pvs
-
Posts
36 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by pvs
-
-
Hey Ron,
Thanks for all this info. I am not finished with it yet (not close, actually), but I thought I'd reply now, and let you know what I HAVE done, let you know a few things that happened, and to ask a few questions.
And yes, I, too, have a lifetime license for UEdit! I used to program for a living, and used to have a DOS editor named QEdit. That was fantastic! As I came into Windows, I hated Notepad, though I manually wrote several websites in HTML using it. But I needed more, mainly quick macros for coding and code-formatting, and my search ultimately ended with UltraEdit 7.20 in November of 2000. I finally went with the lifetime license in February 2009. Ian has a great product, and a wonderful staff! In early 2015, I bought a new Surface Pro, and I asked them how much it would cost to add another machine to my Lifetime license with them, fully expecting them to ask for at least $50.00. They very kindly wrote back and told me that they adjusted my license, giving me 4 installs instead of the default 3, and to just install it on the Surface Pro ..... no charge!
===================================================================
Anyway, so far, I have run the Bitdefender uninstall. The one for 2016 could not run on my platform. This seems correct, as I now recall that I ran into that issue when I upgraded this past year. I own three BD installations, 2 on this machine (XP and W7), and 1 on another W7 laptop (which, incidentally, is also protected by MalwareBytes under my current license). When I upgraded from BD AV 2015, they told me that the new version (2016) would not work on the XP operating system, and they upgraded me to one of their Security Essentials products. I had severe issues with that substituted product, which was why I ditched it and went to the free version of AVAST, which, so far, has been pretty good (I think).Regardless, the program at the second (The New) BD Uninstaller link worked very well, I believe, as is went through at least four iterations for many of the BD Product Line. I saw the Antivirus Plus product uninstall, as well as the Security Essentials. It also did a few others, but sorry, I did not keep a log of them.
===================================================================
Regarding MS Security Essentials, I ran the uninstaller in Programs & Features sometime around when MS stopped supporting XP (April 2014?), and as such, it is not in my list of installed Programs & Features. If there are still remnants lingering, do you recommend that I run this uninstaller?http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/
Or would you suggest I do something else?
===================================================================
As for the Group Policy / Work Domain issues, please note that this machine is a central part of my small home network. Yes, this PC DOES have a Server Motherboard, but it's running XP and W7 as workstations. It has 5 internal 2TB drives and a 500GB drive that is used for the OS. The data drives are duplicated on a Synology NAS, which also houses a library of Acronis Image backups of the system drive for this machine, as well as backups from 2 other laptops and a Time Machine backup for a Mac. Though most (not all) of these workstations can see each others' shared files and folders, this machine is not really used as a server.I might've made some mistakes in the network settings I've used, that might indicate that this is a Work Domain. I used what I had learned while on the job prior to my retirement to build this network. So some of my settings might be modeled after my corporate environment.
As for Group Policy errors, well, I was never at a high enough level (at my job) to have had access to Group Policy (I was on a Client Department's, IS Team, and only our IT Department could access GP). So I might've made some errors in setting them up. (Or maybe they're due to malware?)
So, with regard to this GP and Domain stuff, I would very much appreciate recommendations from you to correct the issues. But please understand, I feel my network setup is currently giving me EVERYTHING I need at the moment, and am hesitant about changing it (the old, "if it ain't broke..." adage). But again, I am all ears for any suggestions you might have. Please advise!
===================================================================
With regard to Adobe, Hmmm. I have every version of Adobe Photoshop going back to Version 6.0, and they're all installed. This was due to the way Adobe upgraded the product line. The upgrade needed to see a prior licensed product installed before it installed the new one. In many instances, Adobe had removed features from the newer upgrade, so the newer product made a completely new install in a new directory. This way, the customer still had access to the old features.I still use the oldest Photoshop occasionally, as it's start-up time is quick, and it gives me quite a few great features. I also use the latest installed one. I could probably remove most of the subsequent ones, though, as Adobe has changed the way it releases software now, and I will NEVER make use of their new (rental) model. Besides, anything newer will never run on this old XP Installation.
So with regard to the old license ... I'd like to save that for later. Once we get the rest of this machine cleaned up, I will make a new Image Backup of the System Drive, and then we can experiment with removing that License Manager. This way, if removal of the manager kills my working PS6.0, I can revert back to a nice clean system.
===================================================================
Moving on, I DL'd and ran the newer MCPR.exe that you linked to. It ran fine and completed with a required reboot. That reboot did not go well, though, with only 4 tray icons appearing. So I tried to shut down and reboot. That attempted shutdown also failed, repeatedly. I then tried shutting down explorer.exe through Task Manager, but Task Manager would not come up. I then noticed that I could not even click on the Windows Icon (lower left) to try another shutdown. So I needed to de-power the machine and start over. Luckily, the next boot went well (seemingly), and here we are.
===================================================================
Yikes! I do NOT like the sound of what you're saying about my copy of Windows Explorer! I am going to review those two links you provided, and try to correct this issue as soon as I finish posting this to our thread.
===================================================================
Yes, my Java is the last one I can get for XP. I don't know that I really need it. I do not code in Java (at the moment, anyway). The only thing that I have that MIGHT need it is my Web-based GUI for the NAS, and THAT product continually complains about the version. Similar to the Adobe License Manager, above, I think I'd rather wait with this until we have other things cleaned up .... unless you think it's part of any infection I might have. Please advise, here.
===================================================================
So that's about it for now. I need to await your instructions about the MS Essentials uninstaller before I can go on with the fixlist.txt stuff. Please let me know what you think about that, as well as the other issues I've detailed above.Thanks again, Ron. I'll be listening up.
-pvs -
Just a couple of questions for you, Ron:
- I am unsure about what the RKill program did in the first step. If I understand correctly, it killed certain processes that could harbor Malware. But I am not sure if I was supposed to run it to kill those processes before every scan we did above, or if it should have only been run that one time. FWIW, I only ran it that one time. Is that okay?
- I see that Bitdefender DOES have tools available to do an uninstall (http://www.bitdefender.com/site/view/uninstall_consumer_paid.html). I was wondering if you thought I might add that "Step" into what we're doing. I might need to run one for both 2015 and 2016, I guess, unless you can easily identify which of them is the culprit.
Anyway, have a great night. I'm gonna turn in.
-pvs
-
Okay, Ron. I think I've caught up with you. Boy, the Sophos Scans take a Looong time on this machine.
Anyway, I ran the Sophos again, this time with my AV deactivated. It wound up, indeed, finding another copy of Mal/Mdrop-CE, this time, in a restore_ volume. I cleaned it up, as you will see in the log, here:
========================================================================
2016-08-08 19:19:15.875 Sophos Virus Removal Tool version 2.5.5
2016-08-08 19:19:15.875 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.2016-08-08 19:19:15.875 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2016-08-08 19:19:15.875 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2016-08-08 19:19:15.875 Checking for updates...
2016-08-08 19:19:16.453 Update progress: proxy server not available
2016-08-08 19:19:38.968 Option all = no
2016-08-08 19:19:38.968 Option recurse = yes
2016-08-08 19:19:38.968 Option archive = no
2016-08-08 19:19:38.968 Option service = yes
2016-08-08 19:19:38.968 Option confirm = yes
2016-08-08 19:19:38.968 Option sxl = yes
2016-08-08 19:19:38.968 Option max-data-age = 35
2016-08-08 19:19:38.968 Option EnableSafeClean = yes
2016-08-08 19:19:40.468 Option vdl-logging = yes
2016-08-08 19:19:40.484 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-08-08 19:19:40.484 Machine ID: f5b7a50d709447afb131bb00bff316f6
2016-08-08 19:19:40.531 Component SVRTcli.exe version 2.5.5
2016-08-08 19:19:40.531 Component control.dll version 2.5.5
2016-08-08 19:19:40.531 Component SVRTservice.exe version 2.5.5
2016-08-08 19:19:40.531 Component engine\osdp.dll version 1.44.1.2250
2016-08-08 19:19:40.531 Component engine\veex.dll version 3.65.0.2250
2016-08-08 19:19:40.531 Component engine\savi.dll version 9.0.1.2250
2016-08-08 19:19:40.546 Component rkdisk.dll version 1.5.30.0
2016-08-08 19:19:40.546 Version info: Product version 2.5.5
2016-08-08 19:19:40.546 Version info: Detection engine 3.65.0
2016-08-08 19:19:40.546 Version info: Detection data 5.26
2016-08-08 19:19:40.546 Version info: Build date 4/5/2016
2016-08-08 19:19:40.546 Version info: Data files added 756
2016-08-08 19:19:40.546 Version info: Last successful update (not yet updated)
2016-08-08 19:20:09.796 Downloading updates...
2016-08-08 19:20:09.812 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE527 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE528 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE529 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE530 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE531 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE532 LATEST
2016-08-08 19:20:09.812 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-08-08 19:20:09.812 Update progress: [I19463] Syncing product SAVIW32 70
2016-08-08 19:20:21.984 Update progress: [I19463] Syncing product IDE527 142
2016-08-08 19:20:32.875 Installing updates...
2016-08-08 19:20:36.281 Error level 1
2016-08-08 19:20:36.328 Update progress: [I19463] Syncing product IDE528 127
2016-08-08 19:20:36.328 Update progress: [I19463] Syncing product IDE529 135
2016-08-08 19:20:36.328 Update progress: [I19463] Syncing product IDE530 214
2016-08-08 19:20:36.328 Update progress: [I19463] Syncing product IDE531 145
2016-08-08 19:20:36.328 Update progress: [I19463] Syncing product IDE532 1
2016-08-08 19:21:04.156 Update successful
2016-08-08 19:21:30.562 Option all = no
2016-08-08 19:21:30.562 Option recurse = yes
2016-08-08 19:21:30.562 Option archive = no
2016-08-08 19:21:30.562 Option service = yes
2016-08-08 19:21:30.562 Option confirm = yes
2016-08-08 19:21:30.562 Option sxl = yes
2016-08-08 19:21:30.562 Option max-data-age = 35
2016-08-08 19:21:30.562 Option EnableSafeClean = yes
2016-08-08 19:21:30.671 Option vdl-logging = yes
2016-08-08 19:21:30.671 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-08-08 19:21:30.671 Machine ID: f5b7a50d709447afb131bb00bff316f6
2016-08-08 19:21:30.687 Component SVRTcli.exe version 2.5.5
2016-08-08 19:21:30.687 Component control.dll version 2.5.5
2016-08-08 19:21:30.687 Component SVRTservice.exe version 2.5.5
2016-08-08 19:21:30.687 Component engine\osdp.dll version 1.44.1.2250
2016-08-08 19:21:30.687 Component engine\veex.dll version 3.65.0.2250
2016-08-08 19:21:30.687 Component engine\savi.dll version 9.0.1.2250
2016-08-08 19:21:30.703 Component rkdisk.dll version 1.5.30.0
2016-08-08 19:21:30.703 Version info: Product version 2.5.5
2016-08-08 19:21:30.703 Version info: Detection engine 3.65.0
2016-08-08 19:21:30.703 Version info: Detection data 5.26
2016-08-08 19:21:30.703 Version info: Build date 4/5/2016
2016-08-08 19:21:30.703 Version info: Data files added 756
2016-08-08 19:21:30.703 Version info: Last successful update 8/8/2016 3:21:04 PM2016-08-08 22:06:56.096 SafeClean bin directory is empty.
2016-08-08 22:06:56.143 Error level 02016-08-08 22:07:01.690 Scan cancelled by user.
2016-08-08 22:07:01.690------------------------------------------------------------
2016-08-08 22:07:11.893 Sophos Virus Removal Tool version 2.5.5
2016-08-08 22:07:11.893 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.2016-08-08 22:07:11.893 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2016-08-08 22:07:11.893 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2016-08-08 22:07:11.893 Checking for updates...
2016-08-08 22:07:13.112 Update progress: proxy server not available
2016-08-08 22:08:34.786 Downloading updates...
2016-08-08 22:08:34.786 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE527 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE528 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE529 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE530 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE531 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE532 LATEST
2016-08-08 22:08:34.786 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-08-08 22:08:34.786 Update progress: [I19463] Syncing product SAVIW32 70
2016-08-08 22:08:34.786 Update progress: [I19463] Syncing product IDE527 142
2016-08-08 22:08:35.661 Option all = no
2016-08-08 22:08:35.661 Option recurse = yes
2016-08-08 22:08:35.661 Option archive = no
2016-08-08 22:08:35.661 Option service = yes
2016-08-08 22:08:35.661 Option confirm = yes
2016-08-08 22:08:35.661 Option sxl = yes
2016-08-08 22:08:35.661 Option max-data-age = 35
2016-08-08 22:08:35.661 Option EnableSafeClean = yes
2016-08-08 22:08:35.786 Option vdl-logging = yes
2016-08-08 22:08:35.818 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-08-08 22:08:35.818 Machine ID: f5b7a50d709447afb131bb00bff316f6
2016-08-08 22:08:35.943 Component SVRTcli.exe version 2.5.5
2016-08-08 22:08:35.943 Component control.dll version 2.5.5
2016-08-08 22:08:35.943 Component SVRTservice.exe version 2.5.5
2016-08-08 22:08:35.943 Component engine\osdp.dll version 1.44.1.2250
2016-08-08 22:08:35.943 Component engine\veex.dll version 3.65.0.2250
2016-08-08 22:08:35.943 Component engine\savi.dll version 9.0.1.2250
2016-08-08 22:08:36.255 Component rkdisk.dll version 1.5.30.0
2016-08-08 22:08:36.255 Version info: Product version 2.5.5
2016-08-08 22:08:36.255 Version info: Detection engine 3.65.0
2016-08-08 22:08:36.255 Version info: Detection data 5.26
2016-08-08 22:08:36.255 Version info: Build date 4/5/2016
2016-08-08 22:08:36.255 Version info: Data files added 756
2016-08-08 22:08:36.255 Version info: Last successful update 8/8/2016 3:21:04 PM
2016-08-08 22:08:46.021 Update progress: [I19463] Syncing product IDE528 127
2016-08-08 22:08:46.021 Update progress: [I19463] Syncing product IDE529 135
2016-08-08 22:08:46.052 Update progress: [I19463] Syncing product IDE530 214
2016-08-08 22:08:46.052 Update progress: [I19463] Syncing product IDE531 146
2016-08-08 22:08:46.787 Installing updates...
2016-08-08 22:08:48.584 Error level 1
2016-08-08 22:08:50.068 Update progress: [I19463] Syncing product IDE532 1
2016-08-08 22:08:50.412 Update successful
2016-08-08 22:09:09.584 Option all = no
2016-08-08 22:09:09.584 Option recurse = yes
2016-08-08 22:09:09.584 Option archive = no
2016-08-08 22:09:09.584 Option service = yes
2016-08-08 22:09:09.584 Option confirm = yes
2016-08-08 22:09:09.584 Option sxl = yes
2016-08-08 22:09:09.584 Option max-data-age = 35
2016-08-08 22:09:09.584 Option EnableSafeClean = yes
2016-08-08 22:09:09.647 Option vdl-logging = yes
2016-08-08 22:09:09.662 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-08-08 22:09:09.662 Machine ID: f5b7a50d709447afb131bb00bff316f6
2016-08-08 22:09:09.662 Component SVRTcli.exe version 2.5.5
2016-08-08 22:09:09.662 Component control.dll version 2.5.5
2016-08-08 22:09:09.662 Component SVRTservice.exe version 2.5.5
2016-08-08 22:09:09.662 Component engine\osdp.dll version 1.44.1.2250
2016-08-08 22:09:09.662 Component engine\veex.dll version 3.65.0.2250
2016-08-08 22:09:09.662 Component engine\savi.dll version 9.0.1.2250
2016-08-08 22:09:09.678 Component rkdisk.dll version 1.5.30.0
2016-08-08 22:09:09.678 Version info: Product version 2.5.5
2016-08-08 22:09:09.678 Version info: Detection engine 3.65.0
2016-08-08 22:09:09.678 Version info: Detection data 5.26
2016-08-08 22:09:09.678 Version info: Build date 4/5/2016
2016-08-08 22:09:09.678 Version info: Data files added 757
2016-08-08 22:09:09.678 Version info: Last successful update 8/8/2016 6:08:50 PM2016-08-09 04:36:13.899 Could not open C:\Boot\BCD
2016-08-09 05:00:04.641 Could not open C:\hiberfil.sys
2016-08-09 10:17:13.259 >>> Virus 'Mal/BredoZp-B' found in file E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\buildos+package_tools-4.2b3.zip
2016-08-09 10:17:13.275 >>> Virus 'Mal/BredoZp-B' found in file HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
2016-08-09 10:17:13.275 >>> Virus 'Mal/BredoZp-B' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2016-08-09 10:17:13.275 >>> Virus 'Mal/BredoZp-B' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209
2016-08-09 10:17:44.650 >>> Virus 'Mal/Mdrop-CE' found in file E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\RaphaelUnlocker.exe
2016-08-09 10:17:44.650 >>> Virus 'Mal/Mdrop-CE' found in file HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
2016-08-09 10:17:44.650 >>> Virus 'Mal/Mdrop-CE' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2016-08-09 10:17:44.650 >>> Virus 'Mal/Mdrop-CE' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209
2016-08-09 10:43:53.574 Could not open LOGICAL:000E:00000000
2016-08-09 10:43:53.574 Could not open O:\
2016-08-09 10:44:59.600 Could not open LOGICAL:0012:00000000
2016-08-09 10:44:59.600 Could not open S:\
2016-08-09 10:44:59.600 Could not open LOGICAL:0015:00000000
2016-08-09 10:44:59.616 Could not open V:\
2016-08-09 14:05:17.164 Could not open PHYSICAL:0086:0000:0000:0001
2016-08-09 14:05:17.211 Could not open PHYSICAL:0087:0000:0000:0001
2016-08-09 14:05:17.211 Could not open PHYSICAL:0088:0000:0000:0001
2016-08-09 14:05:17.336 The following items will be cleaned up:
2016-08-09 14:05:17.336 Mal/BredoZp-B
2016-08-09 14:05:17.336 Mal/Mdrop-CE
2016-08-09 15:10:33.293 Threat 'Mal/BredoZp-B' has been cleaned up.
2016-08-09 15:10:33.293 File "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\buildos+package_tools-4.2b3.zip" belongs to malware 'Mal/BredoZp-B'.
2016-08-09 15:10:33.293 File "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\buildos+package_tools-4.2b3.zip" has been cleaned up.
2016-08-09 15:10:33.293 Registry value "HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify" belongs to malware 'Mal/BredoZp-B'.
2016-08-09 15:10:33.293 Registry value "HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify" has been cleaned up.
2016-08-09 15:10:33.293 Registry value "HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet" belongs to malware 'Mal/BredoZp-B'.
2016-08-09 15:10:33.293 Registry value "HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet" has been cleaned up.
2016-08-09 15:10:33.293 Registry value "HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209" belongs to malware 'Mal/BredoZp-B'.
2016-08-09 15:10:33.293 Registry value "HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209" has been cleaned up.
2016-08-09 15:10:33.293 Removal successful
2016-08-09 15:10:42.441 Threat 'Mal/Mdrop-CE' has been cleaned up.
2016-08-09 15:10:42.441 File "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\RaphaelUnlocker.exe" belongs to malware 'Mal/Mdrop-CE'.
2016-08-09 15:10:42.441 File "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\RaphaelUnlocker.exe" has been cleaned up.
2016-08-09 15:10:42.441 Removal successful
2016-08-09 15:10:42.472 Contents of SafeClean bin directory:
2016-08-09 15:10:42.660 {
2016-08-09 15:10:42.660 RecordID : "0000000000000001",
2016-08-09 15:10:42.660 ItemType : "1",
2016-08-09 15:10:42.660 Location : "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\",
2016-08-09 15:10:42.660 FileName : "buildos+package_tools-4.2b3.zip",
2016-08-09 15:10:42.660 ThreatName : "Mal/BredoZp-B",
2016-08-09 15:10:42.660 Checksum : "fffe68ae79d0986d358789b256def43af80cadacbb654637903383a4b1bf1867",
2016-08-09 15:10:42.660 TimeStamp : "Tue Aug 09 11:10:19 2016"
2016-08-09 15:10:42.660 }
2016-08-09 15:10:42.660 {
2016-08-09 15:10:42.660 RecordID : "0000000000000002",
2016-08-09 15:10:42.660 ItemType : "1",
2016-08-09 15:10:42.660 Location : "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\",
2016-08-09 15:10:42.660 FileName : "RaphaelUnlocker.exe",
2016-08-09 15:10:42.660 ThreatName : "Mal/Mdrop-CE",
2016-08-09 15:10:42.660 Checksum : "c80ee04e23d7b853899f72bca4fba0d655d76d87e37133a19245a25b5616b5ab",
2016-08-09 15:10:42.660 TimeStamp : "Tue Aug 09 11:10:33 2016"
2016-08-09 15:10:42.660 }
2016-08-09 15:10:46.184 Error level 02016-08-09 15:11:49.781 Scan completed.
2016-08-09 15:11:49.781------------------------------------------------------------
2016-08-09 15:20:54.953 Sophos Virus Removal Tool version 2.5.5
2016-08-09 15:20:54.953 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.2016-08-09 15:20:54.953 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2016-08-09 15:20:54.953 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2016-08-09 15:20:54.953 Checking for updates...
2016-08-09 15:20:55.093 Update progress: proxy server not available
2016-08-09 15:21:21.375 Downloading updates...
2016-08-09 15:21:21.375 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-08-09 15:21:21.375 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-08-09 15:21:21.375 Update progress: [I49502] Found supplement IDE527 LATEST
2016-08-09 15:21:21.375 Update progress: [I49502] Found supplement IDE528 LATEST
2016-08-09 15:21:21.375 Update progress: [I49502] Found supplement IDE529 LATEST
2016-08-09 15:21:21.375 Update progress: [I49502] Found supplement IDE530 LATEST
2016-08-09 15:21:21.375 Update progress: [I49502] Found supplement IDE531 LATEST
2016-08-09 15:21:21.375 Update progress: [I49502] Found supplement IDE532 LATEST
2016-08-09 15:21:21.375 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-08-09 15:21:21.375 Update progress: [I19463] Syncing product SAVIW32 70
2016-08-09 15:21:21.375 Update progress: [I19463] Syncing product IDE527 142
2016-08-09 15:21:22.265 Update progress: [I19463] Syncing product IDE528 127
2016-08-09 15:21:22.265 Update progress: [I19463] Syncing product IDE529 135
2016-08-09 15:21:22.265 Update progress: [I19463] Syncing product IDE530 214
2016-08-09 15:21:22.265 Update progress: [I19463] Syncing product IDE531 149
2016-08-09 15:21:22.812 Installing updates...
2016-08-09 15:21:54.109 Update progress: [I19463] Syncing product IDE532 1
2016-08-09 15:21:54.453 Update successful
2016-08-09 15:21:57.453 Option all = no
2016-08-09 15:21:57.453 Option recurse = yes
2016-08-09 15:21:57.453 Option archive = no
2016-08-09 15:21:57.453 Option service = yes
2016-08-09 15:21:57.453 Option confirm = yes
2016-08-09 15:21:57.453 Option sxl = yes
2016-08-09 15:21:57.453 Option max-data-age = 35
2016-08-09 15:21:57.453 Option EnableSafeClean = yes
2016-08-09 15:21:57.656 Option vdl-logging = yes
2016-08-09 15:21:57.718 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-08-09 15:21:57.718 Machine ID: f5b7a50d709447afb131bb00bff316f6
2016-08-09 15:21:57.750 Component SVRTcli.exe version 2.5.5
2016-08-09 15:21:57.750 Component control.dll version 2.5.5
2016-08-09 15:21:57.750 Component SVRTservice.exe version 2.5.5
2016-08-09 15:21:57.750 Component engine\osdp.dll version 1.44.1.2250
2016-08-09 15:21:57.750 Component engine\veex.dll version 3.65.0.2250
2016-08-09 15:21:57.750 Component engine\savi.dll version 9.0.1.2250
2016-08-09 15:21:57.781 Component rkdisk.dll version 1.5.30.0
2016-08-09 15:21:57.781 Version info: Product version 2.5.5
2016-08-09 15:21:57.781 Version info: Detection engine 3.65.0
2016-08-09 15:21:57.781 Version info: Detection data 5.26
2016-08-09 15:21:57.781 Version info: Build date 4/5/2016
2016-08-09 15:21:57.781 Version info: Data files added 757
2016-08-09 15:21:57.781 Version info: Last successful update 8/9/2016 11:21:54 AM
2016-08-09 15:21:58.453 Error: an instance of this application is already running.
2016-08-09 15:21:59.453 Error level 12016-08-09 15:23:50.062 Scan failed due to fatal error.
2016-08-09 15:23:50.062------------------------------------------------------------
2016-08-09 15:24:06.656 Sophos Virus Removal Tool version 2.5.5
2016-08-09 15:24:06.656 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.2016-08-09 15:24:06.656 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2016-08-09 15:24:06.656 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2016-08-09 15:24:06.656 Checking for updates...
2016-08-09 15:24:06.796 Update progress: proxy server not available
2016-08-09 15:24:11.984 Update not required
2016-08-09 15:24:26.500 Option all = no
2016-08-09 15:24:26.500 Option recurse = yes
2016-08-09 15:24:26.500 Option archive = no
2016-08-09 15:24:26.500 Option service = yes
2016-08-09 15:24:26.500 Option confirm = yes
2016-08-09 15:24:26.500 Option sxl = yes
2016-08-09 15:24:26.500 Option max-data-age = 35
2016-08-09 15:24:26.500 Option EnableSafeClean = yes
2016-08-09 15:24:26.546 Option vdl-logging = yes
2016-08-09 15:24:26.562 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-08-09 15:24:26.562 Machine ID: f5b7a50d709447afb131bb00bff316f6
2016-08-09 15:24:26.562 Component SVRTcli.exe version 2.5.5
2016-08-09 15:24:26.562 Component control.dll version 2.5.5
2016-08-09 15:24:26.562 Component SVRTservice.exe version 2.5.5
2016-08-09 15:24:26.562 Component engine\osdp.dll version 1.44.1.2250
2016-08-09 15:24:26.562 Component engine\veex.dll version 3.65.0.2250
2016-08-09 15:24:26.562 Component engine\savi.dll version 9.0.1.2250
2016-08-09 15:24:26.562 Component rkdisk.dll version 1.5.30.0
2016-08-09 15:24:26.562 Version info: Product version 2.5.5
2016-08-09 15:24:26.578 Version info: Detection engine 3.65.0
2016-08-09 15:24:26.578 Version info: Detection data 5.26
2016-08-09 15:24:26.578 Version info: Build date 4/5/2016
2016-08-09 15:24:26.578 Version info: Data files added 760
2016-08-09 15:24:26.578 Version info: Last successful update 8/9/2016 11:21:54 AM2016-08-09 16:56:45.634 Could not open C:\Boot\BCD
2016-08-09 17:18:11.415 Could not open C:\hiberfil.sys
2016-08-09 21:44:21.794 >>> Virus 'Mal/Mdrop-CE' found in file E:\System Volume Information\_restore{F12267EB-4139-410B-A5CA-39ACA65FED85}\RP2012\A0678310.exe
2016-08-09 22:27:37.919 Could not open LOGICAL:000E:00000000
2016-08-09 22:27:37.919 Could not open O:\
2016-08-09 22:28:19.888 Could not open LOGICAL:0012:00000000
2016-08-09 22:28:19.904 Could not open S:\
2016-08-09 22:28:19.904 Could not open LOGICAL:0015:00000000
2016-08-09 22:28:19.904 Could not open V:\
2016-08-10 01:14:45.531 Could not open PHYSICAL:0086:0000:0000:0001
2016-08-10 01:14:45.578 Could not open PHYSICAL:0087:0000:0000:0001
2016-08-10 01:14:45.578 Could not open PHYSICAL:0088:0000:0000:0001
2016-08-10 01:14:45.625 The following items will be cleaned up:
2016-08-10 01:14:45.625 Mal/Mdrop-CE
2016-08-10 02:55:19.714 Threat 'Mal/Mdrop-CE' has been cleaned up.
2016-08-10 02:55:19.714 File "E:\System Volume Information\_restore{F12267EB-4139-410B-A5CA-39ACA65FED85}\RP2012\A0678310.exe" belongs to malware 'Mal/Mdrop-CE'.
2016-08-10 02:55:19.714 File "E:\System Volume Information\_restore{F12267EB-4139-410B-A5CA-39ACA65FED85}\RP2012\A0678310.exe" has been cleaned up.
2016-08-10 02:55:19.714 Removal successful
2016-08-10 02:55:19.745 Contents of SafeClean bin directory:
2016-08-10 02:55:19.776 {
2016-08-10 02:55:19.776 RecordID : "0000000000000001",
2016-08-10 02:55:19.776 ItemType : "1",
2016-08-10 02:55:19.776 Location : "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\",
2016-08-10 02:55:19.776 FileName : "buildos+package_tools-4.2b3.zip",
2016-08-10 02:55:19.776 ThreatName : "Mal/BredoZp-B",
2016-08-10 02:55:19.776 Checksum : "fffe68ae79d0986d358789b256def43af80cadacbb654637903383a4b1bf1867",
2016-08-10 02:55:19.776 TimeStamp : "Tue Aug 09 11:10:19 2016"
2016-08-10 02:55:19.776 }
2016-08-10 02:55:19.776 {
2016-08-10 02:55:19.776 RecordID : "0000000000000002",
2016-08-10 02:55:19.776 ItemType : "1",
2016-08-10 02:55:19.776 Location : "E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\",
2016-08-10 02:55:19.776 FileName : "RaphaelUnlocker.exe",
2016-08-10 02:55:19.776 ThreatName : "Mal/Mdrop-CE",
2016-08-10 02:55:19.776 Checksum : "c80ee04e23d7b853899f72bca4fba0d655d76d87e37133a19245a25b5616b5ab",
2016-08-10 02:55:19.776 TimeStamp : "Tue Aug 09 11:10:33 2016"
2016-08-10 02:55:19.776 }
2016-08-10 02:55:19.776 {
2016-08-10 02:55:19.776 RecordID : "0000000000000003",
2016-08-10 02:55:19.776 ItemType : "1",
2016-08-10 02:55:19.776 Location : "E:\System Volume Information\_restore{F12267EB-4139-410B-A5CA-39ACA65FED85}\RP2012\",
2016-08-10 02:55:19.776 FileName : "A0678310.exe",
2016-08-10 02:55:19.776 ThreatName : "Mal/Mdrop-CE",
2016-08-10 02:55:19.776 Checksum : "c80ee04e23d7b853899f72bca4fba0d655d76d87e37133a19245a25b5616b5ab",
2016-08-10 02:55:19.776 TimeStamp : "Tue Aug 09 22:55:10 2016"
2016-08-10 02:55:19.776 }
2016-08-10 02:55:21.151 Error level 0========================================================================
After the Sophos scan, I followed your instructions to run mbam-clean-2.3.0.1001.exe (which was a bit newer than the one I ran in June (mbam-clean-2.2.2.7.exe), and I downloaded and reinstalled the newest version (which appears to be the same as what I had). I've reactivated it, and ran a new Threat Scan, which appears to have replaced the Version number, at least for now. The log from that Threat Scan is here:
========================================================================
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 8/9/2016
Scan Time: 11:36:16 PM
Logfile:
Administrator: YesVersion: 2.2.1.1043
Malware Database: v2016.08.10.01
Rootkit Database: v2016.08.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: EnabledOS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: pvsScan Type: Threat Scan
Result: Completed
Objects Scanned: 440552
Time Elapsed: 46 min, 19 secMemory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: EnabledProcesses: 0
(No malicious items detected)Modules: 0
(No malicious items detected)Registry Keys: 0
(No malicious items detected)Registry Values: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Folders: 0
(No malicious items detected)Files: 0
(No malicious items detected)Physical Sectors: 0
(No malicious items detected)
(end)========================================================================
Once that scan was complete, and still with my AV disabled, I re-ran the FarBar Recovery Tool, per your Step 07, above. I have attached both the resulting logfiles (FRST_06-08-2016_23-30-04.txt and Addition_06-08-2016_23-30-04.txt) to this post.
Please let me know your thoughts at your earliest convenience.
Once again, thank you for all your attention to this issue.
-pvs
-
Hi Ron. Hmm, okay, I guess I'll run it again after disabling AVAST, but I wanted to report back here and give you the log file that was created, especially since it found two little buggers: Mal/BredoZp-B and Mal/Mdrop-CE.
These bugs were both in a set of "kitchens" I used to use to build my own ROMS for an old cellphone. I knew about them at the time, and it was reported that they were false positives. But I am going to allow them to be clenaed, as I no longer use these kitchens, nor have I toyed with building ROMs in about a decade. If I in fact NEED these files back, I have copies on other HDDs that have since been retired (and are in a desk drawer nearby).
Here is the log:
2016-08-08 19:19:15.875 Sophos Virus Removal Tool version 2.5.5
2016-08-08 19:19:15.875 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.2016-08-08 19:19:15.875 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2016-08-08 19:19:15.875 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2016-08-08 19:19:15.875 Checking for updates...
2016-08-08 19:19:16.453 Update progress: proxy server not available
2016-08-08 19:19:38.968 Option all = no
2016-08-08 19:19:38.968 Option recurse = yes
2016-08-08 19:19:38.968 Option archive = no
2016-08-08 19:19:38.968 Option service = yes
2016-08-08 19:19:38.968 Option confirm = yes
2016-08-08 19:19:38.968 Option sxl = yes
2016-08-08 19:19:38.968 Option max-data-age = 35
2016-08-08 19:19:38.968 Option EnableSafeClean = yes
2016-08-08 19:19:40.468 Option vdl-logging = yes
2016-08-08 19:19:40.484 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-08-08 19:19:40.484 Machine ID: f5b7a50d709447afb131bb00bff316f6
2016-08-08 19:19:40.531 Component SVRTcli.exe version 2.5.5
2016-08-08 19:19:40.531 Component control.dll version 2.5.5
2016-08-08 19:19:40.531 Component SVRTservice.exe version 2.5.5
2016-08-08 19:19:40.531 Component engine\osdp.dll version 1.44.1.2250
2016-08-08 19:19:40.531 Component engine\veex.dll version 3.65.0.2250
2016-08-08 19:19:40.531 Component engine\savi.dll version 9.0.1.2250
2016-08-08 19:19:40.546 Component rkdisk.dll version 1.5.30.0
2016-08-08 19:19:40.546 Version info: Product version 2.5.5
2016-08-08 19:19:40.546 Version info: Detection engine 3.65.0
2016-08-08 19:19:40.546 Version info: Detection data 5.26
2016-08-08 19:19:40.546 Version info: Build date 4/5/2016
2016-08-08 19:19:40.546 Version info: Data files added 756
2016-08-08 19:19:40.546 Version info: Last successful update (not yet updated)
2016-08-08 19:20:09.796 Downloading updates...
2016-08-08 19:20:09.812 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE527 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE528 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE529 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE530 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE531 LATEST
2016-08-08 19:20:09.812 Update progress: [I49502] Found supplement IDE532 LATEST
2016-08-08 19:20:09.812 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-08-08 19:20:09.812 Update progress: [I19463] Syncing product SAVIW32 70
2016-08-08 19:20:21.984 Update progress: [I19463] Syncing product IDE527 142
2016-08-08 19:20:32.875 Installing updates...
2016-08-08 19:20:36.281 Error level 1
2016-08-08 19:20:36.328 Update progress: [I19463] Syncing product IDE528 127
2016-08-08 19:20:36.328 Update progress: [I19463] Syncing product IDE529 135
2016-08-08 19:20:36.328 Update progress: [I19463] Syncing product IDE530 214
2016-08-08 19:20:36.328 Update progress: [I19463] Syncing product IDE531 145
2016-08-08 19:20:36.328 Update progress: [I19463] Syncing product IDE532 1
2016-08-08 19:21:04.156 Update successful
2016-08-08 19:21:30.562 Option all = no
2016-08-08 19:21:30.562 Option recurse = yes
2016-08-08 19:21:30.562 Option archive = no
2016-08-08 19:21:30.562 Option service = yes
2016-08-08 19:21:30.562 Option confirm = yes
2016-08-08 19:21:30.562 Option sxl = yes
2016-08-08 19:21:30.562 Option max-data-age = 35
2016-08-08 19:21:30.562 Option EnableSafeClean = yes
2016-08-08 19:21:30.671 Option vdl-logging = yes
2016-08-08 19:21:30.671 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-08-08 19:21:30.671 Machine ID: f5b7a50d709447afb131bb00bff316f6
2016-08-08 19:21:30.687 Component SVRTcli.exe version 2.5.5
2016-08-08 19:21:30.687 Component control.dll version 2.5.5
2016-08-08 19:21:30.687 Component SVRTservice.exe version 2.5.5
2016-08-08 19:21:30.687 Component engine\osdp.dll version 1.44.1.2250
2016-08-08 19:21:30.687 Component engine\veex.dll version 3.65.0.2250
2016-08-08 19:21:30.687 Component engine\savi.dll version 9.0.1.2250
2016-08-08 19:21:30.703 Component rkdisk.dll version 1.5.30.0
2016-08-08 19:21:30.703 Version info: Product version 2.5.5
2016-08-08 19:21:30.703 Version info: Detection engine 3.65.0
2016-08-08 19:21:30.703 Version info: Detection data 5.26
2016-08-08 19:21:30.703 Version info: Build date 4/5/2016
2016-08-08 19:21:30.703 Version info: Data files added 756
2016-08-08 19:21:30.703 Version info: Last successful update 8/8/2016 3:21:04 PM2016-08-08 22:06:56.096 SafeClean bin directory is empty.
2016-08-08 22:06:56.143 Error level 02016-08-08 22:07:01.690 Scan cancelled by user.
2016-08-08 22:07:01.690------------------------------------------------------------
2016-08-08 22:07:11.893 Sophos Virus Removal Tool version 2.5.5
2016-08-08 22:07:11.893 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.2016-08-08 22:07:11.893 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2016-08-08 22:07:11.893 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
2016-08-08 22:07:11.893 Checking for updates...
2016-08-08 22:07:13.112 Update progress: proxy server not available
2016-08-08 22:08:34.786 Downloading updates...
2016-08-08 22:08:34.786 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE527 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE528 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE529 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE530 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE531 LATEST
2016-08-08 22:08:34.786 Update progress: [I49502] Found supplement IDE532 LATEST
2016-08-08 22:08:34.786 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-08-08 22:08:34.786 Update progress: [I19463] Syncing product SAVIW32 70
2016-08-08 22:08:34.786 Update progress: [I19463] Syncing product IDE527 142
2016-08-08 22:08:35.661 Option all = no
2016-08-08 22:08:35.661 Option recurse = yes
2016-08-08 22:08:35.661 Option archive = no
2016-08-08 22:08:35.661 Option service = yes
2016-08-08 22:08:35.661 Option confirm = yes
2016-08-08 22:08:35.661 Option sxl = yes
2016-08-08 22:08:35.661 Option max-data-age = 35
2016-08-08 22:08:35.661 Option EnableSafeClean = yes
2016-08-08 22:08:35.786 Option vdl-logging = yes
2016-08-08 22:08:35.818 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-08-08 22:08:35.818 Machine ID: f5b7a50d709447afb131bb00bff316f6
2016-08-08 22:08:35.943 Component SVRTcli.exe version 2.5.5
2016-08-08 22:08:35.943 Component control.dll version 2.5.5
2016-08-08 22:08:35.943 Component SVRTservice.exe version 2.5.5
2016-08-08 22:08:35.943 Component engine\osdp.dll version 1.44.1.2250
2016-08-08 22:08:35.943 Component engine\veex.dll version 3.65.0.2250
2016-08-08 22:08:35.943 Component engine\savi.dll version 9.0.1.2250
2016-08-08 22:08:36.255 Component rkdisk.dll version 1.5.30.0
2016-08-08 22:08:36.255 Version info: Product version 2.5.5
2016-08-08 22:08:36.255 Version info: Detection engine 3.65.0
2016-08-08 22:08:36.255 Version info: Detection data 5.26
2016-08-08 22:08:36.255 Version info: Build date 4/5/2016
2016-08-08 22:08:36.255 Version info: Data files added 756
2016-08-08 22:08:36.255 Version info: Last successful update 8/8/2016 3:21:04 PM
2016-08-08 22:08:46.021 Update progress: [I19463] Syncing product IDE528 127
2016-08-08 22:08:46.021 Update progress: [I19463] Syncing product IDE529 135
2016-08-08 22:08:46.052 Update progress: [I19463] Syncing product IDE530 214
2016-08-08 22:08:46.052 Update progress: [I19463] Syncing product IDE531 146
2016-08-08 22:08:46.787 Installing updates...
2016-08-08 22:08:48.584 Error level 1
2016-08-08 22:08:50.068 Update progress: [I19463] Syncing product IDE532 1
2016-08-08 22:08:50.412 Update successful
2016-08-08 22:09:09.584 Option all = no
2016-08-08 22:09:09.584 Option recurse = yes
2016-08-08 22:09:09.584 Option archive = no
2016-08-08 22:09:09.584 Option service = yes
2016-08-08 22:09:09.584 Option confirm = yes
2016-08-08 22:09:09.584 Option sxl = yes
2016-08-08 22:09:09.584 Option max-data-age = 35
2016-08-08 22:09:09.584 Option EnableSafeClean = yes
2016-08-08 22:09:09.647 Option vdl-logging = yes
2016-08-08 22:09:09.662 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-08-08 22:09:09.662 Machine ID: f5b7a50d709447afb131bb00bff316f6
2016-08-08 22:09:09.662 Component SVRTcli.exe version 2.5.5
2016-08-08 22:09:09.662 Component control.dll version 2.5.5
2016-08-08 22:09:09.662 Component SVRTservice.exe version 2.5.5
2016-08-08 22:09:09.662 Component engine\osdp.dll version 1.44.1.2250
2016-08-08 22:09:09.662 Component engine\veex.dll version 3.65.0.2250
2016-08-08 22:09:09.662 Component engine\savi.dll version 9.0.1.2250
2016-08-08 22:09:09.678 Component rkdisk.dll version 1.5.30.0
2016-08-08 22:09:09.678 Version info: Product version 2.5.5
2016-08-08 22:09:09.678 Version info: Detection engine 3.65.0
2016-08-08 22:09:09.678 Version info: Detection data 5.26
2016-08-08 22:09:09.678 Version info: Build date 4/5/2016
2016-08-08 22:09:09.678 Version info: Data files added 757
2016-08-08 22:09:09.678 Version info: Last successful update 8/8/2016 6:08:50 PM2016-08-09 04:36:13.899 Could not open C:\Boot\BCD
2016-08-09 05:00:04.641 Could not open C:\hiberfil.sys
2016-08-09 10:17:13.259 >>> Virus 'Mal/BredoZp-B' found in file E:\ROM Kitchen\Raph\«Unlocking and Cooking»\Kitchen\buildos+package_tools-4.2b3.zip
2016-08-09 10:17:13.275 >>> Virus 'Mal/BredoZp-B' found in file HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
2016-08-09 10:17:13.275 >>> Virus 'Mal/BredoZp-B' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2016-08-09 10:17:13.275 >>> Virus 'Mal/BredoZp-B' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209
2016-08-09 10:17:44.650 >>> Virus 'Mal/Mdrop-CE' found in file E:\ROM Kitchen\Raph\«Unlocking and Cooking»\« Unlocking »\RaphaelUnlocker.exe
2016-08-09 10:17:44.650 >>> Virus 'Mal/Mdrop-CE' found in file HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
2016-08-09 10:17:44.650 >>> Virus 'Mal/Mdrop-CE' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2016-08-09 10:17:44.650 >>> Virus 'Mal/Mdrop-CE' found in file HKU\S-1-5-21-1844237615-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209
2016-08-09 10:43:53.574 Could not open LOGICAL:000E:00000000
2016-08-09 10:43:53.574 Could not open O:\
2016-08-09 10:44:59.600 Could not open LOGICAL:0012:00000000
2016-08-09 10:44:59.600 Could not open S:\
2016-08-09 10:44:59.600 Could not open LOGICAL:0015:00000000
2016-08-09 10:44:59.616 Could not open V:\
2016-08-09 14:05:17.164 Could not open PHYSICAL:0086:0000:0000:0001
2016-08-09 14:05:17.211 Could not open PHYSICAL:0087:0000:0000:0001
2016-08-09 14:05:17.211 Could not open PHYSICAL:0088:0000:0000:0001
2016-08-09 14:05:17.336 The following items will be cleaned up:
2016-08-09 14:05:17.336 Mal/BredoZp-B
2016-08-09 14:05:17.336 Mal/Mdrop-CEI see that another Malwarebytes Threat Scan also occurred overnight, and identified the same 69 threats it had found yesterday (I had not Cleaned them). Here it the log from THAT Scan:
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 8/9/2016
Scan Time: 10:09:34 AM
Logfile:
Administrator: YesVersion: 0.0.0.0000
Malware Database: v2016.08.09.07
Rootkit Database: v2016.08.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: EnabledOS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: pvsScan Type: Threat Scan
Result: Completed
Objects Scanned: 442637
Time Elapsed: 43 min, 17 secMemory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: EnabledProcesses: 0
(No malicious items detected)Modules: 0
(No malicious items detected)Registry Keys: 0
(No malicious items detected)Registry Values: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Folders: 0
(No malicious items detected)Files: 0
(No malicious items detected)Physical Sectors: 0
(No malicious items detected)
(end)So, Ron, I am going to run he Sophos Scan again, after first Cleaning the two bugs, and then rebooting and disabling AVAST. Should I also exit Malwarebytes prior to running the new Sophos Scan?
-
Hi again, Ron. Okay, I'm currently performing Step 6 (Sophos). As it appears Sophos is checking ALL of the drives in this machine, this is probably going to take a very long time (the PC has five 2TB drives in addition to a 500GB System HDD). So, let me attach the logs from Steps 4 (JRT) and 5 (Adw) now, and I'll get back to you once Sophos finishes up.
STEP 04 First, JRT (there wasn't very much):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Microsoft Windows XP x64
Ran by pvs (Administrator) on Mon 08/08/2016 at 14:39:48.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 20Successfully deleted: C:\Documents and Settings\pvs\Application Data\download manager (Folder)
Successfully deleted: C:\Documents and Settings\pvs\Application Data\getrighttogo (Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\03I8NQZ4 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8IV9VIG3 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9KGDUN65 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G0GT7Q4J (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JTWQ08SF (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NRRZABT8 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WGLBL7PF (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z8ZSJPDQ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\03I8NQZ4 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8IV9VIG3 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9KGDUN65 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G0GT7Q4J (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JTWQ08SF (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NRRZABT8 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WGLBL7PF (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z8ZSJPDQ (Temporary Internet Files Folder)Registry: 6
Successfully deleted: HKLM\Software\MozillaPlugins\@viewpoint.com/vmp (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{708CA9C9-C5F7-44D8-ADEA-649528C99A4F} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/08/2016 at 14:48:22.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~STEP 05 And next, Adware Cleaner after reboot (several Reg Entries and three folders):
# AdwCleaner v5.201 - Logfile created 08/08/2016 at 15:01:42
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-08.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : pvs - GRAPHIXXT
# Running from : C:\Documents and Settings\pvs\Desktop\MBAM Real-Time Protection\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum***** [ Services ] *****
***** [ Folders ] *****[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
[-] Folder Deleted : C:\DOCUME~1\pvs\LOCALS~1\Temp\Video Converter***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Burn4Free
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKLM\SOFTWARE\Description
[-] Key Deleted : HKLM\SOFTWARE\MetaStream
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion***** [ Web browsers ] *****
*************************:: "Tracing" keys deleted
:: Winsock settings cleared*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [4533 bytes] - [08/08/2016 15:01:42]
C:\AdwCleaner\AdwCleaner[S1].txt - [4731 bytes] - [08/08/2016 14:55:20]########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4679 bytes] ##########
Please note that I have not disabled my AVAST AntiVirus for the Sophos Scan. Please let me know if I was supposed to do that.
Thanks once again for your help with this. I really appreciate it a lot!
-pvs
-
I agree, Ron, I do not want and PUPs either. But please forgive me. I thought when I clicked "Save Results" at the bottom right of the Scan Tab, that it would make a list of the found items. I just looked at it, though, and it seems it's just the same LOG file I already sent. I cannot figure out a way to save the result set outside of doing a few Screen Shots to create JPG images. I have attached those screen shots here. (Note: #3 has several at the top that are also found on #2).
I will now proceed with the rest of your instructions, beginning with a reboot, and post the results you are requesting from those procedures.
-
Hi Ron, and thanks for trying to help me with this issue. I DO appreciate it! I have wondered if the dual-boot scenario was complicating my installation. I agree that I'd like to go on with some testing and try to correct my issue, regardless.
Interesting about the leftover BitDefender "crumbs". Just knowing that makes me feel it might be worthwhile seeing if BD offers a cleaning utility similar to the one Malwarebytes offers (mbam-clean-2.2.2.7). Thanks for that info. Also, with regard to mbam-clean-2.2.2.7, I am sorry that I had forgotten to mention in my initial post that I also tried running THAT utility on June 18, 2016, unfortunately with no effect on my issue.
Anyway, here is my log file from this Threat Scan:
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 8/8/2016
Scan Time: 12:24:32 PM
Logfile:
Administrator: YesVersion: 2.2.1.1043
Malware Database: v2016.08.08.07
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: EnabledOS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: pvsScan Type: Threat Scan
Result: Cancelled
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 2 min, 2 secMemory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: EnabledProcesses: 0
(No malicious items detected)Modules: 0
(No malicious items detected)Registry Keys: 0
(No malicious items detected)Registry Values: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Folders: 0
(No malicious items detected)Files: 0
(No malicious items detected)Physical Sectors: 0
(No malicious items detected)
(end)I see that a bunch (69) of PUPs were found, which I typically do not get when I run the scan without RKill being run first. I have saved the results, and have NOT chosen to "Remove Selected" as you have not said to do so. If you need to see that list, please let me know.
FWIW, last night, I also had a window pop up: "Malwarebytes was unable to load the Anti-Rootkit DDA Driver...". I had forgotten to include in my initial post that this used to be an issue a couple of years ago, but I was always able to fix it by doing a clean install of Malwarebytes. With regard to this particular Anti-Rootkit DDA failure, my reboot this morning did not show any issues, and the rootkit scan for the attached log seemed to work okay, but I just wanted to let you know this happened. For whatever reason, I could not successfully attach my JPG screen shot of the error window.
Anyway, please let me know if you see anything
Thanks again!
-pvs
-
Hi! I have been using Malwarebytes Home Premium for quite some time, and OCCASIONALLY, the following would occur. But as of my upgrade to Version 2.2.1.1043, it seems to be happening almost daily.
As you will probably be able to discern from the attached FRST.txt and Addition.txt files, I am running an aged copy of Windows XP Professional (32-bit) SP-3 on this partition. I don't know if it matters or not, but I am also running a copy of Windows 7 Professional (64-bit) on a separate partition, in a dual-boot setup on this machine. Licensed copies of Malwarebytes Anti-Malware Home (Premium) 2.2.1.1043 are installed on both partitions.
Anyway, my "symptom" is that, typically upon startup, my Real-Time Protection is turned off. To correct it, I need to:
1) Open the GUI
2) Click the Settings Tab
3) Click the Advanced Settings Tab on the left
4) Disable self-protection mode
5) Click the Detection and Protection Tab on the left
6) Re-enable both Malware Protection and Malicious Website Protection
7) Click the Advanced Settings Tab on the left again
8) Re-enable Self-Protection and Early StartI have run Threat-scans and Hyper-Scans, but nothing turns up. I have also (several times) run the Malwarebytes Chameleon application. Again, nothing is found.
FWIW, I used to have Bitdefender installed on both partitions of this machine, but, having issues with the newest upgrade I had purchased, I have uninstalled it from this partition, and now use a free version of AVAST (12.1.2272 (build 12.1.3076.6)). At any rate, I have also run scans using these AV products, and the system always turns up clean.
So, I am not really sure I DO have an infection. I am hoping you will be able to help with the issue of the real-time protection becoming disabled, and put my mind at ease. And if we DO find something? I would be very grateful.
Thanks in advance,
-pvs -
Okay ... FWIW, I just followed the instructions here, and did a clean install. This seems to have fixed the issue.
But this is the second time I have needed to do this on this particular installation. Is there anything that MIGHT be infecting me that is causing this? Any ideas as to why I need to reinstall?
-
I seem to be having an issue similar to izoold (back in June 2014, on this thread). Today, my issue became persistent, in that I cannot seem to load the rootkit DDA driver, and thus, my search which turned up the noted thread. I have attached a jpg of the error message.
Anyway, I downloaded the Anti-Rootkit software (MBAR) suggested in the reference thread, and executed it. Attached are the resulting logs from that program. FWIW, MBAR said it did not find anything, and I do not see anything in my look at the logs.But still the Anti-Rootkit fails to load on each reboot.
Thanks in advance for any help you can give me.
-pvs
Real-Time Protection Always Being Turned Off
in Resolved Malware Removal Logs
Posted
Hi again! Okay, I've been looking at the links regarding SFC, and I understand what it does. I have the original Installation CD, but it's an SP2 version.
If I use SFC, can I still use Windows Update to get back to the most recent SP3 versions? Since MS killed XP, I have shut off Windows Updates, as well as the Security Center Alert Setting, so I don't even know what will happen if I try (probably get about 3,500 Updates to Windows 10 (HaHa)). Please let me know if you know the answer.
Thanks again!
-pvs