Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Messages File C\Programme.


  • This topic is locked This topic is locked
8 replies to this topic

#1 John in Oman

John in Oman

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 23 February 2017 - 09:09 PM

It goes on to say File\ Malwarebytes etc is missing. Please correct or obtain a copy.

 

I have Googled extensively for a solution but so far have not been able to find a solution to the issue.. I have tried uninstalling and re-installing Malwarebytes and scanned with MWBs and Avast with nothing being found.  I cannot access MWBs from my desktop which i assume is connected to the problem.

 

Help please will be much appreciated.  JH

 

 



BC AdBot (Login to Remove)

 


#2 lmacri

lmacri

  • Members
  • 407 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:07:00 PM

Posted 24 February 2017 - 05:25 PM

Hi John in Oman:

 

Try posting your question in the Malwarebytes for Home Support forum.  Malwarebytes was recently upgraded from v2.2.1 to v3.0.6 and your installation might have been corrupted during the upgrade.

 

Malwarebytes employee bdudrow has pinned a thread at the top of that forum titled Having Problems Using Malwarebytes? Please Follow These Steps that has instructions for posting diagnostic logs in the forum.  There are instructions for both the new Malwarebytes v3.0.6 as well as Malwarebytes Anti-Malware v2.2.1 so if you aren't sure which version is installed on your machine go to Control Panel | Program | Programs and Features and see what version number is listed there.

------------
32-bit Vista Home Premium SP2 * Firefox v51.0.1 * NIS v22.9.0.71 * MBAM Premium v2.2.1


Edited by lmacri, 24 February 2017 - 10:50 PM.


#3 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 24 February 2017 - 06:03 PM

Since my last post. I did a Farbar scan and the Log is as follows.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2017 01
Ran by HP (administrator) on HP-PC (24-02-2017 22:29:47)
Running from C:\Users\HP\Documents\Downloads
Loaded Profiles: HP (Available Profiles: HP)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-31] (AVAST Software)
HKLM\...\Run: [Malwarebytes App] => C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe [1192400 2017-02-09] ()
HKU\S-1-5-21-158745589-1102801140-2226643516-1000\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-31] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-30] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6CC32CE0-832C-4680-A8FA-E078BDECADF9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6FD91F0C-0735-4ACE-AA5E-1D8950814E2F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E1FE0B5E-89A9-49BA-ACED-1290E0F8EA82}: [DhcpNameServer] 10.179.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-158745589-1102801140-2226643516-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = 
SearchScopes: HKU\S-1-5-21-158745589-1102801140-2226643516-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = 
SearchScopes: HKU\S-1-5-21-158745589-1102801140-2226643516-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-26] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: xfcp7s22.default
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\xfcp7s22.default [2017-02-23]
FF NewTab: Mozilla\Firefox\Profiles\xfcp7s22.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\xfcp7s22.default -> hxxps://www.malwarebytes.org/restorebrowser/index.html?f=1&a=plk_mdaffafterdownload_15_48&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0AzyzyyEyDtB0F0AtByByEtN0D0Tzu0StCyEtBzytN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StDzz0C0Bzy0AtDyCtGtAyDtAyEtGtDyC0DzytGtC0E0ByCtGyEyB0CyEyBzz0ByE0Bzz0DyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyB0Czy0A0D0AtCtGyE0FtA0EtGyE0Dzy0CtG0AtB0CyEtG0DyBtCzy0FyDyCyDtD0AtD0C2QtN0A0LzuyE&cr=1059949928&ir=
about:preferences
FF Extension: (Avira Browser Safety) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\xfcp7s22.default\Extensions\abs@avira.com.xpi [2016-02-08]
FF Extension: (Adblock Plus) - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\xfcp7s22.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-09-07] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-31]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-23] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-158745589-1102801140-2226643516-1000: @tools.google.com/Google Update;version=3 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-158745589-1102801140-2226643516-1000: @tools.google.com/Google Update;version=9 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-31] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Users\HP\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Widevine Content Decryption Module Adapter) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Widevine Content Decryption Module Adapter) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-02-01]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2017-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.YMALKRNGAUOM7RE2HUI6DAZQPA - C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2015-09-01] () [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-07-23] (Panda Security, S.L.)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe [72344 2008-11-25] (SiSoftware) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-10-26] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-08-30] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-26] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59976 2017-01-20] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [219584 2017-02-24] (Malwarebytes)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [50992 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [64760 2015-07-09] ()
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [140024 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [105208 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [168696 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [113912 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [124664 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2017-01-21] (The OpenVPN Project)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 22:29 - 2017-02-24 22:29 - 00000000 ____D C:\FRST
2017-02-23 02:33 - 2017-02-24 01:25 - 00219584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-23 02:33 - 2017-02-23 02:33 - 00001857 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-23 02:33 - 2017-01-20 07:47 - 00059976 _____ C:\Windows\system32\Drivers\mbae.sys
2017-02-22 03:34 - 2017-02-22 03:34 - 00000000 __RSH C:\MSDOS.SYS
2017-02-22 03:34 - 2017-02-22 03:34 - 00000000 __RSH C:\IO.SYS
2017-02-08 06:41 - 2017-02-08 06:41 - 00000000 ____D C:\Users\HP\AppData\Roaming\PeerNetworking
2017-01-26 01:55 - 2017-01-26 01:55 - 00000000 ____D C:\Users\HP\AppData\Local\{003ACA6A-C058-424D-B955-A82DE5375C64}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-24 22:27 - 2006-11-02 12:47 - 00004928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-24 22:27 - 2006-11-02 12:47 - 00004928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-24 22:11 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-24 14:36 - 2006-11-02 13:01 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-23 14:41 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-02-23 04:48 - 2016-04-03 02:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-23 03:12 - 2017-01-21 04:54 - 00000000 ____D C:\Users\HP\AppData\Roaming\ExpressVPN
2017-02-23 02:52 - 2015-09-01 11:18 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-23 02:52 - 2015-09-01 11:18 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-23 02:52 - 2015-09-01 11:18 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-23 02:33 - 2015-09-01 11:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-11 08:12 - 2015-09-01 04:21 - 00000000 ____D C:\Users\HP
2017-02-11 07:50 - 2015-09-01 11:44 - 00000000 ____D C:\Users\HP\Documents\OneNote Notebooks
 
==================== Files in the root of some directories =======
 
2017-02-08 06:41 - 2017-02-08 06:41 - 0026340 _____ () C:\Users\HP\AppData\Roaming\UserTile.png
2015-09-01 04:21 - 2015-09-01 04:23 - 0000680 _____ () C:\Users\HP\AppData\Local\d3d9caps.dat
2016-08-10 08:12 - 2016-08-10 08:12 - 0003584 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-30 11:37 - 2016-10-30 11:37 - 0000000 _____ () C:\Users\HP\AppData\Local\{EE71CFAC-78BC-4795-89D9-E6ADBE626DB6}
2016-03-27 03:24 - 2016-03-27 03:24 - 0237974 _____ () C:\ProgramData\1459048770.bdinstall.bin
2016-04-02 13:18 - 2016-04-02 13:18 - 0037408 _____ () C:\ProgramData\1459603111.bdinstall.bin
2016-04-02 13:21 - 2016-04-02 13:21 - 0058739 _____ () C:\ProgramData\1459603120.bdinstall.bin
2016-04-02 22:49 - 2016-04-02 22:49 - 0096655 _____ () C:\ProgramData\1459613978.bdinstall.bin
2016-12-01 03:59 - 2016-12-01 03:59 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-24 22:19
 
==================== End of FRST.txt ======================

Edited by John in Oman, 24 February 2017 - 06:22 PM.


#4 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 24 February 2017 - 06:26 PM

I will now try to find the second log.  Please forgive me for being a total 'thickie' with these things.  My defense is that i am 77 yrs old so not born into the computer era!!

 

Thanks and regards.

JH



#5 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 24 February 2017 - 06:40 PM

Here it is!!

 

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
F
FirewallRules: [{7F5CDE73-E0B1-4417-A651-09D11D86625F}] => (Allow) LPort=80
FirewallRules: [{CD54F2F9-4944-477F-A3C5-2B65C0B97187}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9916BC45-EDA3-4120-95A3-1C47DDD79F8F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{13A0905C-9270-4644-9F64-96E7B5098892}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\RpcAgentSrv.exe
FirewallRules: [{63356C3E-BE61-4398-BE31-462BB5CC1EC3}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x86\RpcSandraSrv.exe
FirewallRules: [{DDAA98F4-DCFE-4581-85D7-A65F10B962BE}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0EF3\HPDiagnosticCoreUI.exe
FirewallRules: [{C2A4761D-B9A6-48CF-8A8A-60206995BC70}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0EF3\HPDiagnosticCoreUI.exe
FirewallRules: [{ED9FC0A6-A13A-4690-8F35-5C1E5FDCF343}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0FB3\HPDiagnosticCoreUI.exe
FirewallRules: [{9B4DE12B-203F-4E7D-9419-D3C2D102CC33}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS0FB3\HPDiagnosticCoreUI.exe
FirewallRules: [{7B6DA5BF-1AFB-40F3-ACC3-DF98C80DB9AB}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS1B3F\HPDiagnosticCoreUI.exe
FirewallRules: [{3DC91FD8-47D6-4F71-B19D-DE3D32828E9E}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS1B3F\HPDiagnosticCoreUI.exe
FirewallRules: [{2D7D0E8B-AF4E-4F3C-BE53-1B84B1B6B106}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3953\HPDiagnosticCoreUI.exe
FirewallRules: [{18D4CB3B-A4C0-4EA3-B7B7-3E82BCB19421}] => (Allow) C:\Users\HP\AppData\Local\Temp\7zS3953\HPDiagnosticCoreUI.exe
 
==================== Restore Points =========================
 
26-07-2016 22:50:47 Restore Operation
15-08-2016 11:25:13 Installed Easy fix 50450
16-08-2016 07:04:01 Installed Easy fix 50450
16-09-2016 04:09:47 SiSoftware Sandra Lite
16-09-2016 04:28:43 SiSoftware Sandra Lite
29-09-2016 22:00:59 Auslogics Regisry Defrag - before defragmentation
26-10-2016 03:04:26 Restore Operation
01-12-2016 04:00:16 Device Driver Package Install: HP Printers
01-12-2016 04:01:50 Device Driver Package Install: Hewlett-Packard Imaging devices
01-12-2016 04:02:17 Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
21-01-2017 09:27:38 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/24/2017 10:13:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 11:39:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 09:34:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 05:52:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 05:18:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 05:18:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 02:01:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2017 01:25:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/23/2017 09:51:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/23/2017 12:43:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Panda Security\Panda Devices Agent\Util_NDKService.dll".
Dependent Assembly NdkApi,type="win32",version="1.0.0.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (02/24/2017 10:11:57 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/24/2017 11:38:11 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/24/2017 09:33:03 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/24/2017 05:17:26 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/24/2017 01:51:56 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/24/2017 01:24:53 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/23/2017 09:50:06 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/23/2017 12:42:30 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/23/2017 11:13:47 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
Error: (02/23/2017 09:47:32 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Event-ID 412
 
 
CodeIntegrity:
===================================
  Date: 2017-02-25 00:08:43.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-25 00:08:43.227
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-25 00:08:42.903
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-25 00:08:42.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSKMAD.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-25 00:08:42.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-25 00:08:41.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-25 00:08:41.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-25 00:08:41.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINReg.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-25 00:08:40.833
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-25 00:08:40.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\PSINProt.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T2370 @ 1.73GHz
Percentage of memory in use: 57%
Total physical RAM: 2037.27 MB
Available physical RAM: 859.57 MB
Total Virtual: 4321.81 MB
Available Virtual: 2551.23 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:244.14 GB) (Free:186.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:221.62 GB) (Free:221.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 4094529C)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

Edited by John in Oman, 24 February 2017 - 07:12 PM.


#6 lmacri

lmacri

  • Members
  • 407 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:07:00 PM

Posted 24 February 2017 - 08:23 PM

Hi John in Oman:

 

You're doing great, but it would be best if you start a new topic in the Malwarebytes for Home Support forum and post your Farbar Recovery Scan Tool (FRST) logs in that forum. One of the Malwarebytes staff will respond to your post after they've reviewed your logs.  Be sure attach the requested mbam-check log as well so they have information on the current status of your Malwarebytes installation.

 

I see drivers loading at boot-up for both AVAST and Panda Security as well as multiple errors related to Panda. If you have more than one antivirus program installed on your system that could create a conflict, but don't add or remove any software from your system until someone from Malwarebytes has reviewed your logs - they will be able to suggest the best way forward to fix your problem.
------------
32-bit Vista Home Premium SP2 * Firefox v51.0.1 * NIS v22.9.0.71 * MBAM Premium v2.2.1



#7 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 25 February 2017 - 02:07 AM

Thank you. I will attermpt to do that Lol!



#8 John in Oman

John in Oman
  • Topic Starter

  • Members
  • 371 posts
  • OFFLINE
  •  
  • Local time:07:00 PM

Posted 25 February 2017 - 02:17 AM

It seems i have to sign up anew to get into the Malwarebytes section!   No energy left so it will have to wait!!



#9 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:00 AM

Posted 04 March 2017 - 05:42 PM

Since the OP has now posted in the 'Virus, trojan logs etc.' section of BC, this topic is now closed to prevent confusion.

 

Once your computer is cleared of malware or it is determined that malware is not your problem but you have a Windows problem then you will be welcome either to start a new topic here or to send me, or any Moderator, a PM asking for this topic to be re-opened.

 

Chris Cosgrove






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users