Jump to content

pvs

Honorary Members
 View Profile  See their activity

  • Posts

    36

  • Joined

  • Last visited

 Content Type 

Posts posted by pvs

    Real-Time Protection Always Being Turned Off

    in Resolved Malware Removal Logs

    Posted

    Hi again!  Okay, I've been looking at the links regarding SFC, and I understand what it does.  I have the original Installation CD, but it's an SP2 version.

    If I use SFC, can I still use Windows Update to get back to the most recent SP3 versions?  Since MS killed XP, I have shut off Windows Updates, as well as the Security Center Alert Setting, so I don't even know what will happen if I try (probably get about 3,500 Updates to Windows 10 (HaHa)).  Please let me know if you know the answer.

    Thanks again!

    -pvs

    Real-Time Protection Always Being Turned Off

    in Resolved Malware Removal Logs

    Posted

    Hey Ron,

    Thanks for all this info.  I am not finished with it yet (not close, actually), but I thought I'd reply now, and let you know what I HAVE done, let you know a few things that happened, and to ask a few questions.

    And yes, I, too, have a lifetime license for UEdit!  I used to program for a living, and used to have a DOS editor named QEdit.  That was fantastic!  As I came into Windows, I hated Notepad, though I manually wrote several websites in HTML using it.  But I needed more, mainly quick macros for coding and code-formatting, and my search ultimately ended with UltraEdit 7.20 in November of 2000.  I finally went with the lifetime license in February 2009. Ian has a great product, and a wonderful staff!  In early 2015, I bought a new Surface Pro, and I asked them how much it would cost to add another machine to my Lifetime license with them, fully expecting them to ask for at least $50.00.  They very kindly wrote back and told me that they adjusted my license, giving me 4 installs instead of the default 3, and to just install it on the Surface Pro ..... no charge!
    ===================================================================
    Anyway, so far, I have run the Bitdefender uninstall.  The one for 2016 could not run on my platform. This seems correct, as I now recall that I ran into that issue when I upgraded this past year.  I own three BD installations, 2 on this machine (XP and W7), and 1 on another W7 laptop (which, incidentally, is also protected by MalwareBytes under my current license).  When I upgraded from BD AV 2015, they told me that the new version (2016) would not work on the XP operating system, and they upgraded me to one of their Security Essentials products.  I had severe issues with that substituted product, which was why I ditched it and went to the free version of AVAST, which, so far, has been pretty good (I think).

    Regardless, the program at the second (The New) BD Uninstaller link worked very well, I believe, as is went through at least four iterations for many of the BD Product Line.  I saw the Antivirus Plus product uninstall, as well as the Security Essentials.  It also did a few others, but sorry, I did not keep a log of them.
    ===================================================================
    Regarding MS Security Essentials, I ran the uninstaller in Programs & Features sometime around when MS stopped supporting XP (April 2014?), and as such, it is not in my list of installed Programs & Features.  If there are still remnants lingering, do you recommend that I run this uninstaller?

    http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

    Or would you suggest I do something else?
    ===================================================================
    As for the Group Policy / Work Domain issues, please note that this machine is a central part of my small home network.  Yes, this PC DOES have a Server Motherboard, but it's running XP and W7 as workstations.  It has 5 internal 2TB drives and a 500GB drive that is used for the OS. The data drives are duplicated on a Synology NAS, which also houses a library of Acronis Image backups of the system drive for this machine, as well as backups from 2 other laptops and a Time Machine backup for a Mac.  Though most (not all) of these workstations can see each others' shared files and folders, this machine is not really used as a server.

    I might've made some mistakes in the network settings I've used, that might indicate that this is a Work Domain.  I used what I had learned while on the job prior to my retirement to build this network.  So some of my settings might be modeled after my corporate environment.  

    As for Group Policy errors, well, I was never at a high enough level (at my job) to have had access to Group Policy (I was on a Client Department's, IS Team, and only our IT Department could access GP). So I might've made some errors in setting them up. (Or maybe they're due to malware?)

    So, with regard to this GP and Domain stuff, I would very much appreciate recommendations from you to correct the issues. But please understand, I feel my network setup is currently giving me EVERYTHING I need at the moment, and am hesitant about changing it (the old, "if it ain't broke..." adage).  But again, I am all ears for any suggestions you might have.  Please advise!
    ===================================================================
    With regard to Adobe, Hmmm.  I have every version of Adobe Photoshop going back to Version 6.0, and they're all installed. This was due to the way Adobe upgraded the product line. The upgrade needed to see a prior licensed product installed before it installed the new one. In many instances, Adobe had removed features from the newer upgrade, so the newer product made a completely new install in a new directory.  This way, the customer still had access to the old features.

    I still use the oldest Photoshop occasionally, as it's start-up time is quick, and it gives me quite a few great features.  I also use the latest installed one.  I could probably remove most of the subsequent ones, though, as Adobe has changed the way it releases software now, and I will NEVER make use of their new (rental) model.  Besides, anything newer will never run on this old XP Installation.

    So with regard to the old license ... I'd like to save that for later.  Once we get the rest of this machine cleaned up, I will make a new Image Backup of the System Drive, and then we can experiment with removing that License Manager.  This way, if removal of the manager kills my working PS6.0, I can revert back to a nice clean system.
    ===================================================================
    Moving on, I DL'd and ran the newer MCPR.exe that you linked to.  It ran fine and completed with a required reboot.  That reboot did not go well, though, with only 4 tray icons appearing.  So I tried to shut down and reboot.  That attempted shutdown also failed, repeatedly. I then tried shutting down explorer.exe through Task Manager, but Task Manager would not come up. I then noticed that I could not even click on the Windows Icon (lower left) to try another shutdown.  So I needed to de-power the machine and start over.  Luckily, the next boot went well (seemingly), and here we are.
    ===================================================================
    Yikes!  I do NOT like the sound of what you're saying about my copy of Windows Explorer!  I am going to review those two links you provided, and try to correct this issue as soon as I finish posting this to our thread.
    ===================================================================
    Yes, my Java is the last one I can get for XP.  I don't know that I really need it.  I do not code in Java (at the moment, anyway).  The only thing that I have that MIGHT need it is my Web-based GUI for the NAS, and THAT product continually complains about the version.  Similar to the Adobe License Manager, above, I think I'd rather wait with this until we have other things cleaned up .... unless you think it's part of any infection I might have.  Please advise, here.
    ===================================================================
    So that's about it for now.  I need to await your instructions about the MS Essentials uninstaller before I can go on with the fixlist.txt stuff.  Please let me know what you think about that, as well as the other issues I've detailed above.

    Thanks again, Ron.  I'll be listening up.
    -pvs

     

    Real-Time Protection Always Being Turned Off

    in Resolved Malware Removal Logs

    Posted

    Just a couple of questions for you, Ron:

    1. I am unsure about what the RKill program did in the first step.  If I understand correctly, it killed certain processes that could harbor Malware.  But I am not sure if I was supposed to run it to kill those processes before every scan we did above, or if it should have only been run that one time.  FWIW, I only ran it that one time.  Is that okay?
    2. I see that Bitdefender DOES have tools available to do an uninstall (http://www.bitdefender.com/site/view/uninstall_consumer_paid.html).  I was wondering if you thought I might add that "Step" into what we're doing. I might need to run one for both 2015 and 2016, I guess, unless you can easily identify which of them is the culprit.

    Anyway, have a great night.  I'm gonna turn in.

    -pvs

    Real-Time Protection Always Being Turned Off

    in Resolved Malware Removal Logs

    Posted

    Okay, Ron.  I think I've caught up with you.  Boy, the Sophos Scans take a Looong time on this machine. 

    Anyway, I ran the Sophos again, this time with my AV deactivated.  It wound up, indeed, finding another copy of Mal/Mdrop-CE, this time, in a restore_ volume.  I cleaned it up, as you will see in the log, here:

    ========================================================================

    2016-08-08 19:19:15.875    Sophos Virus Removal Tool version 2.5.5
    2016-08-08 19:19:15.875    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2016-08-08 19:19:15.875    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2016-08-08 19:19:15.875    Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
    2016-08-08 19:19:15.875    Checking for updates...
    2016-08-08 19:19:16.453    Update progress: proxy server not available
    2016-08-08 19:19:38.968    Option all = no
    2016-08-08 19:19:38.968    Option recurse = yes
    2016-08-08 19:19:38.968    Option archive = no
    2016-08-08 19:19:38.968    Option service = yes
    2016-08-08 19:19:38.968    Option confirm = yes
    2016-08-08 19:19:38.968    Option sxl = yes
    2016-08-08 19:19:38.968    Option max-data-age = 35
    2016-08-08 19:19:38.968    Option EnableSafeClean = yes
    2016-08-08 19:19:40.468    Option vdl-logging = yes
    2016-08-08 19:19:40.484    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2016-08-08 19:19:40.484    Machine ID:    f5b7a50d709447afb131bb00bff316f6
    2016-08-08 19:19:40.531    Component SVRTcli.exe version 2.5.5
    2016-08-08 19:19:40.531    Component control.dll version 2.5.5
    2016-08-08 19:19:40.531    Component SVRTservice.exe version 2.5.5
    2016-08-08 19:19:40.531    Component engine\osdp.dll version 1.44.1.2250
    2016-08-08 19:19:40.531    Component engine\veex.dll version 3.65.0.2250
    2016-08-08 19:19:40.531    Component engine\savi.dll version 9.0.1.2250
    2016-08-08 19:19:40.546    Component rkdisk.dll version 1.5.30.0
    2016-08-08 19:19:40.546    Version info:    Product version    2.5.5
    2016-08-08 19:19:40.546    Version info:    Detection engine    3.65.0
    2016-08-08 19:19:40.546    Version info:    Detection data    5.26
    2016-08-08 19:19:40.546    Version info:    Build date    4/5/2016
    2016-08-08 19:19:40.546    Version info:    Data files added    756
    2016-08-08 19:19:40.546    Version info:    Last successful update    (not yet updated)
    2016-08-08 19:20:09.796    Downloading updates...
    2016-08-08 19:20:09.812    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE527 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE528 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE529 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE530 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE531 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE532 LATEST
    2016-08-08 19:20:09.812    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2016-08-08 19:20:09.812    Update progress: [I19463] Syncing product SAVIW32 70
    2016-08-08 19:20:21.984    Update progress: [I19463] Syncing product IDE527 142
    2016-08-08 19:20:32.875    Installing updates...
    2016-08-08 19:20:36.281    Error level 1
    2016-08-08 19:20:36.328    Update progress: [I19463] Syncing product IDE528 127
    2016-08-08 19:20:36.328    Update progress: [I19463] Syncing product IDE529 135
    2016-08-08 19:20:36.328    Update progress: [I19463] Syncing product IDE530 214
    2016-08-08 19:20:36.328    Update progress: [I19463] Syncing product IDE531 145
    2016-08-08 19:20:36.328    Update progress: [I19463] Syncing product IDE532 1
    2016-08-08 19:21:04.156    Update successful
    2016-08-08 19:21:30.562    Option all = no
    2016-08-08 19:21:30.562    Option recurse = yes
    2016-08-08 19:21:30.562    Option archive = no
    2016-08-08 19:21:30.562    Option service = yes
    2016-08-08 19:21:30.562    Option confirm = yes
    2016-08-08 19:21:30.562    Option sxl = yes
    2016-08-08 19:21:30.562    Option max-data-age = 35
    2016-08-08 19:21:30.562    Option EnableSafeClean = yes
    2016-08-08 19:21:30.671    Option vdl-logging = yes
    2016-08-08 19:21:30.671    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2016-08-08 19:21:30.671    Machine ID:    f5b7a50d709447afb131bb00bff316f6
    2016-08-08 19:21:30.687    Component SVRTcli.exe version 2.5.5
    2016-08-08 19:21:30.687    Component control.dll version 2.5.5
    2016-08-08 19:21:30.687    Component SVRTservice.exe version 2.5.5
    2016-08-08 19:21:30.687    Component engine\osdp.dll version 1.44.1.2250
    2016-08-08 19:21:30.687    Component engine\veex.dll version 3.65.0.2250
    2016-08-08 19:21:30.687    Component engine\savi.dll version 9.0.1.2250
    2016-08-08 19:21:30.703    Component rkdisk.dll version 1.5.30.0
    2016-08-08 19:21:30.703    Version info:    Product version    2.5.5
    2016-08-08 19:21:30.703    Version info:    Detection engine    3.65.0
    2016-08-08 19:21:30.703    Version info:    Detection data    5.26
    2016-08-08 19:21:30.703    Version info:    Build date    4/5/2016
    2016-08-08 19:21:30.703    Version info:    Data files added    756
    2016-08-08 19:21:30.703    Version info:    Last successful update    8/8/2016 3:21:04 PM

    2016-08-08 22:06:56.096    SafeClean bin directory is empty.
    2016-08-08 22:06:56.143    Error level 0

    2016-08-08 22:07:01.690    Scan cancelled by user.
    2016-08-08 22:07:01.690    

    ------------------------------------------------------------

    2016-08-08 22:07:11.893    Sophos Virus Removal Tool version 2.5.5
    2016-08-08 22:07:11.893    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2016-08-08 22:07:11.893    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2016-08-08 22:07:11.893    Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
    2016-08-08 22:07:11.893    Checking for updates...
    2016-08-08 22:07:13.112    Update progress: proxy server not available
    2016-08-08 22:08:34.786    Downloading updates...
    2016-08-08 22:08:34.786    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE527 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE528 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE529 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE530 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE531 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE532 LATEST
    2016-08-08 22:08:34.786    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2016-08-08 22:08:34.786    Update progress: [I19463] Syncing product SAVIW32 70
    2016-08-08 22:08:34.786    Update progress: [I19463] Syncing product IDE527 142
    2016-08-08 22:08:35.661    Option all = no
    2016-08-08 22:08:35.661    Option recurse = yes
    2016-08-08 22:08:35.661    Option archive = no
    2016-08-08 22:08:35.661    Option service = yes
    2016-08-08 22:08:35.661    Option confirm = yes
    2016-08-08 22:08:35.661    Option sxl = yes
    2016-08-08 22:08:35.661    Option max-data-age = 35
    2016-08-08 22:08:35.661    Option EnableSafeClean = yes
    2016-08-08 22:08:35.786    Option vdl-logging = yes
    2016-08-08 22:08:35.818    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2016-08-08 22:08:35.818    Machine ID:    f5b7a50d709447afb131bb00bff316f6
    2016-08-08 22:08:35.943    Component SVRTcli.exe version 2.5.5
    2016-08-08 22:08:35.943    Component control.dll version 2.5.5
    2016-08-08 22:08:35.943    Component SVRTservice.exe version 2.5.5
    2016-08-08 22:08:35.943    Component engine\osdp.dll version 1.44.1.2250
    2016-08-08 22:08:35.943    Component engine\veex.dll version 3.65.0.2250
    2016-08-08 22:08:35.943    Component engine\savi.dll version 9.0.1.2250
    2016-08-08 22:08:36.255    Component rkdisk.dll version 1.5.30.0
    2016-08-08 22:08:36.255    Version info:    Product version    2.5.5
    2016-08-08 22:08:36.255    Version info:    Detection engine    3.65.0
    2016-08-08 22:08:36.255    Version info:    Detection data    5.26
    2016-08-08 22:08:36.255    Version info:    Build date    4/5/2016
    2016-08-08 22:08:36.255    Version info:    Data files added    756
    2016-08-08 22:08:36.255    Version info:    Last successful update    8/8/2016 3:21:04 PM
    2016-08-08 22:08:46.021    Update progress: [I19463] Syncing product IDE528 127
    2016-08-08 22:08:46.021    Update progress: [I19463] Syncing product IDE529 135
    2016-08-08 22:08:46.052    Update progress: [I19463] Syncing product IDE530 214
    2016-08-08 22:08:46.052    Update progress: [I19463] Syncing product IDE531 146
    2016-08-08 22:08:46.787    Installing updates...
    2016-08-08 22:08:48.584    Error level 1
    2016-08-08 22:08:50.068    Update progress: [I19463] Syncing product IDE532 1
    2016-08-08 22:08:50.412    Update successful
    2016-08-08 22:09:09.584    Option all = no
    2016-08-08 22:09:09.584    Option recurse = yes
    2016-08-08 22:09:09.584    Option archive = no
    2016-08-08 22:09:09.584    Option service = yes
    2016-08-08 22:09:09.584    Option confirm = yes
    2016-08-08 22:09:09.584    Option sxl = yes
    2016-08-08 22:09:09.584    Option max-data-age = 35
    2016-08-08 22:09:09.584    Option EnableSafeClean = yes
    2016-08-08 22:09:09.647    Option vdl-logging = yes
    2016-08-08 22:09:09.662    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2016-08-08 22:09:09.662    Machine ID:    f5b7a50d709447afb131bb00bff316f6
    2016-08-08 22:09:09.662    Component SVRTcli.exe version 2.5.5
    2016-08-08 22:09:09.662    Component control.dll version 2.5.5
    2016-08-08 22:09:09.662    Component SVRTservice.exe version 2.5.5
    2016-08-08 22:09:09.662    Component engine\osdp.dll version 1.44.1.2250
    2016-08-08 22:09:09.662    Component engine\veex.dll version 3.65.0.2250
    2016-08-08 22:09:09.662    Component engine\savi.dll version 9.0.1.2250
    2016-08-08 22:09:09.678    Component rkdisk.dll version 1.5.30.0
    2016-08-08 22:09:09.678    Version info:    Product version    2.5.5
    2016-08-08 22:09:09.678    Version info:    Detection engine    3.65.0
    2016-08-08 22:09:09.678    Version info:    Detection data    5.26
    2016-08-08 22:09:09.678    Version info:    Build date    4/5/2016
    2016-08-08 22:09:09.678    Version info:    Data files added    757
    2016-08-08 22:09:09.678    Version info:    Last successful update    8/8/2016 6:08:50 PM

    2016-08-09 04:36:13.899    Could not open C:\Boot\BCD
    2016-08-09 05:00:04.641    Could not open C:\hiberfil.sys
    2016-08-09 10:17:13.259    >>> Virus 'Mal/BredoZp-B' found in file E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\buildos+package_tools-4.2b3.zip
    2016-08-09 10:17:13.275    >>> Virus 'Mal/BredoZp-B' found in file HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
    2016-08-09 10:17:13.275    >>> Virus 'Mal/BredoZp-B' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
    2016-08-09 10:17:13.275    >>> Virus 'Mal/BredoZp-B' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209
    2016-08-09 10:17:44.650    >>> Virus 'Mal/Mdrop-CE' found in file E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\RaphaelUnlocker.exe
    2016-08-09 10:17:44.650    >>> Virus 'Mal/Mdrop-CE' found in file HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
    2016-08-09 10:17:44.650    >>> Virus 'Mal/Mdrop-CE' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
    2016-08-09 10:17:44.650    >>> Virus 'Mal/Mdrop-CE' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209
    2016-08-09 10:43:53.574    Could not open LOGICAL:000E:00000000
    2016-08-09 10:43:53.574    Could not open O:\
    2016-08-09 10:44:59.600    Could not open LOGICAL:0012:00000000
    2016-08-09 10:44:59.600    Could not open S:\
    2016-08-09 10:44:59.600    Could not open LOGICAL:0015:00000000
    2016-08-09 10:44:59.616    Could not open V:\
    2016-08-09 14:05:17.164    Could not open PHYSICAL:0086:0000:0000:0001
    2016-08-09 14:05:17.211    Could not open PHYSICAL:0087:0000:0000:0001
    2016-08-09 14:05:17.211    Could not open PHYSICAL:0088:0000:0000:0001
    2016-08-09 14:05:17.336    The following items will be cleaned up:
    2016-08-09 14:05:17.336    Mal/BredoZp-B
    2016-08-09 14:05:17.336    Mal/Mdrop-CE
    2016-08-09 15:10:33.293    Threat 'Mal/BredoZp-B' has been cleaned up.
    2016-08-09 15:10:33.293    File "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\buildos+package_tools-4.2b3.zip" belongs to malware 'Mal/BredoZp-B'.
    2016-08-09 15:10:33.293    File "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\buildos+package_tools-4.2b3.zip" has been cleaned up.
    2016-08-09 15:10:33.293    Registry value "HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify" belongs to malware 'Mal/BredoZp-B'.
    2016-08-09 15:10:33.293    Registry value "HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify" has been cleaned up.
    2016-08-09 15:10:33.293    Registry value "HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet" belongs to malware 'Mal/BredoZp-B'.
    2016-08-09 15:10:33.293    Registry value "HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet" has been cleaned up.
    2016-08-09 15:10:33.293    Registry value "HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209" belongs to malware 'Mal/BredoZp-B'.
    2016-08-09 15:10:33.293    Registry value "HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209" has been cleaned up.
    2016-08-09 15:10:33.293    Removal successful
    2016-08-09 15:10:42.441    Threat 'Mal/Mdrop-CE' has been cleaned up.
    2016-08-09 15:10:42.441    File "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\RaphaelUnlocker.exe" belongs to malware 'Mal/Mdrop-CE'.
    2016-08-09 15:10:42.441    File "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\RaphaelUnlocker.exe" has been cleaned up.
    2016-08-09 15:10:42.441    Removal successful
    2016-08-09 15:10:42.472    Contents of SafeClean bin directory:
    2016-08-09 15:10:42.660    {
    2016-08-09 15:10:42.660        RecordID   : "0000000000000001",
    2016-08-09 15:10:42.660        ItemType   : "1",
    2016-08-09 15:10:42.660        Location   : "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\",
    2016-08-09 15:10:42.660        FileName   : "buildos+package_tools-4.2b3.zip",
    2016-08-09 15:10:42.660        ThreatName : "Mal/BredoZp-B",
    2016-08-09 15:10:42.660        Checksum   : "fffe68ae79d0986d358789b256def43af80cadacbb654637903383a4b1bf1867",
    2016-08-09 15:10:42.660        TimeStamp  : "Tue Aug 09 11:10:19 2016"
    2016-08-09 15:10:42.660    }
    2016-08-09 15:10:42.660    {
    2016-08-09 15:10:42.660        RecordID   : "0000000000000002",
    2016-08-09 15:10:42.660        ItemType   : "1",
    2016-08-09 15:10:42.660        Location   : "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\",
    2016-08-09 15:10:42.660        FileName   : "RaphaelUnlocker.exe",
    2016-08-09 15:10:42.660        ThreatName : "Mal/Mdrop-CE",
    2016-08-09 15:10:42.660        Checksum   : "c80ee04e23d7b853899f72bca4fba0d655d76d87e37133a19245a25b5616b5ab",
    2016-08-09 15:10:42.660        TimeStamp  : "Tue Aug 09 11:10:33 2016"
    2016-08-09 15:10:42.660    }
    2016-08-09 15:10:46.184    Error level 0

    2016-08-09 15:11:49.781    Scan completed.
    2016-08-09 15:11:49.781    

    ------------------------------------------------------------

    2016-08-09 15:20:54.953    Sophos Virus Removal Tool version 2.5.5
    2016-08-09 15:20:54.953    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2016-08-09 15:20:54.953    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2016-08-09 15:20:54.953    Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
    2016-08-09 15:20:54.953    Checking for updates...
    2016-08-09 15:20:55.093    Update progress: proxy server not available
    2016-08-09 15:21:21.375    Downloading updates...
    2016-08-09 15:21:21.375    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2016-08-09 15:21:21.375    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2016-08-09 15:21:21.375    Update progress: [I49502] Found supplement IDE527 LATEST
    2016-08-09 15:21:21.375    Update progress: [I49502] Found supplement IDE528 LATEST
    2016-08-09 15:21:21.375    Update progress: [I49502] Found supplement IDE529 LATEST
    2016-08-09 15:21:21.375    Update progress: [I49502] Found supplement IDE530 LATEST
    2016-08-09 15:21:21.375    Update progress: [I49502] Found supplement IDE531 LATEST
    2016-08-09 15:21:21.375    Update progress: [I49502] Found supplement IDE532 LATEST
    2016-08-09 15:21:21.375    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2016-08-09 15:21:21.375    Update progress: [I19463] Syncing product SAVIW32 70
    2016-08-09 15:21:21.375    Update progress: [I19463] Syncing product IDE527 142
    2016-08-09 15:21:22.265    Update progress: [I19463] Syncing product IDE528 127
    2016-08-09 15:21:22.265    Update progress: [I19463] Syncing product IDE529 135
    2016-08-09 15:21:22.265    Update progress: [I19463] Syncing product IDE530 214
    2016-08-09 15:21:22.265    Update progress: [I19463] Syncing product IDE531 149
    2016-08-09 15:21:22.812    Installing updates...
    2016-08-09 15:21:54.109    Update progress: [I19463] Syncing product IDE532 1
    2016-08-09 15:21:54.453    Update successful
    2016-08-09 15:21:57.453    Option all = no
    2016-08-09 15:21:57.453    Option recurse = yes
    2016-08-09 15:21:57.453    Option archive = no
    2016-08-09 15:21:57.453    Option service = yes
    2016-08-09 15:21:57.453    Option confirm = yes
    2016-08-09 15:21:57.453    Option sxl = yes
    2016-08-09 15:21:57.453    Option max-data-age = 35
    2016-08-09 15:21:57.453    Option EnableSafeClean = yes
    2016-08-09 15:21:57.656    Option vdl-logging = yes
    2016-08-09 15:21:57.718    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2016-08-09 15:21:57.718    Machine ID:    f5b7a50d709447afb131bb00bff316f6
    2016-08-09 15:21:57.750    Component SVRTcli.exe version 2.5.5
    2016-08-09 15:21:57.750    Component control.dll version 2.5.5
    2016-08-09 15:21:57.750    Component SVRTservice.exe version 2.5.5
    2016-08-09 15:21:57.750    Component engine\osdp.dll version 1.44.1.2250
    2016-08-09 15:21:57.750    Component engine\veex.dll version 3.65.0.2250
    2016-08-09 15:21:57.750    Component engine\savi.dll version 9.0.1.2250
    2016-08-09 15:21:57.781    Component rkdisk.dll version 1.5.30.0
    2016-08-09 15:21:57.781    Version info:    Product version    2.5.5
    2016-08-09 15:21:57.781    Version info:    Detection engine    3.65.0
    2016-08-09 15:21:57.781    Version info:    Detection data    5.26
    2016-08-09 15:21:57.781    Version info:    Build date    4/5/2016
    2016-08-09 15:21:57.781    Version info:    Data files added    757
    2016-08-09 15:21:57.781    Version info:    Last successful update    8/9/2016 11:21:54 AM
    2016-08-09 15:21:58.453    Error: an instance of this application is already running.
    2016-08-09 15:21:59.453    Error level 1

    2016-08-09 15:23:50.062    Scan failed due to fatal error.
    2016-08-09 15:23:50.062    

    ------------------------------------------------------------

    2016-08-09 15:24:06.656    Sophos Virus Removal Tool version 2.5.5
    2016-08-09 15:24:06.656    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2016-08-09 15:24:06.656    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2016-08-09 15:24:06.656    Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
    2016-08-09 15:24:06.656    Checking for updates...
    2016-08-09 15:24:06.796    Update progress: proxy server not available
    2016-08-09 15:24:11.984    Update not required
    2016-08-09 15:24:26.500    Option all = no
    2016-08-09 15:24:26.500    Option recurse = yes
    2016-08-09 15:24:26.500    Option archive = no
    2016-08-09 15:24:26.500    Option service = yes
    2016-08-09 15:24:26.500    Option confirm = yes
    2016-08-09 15:24:26.500    Option sxl = yes
    2016-08-09 15:24:26.500    Option max-data-age = 35
    2016-08-09 15:24:26.500    Option EnableSafeClean = yes
    2016-08-09 15:24:26.546    Option vdl-logging = yes
    2016-08-09 15:24:26.562    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2016-08-09 15:24:26.562    Machine ID:    f5b7a50d709447afb131bb00bff316f6
    2016-08-09 15:24:26.562    Component SVRTcli.exe version 2.5.5
    2016-08-09 15:24:26.562    Component control.dll version 2.5.5
    2016-08-09 15:24:26.562    Component SVRTservice.exe version 2.5.5
    2016-08-09 15:24:26.562    Component engine\osdp.dll version 1.44.1.2250
    2016-08-09 15:24:26.562    Component engine\veex.dll version 3.65.0.2250
    2016-08-09 15:24:26.562    Component engine\savi.dll version 9.0.1.2250
    2016-08-09 15:24:26.562    Component rkdisk.dll version 1.5.30.0
    2016-08-09 15:24:26.562    Version info:    Product version    2.5.5
    2016-08-09 15:24:26.578    Version info:    Detection engine    3.65.0
    2016-08-09 15:24:26.578    Version info:    Detection data    5.26
    2016-08-09 15:24:26.578    Version info:    Build date    4/5/2016
    2016-08-09 15:24:26.578    Version info:    Data files added    760
    2016-08-09 15:24:26.578    Version info:    Last successful update    8/9/2016 11:21:54 AM

    2016-08-09 16:56:45.634    Could not open C:\Boot\BCD
    2016-08-09 17:18:11.415    Could not open C:\hiberfil.sys
    2016-08-09 21:44:21.794    >>> Virus 'Mal/Mdrop-CE' found in file E:\System Volume Information\_restore{F12267EB-4139-410B-A5CA-39ACA65FED85}\RP2012\A0678310.exe
    2016-08-09 22:27:37.919    Could not open LOGICAL:000E:00000000
    2016-08-09 22:27:37.919    Could not open O:\
    2016-08-09 22:28:19.888    Could not open LOGICAL:0012:00000000
    2016-08-09 22:28:19.904    Could not open S:\
    2016-08-09 22:28:19.904    Could not open LOGICAL:0015:00000000
    2016-08-09 22:28:19.904    Could not open V:\
    2016-08-10 01:14:45.531    Could not open PHYSICAL:0086:0000:0000:0001
    2016-08-10 01:14:45.578    Could not open PHYSICAL:0087:0000:0000:0001
    2016-08-10 01:14:45.578    Could not open PHYSICAL:0088:0000:0000:0001
    2016-08-10 01:14:45.625    The following items will be cleaned up:
    2016-08-10 01:14:45.625    Mal/Mdrop-CE
    2016-08-10 02:55:19.714    Threat 'Mal/Mdrop-CE' has been cleaned up.
    2016-08-10 02:55:19.714    File "E:\System Volume Information\_restore{F12267EB-4139-410B-A5CA-39ACA65FED85}\RP2012\A0678310.exe" belongs to malware 'Mal/Mdrop-CE'.
    2016-08-10 02:55:19.714    File "E:\System Volume Information\_restore{F12267EB-4139-410B-A5CA-39ACA65FED85}\RP2012\A0678310.exe" has been cleaned up.
    2016-08-10 02:55:19.714    Removal successful
    2016-08-10 02:55:19.745    Contents of SafeClean bin directory:
    2016-08-10 02:55:19.776    {
    2016-08-10 02:55:19.776        RecordID   : "0000000000000001",
    2016-08-10 02:55:19.776        ItemType   : "1",
    2016-08-10 02:55:19.776        Location   : "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\",
    2016-08-10 02:55:19.776        FileName   : "buildos+package_tools-4.2b3.zip",
    2016-08-10 02:55:19.776        ThreatName : "Mal/BredoZp-B",
    2016-08-10 02:55:19.776        Checksum   : "fffe68ae79d0986d358789b256def43af80cadacbb654637903383a4b1bf1867",
    2016-08-10 02:55:19.776        TimeStamp  : "Tue Aug 09 11:10:19 2016"
    2016-08-10 02:55:19.776    }
    2016-08-10 02:55:19.776    {
    2016-08-10 02:55:19.776        RecordID   : "0000000000000002",
    2016-08-10 02:55:19.776        ItemType   : "1",
    2016-08-10 02:55:19.776        Location   : "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\",
    2016-08-10 02:55:19.776        FileName   : "RaphaelUnlocker.exe",
    2016-08-10 02:55:19.776        ThreatName : "Mal/Mdrop-CE",
    2016-08-10 02:55:19.776        Checksum   : "c80ee04e23d7b853899f72bca4fba0d655d76d87e37133a19245a25b5616b5ab",
    2016-08-10 02:55:19.776        TimeStamp  : "Tue Aug 09 11:10:33 2016"
    2016-08-10 02:55:19.776    }
    2016-08-10 02:55:19.776    {
    2016-08-10 02:55:19.776        RecordID   : "0000000000000003",
    2016-08-10 02:55:19.776        ItemType   : "1",
    2016-08-10 02:55:19.776        Location   : "E:\System Volume Information\_restore{F12267EB-4139-410B-A5CA-39ACA65FED85}\RP2012\",
    2016-08-10 02:55:19.776        FileName   : "A0678310.exe",
    2016-08-10 02:55:19.776        ThreatName : "Mal/Mdrop-CE",
    2016-08-10 02:55:19.776        Checksum   : "c80ee04e23d7b853899f72bca4fba0d655d76d87e37133a19245a25b5616b5ab",
    2016-08-10 02:55:19.776        TimeStamp  : "Tue Aug 09 22:55:10 2016"
    2016-08-10 02:55:19.776    }
    2016-08-10 02:55:21.151    Error level 0

    ========================================================================

    After the Sophos scan, I followed your instructions to run mbam-clean-2.3.0.1001.exe (which was a bit newer than the one I ran in June (mbam-clean-2.2.2.7.exe), and I downloaded and reinstalled the newest version (which appears to be the same as what I had).  I've reactivated it, and ran a new Threat Scan, which appears to have replaced the Version number, at least for now.  The log from that Threat Scan is here:

    ========================================================================

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 8/9/2016
    Scan Time: 11:36:16 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.08.10.01
    Rootkit Database: v2016.08.09.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: pvs

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 440552
    Time Elapsed: 46 min, 19 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    ========================================================================

    Once that scan was complete, and still with my AV disabled, I re-ran the FarBar Recovery Tool, per your Step 07, above.  I have attached both the resulting logfiles (FRST_06-08-2016_23-30-04.txt and Addition_06-08-2016_23-30-04.txt) to this post.

    Please let me know your thoughts at your earliest convenience.

    Once again, thank you for all your attention to this issue.

    -pvs

    FRST_06-08-2016_23-30-04.txt

    Addition_06-08-2016_23-30-04.txt

    Real-Time Protection Always Being Turned Off

    in Resolved Malware Removal Logs

    Posted

    Hi Ron.  Hmm, okay, I guess I'll run it again after disabling AVAST, but I wanted to report back here and give you the log file that was created, especially since it found two little buggers: Mal/BredoZp-B and Mal/Mdrop-CE.

    These bugs were both in a set of "kitchens" I used to use to build my own ROMS for an old cellphone.  I knew about them at the time, and it was reported that they were false positives.  But I am going to allow them to be clenaed, as I no longer use these kitchens, nor have I toyed with building ROMs in about a decade.  If I in fact NEED these files back, I have copies on other HDDs that have since been retired (and are in a desk drawer nearby).

    Here is the log:

    2016-08-08 19:19:15.875    Sophos Virus Removal Tool version 2.5.5
    2016-08-08 19:19:15.875    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2016-08-08 19:19:15.875    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2016-08-08 19:19:15.875    Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
    2016-08-08 19:19:15.875    Checking for updates...
    2016-08-08 19:19:16.453    Update progress: proxy server not available
    2016-08-08 19:19:38.968    Option all = no
    2016-08-08 19:19:38.968    Option recurse = yes
    2016-08-08 19:19:38.968    Option archive = no
    2016-08-08 19:19:38.968    Option service = yes
    2016-08-08 19:19:38.968    Option confirm = yes
    2016-08-08 19:19:38.968    Option sxl = yes
    2016-08-08 19:19:38.968    Option max-data-age = 35
    2016-08-08 19:19:38.968    Option EnableSafeClean = yes
    2016-08-08 19:19:40.468    Option vdl-logging = yes
    2016-08-08 19:19:40.484    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2016-08-08 19:19:40.484    Machine ID:    f5b7a50d709447afb131bb00bff316f6
    2016-08-08 19:19:40.531    Component SVRTcli.exe version 2.5.5
    2016-08-08 19:19:40.531    Component control.dll version 2.5.5
    2016-08-08 19:19:40.531    Component SVRTservice.exe version 2.5.5
    2016-08-08 19:19:40.531    Component engine\osdp.dll version 1.44.1.2250
    2016-08-08 19:19:40.531    Component engine\veex.dll version 3.65.0.2250
    2016-08-08 19:19:40.531    Component engine\savi.dll version 9.0.1.2250
    2016-08-08 19:19:40.546    Component rkdisk.dll version 1.5.30.0
    2016-08-08 19:19:40.546    Version info:    Product version    2.5.5
    2016-08-08 19:19:40.546    Version info:    Detection engine    3.65.0
    2016-08-08 19:19:40.546    Version info:    Detection data    5.26
    2016-08-08 19:19:40.546    Version info:    Build date    4/5/2016
    2016-08-08 19:19:40.546    Version info:    Data files added    756
    2016-08-08 19:19:40.546    Version info:    Last successful update    (not yet updated)
    2016-08-08 19:20:09.796    Downloading updates...
    2016-08-08 19:20:09.812    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE527 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE528 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE529 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE530 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE531 LATEST
    2016-08-08 19:20:09.812    Update progress: [I49502] Found supplement IDE532 LATEST
    2016-08-08 19:20:09.812    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2016-08-08 19:20:09.812    Update progress: [I19463] Syncing product SAVIW32 70
    2016-08-08 19:20:21.984    Update progress: [I19463] Syncing product IDE527 142
    2016-08-08 19:20:32.875    Installing updates...
    2016-08-08 19:20:36.281    Error level 1
    2016-08-08 19:20:36.328    Update progress: [I19463] Syncing product IDE528 127
    2016-08-08 19:20:36.328    Update progress: [I19463] Syncing product IDE529 135
    2016-08-08 19:20:36.328    Update progress: [I19463] Syncing product IDE530 214
    2016-08-08 19:20:36.328    Update progress: [I19463] Syncing product IDE531 145
    2016-08-08 19:20:36.328    Update progress: [I19463] Syncing product IDE532 1
    2016-08-08 19:21:04.156    Update successful
    2016-08-08 19:21:30.562    Option all = no
    2016-08-08 19:21:30.562    Option recurse = yes
    2016-08-08 19:21:30.562    Option archive = no
    2016-08-08 19:21:30.562    Option service = yes
    2016-08-08 19:21:30.562    Option confirm = yes
    2016-08-08 19:21:30.562    Option sxl = yes
    2016-08-08 19:21:30.562    Option max-data-age = 35
    2016-08-08 19:21:30.562    Option EnableSafeClean = yes
    2016-08-08 19:21:30.671    Option vdl-logging = yes
    2016-08-08 19:21:30.671    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2016-08-08 19:21:30.671    Machine ID:    f5b7a50d709447afb131bb00bff316f6
    2016-08-08 19:21:30.687    Component SVRTcli.exe version 2.5.5
    2016-08-08 19:21:30.687    Component control.dll version 2.5.5
    2016-08-08 19:21:30.687    Component SVRTservice.exe version 2.5.5
    2016-08-08 19:21:30.687    Component engine\osdp.dll version 1.44.1.2250
    2016-08-08 19:21:30.687    Component engine\veex.dll version 3.65.0.2250
    2016-08-08 19:21:30.687    Component engine\savi.dll version 9.0.1.2250
    2016-08-08 19:21:30.703    Component rkdisk.dll version 1.5.30.0
    2016-08-08 19:21:30.703    Version info:    Product version    2.5.5
    2016-08-08 19:21:30.703    Version info:    Detection engine    3.65.0
    2016-08-08 19:21:30.703    Version info:    Detection data    5.26
    2016-08-08 19:21:30.703    Version info:    Build date    4/5/2016
    2016-08-08 19:21:30.703    Version info:    Data files added    756
    2016-08-08 19:21:30.703    Version info:    Last successful update    8/8/2016 3:21:04 PM

    2016-08-08 22:06:56.096    SafeClean bin directory is empty.
    2016-08-08 22:06:56.143    Error level 0

    2016-08-08 22:07:01.690    Scan cancelled by user.
    2016-08-08 22:07:01.690    

    ------------------------------------------------------------

    2016-08-08 22:07:11.893    Sophos Virus Removal Tool version 2.5.5
    2016-08-08 22:07:11.893    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2016-08-08 22:07:11.893    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2016-08-08 22:07:11.893    Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
    2016-08-08 22:07:11.893    Checking for updates...
    2016-08-08 22:07:13.112    Update progress: proxy server not available
    2016-08-08 22:08:34.786    Downloading updates...
    2016-08-08 22:08:34.786    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement SAVIW32 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE527 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE528 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE529 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE530 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE531 LATEST
    2016-08-08 22:08:34.786    Update progress: [I49502] Found supplement IDE532 LATEST
    2016-08-08 22:08:34.786    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2016-08-08 22:08:34.786    Update progress: [I19463] Syncing product SAVIW32 70
    2016-08-08 22:08:34.786    Update progress: [I19463] Syncing product IDE527 142
    2016-08-08 22:08:35.661    Option all = no
    2016-08-08 22:08:35.661    Option recurse = yes
    2016-08-08 22:08:35.661    Option archive = no
    2016-08-08 22:08:35.661    Option service = yes
    2016-08-08 22:08:35.661    Option confirm = yes
    2016-08-08 22:08:35.661    Option sxl = yes
    2016-08-08 22:08:35.661    Option max-data-age = 35
    2016-08-08 22:08:35.661    Option EnableSafeClean = yes
    2016-08-08 22:08:35.786    Option vdl-logging = yes
    2016-08-08 22:08:35.818    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2016-08-08 22:08:35.818    Machine ID:    f5b7a50d709447afb131bb00bff316f6
    2016-08-08 22:08:35.943    Component SVRTcli.exe version 2.5.5
    2016-08-08 22:08:35.943    Component control.dll version 2.5.5
    2016-08-08 22:08:35.943    Component SVRTservice.exe version 2.5.5
    2016-08-08 22:08:35.943    Component engine\osdp.dll version 1.44.1.2250
    2016-08-08 22:08:35.943    Component engine\veex.dll version 3.65.0.2250
    2016-08-08 22:08:35.943    Component engine\savi.dll version 9.0.1.2250
    2016-08-08 22:08:36.255    Component rkdisk.dll version 1.5.30.0
    2016-08-08 22:08:36.255    Version info:    Product version    2.5.5
    2016-08-08 22:08:36.255    Version info:    Detection engine    3.65.0
    2016-08-08 22:08:36.255    Version info:    Detection data    5.26
    2016-08-08 22:08:36.255    Version info:    Build date    4/5/2016
    2016-08-08 22:08:36.255    Version info:    Data files added    756
    2016-08-08 22:08:36.255    Version info:    Last successful update    8/8/2016 3:21:04 PM
    2016-08-08 22:08:46.021    Update progress: [I19463] Syncing product IDE528 127
    2016-08-08 22:08:46.021    Update progress: [I19463] Syncing product IDE529 135
    2016-08-08 22:08:46.052    Update progress: [I19463] Syncing product IDE530 214
    2016-08-08 22:08:46.052    Update progress: [I19463] Syncing product IDE531 146
    2016-08-08 22:08:46.787    Installing updates...
    2016-08-08 22:08:48.584    Error level 1
    2016-08-08 22:08:50.068    Update progress: [I19463] Syncing product IDE532 1
    2016-08-08 22:08:50.412    Update successful
    2016-08-08 22:09:09.584    Option all = no
    2016-08-08 22:09:09.584    Option recurse = yes
    2016-08-08 22:09:09.584    Option archive = no
    2016-08-08 22:09:09.584    Option service = yes
    2016-08-08 22:09:09.584    Option confirm = yes
    2016-08-08 22:09:09.584    Option sxl = yes
    2016-08-08 22:09:09.584    Option max-data-age = 35
    2016-08-08 22:09:09.584    Option EnableSafeClean = yes
    2016-08-08 22:09:09.647    Option vdl-logging = yes
    2016-08-08 22:09:09.662    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
    2016-08-08 22:09:09.662    Machine ID:    f5b7a50d709447afb131bb00bff316f6
    2016-08-08 22:09:09.662    Component SVRTcli.exe version 2.5.5
    2016-08-08 22:09:09.662    Component control.dll version 2.5.5
    2016-08-08 22:09:09.662    Component SVRTservice.exe version 2.5.5
    2016-08-08 22:09:09.662    Component engine\osdp.dll version 1.44.1.2250
    2016-08-08 22:09:09.662    Component engine\veex.dll version 3.65.0.2250
    2016-08-08 22:09:09.662    Component engine\savi.dll version 9.0.1.2250
    2016-08-08 22:09:09.678    Component rkdisk.dll version 1.5.30.0
    2016-08-08 22:09:09.678    Version info:    Product version    2.5.5
    2016-08-08 22:09:09.678    Version info:    Detection engine    3.65.0
    2016-08-08 22:09:09.678    Version info:    Detection data    5.26
    2016-08-08 22:09:09.678    Version info:    Build date    4/5/2016
    2016-08-08 22:09:09.678    Version info:    Data files added    757
    2016-08-08 22:09:09.678    Version info:    Last successful update    8/8/2016 6:08:50 PM

    2016-08-09 04:36:13.899    Could not open C:\Boot\BCD
    2016-08-09 05:00:04.641    Could not open C:\hiberfil.sys
    2016-08-09 10:17:13.259    >>> Virus 'Mal/BredoZp-B' found in file E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\buildos+package_tools-4.2b3.zip
    2016-08-09 10:17:13.275    >>> Virus 'Mal/BredoZp-B' found in file HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
    2016-08-09 10:17:13.275    >>> Virus 'Mal/BredoZp-B' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
    2016-08-09 10:17:13.275    >>> Virus 'Mal/BredoZp-B' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209
    2016-08-09 10:17:44.650    >>> Virus 'Mal/Mdrop-CE' found in file E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\RaphaelUnlocker.exe
    2016-08-09 10:17:44.650    >>> Virus 'Mal/Mdrop-CE' found in file HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
    2016-08-09 10:17:44.650    >>> Virus 'Mal/Mdrop-CE' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
    2016-08-09 10:17:44.650    >>> Virus 'Mal/Mdrop-CE' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209
    2016-08-09 10:43:53.574    Could not open LOGICAL:000E:00000000
    2016-08-09 10:43:53.574    Could not open O:\
    2016-08-09 10:44:59.600    Could not open LOGICAL:0012:00000000
    2016-08-09 10:44:59.600    Could not open S:\
    2016-08-09 10:44:59.600    Could not open LOGICAL:0015:00000000
    2016-08-09 10:44:59.616    Could not open V:\
    2016-08-09 14:05:17.164    Could not open PHYSICAL:0086:0000:0000:0001
    2016-08-09 14:05:17.211    Could not open PHYSICAL:0087:0000:0000:0001
    2016-08-09 14:05:17.211    Could not open PHYSICAL:0088:0000:0000:0001
    2016-08-09 14:05:17.336    The following items will be cleaned up:
    2016-08-09 14:05:17.336    Mal/BredoZp-B
    2016-08-09 14:05:17.336    Mal/Mdrop-CE

     

    I see that another Malwarebytes Threat Scan also occurred overnight, and identified the same 69 threats it had found yesterday (I had not Cleaned them).  Here it the log from THAT Scan:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 8/9/2016
    Scan Time: 10:09:34 AM
    Logfile:
    Administrator: Yes

    Version: 0.0.0.0000
    Malware Database: v2016.08.09.07
    Rootkit Database: v2016.08.09.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: pvs

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 442637
    Time Elapsed: 43 min, 17 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

     

    So, Ron, I am going to run he Sophos Scan again, after first Cleaning the two bugs, and then rebooting and disabling AVAST.  Should I also exit Malwarebytes prior to running the new Sophos Scan?

    Real-Time Protection Always Being Turned Off

    in Resolved Malware Removal Logs

    Posted

    Hi again, Ron.  Okay, I'm currently performing Step 6 (Sophos).  As it appears Sophos is checking ALL of the drives in this machine, this is probably going to take a very long time (the PC has five 2TB drives in addition to a 500GB System HDD).  So, let me attach the logs from Steps 4 (JRT) and 5 (Adw) now, and I'll get back to you once Sophos finishes up.

    STEP 04 First, JRT (there wasn't very much):

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Microsoft Windows XP x64
    Ran by pvs (Administrator) on Mon 08/08/2016 at 14:39:48.11
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     


    File System: 20

    Successfully deleted: C:\Documents and Settings\pvs\Application Data\download manager (Folder)
    Successfully deleted: C:\Documents and Settings\pvs\Application Data\getrighttogo (Folder)
    Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
    Successfully deleted: C:\WINDOWS\wininit.ini (File)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\03I8NQZ4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8IV9VIG3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9KGDUN65 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0GT7Q4J (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JTWQ08SF (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NRRZABT8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WGLBL7PF (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z8ZSJPDQ (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\03I8NQZ4 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8IV9VIG3 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9KGDUN65 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G0GT7Q4J (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JTWQ08SF (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NRRZABT8 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WGLBL7PF (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z8ZSJPDQ (Temporary Internet Files Folder)

     

    Registry: 6

    Successfully deleted: HKLM\Software\MozillaPlugins\@viewpoint.com/vmp (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{708CA9C9-C5F7-44D8-ADEA-649528C99A4F} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Value)

     


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 08/08/2016 at 14:48:22.00
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    STEP 05 And next, Adware Cleaner after reboot (several Reg Entries and three folders):

    # AdwCleaner v5.201 - Logfile created 08/08/2016 at 15:01:42
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-08-08.2 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (X86)
    # Username : pvs - GRAPHIXXT
    # Running from : C:\Documents and Settings\pvs\Desktop\MBAM Real-Time Protection\AdwCleaner.exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
    [-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    [-] Folder Deleted : C:\DOCUME~1\pvs\LOCALS~1\Temp\Video Converter

    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKCU\Software\Burn4Free
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKCU\Software\YahooPartnerToolbar
    [-] Key Deleted : HKLM\SOFTWARE\Description
    [-] Key Deleted : HKLM\SOFTWARE\MetaStream
    [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
    [-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [4533 bytes] - [08/08/2016 15:01:42]
    C:\AdwCleaner\AdwCleaner[S1].txt - [4731 bytes] - [08/08/2016 14:55:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4679 bytes] ##########

     

    Please note that I have not disabled my AVAST AntiVirus for the Sophos Scan.  Please let me know if I was supposed to do that.

    Thanks once again for your help with this.  I really appreciate it a lot!

    -pvs

     

    Real-Time Protection Always Being Turned Off

    in Resolved Malware Removal Logs

    Posted

    I agree, Ron, I do not want and PUPs either.  But please forgive me.  I thought when I clicked "Save Results" at the bottom right of the Scan Tab, that it would make a list of the found items.  I just looked at it, though, and it seems it's just the same LOG file I already sent.  I cannot figure out a way to save the result set outside of doing a few Screen Shots to create JPG images.  I have attached those screen shots here. (Note: #3 has several at the top that are also found on #2).

    I will now proceed with the rest of your instructions, beginning with a reboot, and post the results you are requesting from those procedures.

     

    FoundPUPs_2016-08-08_1.jpg

    FoundPUPs_2016-08-08_2.jpg

    FoundPUPs_2016-08-08_3.jpg

    Real-Time Protection Always Being Turned Off

    in Resolved Malware Removal Logs

    Posted

    Hi Ron, and thanks for trying to help me with this issue.  I DO appreciate it!  I have wondered if the dual-boot scenario was complicating my installation.  I agree that I'd like to go on with some testing and try to correct my issue, regardless.

    Interesting about the leftover BitDefender "crumbs".  Just knowing that makes me feel it might be worthwhile seeing if BD offers a cleaning utility similar to the one Malwarebytes offers (mbam-clean-2.2.2.7).  Thanks for that info.  Also, with regard to mbam-clean-2.2.2.7, I am sorry that I had forgotten to mention in my initial post that I also tried  running THAT utility on June 18, 2016, unfortunately with no effect on my issue.

    Anyway, here is my log file from this Threat Scan:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 8/8/2016
    Scan Time: 12:24:32 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.08.08.07
    Rootkit Database: v2016.05.27.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: pvs

    Scan Type: Threat Scan
    Result: Cancelled
    Objects Scanned: 0
    (No malicious items detected)
    Time Elapsed: 2 min, 2 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

     

    I see that a bunch (69) of PUPs were found, which I typically do not get when I run the scan without RKill being run first. I have saved the results, and have NOT chosen to "Remove Selected" as you have not said to do so.  If you need to see that list, please let me know.

    FWIW, last night, I also had a window pop up: "Malwarebytes was unable to load the Anti-Rootkit DDA Driver...".   I had forgotten to include in my initial post that this used to be an issue a couple of years ago, but I was always able to fix it by doing a clean install of Malwarebytes.  With regard to this particular Anti-Rootkit DDA failure, my reboot this morning did not show any issues, and the rootkit scan for the attached log seemed to work okay, but I just wanted to let you know this happened.  For whatever reason, I could not successfully attach my JPG screen shot of the error window.

    Anyway, please let me know if you see anything

    Thanks again!

    -pvs

    Real-Time Protection Always Being Turned Off

    in Resolved Malware Removal Logs

    Posted

    Hi!  I have been using Malwarebytes Home Premium for quite some time, and OCCASIONALLY, the following would occur.  But as of my upgrade to Version 2.2.1.1043, it seems to be happening almost daily.

    As you will probably be able to discern from the attached FRST.txt and Addition.txt files, I am running an aged copy of Windows XP Professional (32-bit) SP-3 on this partition.  I don't know if it matters or not, but I am also running a copy of Windows 7 Professional (64-bit) on a separate partition, in a dual-boot setup on this machine.  Licensed copies of Malwarebytes Anti-Malware Home (Premium) 2.2.1.1043 are installed on both partitions.

    Anyway, my "symptom" is that, typically upon startup, my Real-Time Protection is turned off.  To correct it, I need to:
    1) Open the GUI
    2) Click the Settings Tab
    3) Click the Advanced Settings Tab on the left
    4) Disable self-protection mode
    5) Click the Detection and Protection Tab on the left
    6) Re-enable both Malware Protection and Malicious Website Protection
    7) Click the Advanced Settings Tab on the left again
    8) Re-enable Self-Protection and Early Start

    I have run Threat-scans and Hyper-Scans, but nothing turns up.  I have also (several times) run the Malwarebytes Chameleon application.  Again, nothing is found.

    FWIW, I used to have Bitdefender installed on both partitions of this machine, but, having issues with the newest upgrade I had purchased, I have uninstalled it from this partition, and now use a free version of AVAST (12.1.2272 (build 12.1.3076.6)).  At any rate, I have also run scans using these AV products, and the system always turns up clean.

    So, I am not really sure I DO have an infection.  I am hoping you will be able to help with the issue of the real-time protection becoming disabled, and put my mind at ease.  And if we DO find something?  I would be very grateful.

    Thanks in advance,
    -pvs

     

    FRST.txt

    Addition.txt

    AntiRootkit Failing to load

    in Resolved Malware Removal Logs

    Posted

    I seem to be having an issue similar to izoold (back in June 2014, on this thread).  Today, my issue became persistent, in that I cannot seem to load the rootkit DDA driver, and thus, my search which turned up the noted thread. I have attached a jpg of the error message.

    Anyway, I downloaded the Anti-Rootkit software (MBAR) suggested in the reference thread, and executed it.  Attached are the resulting logs from that program.  FWIW, MBAR said it did not find anything, and I do not see anything in my look at the logs.

     

    But still the Anti-Rootkit fails to load on each reboot.

    Thanks in advance for any help you can give me.
    -pvs

     

    post-171906-0-03119300-1408908620_thumb.

    system-log.txt

    mbar-log-2014-08-24 (14-39-10).txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.