SOCIOPATH

Ok thanks. Was this Sonoko more or less just a false positive possibly as well? And yah my buddy just had a few free licenses of Norton so he gave me one but I'm not too concerned. I did try running the removal tools etc but nothing is working so i will just leave it with Windows Defender and Malwarebytes as i agree, they work great together

Hey guys. Had some weird stuff occur on my laptop the last few nights. Firstly, i have a purchased version or Norton Security Premium and Malwarebytes Premium. Norton gave me a weird message last night stating it needed to run an ipdate but needed to reinstall a newer version too. Once it started doing that, it failed to reinstall. I tried many methods to reinstall it to no avail. I then ran malwarebytes last night and it picked up nothing. However, when i ran Windows Defender, it found Trojan:Win32/Sonoko.A!ms and supposedly successfully removed it. Logs attached and please help as i want to make sure i am clean. P.S. i still haven't been able to reinstall my paid version of Norton Security Premium malwarebyteslog.txt Addition.txt FRST.txt

When i try to install the beta it hangs on install and i end up having to reboot my pc and reinstall 3.6 so i gave up. Anyone else having issues with the beta install? its working now, ignore this post

Noticed this PUP.Optional.22ChromeEXT when i ran adwcleaner. Logs attached. Also note. I have the current Windows Insider glitch with Malwarebytes so i cant run any quick scan for Malwarebytes. Its the issue described in this forum but is unrelated to this extension issue. So if you ask for any specific malwarebytes scan, i may have issues. Thanks FRST.txt Addition.txt AdwCleaner[S04].txt

So i also had to run the hyper scan to actually get a scan to complete now. After that i ran the support tool and heres the log @exile360 mbst-grab-results.zip

Yes i am getting the same issue as Imod now. I will run a scan first with event log data enabled as you mentioned and then run the Support tool asap

@exile360 yes thanks. It is working and also does work in the scans but part of this glitch was that after pc reboots it would turn off rootkit scanning and hence that error would return as well. Fortunately the "scan for rootkits" slider does work when you try to turn it back on to enable unlike Web protection, Malware protection and Ransomware protection . Those 3 options will not allow you to even slide them back to on but rookit scan is available to turn back on if it goes to disabled thankfully

@Imod - Yah i was getting the DDA error after reboots too but later today that specific error has disappeared for me as well. I noticed i was getting the DDA error sometimes after reboots and then when i checked protection, "scan for rookits" would also be disabled. Now this afternoon, i am noticing that rootkit options stays enabled and no errors for DDA but the others are all still disabled such as Web protection is off Malware protection is off Ransomware protection is off

Glad to help !!

https://we.tl/t-2YYg4c3Vp9

Unfortunately the rootkit error didn't reappear while i was running the proc monitor exe. Nevertheless, i uploaded the log file to the webpage as directed but this zip file will not have my license key in it, correct? 

Unfortunately the rootkit error didn't reappear while i was running the proc monitor exe. Nevertheless, i uploaded the log file to the webpage as directed but this zip file will not have my license key in it, correct?

Norton SONAR stopped something while procmon was running. Should i turn off Norton while i run the program?

I have the same issue. I am a part of windows insider program as well. Windows 10 recently did an update and boom real time protection is now off and also i get that rootkit message . I am also using a copy of Norton Security but never had issues until this recent windows update "Malwarebytes is unable to load The Anti Rootkit DDA Driver" etc etc Web protection is off Malware protection is off Ransomware protection is off Tried using mbclean etc to no avail. I am a paying customer on Malwarebytes 3.6.1 premium. Should i stay in this forum or post a separate ticket?

also malwarebytes found nothing this time

heres the otm log, it need to reboot, looks like that dsiwmis.log couldnt be moved though, not sure if thats an issue or not. Also at the end of the log it says Registry entries deleted on reboot... but there was nothing after that just so you know i didnt miss pasting some of the log. That was the end of the log file. All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\jennifer\Desktop\cmd.bat deleted successfully. C:\Users\jennifer\Desktop\cmd.txt deleted successfully. DllUnregisterServer procedure not found in C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll moved successfully. DllUnregisterServer procedure not found in C:\Program Files (x86)\Windows Live\Messenger\riched20.dll C:\Program Files (x86)\Windows Live\Messenger\riched20.dll moved successfully. C:\Users\jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTW4PJFO\Setup[1].exe moved successfully. LoadLibrary failed for C:\Users\jennifer\AppData\Local\Temp\is-DPR23.tmp\OptProCrash.dll C:\Users\jennifer\AppData\Local\Temp\is-DPR23.tmp\OptProCrash.dll moved successfully. DllUnregisterServer procedure not found in C:\Users\jennifer\AppData\Local\Temp\nsp1374.tmp\Helper.dll C:\Users\jennifer\AppData\Local\Temp\nsp1374.tmp\Helper.dll moved successfully. C:\Users\jennifer\AppData\Local\Temp\YontooLayers\background.html moved successfully. C:\Users\jennifer\AppData\Local\Temp\{FEBEC57B-44D9-4A28-9BF9-23576961ADDE}\setup.exe moved successfully. C:\Windows\Temp\2570bd6c.ftf.ftf moved successfully. C:\Windows\Temp\LatestDealPlySetup5556.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: jennifer ->Temp folder emptied: 2139913320 bytes ->Temporary Internet Files folder emptied: 2528344876 bytes ->Java cache emptied: 13179780 bytes ->Flash cache emptied: 2887657 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1243659 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1324358165 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 934981 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84562028 bytes RecycleBin emptied: 373072 bytes Total Files Cleaned = 5,813.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 02262014_173017 Files moved on Reboot... C:\Users\jennifer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot...

ok doing that now. Also why didnt i deleted all those instances eset found? just curious since the instructions told me not to delete them if threats were found, or did i read something wrong?

Here they are: Fixlog.txt mbam-log-2014-02-25 (18-38-06).txt ESET SCAN.txt

almost done its at 93% and so far it found 143 issues lol

just finishing up the eset scan right now and man its finding a pile of stuff lol

oh that was the log before i deleted them my bad. I did delete them with success. I will now do your further instructions

heres the logs and thanks MBAM-log-2014-02-25 (16-47-27).txt AdwCleanerS1.txt JRT.txt FRST.txt Addition.txt

ok doing that now

Hello ladies and gents. I am helping a friend by cleaning out his computer out and malwarebytes found quite a few issues, the majority being PUP and not serious but it also found some serious trojans. I ran malwarebytes a second time and it came up clean Any help is appreciated. Attached logs below: mbam-log-2014-02-25 (10-20-06).txt. dds.txt attach.txt

The recovery disk is the one that came with the system so i could try to run that first and see if it can sort of the issues out i assume? I suspect I have some permission issues with certain dlls and registry files and hopefully the recovery disc might fix that? I have run many disc checks over the past 2 months and have no errors so the HD looks ok. Or is there a way to reset the registry back to factory settings without using a system restore??