"Runtime Error (at 92:137): Could not call proc." semi-fixed

[jimmimcsandy]

OKAY.. here we go..

 

Back story - I posted in the wrong forum.. - after following another case.. identical to mine...

 

I had already ran.. BEFORE ENCOUNTERING FORUM ADVICE HERE - Combofix and Eusing Registry Cleaner.. normal mode.. Combofix found Wininit.ini and \ssd\ssdp+stub.exe and 9 orphans.. cleaned out.. Eusing 88 issues in registry cleaned

Reboot.. used MBAM Clean - to remove old.. - reboot again..  - Attempted to Re-install.. got "Topic Title Error.. 92:137 message"

Went to Safe Mode - Combofix found 1 infection MSDownload.tmp and 8 more orphans - reboot to regular mode.. still no internet .. still no go.. with MBAM.. and no updates for anything else)

 

Then I googled MalwareBytes and "Runtime Error (at 92:137):  Could not call proc."

(google led me to the forum.. which was closed/locked.. and resolved.. - so when in ROME do as the Romans DO )

 

I thought I copied the process.. step by step.. AND DID get GOOD RESULTS

 

 

Asus Laptop, Win 7 64bit Home Premium

 

initially ..

I WAS NOT ABLE TO SURF WEB

Was Not able to install MBAM

Was not able to run Spybot S&D

 

Followed the guidance to download and install Adw Cleaner and Zoek.. - did so..

 

and in the process cleaned up a lot of MESS -- 314 in ADW and handfuls in Zoek

 

(Missed the step where I am supposed to download and run FRST .. now attached logs)

 

SO PLEASE KEEP IN MIND.. FRST.TXT and Addition.TXT - were both created.. AFTER ZOEK and Adw Cleaner were run

 

..but I will include those logs .. along with .. FRST's logs.. MBAM's Logs.. and ComboFix's Logs (which were created before FRST's)

 

Addition.txt

FRST.txt

ComboFix.txt

AdwCleanerC1.txt

AdwCleanerS1.txt

mbam-log-2015-10-18 (15-04-17).xml

protection-log-2015-10-18.xml

Quarantine.log

zoek-results.log

[jimmimcsandy]

...instructions said wait.. 48 hours.. ..now 52 ... appreciate any help.. thanx

[AdvancedSetup]

Hi there. Sorry for the delay.

 

Can you please run the MBAM CLEAN removal tool 2 times and reboot each time. However, do not reinstall MBAM at this time. I want you  to run the MBAM CHECK tool and post that log before we move on.

 

 

STEP 1

Remove MBAM using this method. (run it twice, make sure to deactivate MBAM first though before uninstalling it)

 

MBAM Clean Removal Process 2x

 

STEP 2

After you have completed STEP 1 above and have rebooted twice then run this scan and post back the log and we'll proceed from there.

 

Please create an mbam-check log:
 

• Download mbam-check.exe from here and save it to your desktop
• Double-click on mbam-check.exe to run it, it should then open a log file
• Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

 

 

Thanks

 

[jimmimcsandy]

Here is the Results of MBAM Check.. ...and THANK YOU

CheckResults.txt

[AdvancedSetup]

Please click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator"

Then type in the following and press the Enter key. It will say the drive is locked

 

CHKDSK   C:   /R

 

 

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

 

 

Press the Y key and Enter key and then restart the computer to let it run.

 

On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 

Then find the disk check log in Event Viewer and copy/paste the text results here in your next reply please.

 

Thanks

 

[jimmimcsandy]

here s the chkdsk c: /r   results..    (I copied and pasted it into wordpad in text format.. but it some how messed up the spacing a bit.. and doubled up some of the lines.. so I put in the hard-returns and took out some of the extra spaces to make it look more like the real chkdsk results..normally viewed on screen)

 

thanx

 

"jimmimc"

CheckResults.txt

[AdvancedSetup]

You're missing the DISK CHECK results. From Event Logs you should be able to open the Event. Then click the copy button. Then you can either paste directly back here using CTRL-V on the keyboard or paste it into a NOTEPAD document (not wordpad) and then attach that text file.

 

Thanks

[jimmimcsandy]

Well ..I did the start.. accessories.. RIGHT CLICK (on cmd).. RUN as Administrator.. and even though I traditionally just do a CHKDSK /R  I followed your instructions to a "T" and did .. CHKDSK C: /R ... then..  followed the link.. to the HOW TO... view/search..event viewer.. etc.. and.. that said.. oddly I did a "FIND" on.. CHKDSK.(I used lower case as nobody indicated it was case sensitive).. .. and it found nothing.. however..it did did come to rest on.. this entry..showing the wininit..  (in the Type?) column.. and when I clicked on it....and previewed the contents.. it looked like the results of the chkdsk.. hence.. why I cut and pasted it..into .. the CHECK Results.txt file above.

[AdvancedSetup]

Well the entry above is the log for MBAM CHECK not the Disk Check.

 

mbam-check result log version:     2.1.1.1001
========================================

User Account type:                 Administrator
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601.0
mbam-check result log version: 2.1.1.1001

Date Log Created: 10/22/15
Time Log Created: 07:53:35

Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    SIGN.IE=05F1000 BrotherSoftExtreme_CT2776682.exeREG_SZ        WINXPSP2
    C:\T2G-ProtectionSuite\Spybot - Search & Destroy 2\SDWelcome.exeREG_SZ        RUNASADMIN
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers


Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------

--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ErrorControl                  REG_DWORD        1
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    DependOnService               REG_MULTI_SZ    RpcSs

    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
    {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY    Binary Data

    {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY    Binary Data

    {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY    Binary Data

    {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY    Binary Data

    {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY    Binary Data

    {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY    Binary Data

    {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY    Binary Data

    {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY    Binary Data

    {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY    Binary Data

    {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY    Binary Data

    {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY    Binary Data

    {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY    Binary Data

    {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY    Binary Data

    {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
    {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY    Binary Data

    {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY    Binary Data

    {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY    Binary Data

    {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY    Binary Data

    {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY    Binary Data

    {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY    Binary Data

    {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY    Binary Data

    {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY    Binary Data

    {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY    Binary Data

    {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY    Binary Data

    {f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY    Binary Data

    {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY    Binary Data

    {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY    Binary Data

    {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY    Binary Data

    {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY    Binary Data

    {4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY    Binary Data

    {be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY    Binary Data

    {716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY    Binary Data

    {1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY    Binary Data

    {07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY    Binary Data

    {5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY    Binary Data

    {b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY    Binary Data

    {0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY    Binary Data

    {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY    Binary Data

    {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY    Binary Data

    {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY    Binary Data

    {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY    Binary Data

    {91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY    Binary Data

    {64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY    Binary Data

    {13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY    Binary Data

    {cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY    Binary Data

    {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY    Binary Data

    {375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY    Binary Data

    {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY    Binary Data

    {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY    Binary Data

    {b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY    Binary Data

    {3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY    Binary Data

    {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY    Binary Data

    {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
    {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY    Binary Data

    {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY    Binary Data

    {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY    Binary Data

    {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY    Binary Data

    {38b977e7-40a1-446a-bd7f-6ab5980c5d16}REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
    {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY    Binary Data

    {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY    Binary Data

    {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY    Binary Data

    {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY    Binary Data

    {9367171b-3264-4f09-a0e8-81b38c162f17}REG_BINARY    Binary Data

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
    ErrorControl                  REG_DWORD        3
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
    0                             REG_SZ        Root\LEGACY_FLTMGR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1


C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES    FileVersion: 6.1.7601.17514    MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1066176   BYTES    FileVersion: 6.0.88.62    MD5: [714cf24fc19a20ae0dc701b48ded2cf6]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES    FileVersion: 6.1.7601.17514    MD5: [703ffd301ab900b047337c5d40fd6f96]


MBAM Registry Settings and License Info:
========================================





Scheduler Queue:
================


Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

MBAMProtector Registry Values:
==============================



MBAMService Registry Values:
============================



MBAMScheduler Registry Values:
==============================



Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume2

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM
        PM
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.



MBAM DLL's and Runtime Files:
=============================






























MBAM Registry Settings and License Info (part 2):
==================================================







Context Menu Entries:
=====================
















List of MBAM Related Directories:
=================================

===============================================================
END OF FILE

[jimmimcsandy]

oh.. im sorry    gosh.. names were tooooo similar.. I copied the wrong one..alphabetically sorted they were one above each other..

CHKDSKResults.txt

[AdvancedSetup]

Okay it did find and correct some issues in the MFT and no indications of a failing drive so that's good.

 

 

Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Then restart the computer and download a new installer for MBAM and install it and let me know if you still get the same error or not.

 

https://www.malwarebytes.org/mwb-download/thankyou/

 

I'll be out most of the day tomorrow so may not be able to check back until Monday

 

 

Thanks

 

[jimmimcsandy]

Ran the Oldtimer's Temp File Cleaner.. - found about 1.00 megs of files to delete.. - It said not to interrupt.. only took a few minutes.. - hit exit.. at the end..

 

installed MBAM 2.2.0.1024 install was flawless..  - right clicked run as admin  (as well)

 

Update access server - unavailable  - or something to that degree.. clicked update to make sure.. - same

 

SWAPPED NET CABLES.. just to be sure.. - same..

 

Went ahead and ran it anyways.. definitions/signatures.. database dated 9/22/2015  just in case it finds anything..  - will keep you posted..

[jimmimcsandy]

Okay .. MBAM scan completed - 6 found.. 5 in Comodo's Quarantine.. - but an interesting one.. called SIAXI.DAT sitting in c:\windows\system32\lah\fhh

 

categorized as.. "PUP.Optional.HijackHosts.GEN  ...raised my eyebrow..

 

And the computer NEEDED to be RESTARTED..

 

upon restart.. - launched MBAM (administratively).. - Unable to Access Update Server  

[AdvancedSetup]

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

[jimmimcsandy]

Here you go.. Result.txt  - from MiniToolBox

 

 

Result.txt

[AdvancedSetup]

Strange in that it says your DHCP networking is not working yet I assume you're sending and posting here using this same computer.

 

Please restart the computer and then run the following for me. Make sure your antivirus is disabled when you run it. Delete your current copy and download a new fresh copy to run.

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[jimmimcsandy]

not a combo fix expert.. - did go into .. comodo.. shut off Anti-virus for 30 mins.. Firewall for 30 mins.. Sandbox for 30 mins.. HIPS was already disabled.. and shut.. Viruscope down for 30 mins.. - right click EXITED on spybot (on systray next to clock to shut it down) .. yet.. 2 mins later.. Combofix pops up to say.. "SHUT THESE PROGRAMS OFF.. Comodo AV and.. Spybot Search and Destroy.. " ..... assuming it was just a slow..to shut down background processes or services..?

 

............I went ahead with the scan..

 

all seemed to be okay.. created a restore point.. and off it went.. to scan.. all seemed pretty normal..

 

quicky analysis.. shows 5 orphans.. but nothing under deletions.. the rests is.. mumbo-jumbo to me..

 

hope this is helpful.. to you ..

 

AS for.. am I using the same computer to send.. these reports.. NO..

 

IM ON THE SAME NETWORK..with a secondary computer..

 

the ORIGINAL PROBLEM.. was.. MBAM would not  update..so I uninstalled the old version ..thinking it was corrupted  or infected.. upon reboot and attempted re-install of newer version.. it too would not INSTALL  but after trying to browse.. and not being able to get to the net...with 404 page cannot be displayed error messages.. this is when I first sought your forum and help.. (and jumped the gun..following somebody elses POST with identical problem.. and error message)

 

only I missed a step.. didn't do FRST first.. - went right into ADWCleaner and Zoek.. - which...upon reboot.. . did allow me to INSTALL new copy.. - but still would not let me update.. .  (have since uninstalled that version.. as per your instruction.. using mbam clean twice with reboots in between cleaning cycles)

 

and even issuing the NETSH interface ip reset resetlog.txt command.. that didn't sufficiently rebuild/restore  the tcp/ip stack..

 

..or clear the dns.. or whatever is blocking me from getting to the web

 

(and yes..i have switched cables.. and even reset router.. connections from it.. WORK with my other computer.. )

 

so I leave it in your hands..

NuCombofixScanResults.txt

[AdvancedSetup]

Okay, that makes more sense now. The logs do indicate that the computer cannot access the Internet but you were posting so I was confused. Please run a new FRST scan and place a check mark in the Additions.txt check box and post back both new logs. We'll look deeper and see if we can get the network stack working again.

 

Thanks

[jimmimcsandy]

Here they are..

 

hope this helps..

 

 

Addition.txt

FRST.txt

[jimmimcsandy]

Hope you had a nice hallowe'en.. curious how the analysis.. of Addition.txt and FRST.txt was coming

[AdvancedSetup]

Sorry for the delay but glad you replied as I lost track of your post.

 

Let's start by getting rid of all these antivirus products. Should only have one and it looks like you have a big mix of them or at least pieces of them possibly from previous installs.

 

Temporarily uninstall ALL of them except MSE.

 

AV: Trend Micro Titanium Internet Security (Disabled - Out of date) {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Microsoft Security Essentials (Disabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: COMODO Antivirus (Enabled - Out of date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Trend Micro Titanium Internet Security (Disabled - Out of date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Disabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
 

 

Uninstall ALL versions of Java as well.

 

Reset your hosts file back to defaults for now (let me know if you need help on how to do that)

 

Reset you MSCONFIG back to NORMAL

Please read the following article concerning the use of MSCONFIG
Msconfig Is Not A Startup Manager
 

 

Reset your web browsers

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

 

 

Then reboot twice and run a new set of logs from FRST for me.

 

 

Thanks

 

[jimmimcsandy]

okay.. thanx for getting back to me.. SORRY FOR THE DELAY.. lots going on in my life ..here too..

 

followed your wish list.. did the best I could..

 

removed.. Comodo

 

removed trend micro

 

removed spybot

 

attempted to remove.. MSE - but not in the add/remove list in programs and features

 

ALSO could not find.. Windows Defender in the programs / features.. add/remove list..

 

uninstalled google / chromodium

 

reset internet explorer defaults..

 

found  c:\windows\system32\drivers\etc\host   . .removed all the "inputs" from Spybot.. and saved it back down..   (only one 127.0.0.1 entry at the top.. left. )

 

turned NORMAL BACK ON.. in MSCONFIG

 

on boot up.. got the following message.. in a dialog box entitled..

 

Microsoft Security Client

 

( x ) an error has occurred in the program during initialization.  If this problem continues, please contact your system administrator.

Error Code:  0x80070002

 

I am assuming and I mayyyyyyyy be completely wrong.. that there may be some MSE residual in.. Registry ?? (either a Run.. or Run-Once type command?) .. or a remnant in MSConfig that is pointing to launch the Microsoft Security Essential.. and of course..its not there.. so its like a dead / orphaned link..?

 

OR.. if it is a "service" that normally checks to see.. if windows firewall is on.. or off.. or if.. a 3rd party firewall / anti-virus is in place.. - its pulling up..nothing.. ??  just my thoughts.. theories.. but that's why you are the PRO's

 

not sure if there is a dedicated "REMOVAL" tool.. for MSE ..or not..?

 

also..not sure what program you would recommend.. for.. removing remnants of programs that may not have uninstalled correctly.. those that may still appear in add/remove programs list..but aren't in the system.. and  those that  ..don't appear in add/remove programs list.. but ..still have indicators in registry, start-up / msconfig.. or icons on the screen?

 

I have used Eusing Registry cleaner up until this point..but ..still not 100%  effective.. with respect to all the "orphans..  / widows" . .mentioned in the above paragraph..

.... Autoruns.. maybe useful too.. but .. very little documentation on how to run it.. and I find it sometimes flags things that are perfectly legitimate .. or needed.. or in use by other processes.. and wouldn't want to rely on its coding.. blindly..

 

Rebooted twice .. as per your request..

 

Ran.. FRST.. and since you had .. "logs".. plural..?.. I added the checkmark to .. "Additions"

 

here they both are..

 

thanx

 

 

 

nu_FRST.txt

nu_Addition.txt

[AdvancedSetup]

We have a list of uninstaller tools for some applications listed here. Please give those a try as warranted.

https://forums.malwarebytes.org/index.php?/topic/127580-information-list-of-uninstaller-tools/

As for Registry Cleaners those are snake oil. Please have a read.
Do I need a Windows Registry Cleaner?


Please uninstall Bonjour from the system. We can reinstall of fix it later.

The log says that you don't have an Ethernet cable connected. Are you only trying to access via wireless ?

Next,

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

[jimmimcsandy]

...just got this now.. will reply again AFTER... I run the "FIX"...

 

to answer your questions.. yes.. I had unplugged the Ethernet cable.. as IT was not working .. wired.. (switched cords a week back just to make sure it wasn't a cabling issue.. and yes.. tried it in a different port on the router.. ) and yes.. ..the wireless was not working..either..  everything I've downloaded to pc.. was done..via usb memory stick.. and all reports.. results.. I've posted here.. have been copied back to mem stick and uploaded from my secondary pc..which is surfing the web just fine off the same router.. wired

 

Will now go . .remove bonjour.. upload fix.. and follow those instructions..

[jimmimcsandy]

ok - removed the bonjour / Apple service.. not worried..

 

copied the FIX onto the desktop where the FRST was run from..

 

opened FRST - clicked on the FIX button..

 

watched a whole whack of commands - fly past..

 

asked for a reboot..

 

copied the fix log .. here.. as an attachment..

 

(jumped into c:\program files \ accessories.. - right clicked on ms command prompt run as administrator)

 

did an ipconfig /all

 

with network cable plugged back in .. - getting.. ip addy of 169.254.110.105 (Preferred)

...............................................................gateway addy :                                        <-- yep..   blank

..............................................................D.N.S. addy :   192.168.1.254    WHICH IS CORRECT

 

..but of course...  ping 127.0.0.1 worked

ping of 192.168.1.254 (also the gateway's addy.. ) .. transmit failed (*4)

 

so here is the fix log

 

Forgot to mention.. on reboot..    still had that Microsoft Security Client failure.. even though the log says the Fix.. successfully removed it.. ?

Fixlog.txt