[Auto run from the hard drive and network....]

Hi

When I tried the updates they said it didn't apply to her system. I keep her up to date as regards to updates for all other programs running on her PC.

I tried the Microsoft disable and enable tool on one of my laptops running the same OS and AV and they worked just fine for me so I'm guessing it must be something on her machine that's stopping the disable option.

I posted on the Kaperksy forum like you suggested and will wait for a reply from them.

Thank you very much for all your help

[Auto run from the hard drive and network....]

Hi

Its Kaspersky Security Scan which I originally ran to help find why Trend Micro was reporting so many threats to pages the lady who owns the laptop has never been to. There's no malware shes clean as I've run OTL and some other tools. I'm of the thinking now that she may be experiencing some kind of man in the middle attack and that's why I would love to tighten up her PC for her. I'm no techy at all just been using PCs for about a year and a half but am learning quite a bit. If you'd like to close the post please do as I think I've done all I can I will reinstall the operating system and try your links to see if it will work on version 1 of vista and then install the other two vista updates sp1 and 2.

Sorry for the waffle and thanks for your kind help and your patience.

Zeebee

[Auto run from the hard drive and network....]

Hi

No every option I try it still remains on. The Kapersky software is an on demand scanner so I don't think it would have any effect. I have tried all the options again with no protection activated on the computer and its still not working, it's still reported as enabled.

I may try to re-installing the OS and try again as I cant see why it has no effect. Sorry it took a while to get back to you it's not my computer and I just help the old lady whose lappy it is so have to explain to her every time I help her out what I'm doing, she can just manage E-mail and copy and paste so far lol.

Thank you for all the help given its much appreciated Firefox and Ron.

[Auto run from the hard drive and network....]

Thank you Ron for your help..

[Auto run from the hard drive and network....]

Hi

I went through all the options you gave me in the link and it still says on the Kaspersky Security Scan's report that it needs to be disabled. Could there be something enabling it on again that I need to disable first?

Thanks for your help and advice it's very much appreciated.

[Auto run from the hard drive and network....]

Hi

Thank you for the link.

I tried all the ideas and it seems that none of them have worked for me the auto run feature is still on, both for the hard drive and network drive.

[Best free clone software]

Thanks

[Auto run from the hard drive and network....]

Hi

How do I disable autorun from hard drive and autorun from the network drive? please.

Thanks for any help provided.

[Best free clone software]

Hi

Could anyone recommend a good free hard drive cloning software for windows please...

Thanks in advance

[Blocked IP]

Hi

I ran ComboFix and after running it Google Chrome is running much much faster with quicker page loading time, although this could be down to the fact I changed the I.P at the same time to see if that stops the naughty stuff appearing in the firewalls security logs.

ComboFix Log:

-------------------

ComboFix 12-09-08.02 - DogWomen 08/09/2012 19:52:44.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3068.2127 [GMT 1:00]

Running from: c:\users\DogWomen\Desktop\ComboFix.exe

AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))

.

.

2012-09-08 18:59 . 2012-09-08 19:00 -------- d-----w- c:\users\DogWomen\AppData\Local\temp

2012-09-08 18:59 . 2012-09-08 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-07 14:22 . 2012-09-07 14:22 -------- d-----w- c:\users\DogWomen\AppData\Roaming\Unity

2012-09-07 13:21 . 2012-09-08 16:31 -------- d-----w- c:\users\DogWomen\AppData\Local\Unity

2012-09-04 22:42 . 2012-09-04 22:42 -------- d-----w- c:\users\DogWomen\AppData\Roaming\PeerNetworking

2012-09-01 20:34 . 2012-09-01 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-01 20:34 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-01 20:24 . 2012-09-01 20:24 -------- d-----w- c:\users\DogWomen\AppData\Roaming\Malwarebytes

2012-09-01 20:24 . 2012-09-01 20:24 -------- d-----w- c:\programdata\Malwarebytes

2012-08-31 10:56 . 2012-08-31 10:56 -------- d-----w- c:\program files\CCleaner

2012-08-31 10:54 . 2012-08-31 10:54 -------- d-----w- c:\program files\Common Files\Java

2012-08-31 10:54 . 2012-08-31 10:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-31 10:00 . 2012-08-31 10:00 -------- d-----w- c:\users\DogWomen\AppData\Local\Secunia PSI

2012-08-31 08:01 . 2012-08-31 08:01 -------- d-----w- c:\programdata\Kaspersky Lab

2012-08-15 08:17 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 06:39 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll

2012-08-10 22:20 . 2012-08-10 22:20 -------- d-----w- c:\program files\HitmanPro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-31 10:53 . 2012-06-07 22:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-31 10:53 . 2012-04-02 06:33 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-28 19:40 . 2012-06-28 19:40 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-06-17 21:10 . 2012-06-17 21:10 965120 ----a-w- c:\windows\system32\ac3filter.acm

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-06 1304824]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]

"Keyboard Manager Utility"="c:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-08-02 4128768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578839235-3445313455-2016934920-1000Core.job

- c:\users\DogWomen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-02 22:12]

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-578839235-3445313455-2016934920-1000UA.job

- c:\users\DogWomen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-02 22:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-08 19:59

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\users\DogWomen\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(284)

c:\program files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEHook.dll

c:\program files\Trend Micro\Titanium\plugin\TmvExt.dll

c:\program files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll

c:\program files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll

.

Completion time: 2012-09-08 20:04:17

ComboFix-quarantined-files.txt 2012-09-08 19:04

.

Pre-Run: 188,218,855,424 bytes free

Post-Run: 188,142,743,552 bytes free

.

- - End Of File - - 66865A5401508EA3A4E2F2EA9A3D8196

Thanks again for your help it is very much appreciated.

[Blocked IP]

Hi

Yes I did the TDSKILLER scan but forgot to add the log, it was clean no infections. I did have a look at the routers firewall and the security section is full of

"IDS dos parser : tcp syn flood", "FIREWALL icmp check (1 of 1): Protocol: ICMP", "IDS dos parser : tcp syn flood", "IDS proto parser : tcp null port", "IDS rate parser : tcp rate limiting", "IDS proto parser : tcp data on syn segment", "IDS scan parser : tcp syn scan: **.**.**.**. scanned at least 20 ports", "IDS scan parser : udp port scan: **.**.**.** scanned at least 20 ports". It goes back as long as the logs have recorded.Its not just once a week it is every day not one day has gone past in the security logs without some thing being recorded.

I should say its not my computer or ISP I look after it for an elderly friend who needs a lot of help with her computer.

Well thanks for your help at least the firewall is doing its job and there is no malware.

All I need to do now is find out who is trying to gain access and why, easier said than done.

Thanks again for your kind assistance.

[Blocked IP]

Hello

Fss log

----------------

Farbar Service Scanner Version: 06-08-2012

Ran by DogWomen (administrator) on 07-09-2012 at 13:33:37

Running from "C:\Users\DogWomen\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Checkup log

------------------

Results of screen317's Security Check version 0.99.50

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Trend Micro Titanium Maximum Security 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

CCleaner

Java 7 Update 7

Adobe Reader X (10.1.4)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Trend Micro AMSP coreServiceShell.exe

Trend Micro UniClient UiFrmWrk uiWatchDog.exe

Trend Micro AMSP coreFrameworkHost.exe

Trend Micro Titanium plugin TMAS\TMAS_OE\TMAS_OEMon.exe

Trend Micro Titanium plugin TMAS\TMAS_WLM\TMAS_WLMMon.exe

Trend Micro UniClient UiFrmWrk uiSeAgnt.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

Thank you.

[Blocked IP]

Hi

I tried to run the ESET scan exactly as you described and the start button was totally unresponsive in IE. I did try all the advice on this page too http://go.eset.com/us/online-scanner/faq/ but nothing worked. So I downloaded the .exe version for Chrome and it ran OK.

It did not save a log file in the folder as described. Does this matter as it found nothing so I don't think I have anything malicious on the PC it was just weird that a Geo-advert was blocked when I wasn't browsing and had not even opened the browser.

Thank you for your kind help.

[Blocked IP]

Hi

No I.M software is used on this on this computer.

The logs as requested:

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by DogWomen at 23:09:39 on 2012-09-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3068.2123 [GMT 1:00]

.

AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEMon.exe

C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll

BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Google Update] "c:\users\dogwomen\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""

mRun: [OE] "c:\program files\trend micro\titanium\plugin\tmas\tmas_oe\TMAS_OEMon.exe"

mRun: [WLM] "c:\program files\trend micro\titanium\plugin\tmas\tmas_wlm\TMAS_WLMMon.exe"

mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"

mRun: [Keyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{35BC6F49-C33A-42B7-9404-52F3F48F55E4} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{B5E8FDD2-6AE3-4AC0-BA78-616D7FA83328} : DhcpNameServer = 192.168.1.254

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll

.

============= SERVICES / DRIVERS ===============

.

R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-3-19 68368]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]

R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-3-19 200632]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-3-19 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-1 655944]

R2 tmeevw;tmeevw;c:\windows\system32\drivers\tmeevw.sys [2012-3-19 55056]

R2 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [2012-3-19 171280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-1 22344]

R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2012-3-19 3658752]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-6-9 43040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-09-04 22:42:53 -------- d-----w- c:\users\dogwomen\appdata\roaming\PeerNetworking

2012-09-02 21:32:44 -------- d-----w- c:\program files\Secunia

2012-09-01 20:34:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-01 20:34:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-01 20:24:45 -------- d-----w- c:\users\dogwomen\appdata\roaming\Malwarebytes

2012-09-01 20:24:33 -------- d-----w- c:\programdata\Malwarebytes

2012-08-31 10:56:02 -------- d-----w- c:\program files\CCleaner

2012-08-31 10:54:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-31 10:00:39 -------- d-----w- c:\users\dogwomen\appdata\local\Secunia PSI

2012-08-31 08:01:55 -------- d-----w- c:\programdata\Kaspersky Lab

2012-08-15 08:17:51 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 06:39:44 623616 ----a-w- c:\windows\system32\localspl.dll

2012-08-10 22:20:42 -------- d-----w- c:\program files\HitmanPro

.

==================== Find3M ====================

.

2012-08-31 10:53:42 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-31 10:53:42 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-17 21:10:08 965120 ----a-w- c:\windows\system32\ac3filter.acm

.

============= FINISH: 23:09:56.32 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 19/03/2012 11:55:17

System Uptime: 05/09/2012 22:08:31 (1 hours ago)

.

Motherboard: Quanta | | TW8/SW8/DW8

Processor: Intel® Core2 Duo CPU P7350 @ 2.00GHz | CPU | 2000/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 224 GiB total, 171.015 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: USB Mass Storage Device

Device ID: USB\VID_0BDA&PID_0158\20071114173400000

Manufacturer: Compatible USB storage device

Name: USB Mass Storage Device

PNP Device ID: USB\VID_0BDA&PID_0158\20071114173400000

Service: USBSTOR

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: USB Mass Storage Device

Device ID: USB\VID_10D6&PID_1101\5&1C59D2A&0&2

Manufacturer: Compatible USB storage device

Name: USB Mass Storage Device

PNP Device ID: USB\VID_10D6&PID_1101\5&1C59D2A&0&2

Service: USBSTOR

.

==== System Restore Points ===================

.

RP258: 15/08/2012 09:17:22 - Windows Update

RP289: 28/08/2012 23:49:37 - Removed OpenOffice.org 3.4

RP290: 29/08/2012 00:01:32 - Installed OpenOffice.org 3.4.1

RP291: 31/08/2012 08:45:25 - Installed Java 6 Update 35

RP292: 31/08/2012 11:46:38 - Removed Java 6 Update 22

RP293: 31/08/2012 11:47:32 - Removed Java 6 Update 35

RP294: 31/08/2012 11:50:08 - Removed Java 6 Update 35

RP295: 31/08/2012 11:53:11 - Installed Java 7 Update 7

RP297: 31/08/2012 14:24:59 - Res01

RP306: 03/09/2012 09:37:49 - TITANUIMRES5[0x01111101]

RP307: 03/09/2012 09:38:31 - TITANUIMRES5[0x01111101]

RP308: 03/09/2012 11:32:17 - TITANUIMRES5[0x01111101]

RP309: 03/09/2012 20:36:17 - Removed HiJackThis

RP310: 04/09/2012 22:48:15 - TITANUIMRES5[0x01111101]

RP311: 05/09/2012 12:33:30 - Scheduled Checkpoint

RP312: 05/09/2012 15:36:17 - TITANUIMRES5[0x01111101]

.

==== Installed Programs ======================

.

Adobe Reader X (10.1.4)

CCleaner

EPSON Printer Software

Google Chrome

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java 7 Update 7

Java Auto Updater

Keyboard Manager Utility

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

NVIDIA Drivers

OpenOffice.org 3.4.1

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Trend Micro Titanium

Trend Micro Titanium Maximum Security 2012

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

.

==== Event Viewer Messages From Past Week ========

.

31/08/2012 08:39:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

31/08/2012 08:39:21, Error: EventLog [6008] - The previous system shutdown at 00:34:26 on 31/08/2012 was unexpected.

30/08/2012 09:34:51, Error: EventLog [6008] - The previous system shutdown at 09:31:55 on 30/08/2012 was unexpected.

05/09/2012 22:09:29, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

03/09/2012 15:09:57, Error: Microsoft-Windows-RasSstp [1] - The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The remote computer refused the network connection.

02/09/2012 14:18:26, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

02/09/2012 14:18:26, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

02/09/2012 14:18:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

02/09/2012 14:18:26, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

02/09/2012 14:18:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

.

==== End Of File ===========================

Thank you for your continued its much appreciated

[Blocked IP]

Thanks I did a full scan with my AV and full scan, flash scan with Mbam, Hitmanpro, TDSSkiller and nothing turned up. I have had the IP blocked message (same IP as above) turn up once when I was not even browsing the net just after the PC booted.

Thank you again

[Blocked IP]

Hi

I read a few ideas of what may have been the cause on the link http://forums.malwarebytes.org/index.php?showtopic=115307 but was not sure which was the right option.

Thank you for the clarification and your help.

[Blocked IP]

I too have had this I.P 173.241.240.153 being blocked. Each time I get the message I'm on a totally unrelated site. Again I don't think I have any malware on this machine.

Msg given by Mbam:

IP-BLOCK 173.241.240.153 (Type: outgoing, Port: 52679, Process:coreserviceshell.exe )

In processes and it shows that the Process: Coreserviceshell.exe is Trend Micro Anti-malware solution platform. Do you use Trend micro by any chance?

I noticed this post http://forums.malwarebytes.org/index.php?showtopic=114748 so I to visited major geeks and I too got the

IP-BLOCK 173.241.240.153 (Type: outgoing, Port: 52679, Process:coreserviceshell.exe ) message again

[Mbam pro taking 2mins average to come on at start up]

Thank you all for your kind help.

[Mbam pro taking 2mins average to come on at start up]

Hi

Just read it.

So it is normal to take 2 mins to start then.

Thank you both Porthos and Daledoc1 for your help.

[Mbam pro taking 2mins average to come on at start up]

Thank you daledoc1

I tried your re-install and adding to the allow list on Mbam/Trend and it still takes 2 mins +.

I had disabled all but the essential start up entries already and have the laptop set up for adjust for best possible performance.

Should I check the windows services now?

Thank you for any help provided.

[Mbam pro taking 2mins average to come on at start up]

Hi I have installed Mbam pro onto a laptop along side Trend Micro Titanium Maximum security 2012 and its taking on average 2 mins to come on at start up. I have looked on the forum for an answer and only found http://forums.malwarebytes.org/index.php?showtopic=114826 which I tried but it didn't make any difference.

Thanks for any assistance given.

[How to prevent DDoS attack]

Hi I'm studding for my ethical hacker exam and on my reading travels I'm sure I read that hackers can use Ddos attacks to drop malicious scripts in as when the attack is underway there is a moment when the system becomes vulnerable. Is this correct?

[Open DNS]

Hi does anyone know if Open DNS is any good or not? For instance is it safe to use and does it increase net speed and security a lot? The web page says it does but I was looking to hear from people who have used it before to get more information on it.

http://www.opendns.com/

Thanks in advance for any feedback

ZeeBee

[Do you sell malwarebytes pro in uk shops?]

I have looked over the net to see if I can buy Malwarebytes pro from UK shops but can not find any listings. Do you sell Malwarebytes pro in any Uk shops please?

Thank you