Jump to content

Recommended Posts

The problem with my computer is that it doesn't update my Premium MBAM automatically and when I boot up, I see this:

 

MBAMtrayicon_zps632be1d7.jpg  

 

in the tray. Then, when I open the program,the same symbol appears alongside the 'updates' line. I update and both warnings disappear. If I then leave the computer for a few hours, I have to update again manually.

 

 

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software





 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User : Bobs [Admin rights]

Mode : Scan -- Date : 09/10/2014  21:11:43

 

¤¤¤ Bad processes : 1 ¤¤¤

[suspicious.Path] UpdateChecker.exe -- C:\Users\Bobs\Desktop\FileHippo.com\UpdateChecker.exe[-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 10 ¤¤¤

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2028160917-3071815627-2566426118-1000\Software\Microsoft\Windows\CurrentVersion\Run | FileHippo.com : "C:\Users\Bobs\Desktop\FileHippo.com\UpdateChecker.exe" /background  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2028160917-3071815627-2566426118-1000\Software\Microsoft\Windows\CurrentVersion\Run | FileHippo.com : "C:\Users\Bobs\Desktop\FileHippo.com\UpdateChecker.exe" /background  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2028160917-3071815627-2566426118-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://mysearch.avg.com?cid={3B7D9441-CD9F-499B-8767-B9E8A043CF30}&mid=dc5ae135f08147d28e98d16dcaaf9e45-97284ab4ed93cc8b8a4b5969749b4f8864625f57〈=&ds=&coid=&cmpid=&pr=&d=&v=18.1.0.443&pid=safeguard&sg=&sap=hp  -> FOUND

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2028160917-3071815627-2566426118-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://mysearch.avg.com?cid={3B7D9441-CD9F-499B-8767-B9E8A043CF30}&mid=dc5ae135f08147d28e98d16dcaaf9e45-97284ab4ed93cc8b8a4b5969749b4f8864625f57〈=&ds=&coid=&cmpid=&pr=&d=&v=18.1.0.443&pid=safeguard&sg=&sap=hp  -> FOUND

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2028160917-3071815627-2566426118-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://uk.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}  -> FOUND

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2028160917-3071815627-2566426118-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://uk.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}  -> FOUND

 

¤¤¤ Scheduled tasks : 1 ¤¤¤

[suspicious.Path] \\Registration -- "C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe" (Registration ShowMessageTask2D) -> FOUND

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 2 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

 

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD321HJ +++++

--- User ---

[MBR] 61f5ba9ca8210d94c09a381312e71389

[bSP] cbe1a3892920c024e3e7b9efc684338e : HP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 291993 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 598003560 | Size: 13248 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )
Link to post
Share on other sites

From your logs it looks as if you ran most of the tools already.Have you done a clean re-install of Malwarebytes???https://forums.malwarebytes.org/index.php?/topic/146017-mbam-clean-removal-process-2x/ <---clean re-install MrC

Cant remember if I have but more than willing to do another. Regarding the log, I see that Filehippo gets a few mentions. It may not be relevant, but I have tried on a few occasions to remove the icon from my desktop, but it wont budge.

Link to post
Share on other sites

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

 

Also.........

Please permanently disable Windows Defender, you have AVAST running and having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs

MrC

Link to post
Share on other sites

Have re-enabled Self Protection after the reinstall. Should I have?

 

I'm not sure, I don't use the new version of MB.

 

Also, this:  "and offer to add an automated update schedule" did not happen.

I'm not sure what you mean but here's some info on it:

https://www.malwarebytes.org/support/guides/mbam/AutomatedScheduling.html

MrC

Link to post
Share on other sites

I was directed to this forum from here:

 

https://forums.malwarebytes.org/index.php?/topic/156525-mbam-replacement/page-2

 

...and in reply No22 I was advised that:

 

"The logs indicate that you still have an old element of Symantec Antivirus running on the system.

I would recommend you download this File and run it and have it remove all traces of leftover Norton/Symantec antivirus.

 

Then you have a couple of other minor issues in the logs that would indicate some possible minor infections so I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue."

 

Can I just ask if  the old element of Symantec Antivirus been removed and also if the minor issues in  the logs still indicate minor infections?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.