Jump to content

chimpy

Honorary Members
  • Posts

    819
  • Joined

  • Last visited

Everything posted by chimpy

  1. I don't own one of those pocket ereaders but I would like to read books on my PC, does anyone have recommendations for any?
  2. I do have the lastest copy but I have not tried to uninstall and reinstall, I have ran scans and the PC is clean, I thought it might be a glitch EDIT I thought I had the lastest but I had not, I have installed it so I hope that will solve the issue.
  3. This has happened only twice in the past few months, but Opera, when I click the icon, comes up with the elevated admin box for my to complete with a password. I click to close it and it opens fine, I close it down and reopen it and it doesn't happen again. Anyone had this odd issue?
  4. Thanks buttons, I will take note of that site. I think it must have just come on a disc I got when I bought the PC (Just noticed it was there ) I wonder why the MS file is in with them though msvcr70.dll, that must be in the wrong place?
  5. Can anyone explain this then? I noticed it on my HJT log (I am clean) but... O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe Googling that entry gets a few reds on the WOT scale. I have looked at the file and it seem to be about a label printer? apart from msvcr70.dll which seems to be Microsofts runtime library, if thats the case isn't that in the wrong place?
  6. I use Wifi. Microsoft Windows [Version 6.0.6002] Copyright © 2006 Microsoft Corporation. All rights reserved. C:\Users\panda>ping www.yahoo.com Pinging eu-fp.wa1.b.yahoo.com [87.248.122.122] with 32 bytes of data: Reply from 87.248.122.122: bytes=32 time=61ms TTL=54 Reply from 87.248.122.122: bytes=32 time=60ms TTL=54 Reply from 87.248.122.122: bytes=32 time=61ms TTL=54 Reply from 87.248.122.122: bytes=32 time=59ms TTL=54 Ping statistics for 87.248.122.122: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 59ms, Maximum = 61ms, Average = 60ms Thats the ping, but does this explain why my PC is independently trying to access my router?
  7. I don't really config my machine so that only way I knew it failed pings were the first time I took the test, but the router issue has only just started happening a week or two ago, so I don't think its connected?
  8. Checked the HJT thread and PC is clean so... This is the netstat /b log from the other day. I cannot read these logs though but thought they may help in finding out why my PC is doing this? Microsoft Windows [Version 6.0.6002] Copyright
  9. Thanks Gammo. Did I have an infection? The Gmer logs only ran that once and wouldn't let me run when untick the box stated in the instructions was unticked (it started to run and found alot more but then crashed, once with a BSOD)I think the SB one was a FP but not sure, Plus I am still having issues with my PC trying to access my router This is the netstat /b log from the other day. I cannot read these logs though but thought they may help in finding out why my PC is doing this? Microsoft Windows [Version 6.0.6002] Copyright
  10. I did the TFC and let it reboot. This is the new MBAM scan. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4591 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 10/09/2010 23:56:31 mbam-log-2010-09-10 (23-56-31).txt Scan type: Quick scan Objects scanned: 144245 Time elapsed: 8 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I scanned with ESET and it made me install a active x to run it? It ran for 1 hours 41 minutes and found nothing, didn't give me the option to export the results. I clicked uninstall when it closes. Can you see anything in the scans? Thanks.
  11. Thanks. I couldn't turn off my AV or place Combofix on my desktop, I just ran it from the download. ComboFix 10-09-08.03 - myname 09/09/2010 22:10:29.3.2 - x86 Microsoft
  12. I started a thread here http://forums.malwarebytes.org/index.php?showforum=6 and I have no idea why it is doing what its doing but possibly as someone suggested it might be an infection so I thought best to check here. I have scanned with MBAM, AVG 9 free and SAS and are clean. This is my HJT log but I think its the old version not sure if that makes a difference? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:18:53, on 07/09/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Windows\vsnp2uvc.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Sandboxie\SandboxieRpcSs.exe C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\Explorer.exe C:\Windows\system32\Dwm.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost # IPv6 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s O4 - HKCU\..\Run: [HostsServer] "C:\Program Files\HostsMan\hostssrv.exe" --start O4 - HKCU\..\RunOnce: [FPVInstaller] C:\Users\amanda\AppData\Local\Temp\FUJIFILM\InstallRestart.exe O4 - HKCU\..\RunOnce: [EZVInstaller] C:\Program Files\FinePixViewerS\INSTALLGUIDE\FPVSGuide.exe O4 - HKUS\S-1-5-21-2069415660-1087055719-4139926696-1001\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'panda') O4 - HKUS\S-1-5-21-2069415660-1087055719-4139926696-1001\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User 'panda') O4 - HKUS\S-1-5-21-2069415660-1087055719-4139926696-1001\..\Run: [Google Update] "C:\Users\panda\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'panda') O4 - Global Startup: Exif Launcher S.lnk = ? O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O13 - Gopher Prefix: O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 7738 bytes Spybot found these (I hope you can see the image) But as it wouldnt let me fix them due to me not being logged in as a admin they are still there. I googled them and WOT said the ratings for some were bad, but I have hostsman so the hosts should be ok? least I thought. Thank you. Edit I re scanned in admin mode and removed these entries. I am scanning again to see if anything is left. (Edit, that scan was clean) And here is my MBAM quick scan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4563 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 07/09/2010 18:28:54 mbam-log-2010-09-07 (18-28-54).txt Scan type: Quick scan Objects scanned: 141614 Time elapsed: 6 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I have uploaded the gmer but its scanned on opening so I could not uncheck the boxes like it says in the thread, when I then went to uncheck and scan again it crashed, I closed gmer and tried to download a new copy and opening it gave me my first ever blue screen of death and it does have more entries on the second scan (I have tried this twice now and the application just crashes) Tried to run dds log but after the black screen appeared I just kept getting the elevated user prompt, which I inputted alot of times but still it kept appearing, even trying to cancel that didn't work and finally the black screen just went Edit I turned off the prompt so here is my dds log ark.txt ark.txt DDSlog1.txt ddslog2.txt
  13. I think I will post on the infect thread then
  14. Thanks Yardbird, I have reset and its still the same, its a Netgear DG934 and the IP that is trying to access it is mine I think, 192. one is the same number you put in the url bar (apart from the last two digits are 02 and not 01), so why is and what is trying to access it on my PC is now the question
  15. I am getting them every 25 minutes, to the second. Mon, 2010-09-06 22:35:40 - Administrator login failure - IP:192xxxxxx Mon, 2010-09-06 23:00:40 - Administrator login failure - IP:192xxxxxx Mon, 2010-09-06 23:25:40 - Administrator login failure - IP:192xxxxxx Mon, 2010-09-06 23:50:40 - Administrator login failure - IP:192xxxxxx Tue, 2010-09-07 00:15:40 - Administrator login failure apart from the last one here which is me logging in. This is odd and I have no idea what it means, anyone have a idea? I have reset it, changed passwords, and yet it still is happening, is something on my PC trying to access it?
  16. Thanks, by program files what I meant was when you typed the name into start menu > all programs, that was the only way I could find it, and thanks for the other link.
  17. Leaktest failed, my windows firewall didn't ask even ask me, even though I know I have that option ticked... Unless thats down to me using a limited account? But even then it should have at least stopped it. I would get another firewall but config is not my strange point and vistas firewall is supposed to be ok. I can't say I know entirely what the other's do so I think I will just leave them for now and keep a eye on the situation, thanks for your help Edit How to I remove leaktest? I see it in all programs but its not under add/remove and Revo doesn't show it.
  18. Thanks here is what it say's I did it while non sandboxed File Sharing " Attempting connection to your computer. . . Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet! Your Internet port 139 does not appear to exist! One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion. Unable to connect with NetBIOS to your computer. All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet." Common ports "Solicited TCP Packets: PASSED
  19. Well on my computer is says I use WPA Personal and TKIP, and I checked my firewall and nothing unusual was ticked.
  20. I'm not sure, I use WPA PSK but I admit this was the first time in 3 or so years I have changed the PW for it as to be honest I didn't know how, I even locked myself out of the web before working it out
  21. Can someone else access my router, that is through the url 192. etc? I had a few "Administrator login failure" in the logs, when I had not tried to access them, then I noticed that I was getting the Firefox "can't access web page" on a refresh for a few mins and then I checked my logs again and I got the same "Administrator login failure" at the time I was refreshing, and I got that Firefox screen quite a few times tonight. I changed the password and network key but still I had had the "Administrator login failure" on a refresh, I have scanned with MBAM and it was clean, I use Sandboxie 90% of the time so I am confused as to why this happened. Plus it happened at between 1am and 7am. Thanks
  22. if you like things like that then this site is a good one hxxp://lab.andre-michelle.com/ with this being my favourite hxxp://lab.andre-michelle.com/tonematrix
  23. Google, it just is better for me.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.