Jump to content

Won't start


Recommended Posts

I went through the FAQ's did the process in "K" for Avast.

I do NOT have this section in my version of Avast:

  • Also, for Avast! Internet Security:
  • Click on Behavior Shield on the left and click Expert Settings
  • Click on Trusted Processes
  • Click on Browse next to the blank entry at the bottom of the list (this will be the only entry if no other exclusions have been set yet)
  • Navigate to C:Program Files\Malwarebytes' Anti-Malware and click once on mbam.exe and click Open Note: For 64 bit Windows versions this will be Program Files (x86)
  • Do the same for the following files:
    • mbamgui.exe
    • mbamservice.exe
  • Click on OK
  • Close Avast! antivirus

So, did the rest, still won't open/crashes. Did the Chameleon stuff, command window opens, loads and crashes.

I DO NOT know if I have free or paid version, if it's just expired or what.

I've gone through the program files, and cannot discern.

The command window report is this:

 

MBAM-Chameleon ver. 2.0.26
Press any key to continue
Installing Driver...
Protected Path: C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\
...Done!
Trying to start Malwarebytes Anti-Malware, please wait...
Failed to start Malwarebytes Anti-Malware
Killing known malicious processes, please wait...
 
Mbam-killer Timeout set to 1800 seconds.
Mbam-killer is scanning - Press C to cancel...
Mbam-killer scan is complete.
Mbam-killer is exiting.
 
Malwarebytes Anti-Malware has terminated - unable to start the scan.
Disabling protection driver...
...Done!
Press any key to continue
 
It tells me in a window "Malwarebytes Anti-Malware has encountered a problem and needs to close. We are sorry for the inconvenience" Followed by the standard MicroSoft "Please Tell MicroSoft about this problem"
I cannot open from quick start icon, back channel I can get it so far and it quits.
Avast won't tell me the version, and I have looked. I THINK it's 5, but that makes no sense as it's only been in for two months.
 
XP Pro, SP3.

 

Link to post
Share on other sites

Hello and :welcome:

Let's try this first....

Thank You,

Firefox

Link to post
Share on other sites

Read that. The question still remains, from my first posting, is how do I determine, in what file folder, whether this is a free or paid version of MalwareBytes? If paid, and I uninstall, I lose my key.

Is all of this just an obtuse way of telling me I have an expired free version?
I am more than willing to uninstall it.

Programs that do not work on this box get uninstalled frequently.

 

Thanks.

Link to post
Share on other sites

Hello and :welcome:

Let's try this first....

Thank You,

Firefox

 

First (easiest) was this:

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file

 

  • Command window opened, IMMEDIATELY the MS window popped up, "Malwarebytes Anti-Malware has encountered a problem and needs to close. We are sorry for the inconvenience" Followed by the standard MicroSoft "Please Tell MicroSoft about this problem"
  • So, it won't even go there.
  • I am beginning to think it's an Avast issue.
  •  
Link to post
Share on other sites

I'm having the same problem. Chameleon didn't work and gave the following report:

 

MBAM-Chameleon ver. 3.0.4
Press any key to continue
Driver is already loaded
Enabling Driver...
...Done!
Trying to start Malwarebytes Anti-Malware, please wait...
Failed to start Malwarebytes Anti-Malware
Killing known malicious processes, please wait...
 
Mbam-killer Timeout set to 1800 seconds.
Mbam-killer is scanning - Press C to cancel...
Mbam-killer scan is complete.
Mbam-killer is exiting.
 
Malwarebytes Anti-Malware has terminated - unable to start the scan.
Press any key to continue
 
I have the paid version. If I uninstall can I use the same ID and key?
 
Thanks
Link to post
Share on other sites

ScaleCraft, click on More Reply Options in the bottom of the window your typing in to attach the files...

 

You can retrieve your license info if you no longer have the email confirmations....

 

You can contact cleverbridge.....

If you lost your ID and License Key then send an email to: cs@cleverbridge.com

cs@cleverbridge.com

Phone: +1-866-522-6855

Monday - Friday: 8:00 AM - 8:00 PM (CST)

Also, their contact info can be found HERE.

When you get the email Print it out

Malwarebytes Tech support does not have any access to, or information pertaining to any sales\shipping\user account\registration issues.

You may also try and look up your product info by using your registered email address HERE or HERE

If you need anything else, don’t hesitate to post.

Thanks :)

Link to post
Share on other sites

Start Your Own Topic

Hi, and :welcome: ,MMS1982:

Sorry to hear you are having issues.
Each computer is unique.
Problems that sound "the same" most often are not.
The same is true for solutions.
They most often need to be individualized.

It is less confusing for everyone if we try to stick to "one user per topic".
Please start a NEW, SEPARATE topic using the cjfj.png button.
The staff and experts will be able to more easily provide both you and the OP with individual help to get you both up and running.

Thanks for your patience and understanding,

Firefox

Link to post
Share on other sites

I'll just post them one at a time, I guess.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Dave (administrator) on DAVEWS01 on 28-07-2014 17:53:19
Running from C:\Documents and Settings\Dave\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
( ) C:\WINDOWS\system32\dldtcoms.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\Dell V305\dldtmon.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
() C:\Program Files\Dell V305\dldtmsdmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Nikon Corporation) C:\Program Files\Nikon\NkView6\NkvMon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\wpabaln.exe <====== ATTENTION
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-1614895754-1604221776-1177238915-1004\...\Run: [spybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
ShortcutTarget: NkvMon.exe.lnk -> C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
Startup: C:\Documents and Settings\Dave\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.britishcarforum.com/bcf/forum.php
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBC831A04F86CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HelperObject Class -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll (TechSmith Corporation)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\ukuebs6k.default
FF Homepage: hxxp://www.britishcarforum.com/bcf/forum.php
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\hold29SEP11amazondotcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\hold29SEP11bing.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\hold29SEP11eBay.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\hold29SEP11wikipedia.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\hold29SEP11yahoo.xml
FF Extension: FacebookBlocker - C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\ukuebs6k.default\Extensions\facebookBlocker@webgraph.com [2014-06-20]
FF Extension: Ghostery - C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\ukuebs6k.default\Extensions\firefox@ghostery.com [2013-06-29]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\ukuebs6k.default\Extensions\adblockpopups@jessehakanen.net.xpi [2011-09-21]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\ukuebs6k.default\Extensions\elemhidehelper@adblockplus.org.xpi [2011-09-21]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\ukuebs6k.default\Extensions\fbp@fbpurity.com.xpi [2011-09-22]
FF Extension: Masking Agent - C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\ukuebs6k.default\Extensions\maskingagent@basa.nl.xpi [2014-06-01]
FF Extension: Hide/Show Google left-hand menu - C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\ukuebs6k.default\Extensions\{a5e2af92-ffa6-4dbb-8f4a-f7cdb5de936a}.xpi [2011-09-10]
FF Extension: Adblock Plus - C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\ukuebs6k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-10]
FF Extension: User Agent Switcher - C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\ukuebs6k.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-03-28]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-14]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-14] (Adobe Systems) [File not signed]
S2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-10] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-17] (AVAST Software)
S2 dldtCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe [99568 2008-02-25] ()
R2 dldt_device; C:\WINDOWS\system32\dldtcoms.exe [595184 2008-02-25] ( )
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [601072 2014-05-29] (Paramount Software UK Ltd)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-17] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-17] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-17] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-17] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-17] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-17] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-17] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-17] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
S3 G400; C:\WINDOWS\System32\DRIVERS\G400m.sys [322432 2001-08-17] (Matrox Graphics Inc.)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [50648 2014-07-28] (Malwarebytes Corporation)
S2 MtxVideo; C:\WINDOWS\System32\DRIVERS\MtxVideo.sys [103296 2001-08-17] (Matrox Graphics Inc)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [116608 2010-11-18] (VIA Technologies inc,.ltd)
R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2011-09-06] (Acronis)
S3 WIMMount; C:\Program Files\Macrium\Reflect\wimmount.sys [19024 2014-06-26] (Microsoft Corporation)
S4 IntelIde; No ImagePath
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 17:53 - 2014-07-28 17:53 - 00025885 _____ () C:\Documents and Settings\Dave\Desktop\FRST.txt
2014-07-28 17:53 - 2014-07-28 17:53 - 00000000 ____D () C:\FRST
2014-07-28 17:52 - 2014-07-28 17:52 - 01084416 _____ (Farbar) C:\Documents and Settings\Dave\Desktop\FRST.exe
2014-07-28 17:47 - 2014-07-28 17:48 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Dave\Desktop\mbam-check-2.1.1.1001.exe
2014-07-26 22:01 - 2014-07-26 22:15 - 00000926 _____ () C:\Documents and Settings\Dave\Desktop\fsbl-20140727050132.log
2014-07-26 22:00 - 2014-07-26 22:00 - 01137360 _____ (F-Secure Corporation) C:\Documents and Settings\Dave\Desktop\fsbl.exe
2014-07-24 07:34 - 2014-07-24 07:34 - 00268600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-23 23:39 - 2014-07-27 21:38 - 00004963 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 18:51 - 2014-07-20 18:51 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-20 18:51 - 2014-07-20 18:51 - 00000000 ____D () C:\Documents and Settings\Dave\Local Settings\Application

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 17:53 - 2014-07-28 17:53 - 00025885 _____ () C:\Documents and Settings\Dave\Desktop\FRST.txt
2014-07-28 17:53 - 2014-07-28 17:53 - 00000000 ____D () C:\FRST
2014-07-28 17:53 - 2011-09-02 13:39 - 00000000 ____D () C:\Documents and Settings\Dave\Local Settings\Temp
2014-07-28 17:52 - 2014-07-28 17:52 - 01084416 _____ (Farbar) C:\Documents and Settings\Dave\Desktop\FRST.exe
2014-07-28 17:48 - 2014-07-28 17:47 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Dave\Desktop\mbam-check-2.1.1.1001.exe
2014-07-28 15:50 - 2014-04-24 13:30 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-28 15:48 - 2014-04-24 13:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-28 15:39 - 2014-06-14 19:15 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-28 07:52 - 2011-08-31 17:37 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-28 07:52 - 2011-08-31 10:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-28 07:52 - 2011-08-31 10:26 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-28 07:52 - 2001-08-23 06:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-27 21:38 - 2014-07-23 23:39 - 00004963 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-27 21:38 - 2011-09-02 13:39 - 00000178 ___SH () C:\Documents and Settings\Dave\ntuser.ini
2014-07-27 21:38 - 2011-08-31 17:37 - 00032358 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-27 13:49 - 2011-09-15 13:41 - 00000000 ____D () C:\Documents and Settings\All Users\Dl_cats
2014-07-27 13:48 - 2011-09-10 14:17 - 00002515 _____ () C:\Documents and Settings\Dave\Desktop\Word 2007.lnk
2014-07-26 22:15 - 2014-07-26 22:01 - 00000926 _____ () C:\Documents and Settings\Dave\Desktop\fsbl-20140727050132.log
2014-07-26 22:00 - 2014-07-26 22:00 - 01137360 _____ (F-Secure Corporation) C:\Documents and Settings\Dave\Desktop\fsbl.exe
2014-07-26 21:54 - 2012-05-01 17:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-07-26 21:53 - 2014-05-21 17:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-07-24 07:34 - 2014-07-24 07:34 - 00268600 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-23 23:36 - 2011-09-02 13:39 - 00000000 ____D () C:\Documents and Settings\Dave
2014-07-20 18:51 - 2014-07-20 18:51 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-20 18:51 - 2014-07-20 18:51 - 00000000 ____D () C:\Documents and Settings\Dave\Local Settings\Application Data\Google
2014-07-20 18:48 - 2014-07-20 18:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
2014-07-20 18:48 - 2011-08-31 10:11 - 00000000 ____D () C:\WINDOWS\repair

2014-07-17 15:39 - 2014-07-17 15:39 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-17 15:39 - 2014-06-14 19:15 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-17 15:39 - 2014-06-14 19:14 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-07-17 15:39 - 2014-06-14 19:14 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-17 15:39 - 2014-06-14 19:14 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-17 15:39 - 2014-06-14 19:14 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-17 15:39 - 2014-06-14 19:14 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-17 15:39 - 2014-06-14 19:14 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-17 15:39 - 2014-06-14 19:14 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-07-17 15:39 - 2014-06-14 19:14 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-17 15:39 - 2014-06-14 19:14 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-07-07 21:57 - 2011-09-10 16:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-06-29 20:33 - 2014-06-29 20:33 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-06-29 20:33 - 2014-06-29 20:33 - 00001409 _____ () C:\WINDOWS\QTFont.for

Files to move or delete:
====================
C:\Documents and Settings\WPA stuff\RegistryWPAStuff.reg
C:\Documents and Settings\WPA stuff\wpabaln.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

Something went wrong with your log there, please attaché them...

Attach Files

In order to attach files you click on the button on the bottom right of your reply called "More Reply Options".

post-119961-0-49470200-1360187788.png

After you will be taken to a new screen and you can attach files by clicking on the button "Choose Files" at the bottom.

post-119961-0-01266900-1360187805.png

Link to post
Share on other sites

Sorry it looks like we were both posting at the same time, I see your longs now....

Your logs show that you are/were infected and have some cleaning to do, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

I did, just posted there.

I am puzzled.

Years ago before any decent AV programs were out there (and we got nailed by McAfee, Norton, and another one....."Oh, there is a virus..do you want to stop it?" but by that time it had gone into the system.

 

I am not seeing anything in those files that would cause me to think I had an issue.

I see some dates WAY out of spec.  That was a dead BIOS battery.

 

Give me a clue what you see wrong...but I am doing the bit in the other forum.

Thanks!

Link to post
Share on other sites

Not sure what you meant about the antivirus part, I hope your not confusing Malwarebytes as being one because Malwarebytes in not an antivirus program..

 

The logs are just not normal.  Below just to name a few...

 

Well for one, you have a lot of group policies, did you put those polices into place?  Is this a work computer where the administrator has group policies?

 

Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File - Orphaned registry value installed by unknown software or malware

 

You also have some services that are failing to load....

 

Whether its due to an infection or just a hardware/software conflict we can not perform those tasks in this section of the forum, you need to do what I mentioned in post #13 above.

Link to post
Share on other sites

Some services are killed on purpose. I don't want them to load.

This is a refurb computer from the IT folks at the wife's workplace when my OLD box exceeded MTBF on the hard drives by 13 years.

I expect to find old stuff no longer used.

The group policy on some registry items was probably because it was networked.

 

But, not too many other choices if I want XP, which is what I am sticking with.

 

Just interested is all. I peruse all the files AND registry regularly. Well versed in backing up and modifying it.

Thanks!

Link to post
Share on other sites

Hi:

 

You have outdated software, too (Firefox 12 was released in April 2012; the current version is 31).

I didn't review the logs in detail, but that alone would be a huge security vulnerability, especially on an XP system that is no longer supported by Microsoft.

 

<just a thought>

Link to post
Share on other sites

Best practice when you get a refurb computer from a work place is to format it and bring it back to factory conditions. It will help avoid issues in the long run not to mention it guarantees that no company info is left on the computer.

 

But as already mentioned, we can not work on this computer in this section any further...

 

If you want to continue the help you need to follow the instructions in post #13 above.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.