Jump to content

Daleus

Members
 View Profile  See their activity

  • Posts

    16

  • Joined

  • Last visited

 Content Type 

Everything posted by Daleus

  1. Daleus
    Well of course I will...lol. Bad day Friday, I should have thought of this myself. Enjoy! Dale klnagent.zip
  2. Daleus
    Hiya Nathan, Thanks for the response. Unfortunately, the forum won't let me upload an executable, even when it's renamed to something else. Perhaps the people at Kaspersky can offer some help?
  3. Daleus
    And here are attached the zips from after the reboot. I didn't want to reboot, because the program said the files were scheduled for deletion on boot. As it turns out after the reboot I *was* able to move the entries from quarantine. Malwarebytes Anti-Ransomware_after reboot.zip logs_after reboot.zip
  4. Daleus
    Silly program has marked Kaspersky's Network agent piece - klnagent.exe - and scheduled it to be deleted on reboot. I am as a resault unable to restore it from quarantine. It's has even removed the registry key that controls it - HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\klnagent It's already bad that this require a reinstall of my virus checker, but it's even worse that I am unable to move the affected resources out of quarantine. This surely is an error of some sort. What's the point of releasing software of any kind that doesn't allow you to back out of it's own errors? Or is it so beta the Restore button doesn't do anything yet? Anyway, it is Beta, so it's not surprising. The fact that it is an MBAM product arsing it up is highly unusual, and a bit disappointing. I have attached the specified files, however, they may not be what you want as I did them BEFORE a reboot - I was hoping to find a way out of quarantine, but haven't. Cheers! Malwarebytes Anti-Ransomware.zip logs.zip
  5. Daleus
    However, I do not want to disable the popuyps. I'd rather get to the root of the cause and prevent it in some way. I do not use P2P programs, but I am getting an IP stopped popup every 5-10 minutes, always for the same two IP addresses. I read somewhere that I can get better details about the threat, by reading the protection logfiles. So I had a look at those files and they are all empty except for a "0" character. Not much useful info there.
  6. Daleus
    Yes Ron. Sorry for the slow response, I am out and about most of the day and don't always remember to check here everyday.
  7. Daleus
    Sorry I never got this message, either here on the forum or in my mailbox.
  8. Daleus
    Darn that I can't edit a posting. Ron I also wan't to point out that MBAM, even after this error first occured, has always been able to run when scheduled for a scan, and get the latest updates without any intervention from me. It also updated the program version either yesterday afternoon or this morning without prompting. (If this is any help)
  9. Daleus
    Here is the error thrown by this iteration of MBAM, directly from the Application Event Log: Event Type: Error Event Source: MBAMService Event Category: None Event ID: 1 Date: 6/18/2009 Time: 2:32:15 PM User: N/A Computer: SID12821 Description: The description for Event ID ( 1 ) in Source ( MBAMService ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: MBAMService, mbamservice.exe: CreateFile failed with error code 5. Thanks Ron. (BTW, the boss said screw the legacy apps, deal withit later, so here I is)
  10. Daleus
    Ron it's going to take me several days to cleanup all this stuff, stuff that is outdated for a reason. There are a lot of legacy apps in use here on campus, so it will take significant time to track all the dependancies. I have done thorough scans for virii and malware including with yours and other products, and have come up clean. I was hoping I could get a simple answer to the errorcode. The product was working fine with Trend in place for a couple of weeks before this error cropped up. Cheers for now!
  11. Daleus
    Here is DDS.txt: DDS (Ver_09-05-14.01) - NTFSx86 Run by Dpoole at 8:11:59.48 on Wed 06/17/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1391 [GMT -3:00] FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {5A5F55B4-5CAA-48D0-BFFA-B21D837A137B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\System32\svchost.exe -k eapsvcs svchost.exe C:\WINDOWS\System32\svchost.exe -k dot3svc C:\WINDOWS\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Novell\ZENworks\nalntsrv.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Novell\ZENworks\wm.exe C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\Program Files\Novell\Zenworks\NALDESK.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dpmw32.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\iprntlgn.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\John's Background Switcher\BackgroundSwitcher.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Mmm\Mmm.exe C:\Program Files\FileBX\FileBX.exe C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe D:\Tempest\Portable Apps\MouseActivate.exe D:\Tempest\_Tools\Misc\SmartTab.exe D:\Tempest\_Tools\tclock2_120\tclock2.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Novell\GroupWise\grpwise.exe C:\GroupWise\Messenger\NMCL32.exe C:\Program Files\PSMenu\psmenu.exe C:\Novell\GroupWise\GWSync.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\default\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen BHO: AutorunsDisabled - No File BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [backgroundSwitcher] c:\program files\john's background switcher\BackgroundSwitcher.exe uRun: [Mmm] "c:\program files\mmm\Mmm.exe" mRun: [NDPS] c:\windows\system32\dpmw32.exe mRun: [NWTRAY] NWTRAY.EXE mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\default\startm~1\programs\startup\karen'~1.lnk - c:\program files\karen's power tools\replicator\PTReplicator.exe StartupFolder: c:\docume~1\default\startm~1\programs\startup\mousea~1.lnk - d:\tempest\portable apps\MouseActivate.exe StartupFolder: c:\docume~1\default\startm~1\programs\startup\smarttab.lnk - d:\tempest\_tools\misc\SmartTab.exe StartupFolder: c:\docume~1\default\startm~1\programs\startup\tclock2.lnk - d:\tempest\_tools\tclock2_120\tclock2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\filebo~1.lnk - c:\program files\filebx\FileBX.exe uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: NoActiveDesktop = 00000000 mPolicies-system: CompatibleRUPSecurity = 1 (0x1) IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta IE: Web Capture - c:\program files\smarthru office\WebCapture.dll IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://www.kccsoft.com/authorware_web_files/awswaxd.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxp://www.vistatestdrive.com/ActiveX/VMRCActiveXClient1.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142950463906 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142950504500 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {AA8E821F-8B1F-41DD-B984-A02A84725ABF} = 137.149.3.1,137.149.3.2 TCP: {F36F0F3A-3BCB-40E6-8209-10EE807C99FD} = 137.149.3.1,137.149.3.2 Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxdev.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: {b4870b70-f390-11d2-9fb9-f4ed725ea20d} - c:\program files\novell\zenworks\NalExpEx.dll LSA: Authentication Packages = msv1_0 nwv1_0 ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\default\applic~1\mozilla\firefox\profiles\hhvft8i2.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://snares.cs.upei.ca/cscentral/tracker|http://snares.cs.upei.ca/rt3 FF - plugin: c:\documents and settings\default\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npnipp.dll FF - plugin: c:\program files\mozilla firefox\plugins\nppsynth.dll FF - plugin: c:\windows\system32\photosynth\nppsynth.dll ============= SERVICES / DRIVERS =============== R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2007-11-29 34671] R1 pfmfs_178;pfmfs_178;c:\windows\system32\drivers\pfmfs_178.sys [2008-7-31 144856] R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [2000-6-8 50176] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2005-11-9 36368] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-9-3 19096] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-9-3 194832] S2 OfcPfwSvc;OfficeScanNT Personal Firewall;c:\program files\trend micro\officescan client\OfcPfwSvc.exe [2005-11-17 233552] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2005-11-9 225296] S2 USBDLM;USBDLM;c:\tempest\_tools\usb tools\drive letter manager\usbdlm.exe --> c:\tempest\_tools\usb tools\drive letter manager\USBDLM.exe [?] S3 cpuz129;cpuz129;\??\c:\program files\pc wizard 2008\pcwiz32.sys --> c:\program files\pc wizard 2008\pcwiz32.sys [?] S3 Ingres_Database_II;Ingres Intelligent Database [iI];"c:\ingresii\ingres\bin\servproc.exe" --> c:\ingresii\ingres\bin\servproc.exe [?] S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\drivers\MRVW23B.sys [2007-11-7 231040] S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2007-11-7 299904] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?] S3 nscmnt;Novell Local Security Context Manager;c:\windows\system32\drivers\novell\nscmnt.sys [2004-3-3 25616] S3 SSDefrag;SSDefrag;c:\windows\system32\drivers\SSDefrag.sys [2007-10-31 37888] S3 xauthnt;Novell XTier Authentication Service;c:\windows\system32\drivers\novell\xauthnt.sys [2004-3-24 11640] S4 FileObjInfo;STFileDriver;\??\c:\tempest\_0_downloads\fileobjinfo.sys --> c:\tempest\_0_downloads\FileObjInfo.sys [?] S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe --> c:\magix\common\database\bin\fbserver.exe [?] S4 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?] =============== Created Last 30 ================ 2009-06-05 13:17 <DIR> --d----- c:\program files\Device Remover 2009-06-05 13:14 <DIR> --d----- c:\program files\DrWindows 2009-06-05 11:09 <DIR> --d----- c:\program files\nLite 2009-06-05 10:32 <DIR> --d----- c:\program files\Free PDF to Word Converter 2009-05-20 09:10 <DIR> --d----- c:\documents and settings\default\.storybook ==================== Find3M ==================== 2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-05-12 13:03 441,760 a------- c:\windows\system32\drivers\timntr.sys 2009-05-12 13:03 44,384 a------- c:\windows\system32\drivers\tifsfilt.sys 2009-05-12 13:03 132,224 a------- c:\windows\system32\drivers\snapman.sys 2009-05-12 13:03 368,480 a------- c:\windows\system32\drivers\tdrpman.sys 2009-05-07 12:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 12:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-29 01:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-29 01:56 827,392 -------- c:\windows\system32\dllcache\wininet.dll 2009-04-29 01:56 233,472 -------- c:\windows\system32\dllcache\webcheck.dll 2009-04-29 01:56 1,159,680 -------- c:\windows\system32\dllcache\urlmon.dll 2009-04-29 01:56 671,232 -------- c:\windows\system32\dllcache\mstime.dll 2009-04-29 01:56 105,984 -------- c:\windows\system32\dllcache\url.dll 2009-04-29 01:56 102,912 -------- c:\windows\system32\dllcache\occache.dll 2009-04-29 01:56 44,544 -------- c:\windows\system32\dllcache\pngfilt.dll 2009-04-29 01:56 3,596,288 -------- c:\windows\system32\dllcache\mshtml.dll 2009-04-29 01:56 477,696 -------- c:\windows\system32\dllcache\mshtmled.dll 2009-04-29 01:56 193,024 -------- c:\windows\system32\dllcache\msrating.dll 2009-04-28 06:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-28 06:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-25 02:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe 2009-04-25 02:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-04-17 09:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 09:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 11:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 11:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2009-03-21 11:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll 2008-07-31 15:08 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys 2008-02-25 14:03 88 ---shr-- c:\docume~1\alluse~1\applic~1\9E0816180F.sys 2004-10-01 16:00 40,960 a------- c:\program files\Uninstall_CDS.exe 2008-02-22 12:10 88 ---shr-- c:\windows\system32\9E0816180F.sys 2008-02-22 12:17 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys 2008-12-23 16:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122320081224\index.dat ============= FINISH: 8:12:38.35 =============== Thanks Attach.zip Attach.zip
  12. Daleus
    Ron, Hmmm....our license (I beleive) is shared with a group of universities here, and the main admins are not local. I'll see what I can do, but in the meantime I have emailed the info your suggested and am still awaiting an answer. Cheers!
  13. Daleus
    If I knew what a Cleverbridge Support ID was, I would do this. I am just a grunt on the frontline of support, so I'm not privy to the details of whatever arrangement we have with you. However, I will approach the tent full of swaggering, wine besotted Generals and see if I can retrieve said ID, without too severe of a whipping for my insubordination. Wish me luck...life in the trenches is not as glamourous as it would seem. Dale
  14. Daleus
    MBAMService, mbamservice.exe: CreateFile failed with error code 5. I get this error every morning when I startup my Windows XP system. The error line above is taken from the Windows Application Event Log. This started to occur several days after my firm bought a license and I started using the Protection module. Interestingly, the scheduled scans, sceduled for late rin the day, seem to complete as expected. Additionally, when this problem occured, I now get daily requests from Windows Defender, to "allow" the mbamswissarmyknife process to run. So my suspicion is that Windos Defender may be implicated in this problem. Any pointers, suggestions or solutions greatly appreciated. Dale Poole University of PEI Computer Services dpoole AT upei.ca
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.