Jump to content

Am I infected?

Sue6410

By Sue6410
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Replies 81
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

MrCharlie

MrCharlie

Posted
Posted

OK.....MrC
 

Application errors:
==================
Error: (01/14/2014 08:52:42 AM) (Source: Base) (User: )
Description: Error EC8F1775: An error occurred while starting Norton Ghost service.
Error EC8F1772: The following component is not installed correctly: Symantec.FileBackup.ExtensionGroupContainer.
Error EBAB03F1: Class not registered.

Details:
Source: Base

Error: (01/14/2014 08:52:42 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Norton Ghost -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (01/14/2014 08:52:41 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Norton Ghost -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (01/14/2014 08:52:41 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Norton Ghost -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (01/14/2014 08:52:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Norton Ghost -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (01/14/2014 08:52:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Norton Ghost -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (01/14/2014 08:52:39 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Norton Ghost -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (01/14/2014 08:52:36 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Norton Ghost -- Error 1706.No valid source could be found for product Norton Ghost. The Windows Installer cannot continue.

Error: (01/14/2014 08:52:09 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Norton Ghost -- Error 1706.No valid source could be found for product Norton Ghost. The Windows Installer cannot continue.

Error: (01/14/2014 08:51:44 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Norton Ghost -- Error 1706.No valid source could be found for product Norton Ghost. The Windows Installer cannot continue.

 

 

Link to post
Share on other sites
Sue6410

Sue6410

Posted
  • Author
Posted

I am still working on Norton.  I am having trouble locating the install cd to run a repair install.  At any rate, I turned off the service and the weird command window popping went away so I am making headway.

 

A few more questions for you:

 

1) Did you find any issues with my machine with all of the logs you looked at?

 

2) What program(s) should I run against the data on my external drive?  I ran Microsoft Security Scanner and MalwareBytes previously and they found nothing.

 

3) Should I still run a full scan with MalwareBytes as you requested and send you that log?

 

4) Probably based on the answers to number 1 above, Would if be a good idea to turn off system restore so it deletes the restore points that exist currently and start fresh?

 

5) What adware software do you recommend and how often should it be run?  Are they mostly safe to just let them fix what they find?

 

6) I don't want to forget to get instructions from you regarding removing all of the programs I have downloaded and run per your requests.  I can certainly just delete them if that is all there is to it.

 

Thanks so much for all your help.  I really appreciate it. 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

1) Did you find any issues with my machine with all of the logs you looked at?

Yes, ComboFix found many folders like this that we deleted:
C:\Documents and Settings\Susan\Local Settings\Application Data\bvxhjiob
C:\Documents and Settings\Susan\Local Settings\Application Data\mlcquveg


2) What program(s) should I run against the data on my external drive? I ran Microsoft Security Scanner and MalwareBytes previously and they found nothing.

That should be OK


3) Should I still run a full scan with MalwareBytes as you requested and send you that log?

Yes, when you get a chance

4) Probably based on the answers to number 1 above, Would if be a good idea to turn off system restore so it deletes the restore points that exist currently and start fresh?

Yes, when we uninstall ComboFix, it will do that automatically

5) What adware software do you recommend and how often should it be run? Are they mostly safe to just let them fix what they find?

For adware, I use AdwCleaner (always download a fresh copy) and Malwarebytes, once a week should be fine

Are they mostly safe to just let them fix what they find?

Yes, they both make back-ups of what was deleted or cleaned

6) I don't want to forget to get instructions from you regarding removing all of the programs I have downloaded and run per your requests. I can certainly just delete them if that is all there is to it.

When we're done, I'll give you instructions when we're done.

MrC

Link to post
Share on other sites
Sue6410

Sue6410

Posted
  • Author
Posted

mbam-log-2014-01-14 (17-25-56).txt

 

Here is the mbam log from a full scan of both c drive and my external drive.

 

One quick question.  SuperAnti Spyware keeps finding an icon file and putting it under a category called Adware.GloboLook.  Can you explain what it thinks the issue is?  Also, what do you think of SuperAnti Spyware relative to other programs?

 

 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

One quick question. SuperAnti Spyware keeps finding an icon file and putting it under a category called Adware.GloboLook. Can you explain what it thinks the issue is?

Can I see the log

Also, what do you think of SuperAnti Spyware relative to other programs?

It's OK as a scanner, you have to upgrade to the pro version to get realtime protection.

MrC

Link to post
Share on other sites
Sue6410

Sue6410

Posted
  • Author
Posted

I did.  That's how I knew it would let me.  It is now in the recycle bin. Do you think there is a problem with the file?  Should I delete the other files?

 

Do you know what SSP.exe is?  Every now and again I see it in processes and I have no idea what it is.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefindSSP.exe:regfindSSP.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

I guess that's it.

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
Sue6410

Sue6410

Posted
  • Author
Posted

It won't allow me to paste the contents of the file either as plain text or not.  I could attach it but your note says not to.  Please advise.

 

Also, MalwareBytes seems to turn Website blocking on and off and when it goes off, I cannot turn it back on.  Please advise.

 

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.