Jump to content

ZeeBee

Honorary Members
 View Profile  See their activity

  • Posts

    24

  • Joined

  • Last visited

 Content Type 

Everything posted by ZeeBee

  1. ZeeBee
    Hi When I tried the updates they said it didn't apply to her system. I keep her up to date as regards to updates for all other programs running on her PC. I tried the Microsoft disable and enable tool on one of my laptops running the same OS and AV and they worked just fine for me so I'm guessing it must be something on her machine that's stopping the disable option. I posted on the Kaperksy forum like you suggested and will wait for a reply from them. Thank you very much for all your help
  2. ZeeBee
    Hi Its Kaspersky Security Scan which I originally ran to help find why Trend Micro was reporting so many threats to pages the lady who owns the laptop has never been to. There's no malware shes clean as I've run OTL and some other tools. I'm of the thinking now that she may be experiencing some kind of man in the middle attack and that's why I would love to tighten up her PC for her. I'm no techy at all just been using PCs for about a year and a half but am learning quite a bit. If you'd like to close the post please do as I think I've done all I can I will reinstall the operating system and try your links to see if it will work on version 1 of vista and then install the other two vista updates sp1 and 2. Sorry for the waffle and thanks for your kind help and your patience. Zeebee
  3. ZeeBee
    Hi No every option I try it still remains on. The Kapersky software is an on demand scanner so I don't think it would have any effect. I have tried all the options again with no protection activated on the computer and its still not working, it's still reported as enabled. I may try to re-installing the OS and try again as I cant see why it has no effect. Sorry it took a while to get back to you it's not my computer and I just help the old lady whose lappy it is so have to explain to her every time I help her out what I'm doing, she can just manage E-mail and copy and paste so far lol. Thank you for all the help given its much appreciated Firefox and Ron.
  4. ZeeBee
    Thank you Ron for your help..
  5. ZeeBee
    Hi I went through all the options you gave me in the link and it still says on the Kaspersky Security Scan's report that it needs to be disabled. Could there be something enabling it on again that I need to disable first? Thanks for your help and advice it's very much appreciated.
  6. ZeeBee
    Hi Thank you for the link. I tried all the ideas and it seems that none of them have worked for me the auto run feature is still on, both for the hard drive and network drive.
  7. ZeeBee
    Thanks
  8. ZeeBee
    Hi How do I disable autorun from hard drive and autorun from the network drive? please. Thanks for any help provided.
  9. ZeeBee
    Hi Could anyone recommend a good free hard drive cloning software for windows please... Thanks in advance
  10. ZeeBee
    Hi I ran ComboFix and after running it Google Chrome is running much much faster with quicker page loading time, although this could be down to the fact I changed the I.P at the same time to see if that stops the naughty stuff appearing in the firewalls security logs. ComboFix Log: ------------------- ComboFix 12-09-08.02 - DogWomen 08/09/2012 19:52:44.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3068.2127 [GMT 1:00] Running from: c:\users\DogWomen\Desktop\ComboFix.exe AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 ))))))))))))))))))))))))))))))) . . 2012-09-08 18:59 . 2012-09-08 19:00 -------- d-----w- c:\users\DogWomen\AppData\Local\temp 2012-09-08 18:59 . 2012-09-08 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-07 14:22 . 2012-09-07 14:22 -------- d-----w- c:\users\DogWomen\AppData\Roaming\Unity 2012-09-07 13:21 . 2012-09-08 16:31 -------- d-----w- c:\users\DogWomen\AppData\Local\Unity 2012-09-04 22:42 . 2012-09-04 22:42 -------- d-----w- c:\users\DogWomen\AppData\Roaming\PeerNetworking 2012-09-01 20:34 . 2012-09-01 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-01 20:34 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-01 20:24 . 2012-09-01 20:24 -------- d-----w- c:\users\DogWomen\AppData\Roaming\Malwarebytes 2012-09-01 20:24 . 2012-09-01 20:24 -------- d-----w- c:\programdata\Malwarebytes 2012-08-31 10:56 . 2012-08-31 10:56 -------- d-----w- c:\program files\CCleaner 2012-08-31 10:54 . 2012-08-31 10:54 -------- d-----w- c:\program files\Common Files\Java 2012-08-31 10:54 . 2012-08-31 10:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-08-31 10:00 . 2012-08-31 10:00 -------- d-----w- c:\users\DogWomen\AppData\Local\Secunia PSI 2012-08-31 08:01 . 2012-08-31 08:01 -------- d-----w- c:\programdata\Kaspersky Lab 2012-08-15 08:17 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 06:39 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2012-08-10 22:20 . 2012-08-10 22:20 -------- d-----w- c:\program files\HitmanPro . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-31 10:53 . 2012-06-07 22:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-08-31 10:53 . 2012-04-02 06:33 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-28 19:40 . 2012-06-28 19:40 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-17 21:10 . 2012-06-17 21:10 965120 ----a-w- c:\windows\system32\ac3filter.acm . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-06 1304824] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424] "Keyboard Manager Utility"="c:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-08-02 4128768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578839235-3445313455-2016934920-1000Core.job - c:\users\DogWomen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-02 22:12] . 2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578839235-3445313455-2016934920-1000UA.job - c:\users\DogWomen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-02 22:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ TCP: DhcpNameServer = 192.168.1.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-08 19:59 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\users\DogWomen\AppData\Local\Temp\catchme.dll 53248 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(284) c:\program files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEHook.dll c:\program files\Trend Micro\Titanium\plugin\TmvExt.dll c:\program files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll c:\program files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll . Completion time: 2012-09-08 20:04:17 ComboFix-quarantined-files.txt 2012-09-08 19:04 . Pre-Run: 188,218,855,424 bytes free Post-Run: 188,142,743,552 bytes free . - - End Of File - - 66865A5401508EA3A4E2F2EA9A3D8196 Thanks again for your help it is very much appreciated.
  11. ZeeBee
    Hi Yes I did the TDSKILLER scan but forgot to add the log, it was clean no infections. I did have a look at the routers firewall and the security section is full of "IDS dos parser : tcp syn flood", "FIREWALL icmp check (1 of 1): Protocol: ICMP", "IDS dos parser : tcp syn flood", "IDS proto parser : tcp null port", "IDS rate parser : tcp rate limiting", "IDS proto parser : tcp data on syn segment", "IDS scan parser : tcp syn scan: **.**.**.**. scanned at least 20 ports", "IDS scan parser : udp port scan: **.**.**.** scanned at least 20 ports". It goes back as long as the logs have recorded.Its not just once a week it is every day not one day has gone past in the security logs without some thing being recorded. I should say its not my computer or ISP I look after it for an elderly friend who needs a lot of help with her computer. Well thanks for your help at least the firewall is doing its job and there is no malware. All I need to do now is find out who is trying to gain access and why, easier said than done. Thanks again for your kind assistance.
  12. ZeeBee
    Hello Fss log ---------------- Farbar Service Scanner Version: 06-08-2012 Ran by DogWomen (administrator) on 07-09-2012 at 13:33:37 Running from "C:\Users\DogWomen\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** Checkup log ------------------ Results of screen317's Security Check version 0.99.50 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Trend Micro Titanium Maximum Security 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 CCleaner Java 7 Update 7 Adobe Reader X (10.1.4) Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Trend Micro AMSP coreServiceShell.exe Trend Micro UniClient UiFrmWrk uiWatchDog.exe Trend Micro AMSP coreFrameworkHost.exe Trend Micro Titanium plugin TMAS\TMAS_OE\TMAS_OEMon.exe Trend Micro Titanium plugin TMAS\TMAS_WLM\TMAS_WLMMon.exe Trend Micro UniClient UiFrmWrk uiSeAgnt.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log`````````````````````` Thank you.
  13. ZeeBee
    Hi I tried to run the ESET scan exactly as you described and the start button was totally unresponsive in IE. I did try all the advice on this page too http://go.eset.com/us/online-scanner/faq/ but nothing worked. So I downloaded the .exe version for Chrome and it ran OK. It did not save a log file in the folder as described. Does this matter as it found nothing so I don't think I have anything malicious on the PC it was just weird that a Geo-advert was blocked when I wasn't browsing and had not even opened the browser. Thank you for your kind help.
  14. ZeeBee
    Hi No I.M software is used on this on this computer. The logs as requested: DDS.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by DogWomen at 23:09:39 on 2012-09-05 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3068.2123 [GMT 1:00] . AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\rundll32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Google Update] "c:\users\dogwomen\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL "" mRun: [OE] "c:\program files\trend micro\titanium\plugin\tmas\tmas_oe\TMAS_OEMon.exe" mRun: [WLM] "c:\program files\trend micro\titanium\plugin\tmas\tmas_wlm\TMAS_WLMMon.exe" mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe" mRun: [Keyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{35BC6F49-C33A-42B7-9404-52F3F48F55E4} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{B5E8FDD2-6AE3-4AC0-BA78-616D7FA83328} : DhcpNameServer = 192.168.1.254 Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll . ============= SERVICES / DRIVERS =============== . R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-3-19 68368] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-3-19 200632] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-3-19 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-1 655944] R2 tmeevw;tmeevw;c:\windows\system32\drivers\tmeevw.sys [2012-3-19 55056] R2 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [2012-3-19 171280] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-1 22344] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2012-3-19 3658752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-6-9 43040] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-09-04 22:42:53 -------- d-----w- c:\users\dogwomen\appdata\roaming\PeerNetworking 2012-09-02 21:32:44 -------- d-----w- c:\program files\Secunia 2012-09-01 20:34:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-01 20:34:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-01 20:24:45 -------- d-----w- c:\users\dogwomen\appdata\roaming\Malwarebytes 2012-09-01 20:24:33 -------- d-----w- c:\programdata\Malwarebytes 2012-08-31 10:56:02 -------- d-----w- c:\program files\CCleaner 2012-08-31 10:54:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-08-31 10:00:39 -------- d-----w- c:\users\dogwomen\appdata\local\Secunia PSI 2012-08-31 08:01:55 -------- d-----w- c:\programdata\Kaspersky Lab 2012-08-15 08:17:51 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 06:39:44 623616 ----a-w- c:\windows\system32\localspl.dll 2012-08-10 22:20:42 -------- d-----w- c:\program files\HitmanPro . ==================== Find3M ==================== . 2012-08-31 10:53:42 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-08-31 10:53:42 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-17 21:10:08 965120 ----a-w- c:\windows\system32\ac3filter.acm . ============= FINISH: 23:09:56.32 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 19/03/2012 11:55:17 System Uptime: 05/09/2012 22:08:31 (1 hours ago) . Motherboard: Quanta | | TW8/SW8/DW8 Processor: Intel® Core2 Duo CPU P7350 @ 2.00GHz | CPU | 2000/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 224 GiB total, 171.015 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: USB Mass Storage Device Device ID: USB\VID_0BDA&PID_0158\20071114173400000 Manufacturer: Compatible USB storage device Name: USB Mass Storage Device PNP Device ID: USB\VID_0BDA&PID_0158\20071114173400000 Service: USBSTOR . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: USB Mass Storage Device Device ID: USB\VID_10D6&PID_1101\5&1C59D2A&0&2 Manufacturer: Compatible USB storage device Name: USB Mass Storage Device PNP Device ID: USB\VID_10D6&PID_1101\5&1C59D2A&0&2 Service: USBSTOR . ==== System Restore Points =================== . RP258: 15/08/2012 09:17:22 - Windows Update RP289: 28/08/2012 23:49:37 - Removed OpenOffice.org 3.4 RP290: 29/08/2012 00:01:32 - Installed OpenOffice.org 3.4.1 RP291: 31/08/2012 08:45:25 - Installed Java 6 Update 35 RP292: 31/08/2012 11:46:38 - Removed Java 6 Update 22 RP293: 31/08/2012 11:47:32 - Removed Java 6 Update 35 RP294: 31/08/2012 11:50:08 - Removed Java 6 Update 35 RP295: 31/08/2012 11:53:11 - Installed Java 7 Update 7 RP297: 31/08/2012 14:24:59 - Res01 RP306: 03/09/2012 09:37:49 - TITANUIMRES5[0x01111101] RP307: 03/09/2012 09:38:31 - TITANUIMRES5[0x01111101] RP308: 03/09/2012 11:32:17 - TITANUIMRES5[0x01111101] RP309: 03/09/2012 20:36:17 - Removed HiJackThis RP310: 04/09/2012 22:48:15 - TITANUIMRES5[0x01111101] RP311: 05/09/2012 12:33:30 - Scheduled Checkpoint RP312: 05/09/2012 15:36:17 - TITANUIMRES5[0x01111101] . ==== Installed Programs ====================== . Adobe Reader X (10.1.4) CCleaner EPSON Printer Software Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java 7 Update 7 Java Auto Updater Keyboard Manager Utility Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 NVIDIA Drivers OpenOffice.org 3.4.1 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Trend Micro Titanium Trend Micro Titanium Maximum Security 2012 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) . ==== Event Viewer Messages From Past Week ======== . 31/08/2012 08:39:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 31/08/2012 08:39:21, Error: EventLog [6008] - The previous system shutdown at 00:34:26 on 31/08/2012 was unexpected. 30/08/2012 09:34:51, Error: EventLog [6008] - The previous system shutdown at 09:31:55 on 30/08/2012 was unexpected. 05/09/2012 22:09:29, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 03/09/2012 15:09:57, Error: Microsoft-Windows-RasSstp [1] - The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The remote computer refused the network connection. 02/09/2012 14:18:26, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 02/09/2012 14:18:26, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). 02/09/2012 14:18:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 02/09/2012 14:18:26, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 02/09/2012 14:18:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} . ==== End Of File =========================== Thank you for your continued its much appreciated
  15. ZeeBee
    Thanks I did a full scan with my AV and full scan, flash scan with Mbam, Hitmanpro, TDSSkiller and nothing turned up. I have had the IP blocked message (same IP as above) turn up once when I was not even browsing the net just after the PC booted. Thank you again
  16. ZeeBee
    Hi I read a few ideas of what may have been the cause on the link http://forums.malwarebytes.org/index.php?showtopic=115307 but was not sure which was the right option. Thank you for the clarification and your help.
  17. ZeeBee
    I too have had this I.P 173.241.240.153 being blocked. Each time I get the message I'm on a totally unrelated site. Again I don't think I have any malware on this machine. Msg given by Mbam: IP-BLOCK 173.241.240.153 (Type: outgoing, Port: 52679, Process:coreserviceshell.exe ) In processes and it shows that the Process: Coreserviceshell.exe is Trend Micro Anti-malware solution platform. Do you use Trend micro by any chance? I noticed this post http://forums.malwarebytes.org/index.php?showtopic=114748 so I to visited major geeks and I too got the IP-BLOCK 173.241.240.153 (Type: outgoing, Port: 52679, Process:coreserviceshell.exe ) message again
  18. ZeeBee
    Thank you all for your kind help.
  19. ZeeBee
    Hi Just read it. So it is normal to take 2 mins to start then. Thank you both Porthos and Daledoc1 for your help.
  20. ZeeBee
    Thank you daledoc1 I tried your re-install and adding to the allow list on Mbam/Trend and it still takes 2 mins +. I had disabled all but the essential start up entries already and have the laptop set up for adjust for best possible performance. Should I check the windows services now? Thank you for any help provided.
  21. ZeeBee
    Hi I have installed Mbam pro onto a laptop along side Trend Micro Titanium Maximum security 2012 and its taking on average 2 mins to come on at start up. I have looked on the forum for an answer and only found http://forums.malwarebytes.org/index.php?showtopic=114826 which I tried but it didn't make any difference. Thanks for any assistance given.
  22. ZeeBee
    Hi I'm studding for my ethical hacker exam and on my reading travels I'm sure I read that hackers can use Ddos attacks to drop malicious scripts in as when the attack is underway there is a moment when the system becomes vulnerable. Is this correct?
  23. ZeeBee
    Hi does anyone know if Open DNS is any good or not? For instance is it safe to use and does it increase net speed and security a lot? The web page says it does but I was looking to hear from people who have used it before to get more information on it. http://www.opendns.com/ Thanks in advance for any feedback ZeeBee
  24. ZeeBee
    I have looked over the net to see if I can buy Malwarebytes pro from UK shops but can not find any listings. Do you sell Malwarebytes pro in any Uk shops please? Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.