Jump to content

Anti-Exploit not showing in tray


Recommended Posts

  • Root Admin

Hi @KenW

I've moved your topic to the malware removal section so we can do some cleanup. The logs shows some issues including network which is probably why MBAE is having trouble.

 

Application errors:
==================
Error: (07/23/2016 06:54:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/23/2016 09:30:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.7.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

etc..

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Once that's done we'll run some other scans.

Thanks

 

Link to post
Share on other sites

  • Root Admin

Okay, that looks good. It was able to remove some policy items and other unwanted changes to the system. Let's go ahead and run some scans to ensure the system is clean and working properly. Then if needed we'll reinstall the product to make sure all its settings are correct.

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Let's clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed.
  • Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look at the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up, click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore.

STEP 06
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

 

Link to post
Share on other sites

  • Root Admin

This is all that is in the LOG

 

 

LastRegBack: 2016-07-22 07:52

===============

 

Please delete your copy of the FRST program and previous logs too. Then run a disk check on your drive.

From an elevated admin command prompt type the following.

CHKDSK C: /R

That should do a full disk check of your drive. Then download a new copy of FRST and run it again and post back the new logs

 

Link to post
Share on other sites

  • Root Admin

Don't see how this can be doing you any good. It's way too old to be of any real value at this point and certainly not vetted, tested on Windows 10

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

Task: {1D8FFD05-995B-47DC-ACD8-3596B37AAB80} - System32\Tasks\SUPERAntiSpyware Scheduled Task cda74e1a-a142-4148-ad56-252fed5c01f8 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

I'd recommend you uninstall it. If you really want this program then look and see if they have an update tested and verified to work on Windows 10. There are newer products for Ad blocking, but if it's working for you then that's okay too, just mentioning it. As for malware detection or removal it has to be useless at this point.

 

I would review all of these file for possible move or deletion. No files should be in the root of any folders.

2016-07-04 03:36 - 2016-07-04 03:36 - 0000048 ____H () C:\Program Files (x86)\o4ayn1arsq.dat
2015-10-01 17:04 - 2015-10-01 17:04 - 0000020 ___SH () C:\Users\KW\AppData\Roaming\Sys11965 DataCollection.dat
2015-10-01 17:04 - 2015-10-01 17:04 - 0000020 ___SH () C:\Users\KW\AppData\Roaming\System413_DataDB.ind
2015-10-23 19:34 - 2016-07-06 09:32 - 0007598 _____ () C:\Users\KW\AppData\Local\Resmon.ResmonCfg
2016-01-29 13:54 - 2016-01-29 13:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-08 14:51 - 2016-05-14 08:03 - 0019535 _____ () C:\ProgramData\empty.ico
2016-07-27 23:24 - 2016-07-27 23:24 - 0962591 _____ () C:\ProgramData\Malwarebytes Anti-Exploit.zip
2002-12-09 15:27 - 2002-12-09 15:27 - 0000000 ____H () C:\ProgramData\sdpsenv.dat

 

You have an alternate data stream file (not necessarily bad but if you did not create it on purpose then the stream should be removed)

AlternateDataStreams: C:\ProgramData\TEMP:B0D4D817 [426]

May also want to check and see why or what device is trying to take up the same IP address there in the home.

System errors:
=============
Error: (07/29/2016 12:01:36 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

When you've reviewed the above I'd probably reinstall MBAM, MBAE using the clean removal process. If you've not done the same with ESET in a long time then I'd probably do that one as well. Then your main security programs should be all clean, and updated and would not expect anymore errors from MBAE.

 

 

 

Edited by AdvancedSetup
Link to post
Share on other sites

Thank you. That thing with Superantispyware is very old and not even sure if it is active or being used.

Thank you for the help and information. This version of Win 10 pro is a "clean" install and the partitions were deleted

before install. Who knows after all this is Windows and it's inherent crap.

Edited by KenW
Link to post
Share on other sites

This is what I get with KW             <20>  UNIQUE      Registered
    KW             <00>  UNIQUE      Registered
    WORKGROUP      <00>  GROUP       Registered
    WORKGROUP      <1E>  GROUP       Registered
    WORKGROUP      <1D>  UNIQUE      Registered
    ☺☻__MSBROWSE__☻<01>  GROUP       Registered

I really don't see what you mean in your post about duplicate.

Edited by KenW
Link to post
Share on other sites

  • Root Admin

I'd probably just ignore it. Normally any conflict like that in a home network will resolve on its own without too much issue.

If needed here are some links to remove SAS

http://www.superantispyware.com/supportfaqdisplay.html?faq=47

32-bit: http://www.superantispyware.com/downloads/SASUNINST.EXE
64-bit: http://www.superantispyware.com/downloads/SASUNINST64.EXE

 

Thanks again

Ron

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.