Jump to content

Malwarebytes Scanning and Update Probelms (Computer Infected)


Recommended Posts

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

===============================

Download and run StartupLite: (for unnecessary startup items)

https://www.malwarebytes.org/startuplite/

Try a re-install of Malwarebytes as before.

Let me know.....MrC

Link to post
Share on other sites

Well that means something that's running in normal mode but not in safe mode is the culprit.

Please do this:

Please create an mbam-check log:
Download mbam-check.exe from here and save it to your desktop
http://downloads.malwarebytes.org/file/mbam_check
Double-click on mbam-check.exe to run it, it should then open a log file
Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post.
Click on the More Reply Options button, then click on the Browse button to locate your log then click the Attach button to attach the log to your post

Then........

Download HiJackThis to a folder: <---important

http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe

Run HJT.exe
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.
Copy and paste it into your post.

MrC

Link to post
Share on other sites

Here's a tutorial on HJT if needed:
http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/

==================

I forgot to have you delete these before:

Run HJT and click Scan > when the scan complete > put a check mark next to these and click Fix Checked

O4 - HKUS\S-1-5-18\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')


---------------------------------------------

I see the only anti-virus you have is Defender, please disable it and see it there's any difference:
How to Disable Defender

---------------------------------------------

If MB still won't work........

These are the other items you have running:

O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HP Officejet 4630 series (NET)] "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN38F1W1TN05Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE


You can disable them one or two at a time and see if there's any difference: (same way you did before)

Run HJT and click Scan > when the scan complete > put a check mark next to these and click Fix Checked

To restore an item, check the link below:
http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/#HTRestore

Let me know if any make a difference, MrC

Link to post
Share on other sites

So you disabled all of these.....rebooted and there was no change???
 

O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HP Officejet 4630 series (NET)] "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN38F1W1TN05Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

 


MrC

Link to post
Share on other sites

I don't know what to tell you from here. There's something on your system that's interfering with MB in normal mode but not in safe mode. It's not malware related.

I suggest you go back to Malwarebytes and see if they have an answer.

We should clean up all the tools and logs first.

MrC

Link to post
Share on other sites

You can uninstall/delete StartupLite

You can delete the HiJackThis folder if you have restored all the items you disabled.

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.