 ____N () C:\Documents and Settings\user\Local Settings\Application Data\dburkhead.anduril
2010-02-05 10:54 - 2010-03-16 18:36 - 0001853 ____N () C:\Documents and Settings\user\Local Settings\Application Data\dbuser.anduril
2009-08-31 17:37 - 2017-06-16 14:19 - 0029184 ____N () C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-07-21 17:21 - 2009-07-21 17:22 - 0000127 ____N () C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
2015-08-06 17:16 - 2015-08-06 17:16 - 0000036 ____N () C:\Documents and Settings\user\Local Settings\Application Data\housecall.guid.cache
2013-10-21 14:24 - 2016-10-07 17:27 - 0000004 ____N () C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameR.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 15th June, 2017
Running from:C:\Documents and Settings\user\Desktop\Security (10:09:14 - 06/21/2017)
***---------------------------------------------------------***
Microsoft Windows XP Professional X86 Service Pack 3
WARNING! Windows XP is no longer supported
Internet Explorer 8
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Malwarebytes (Enabled - out of Date)
Norton Security Suite (Enabled - up to Date)
 

Note when I ran RGSA I got an error message:

"Line 257 (File "C:\Documents and settings\user\Desktop\Security\RGSA.exe"):

Error:  The requested action with this object has failed."

So I presume it did not finish.

 



#2 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 21 June 2017 - 09:15 AM

Oops.  Forgot the addition.txt file

Attached Files



#3 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 23 June 2017 - 02:29 PM

Hello dburkhead and welcome back to SpywareInfo Forum.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware.



Your Operating System (Windows XP) is no longer supported by Microsoft since April 2014. That means your computer has become more vulnerable to infections. I strongly suggest you to upgrade your Windows XP to a modern and supported Operating System after the cleaning process.


I can see that you may previously ran ComboFix at one point. ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for unsupervised use.
Using this tool incorrectly could lead to disastrous problems with your Operating System such as an non-bootable system.


You have HijackThis installed in your computer. In addition to being out of date this program is no longer supported.
Please go to Start > Control Panel > Add or Remove Programs, and uninstall HijackThis 2.0.2.


Next,

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22.9.3.13&locale=en_US&guid=98A651A1-8908-40FD-9AAE-6060FD3D8424&doi=2016-09-01&gct=sb&qsrc=2869
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll => No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: MSN Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll => No File
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll => No File
Toolbar: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.4.8\Exts\Chrome.crx [2017-06-06]
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [X]
S0 cccllq; System32\drivers\qvilowj.sys [X]
S3 Diag69xp; System32\Drivers\Diag69xp.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20170116.017\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.7.0.76\Definitions\SDSDefs\20170116.017\NAVEX15.SYS [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
U2 V2iMount; no ImagePath
CustomCLSID: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1081035915-1334999037-3880933879-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No File
End

Save the file as fixlist.txt in to the same folder as FRST
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post its entire contents to your reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

Please download Junkware Removal Tool and save it to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Double-click on the icon to run the tool.
  • The tool will open and check for updates. You will see the Disclaimer.
  • Press any key to continue and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.

Please post the contents of JRT.txt into your next reply.


Next,

Please download Malwarebytes AdwCleaner and save it to your computer's Desktop.

  • Close all open programs and internet browsers.
  • Double-click on the icon to start the tool.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

 

Next,

If you uninstalled Malwarebytes using the Programs and Features applet, most likely will remain leftovers from it on the system.
You need to completely uninstall Malwarebytes using the removal tool developed by the Malwarebytes Corporation.


Please follow the instructions below carefully and make a clean removal and new installation of Malwarebytes.

Download MBAM-clean and save it to your computer Desktop.
 
Right-click on mbam-clean.exe icon and select Run as administrator to start the tool.
It will ask you to reboot the machine - please do so.
Run the MBAM-clean tool again and reboot when complete. NOTE: DO NOT miss this step.

If you have lost the activation license key information it can be located here
 

 

Download the newest version of Malwarebytes from here and save it to your computer's Desktop or anywhere else on your system since you know where is located.

Double click on the installer and follow the prompts to install the program. If necessary select the Blue Help tab for video instructions.

When the install completes and is updated do the following:

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please copy and paste the contents of the log in your next reply.

 

 

To summarize, please post in your next reply the contents of:
fixlog.txt;
JRT.txt;
AdwCleaner clean log;
MBAM log.


Let me know how is the computer running.

Are you still getting the out-of-date warning from Malwarebytes?

Thank you.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#4 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 25 June 2017 - 03:36 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Microsoft Windows XP x86
Ran by user (Administrator) on Fri 06/23/2017 at 17:32:26.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EMI4II2F (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LHXP8M70 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SRZPQLK3 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X5HWHMQC (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EMI4II2F (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LHXP8M70 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SRZPQLK3 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X5HWHMQC (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/23/2017 at 17:35:22.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v6.047 - Logfile created 23/06/2017 at 17:39:59
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : user - ASM17
# Running from : C:\Documents and Settings\user\Desktop\Security\adwcleaner_6.047.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Program Files\Common Files\Viewpoint


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
Key Found:  HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
Key Found:  HKU\S-1-5-21-1081035915-1334999037-3880933879-1005\Software\Classes\TypeLib\{C4E09482-2C6A-44B2-8D40-ABC01B36BB9D}
Key Found:  HKCU\Software\Classes\TypeLib\{C4E09482-2C6A-44B2-8D40-ABC01B36BB9D}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found:  HKU\.DEFAULT\Software\Viewpoint
Key Found:  HKU\S-1-5-18\Software\Viewpoint


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [11889 Bytes] - [23/09/2013 14:33:08]
C:\AdwCleaner\AdwCleaner[S0].txt - [11921 Bytes] - [23/09/2013 14:33:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1849 Bytes] - [23/06/2017 17:39:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1922 Bytes] ##########

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/25/17
Scan Time: 2:19 AM
Log File: mbam1.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2092
License: Premium

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294942
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 9 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

I left the MBAM scan running when I left the office Friday evening.  I had reason to come in today so I was able to get the log and post them here.

 

MBAM reports that updates are not current.

 



#5 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 26 June 2017 - 11:08 AM

Hello dburkhead.

 

 

Okay, before we proceed any further:
 

I left the MBAM scan running when I left the office Friday evening.  I had reason to come in today so I was able to get the log and post them here.
MBAM reports that updates are not current.

Does this computer belongs to a company? If so, do you have permission from the company to make changes on the computer?

We do not support or work on company computers without the company permission.

You must inform your Supervisor immediately.

This because of:

  • Most company computers are connected into a network at some time or other, and your infection may compromise the security of that network.
  • If sensitive material is compromised by an infection, your company could be held liable.

Your Company must give permission for us to give you assistance.

This is because:

  • We are not here to replace your company's IT Department. If there's an IT Department, then they are responsible to deal with this.
  • There may be sensitive material on your computer that your company would not want revealed in an open forum.

If this is a computer used at work I strongly advise you to backup all important files you don't want to lose, this since malware causes a system unstable and it may happen that it suddenly won't boot anymore, because of the damage already present.


Please let me know what you decide to do.

Thank you.

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#6 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 26 June 2017 - 11:24 AM

We are a very small company (there are three of us who work here in the office, one who works from home, and a bookkeeper who comes in every two weeks or so).  Our network is a modest peer-to-peer setup and I'm primarily the one to maintain it.  I am not an IT professional--we don't have one--so it falls under "other tasks as assigned."  And although my boss generally handles the computers he normally uses on his own the rest get brought to me to try to figure out what needs to be done.

 

So, I'm basically the "front person" for getting help and am, therefore, authorized to do what needs to be done.



#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 27 June 2017 - 09:52 AM

Hello.

Thank you for letting me know that information about the company.

 

Okay, please proceed with the following scan to search for leftovers of infection on your system.

ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers and disconnect any USB flash drives from the computer.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


Next,

Please proceed with the following instructions to run a new scan with RGSA.

Delete the files RGSA.exe and SALog.txt from your computer's Desktop;
Download a new RGSA file from here and save it to your computer's Desktop;
Double-click the RGSA file and accept the Disclaimer to run the scan (it will take just a few seconds to complete);
When the scan is complete, it will create a file named SALog.txt;
Please post its content in your next reply.
 

 

Please post the contents of the ESET log (if it produced one) and the SALog.txt and wait for further instructions.

 

p.s. Are you using a Dial-up connection to access the Internet?

Thank you.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#8 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 05 July 2017 - 08:22 AM

I've been out of town for several days and I just got back.  Ran Eset and got the following:

 

D:\zzDrivesAsRcvd\14rec\14rec.exe    a variant of Win32/Toolbar.MyWay potentially unwanted application    deleted
D:\zzDrivesAsRcvd\14rec\Program Files\Mywaysa\Srchasde\1.bin\desrcas.dll    a variant of Win32/Toolbar.MyWay potentially unwanted application    cleaned by deleting
T:\BounceBackups\17cbackup\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\5hp6q9e0.default-1438895758359\cache2\entries\31A74576EA7D9F18A464DFC52A20D1362CBF8AA8    JS/Agent.NUZ trojan    deleted
T:\BounceBackups\17cbackup\Documents and Settings\user\Local Settings\temp\ZU9jtZzV.js.part    JS/Kryptik.BBJ trojan    cleaned by deleting
 

When I run RGSA I get "line 257 (File "C:\Documents and Settings\user\Desktop\Security\RGSA.exe"):  Error:  The requested action with this object has failed."

 

The log file created anyway is:

Result of Security Analysis by Rocket Grannie (x86) Updated: 28th June, 2017
Running from:C:\Documents and Settings\user\Desktop\Security (09:21:53 - 07/05/2017)
***---------------------------------------------------------***
Microsoft Windows XP Professional X86 Service Pack 3
WARNING! Windows XP is no longer supported
Internet Explorer 8
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Malwarebytes (Enabled - out of Date)
Norton Security Suite (Enabled - up to Date)
 



#9 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 07 July 2017 - 03:42 AM

Hello dburkhead and welcome back.

The ESET log looks good. It shows that ESET found and removed some leftovers of infection.

 

At this point the computer appears to be clean and free of malware.

 

Please let me know how is the computer running. Does the MBAM update issue still remain?

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#10 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 07 July 2017 - 08:24 AM

Malwarebytes still is not updating either with the automatic updates or by performing a manual check for updates.  It reports that updates are not current.



#11 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 09 July 2017 - 07:23 AM

Hello dburkhead.

 

Sorry for the late reply.

 

Please download the diagnostic tool, mb-check.exe and save it to your computer's Desktop.

Double-click the icon to run it. A black command prompt window will appear.

Click Enter to run the tool. It will take a few seconds to complete.

When finished click the OK button.

A file named mb-check-result.zip will be saved to your Desktop.

 

Please attach this file to your next reply and wait for further instructions.

 

Thank you.

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#12 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 10 July 2017 - 08:56 AM

Attempted to attach the file but got error "this file was too big to upload".  File was 659 kB and the text next to the attach button says max file size 44.18 kB .  Should I use a file-sharing service like dropbox or bulldogmailer to provide it?



#13 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 10 July 2017 - 09:06 AM

Hello dburkhead.

 

Please upload the file to TinyUpload and wait for further instructions.

 

Thank you.

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#14 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 10 July 2017 - 09:22 AM

Uploaded.



#15 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 10 July 2017 - 09:32 AM

Hello.

 

Sorry I forgot to tell you to post the download link here. Please post it so I can have access to the file.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#16 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 10 July 2017 - 09:38 AM

http://s000.tinyuplo...793846543854747



#17 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 11 July 2017 - 08:10 AM

Hello dburkhead.

 

There seems to be a problem with your Malwarebytes installation. You need to remove it using the latest version of the Malwarebytes removal tool (mb-clean.exe).

Please read carefully the instructions below and proceed when ready by following all the steps.

First, delete the 'MBAM-clean.exe' that you previously downloaded to your computer's Desktop.

Now download the latest version mb-clean from here and save it to your computer's Desktop.

Double-click the mb-clean to run the program.
Click Yes when prompted and wait.
If you are prompted to reboot, click Yes. << This is very important! If you are not prompted, please skip to the last bullet point.

After your computer has rebooted, please click Yes when prompted to reinstall Malwarebytes 3.0.
A progress bar will appear. Installation of Malwarebytes 3.0 will start shortly after.
Upon completion, please open Malwarebytes.

Note 1: If you had Malwarebytes Premium activated prior to running MB-Clean, please verify Premium is now activated.
Note 2: If installation of Malwarebytes 3.0 does not start, please skip to the last bullet point below.
 

A log named 'mb-clean-result.txt' will be saved to your computer's Desktop.

Please upload that log to TinyUpload and post the download link  in your next reply.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#18 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 12 July 2017 - 02:43 PM

http://s000.tinyuplo...242596973866690



#19 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 17 July 2017 - 03:32 AM

Hello dburkhead.

 

I apologize for the long delay in responding.

 

The log shows that apparently something went wrong with mb-clean.

 

Did you noticed something wrong when you ran mb-clean.exe, like any error message or similar?

Did you ever saw the prompt to download and install Malwarebytes 3.1.2?

 

Please answer the questions above if you can.

 

Now I will need you to re-run mb-clean.exe and and note any errors or messages encountered.

Then upload its new log to TinyUpload and post the download link in your reply.

 

Thank you.

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#20 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 17 July 2017 - 08:17 AM

I did not get any visible error messages.

I did not get a prompt to download and install the new version.

Running MB-Clean again.



#21 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 17 July 2017 - 08:32 AM

Ran it again.  This time it did prompt to download and install.  It downloaded and installed but, when finished, I still get the "Updates are not current" issue and attempting to update software fails.

 

Results file attached.

Attached Files



#22 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 17 July 2017 - 10:39 AM

Hello dburkhead.

 

Please re-run mb-check.exe

Double-click the icon to run it. A black command prompt window will appear.

Click Enter to run the tool. It will take a few seconds to complete.

When finished click the OK button.

A file named mb-check-result.zip will be saved to your computer Desktop.

 

Please upload the zip file to TinyUpload and post the download link in your reply.

 

Thank you.

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#23 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 18 July 2017 - 02:43 PM

I thought I had done this already but apparently not since there's no reply to that effect here.

 

Here's the mbcheck result:

http://s000.tinyuplo...929848536071551

 



#24 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 19 July 2017 - 09:05 AM

Hello dburkhead.

Does your computer date and time are correct? Please check it out and if they are not correct set them to the correct date and time.

Now, open Internet Explorer and visit the website www.microsoft.com.

On the same browser (Internet Explorer) please visit the website https://sirius.mwbsys.com/ and let me know if you see the word 'OK' on the upper left corner of the webpage.

Then try the same with Mozilla Firefox and Google Chrome and let me know if the result is the same.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#25 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 19 July 2017 - 10:24 AM

In Internet Explorer

www.microsoft.com and https://sirius.mwbsys.com/ both report "Internet Explorer cannot display the webpage."

 

In Firefox I get Microsoft's homepage for www.microsoft.com but get a connection timed out for https://sirius.mwbsys.com/



#26 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 19 July 2017 - 10:31 AM

Oh, and the date/time is correct to within the minute (checked against my phone).



#27 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 22 July 2017 - 01:45 PM

Hello dburkhead.

Please try to turn off Windows Firewall and see if that makes any difference.

If that doesn't solve the problem, please proceed with the following:

First of all deactivate your Malwarebytes license key. Before you do that, please take note of your credentials and license key.
Now open Malwarebytes and select the ‘deactivate’ button in the My Account window.
Close Malwarebytes.


Next;

Let's try to uninstall Malwarebytes using the Revo Uninstaller.

Please download and install the free version of Revo Uninstaller
Double-click on the icon of Revo Uninstaller to run the tool.
Click Yes to accept any security warnings that may appear.
Select Malwarebytes and click Uninstall. Follow the instructions to complete the removal process.
In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers of Malwarebytes.
Click on Delete and then click Next. You may have to repeat this to delete all the leftovers (Registry items, files and folders).
Click on the Finish button.
Restart the computer.



Next,

Download Malwarebytes version 3 from here and save it to your Desktop or anywhere else on your system since you know where is located.

Double click on the installer and follow the prompts to install the program and activate the Premium feature with your license key. If necessary select the Blue Help tab for video instructions.

When the install completes see if the tool is updated.

Restart the computer and check if the update message issue is solved.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#28 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 24 July 2017 - 08:49 AM

Turning off firewall did not help.

 

Oddly enough, when I deactivated the license, MBAM suddenly said the updates were current.

 

Proceeding with the rest of your instructions.



#29 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 24 July 2017 - 09:21 AM

The procedure:  deactivate license->uninstall using Revo->reinstall->activate license seems to have done the trick.  At least it MBAM is saying it's current.  I'm getting an alert for no scans having been done but that's to be expected after wiping out the records.  We'll see if it sticks.



#30 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 24 July 2017 - 09:41 AM

I went ahead and ran the scan.  Scan came back clean.  However, at end of scan I was back to "updates are not current" with "check for updates" doing nothing.



#31 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 26 July 2017 - 05:27 AM

Hello dburkhead.

 

Sorry for the delay.

 

Okay, please re-run mb-check.exe and upload the new produced .zip file.

Double-click the icon to run it. A black command prompt window will appear.

Click Enter to run the tool. It will take a few seconds to complete.

When finished click the OK button.

A file named mb-check-result.zip will be saved to your computer Desktop.

 

Please upload the zip file to TinyUpload and post the download link in your next reply.

 

Thank you.

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#32 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 26 July 2017 - 08:43 AM

http://s000.tinyuplo...565305117631978



#33 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 31 July 2017 - 09:56 AM

It's been a few days.  Are we still active?



#34 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 31 July 2017 - 06:43 PM

Hello dburkhead.

 

Yes we are still active. I apologize for the delay.

 

The reason is that we are also in contact with the Malwarebytes staff trying to figure out what could be the cause of this issue.

 

I will be back to you as soon as we get a solution for the problem.

 

Thank you for your patience and time.

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#35 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 08 August 2017 - 12:14 PM

While waiting, I contacted Malwarebytes.  In the course of things (most of what they wanted to go through was stuff we did here already) they said I needed to turn User Access Control on.

 

XP Does not have UAC.

 

When I pointed that out they had me roll back to version 2.1.1.1043 and said that a new version coming out in September or October should resolve the issue.

 

That does seem to have fixed the issue.  The database version is current (v2017.08.08.07).  I'll want to double check that it stays current but it seems the problem is with Malwarebytes itself.

 

If I had to guess, I'd think that when they updated the software they put in the requirement for UAC to be active, but had neglected the way that would affect legacy XP users.  We'll see if they actually do fix this in a future update.  If they don't, well, I now know how to get back to a working version.

 

So, once I see that the version we're using is able to update both manually and automatically, I can figure we can close this.



#36 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 976 posts

Posted 09 August 2017 - 07:35 AM

Hello dburkhead.


Please keep your programs up to date.

Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.



Next, you can now delete the tools that were used in malware removal process by using DelFix.

  • Please download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
    • Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. I don't need to see the log file.

 

 

If all is well:


To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Please upgrade your Windows to a modern and supported Operating System.

Keep your AntiVirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:
Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.


Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
How did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. default_cool.png

Android8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#37 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 14 August 2017 - 02:53 PM

Sorry this is late.  I was out with a bug.

 

Installed and ran Secunia PSI.  I note that a lot of the programs that it lists as out of date are older versions of programs:  Adobe Acrobat Reader 3.s, 4.x, 6.x, etc. Internet Explorer 6, 7, and so on.  Would it be advisable to remove these older versions using the Revo uninstaller, keeping only the most recent, before doing the "click to upgrade"?

 

And Malwarebytes 2.1 seems to be keeping up to date on the definitions so far so that problem appears to be addressed.



#38 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 23 August 2017 - 03:24 PM

9 Days since I last posted with no response.  Are we still active?

 

 

EDIT: Android 8888 is dealing with a family medical crisis and I have asked another Helper to assist you...  We just found out today that he is not available because of the family issue...  Hopefully someone will help you again soon...


Edited by Budfred, 23 August 2017 - 11:02 PM.


#39 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 24 August 2017 - 10:50 AM


Hi, my name is nasdaq

Because of family medical situation... Android 8888 is not available at the moment.

I have been asked to take over until his return.

With the current platform I do not suggest you update and or remove these old versions.
They are no longer updated as is Windows XP from Microsoft.
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)

Do you still have issues with this computer?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#40 dburkhead

dburkhead

    Advanced Member

  • Full Member
  • PipPipPip
  • 125 posts

Posted 24 August 2017 - 11:02 AM

Hope everything turns out okay for Android 8888

 

Okay then, if we're not updating the software on the computer, there's nothing more to be done.  The final result (received from MBAM service) was to roll back MBAM bot 2.2.1.1043 because current version requires UAC activated and UAC is not available in WinXP.  A future version should restore compatibility with XP but until then run this one.

 

MBAM databases are updating.  Both automatic and manual updates work.  Looks like we're good then.



#41 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 25 August 2017 - 06:12 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/


https://www.bleeping...er-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!