Jump to content

invalid signature on all update attempts


MrRab

Recommended Posts

Have not been able to download any malware or AV software or updates for some time now. Always had invalid signature and no way to DL. If I ran DL anyway, it would install and run until end, with the error message 'LOAD_DATABASE (0, 13 CreateSDK). Finally was able to DL the disguised mab. It ran with no problems but with dated data files. Again couldn't update. Ran thru all possible forum solutions which didn't require updating without success. Avast has new version but can't DL cuz of same signiture problem. Also true of Itunes program and updates. Don't know what to do next. DDS.txt attached.

DDS.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

In the future, please don't attach anything unless otherwise noted.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...

Hi and welcome to Malwarebytes.

In the future, please don't attach anything unless otherwise noted.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Hi Screen317

Thanx for the response.

I was able to DL Combofix to my desk top but when I ran it, I got the attached error and it didn't run. This was with Avast and Defender disabled. What next?

Mr Rab

post-99706-0-13357400-1324356726.jpg

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Uninstall this from Add or Remove Programs:

ConduitEngine

Reboot. Grab a fresh copy of ComboFix, run it, and post its log.

Again, please don't attach anything; just copy and paste it into the reply.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

My apologies for the delay.

Uninstall this from Add or Remove Programs:

ConduitEngine

Reboot. Grab a fresh copy of ComboFix, run it, and post its log.

Again, please don't attach anything; just copy and paste it into the reply.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Hi

I hope you are still there. I couldn't do the very first thing. After check marking the conduitengine program and oking the procedure, when I click on uninstall/change, nothing happens. The program remains in the listing.

I must add also that another desktop and laptop with W7 on my wired network are having the same problem of not being able to update any malware programs. Is it now a network problem?

So what's next?

Link to post
Share on other sites

  • Staff

Hi,

If you are currently connected through a router, do this:

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

Hi,

If you are currently connected through a router, do this:

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Ok I'm connected to the internet with my main computer. The other W7 didn't have a run command so its not re-connected. This puter had tcp/ipv4&v6 settings so I checked both and both were auto. So I haven't re-booted. I did flush this system.

Shall I now try to delete conduitEngine?

Link to post
Share on other sites

I was able to run combofix by downloading to an SD disc with the results below. I will continue with ESET.

ComboFix 11-12-27.01 - Dick 12/28/2011 13:22:10.2.4 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.2053 [GMT -6:00]

Running from: i:\dcim\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

/wow section - STAGE 48

.

/wow section - STAGE 50

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))

.

.

2011-12-28 19:36 . 2011-12-28 19:36 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2011-12-28 19:36 . 2011-12-28 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-28 19:18 . 2011-12-28 19:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EC2264C-2F02-47FB-8FEB-147A657D84A3}\offreg.dll

2011-12-27 23:29 . 1995-07-31 18:44 212480 ----a-w- c:\windows\PCDLIB32.DLL

2011-12-27 23:25 . 2011-12-28 00:18 -------- d-----w- c:\windows\Pixart

2011-12-27 23:25 . 2006-11-10 19:51 505984 ----a-w- c:\windows\system32\drivers\PFC027.SYS

2011-12-27 23:25 . 2006-11-08 15:54 6656 ----a-w- c:\windows\system32\CoInst.dll

2011-12-27 23:25 . 2006-10-13 00:10 119296 ----a-w- c:\windows\system32\SP207.AX

2011-12-27 23:25 . 2011-12-27 23:25 -------- d-----w- c:\program files\CIF USB Camera

2011-12-27 02:06 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2011-12-27 01:08 . 2011-12-27 01:08 -------- d-----w- c:\users\Dick\AppData\Roaming\TeamViewer

2011-12-26 22:40 . 2011-12-27 06:56 -------- d-----w- c:\programdata\Skype

2011-12-22 01:55 . 2011-12-22 01:55 -------- d-----w- c:\programdata\McAfee

2011-12-15 17:10 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-15 17:10 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-15 17:10 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 17:10 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 17:10 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 17:10 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 16:31 . 2011-12-22 01:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-15 05:43 . 2011-11-21 10:47 6823496 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EC2264C-2F02-47FB-8FEB-147A657D84A3}\mpengine.dll

2011-12-08 18:30 . 2011-12-08 18:30 -------- d-----w- c:\users\Dick\AppData\Roaming\Malwarebytes

2011-12-08 18:30 . 2011-12-08 18:30 -------- d-----w- c:\programdata\Malwarebytes

2011-12-08 18:30 . 2011-12-26 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-08 18:30 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

2011-01-17 14:54 175912 ----a-w- c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}"= "c:\program files\IncrediMail_MediaBar_2\prxtbInc2.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-08-01 366024]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-23 68856]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-07-04 273544]

"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2010-10-14 487424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]

"SPIRunE"="SPIRunE.dll" [2007-05-09 18432]

"WTClient"="WTClient.exe" [2007-04-11 40960]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 13789728]

"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]

"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2011-07-04 273544]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoThumbnail"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"Midi"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 135664]

R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-01-20 79360]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 135664]

R3 MAUSBFT;Service for M-Audio Fast Track;c:\windows\system32\DRIVERS\mausbft.sys [x]

R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2007-04-23 10752]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-11 172032]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]

S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]

S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-11 5340160]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-11 152064]

S3 PAC207;CIF USB Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-10 505984]

S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]

S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 413208]

S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\DRIVERS\xcbda.sys [2007-09-07 156928]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - NisDrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

2008-08-28 16:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-23 03:56]

.

2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 21:22]

.

2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 21:22]

.

2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-954740199-2123156190-659256685-1001Core1cc976e7213dae1.job

- c:\users\Dick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-27 19:42]

.

2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-954740199-2123156190-659256685-1001UA.job

- c:\users\Dick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-27 19:42]

.

2011-12-27 c:\windows\Tasks\{B8B90550-1B95-40AD-AA14-43AD66A67012}.job

- c:\program files\internet explorer\iexplore.exe [2011-04-13 20:06]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://woot.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\FinalVideoDownloader\fvdRunner.html

Trusted Zone: apple.com\www

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

FF - ProfilePath - c:\users\Dick\AppData\Roaming\Mozilla\Firefox\Profiles\4wnv20ud.default\

FF - prefs.js: browser.startup.homepage - hxxp://woot.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: FinalVideoDownloader plugin for Mozilla Firefox: downloader@finalvideotools.com - c:\program files\FinalVideoDownloader\Firefox

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Dick\AppData\Roaming\Move Networks

FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

FF - Ext: WeatherBug: {3EC9C995-8072-4fc0-953E-4F30620D17F3} - %profile%\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}

FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com

FF - Ext: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - %profile%\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-28 13:36

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-12-28 13:39:04

ComboFix-quarantined-files.txt 2011-12-28 19:39

ComboFix2.txt 2011-12-20 07:25

.

Pre-Run: 72,253,485,056 bytes free

Post-Run: 71,537,704,960 bytes free

.

- - End Of File - - A5C1C4B10B37B594C4F0C1A80FDC4F62

Link to post
Share on other sites

I cannot get a scan from ESET. The first time, it updated completely but gave error 'Initialization...unexpected error 2002'. I verified that Defender was not running but it still listed it as software that may effect the scan. I re-booted turned off Avast, Windows Firewall and Defender. Ran it 2x with the error 'Can not get update. Is proxy configured?'. Ran again using Firefox it gave error 'Unexpected error 3'. Could not find solution for these errors, so again stymied.

Link to post
Share on other sites

  • Staff

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

Link to post
Share on other sites

I was able to run sega after I figured out how to get the 'run' command to display. It did run for a sec or two but didn't generate any report. I assumed this was done to prepare for the eset scan. So I reran the Eset scan from safe mode, but got the same error 'Is proxy set?"

Back to square 1?????

Link to post
Share on other sites

  • Staff

Do try it again with another copy of ComboFix. If no joy, do this instead (do the following regardless of whether it works or not):

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

Link to post
Share on other sites

I DL'd a new copy of combofix as sega.com. In safe mode I ran killall, then sega. I got a 1beep warning that Avast would interfere tho it had been killed along with defender. When I cont'd it gave me a 2beep same warning and when I cont'd, it stopped with no results.

I DL'd aswMBR and ran full scan with attached results.

I ran MBRcheck with attached results.

Nothing appears to have changed.....

aswMBR.txt

MBRCheck_01.05.12_12.41.42.txt

MBR.zip

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Hmmm this is odd.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

When I told my son I was having update problems, he suggested connecting the computer directly to the modem, bypassing the router. When I did this I suddenly could DL my files with no problem. So all AV programs were run. Avast found PEV.exe and Eset found 3, ....NDF, ....NQF and info.NQI. Mbam then did not find any with a quick scan. All found were quarantined.

So what more would you like me to run? and when can I connect to the router to test it and my systems?

Link to post
Share on other sites

  • Staff

Looks like the router is to blame. Connect to it.

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

  • 2 weeks later...

Sorry for the delay. After flushing the router as per your direction, I found the same problems when I connected either the W7 or Vista systems to the router. I also realized another problem I had was difficulty in completing a Youtube video. Both systems stopped playing a video a couple of times but could be re-started until near the end when it would stop completely.

My son completely trouble-shooted the router for several hours to no avail. Finally we were about to replace the router when we tried resetting the modem (eMTa). It was disconnected from power, battery removed, reset and when powered on again, it appeared to be DLing an update as it started. When the systems were connected to the router, ALL WAS WELL. The videos completed and all updates would DL with no problem. Modem speeds were consistently 33 Mbps down and over 6 up.

Both systems have been scanned with several programs but the only items found were on the Vista system as noted earlier in this thread.

Link to post
Share on other sites

  • 2 months later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.