Tweaking.com Support Forums
Main Forum => General Computer Support => Topic started by: Rick on May 08, 2018, 05:21:32 am
-
Already uninstalled, reinstalled
Combofix
Malware bytes
Image attached
-
Have you always had Combofix installed where MSE would run normally ?
Combofix is a very powerful program and shouldn't really be used without supervision - it has been known to take out system files.
I would get rid of Combofix and just stay with MBAM for a scanner - I assume you are using the free version of MBAM ?
-
Yes, it was necessary run combofix;
downloaded this tool;
http://www.thewindowsclub.com/repair-microsoft-security-essentials-with-fix-mse-utility
after re-installing MSE, this program says MSE is not installed;
-
So did this problem exist before running that tool ?
-
Don't need invent problems
-
I'm just trying to get some history on this.
-
Did find that;
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1"=hex(b):19,0d,da,5d,3f,04,ca,01
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
-
MSE Services is grayed out
-
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpSvc]
@=""
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,00,69,\
00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,\
00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,\
00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,\
65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,\
00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\
68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,\
00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\
73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,\
00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,\
63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,\
00,65,00,53,00,79,00,73,00,74,00,65,00,6d,00,45,00,6e,00,76,00,69,00,72,00,\
6f,00,6e,00,6d,00,65,00,6e,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,00,00
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,00,63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,\
00,73,00,6f,00,66,00,74,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,\
79,00,20,00,43,00,6c,00,69,00,65,00,6e,00,74,00,5c,00,4d,00,73,00,4d,00,70,\
00,45,00,6e,00,67,00,2e,00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="Microsoft Antimalware Service"
"Group"="COM Infrastructure"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="@c:\\Program Files\\Microsoft Security Client\\MpAsDesc.dll,-240"
"FailureActions"=hex:80,51,01,00,00,00,00,00,01,00,00,00,03,00,00,00,14,00,00,\
00,03,00,00,00,64,00,00,00,00,00,00,00,64,00,00,00,00,00,00,00,64,00,00,00
"FailureCommand"="C:\\windows\\system32\\mrt.exe /EHB /ServiceFailure \"CAMP=4.10.209.0;approximate-> Engine=1.1.14500.5;AVSIG=1.261.1581.0;ASSIG=1.261.1581.0\" /StartService /q"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsMpSvc\Security]
"Security"=hex:01,00,14,80,1c,01,00,00,28,01,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,ec,00,08,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,\
05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,ff,01,0f,\
00,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,\
57,00,77,6e,c0,02,64,87,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,\
00,00,00,3a,3f,54,17,c7,6d,22,66,67,bc,fc,c9,ee,26,9d,63,c9,b0,cf,b1,00,00,\
28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,00,00,6c,5d,d9,28,cc,d7,59,\
85,5a,0f,5a,55,be,f2,ab,71,4e,43,51,91,01,01,00,00,00,00,00,05,12,00,00,00,\
01,01,00,00,00,00,00,05,12,00,00,00
-
Download latest MSE engines;
https://support.microsoft.com/en-us/help/14210
-
Those registry entries are meaningless to me as I don't have anything to compare them with.
Event Viewer may be a better source of info.
What I'd like to know is if you downloaded anything immediately prior to this problem - that's what I mean by history - how and when did it occur.
-
Rick:
I don't want to hijack your thread. I only want to emphasize what Boggin has already advised you: don't use Combofix unless it is absolutely required, and then only under supervision. Please see this link (https://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/#entry1511502) for more information about the dangers of running Combofix, which is no longer being maintained.
I am a Malware Response Instructor over at Bleeping Computer. I have seen computers damaged, and, in all of the computers that I have disinfected from malware, I have never found it necessary to run Combofix. It is a very powerful program, and now that is not being maintained, the more recent Windows updates for Windows 7 and before (it is not compatible for Windows 8 and 10) could cause all kinds of unanticipated problems. I am suspicious that Combofix might have caused your issues.
You could always open a topic at Bleeping Computer in the Virus, Trojan, Spyware, and Malware Removal Logs Forum (https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/) and request that your computer be checked for malware. Please follow the instructions in this topic (https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/) before posting there.
If you do decide to seek help, please let Boggin know that you have gone there for assistance.
Have a great day, and good luck with getting your MSE working again.
Regards,
-Phil