Jump to content

Jintan

Experts
  • Content Count

    143
  • Joined

  • Last visited

Everything posted by Jintan

  1. Hello BlairWitch, It is likely pretty important which fan is making noise. The PSU fan, which shows in the back of the pc and is not accessible, should run all the time, as well as the CPU fan on your motherboard. But can you ID which fan is really the culprit there?
  2. Hello gonwk, I am not aware of Windows Defender, or Microsoft Safety Scanner, being considered effective tools against malware. Most anti-malware vendors have long lists of various malwares they recognize, but being able to protect against them, and/or remove them, is really the kicker. Avira is a well-respected antivirus, and if you have that and a solid anti-malware program (this Malwarebytes' forum suggests one good choice for that), and know how they work and keep them updated, you should do fine.
  3. No malware showing in these views, but really hadn't been any indications there was infection active there. The K9 web security software shows as running, but I am not sure it's functions would interfere with Malwarebytes, or at least not with just Malwarebytes running without glitches. You do have Trend's antivirus installed there. Their Internet Security package is known to interfere with Malwarebytes, as indicated at the top of this thread. See if the steps linked to there relate enough to your Trend version that you can make the necessary changes to Trend, to ensure it is not the cause of
  4. And Gmer. Running d4bwl7yw[1].exe; Driver CDOCUME~1TimLOCALS~1Tempkxrdqpow.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice FileSystemFastfat Fat fltmgr.sys (Microsoft Filesystem Filter ManagerMicrosoft Corporation) AttachedDevice DriverTcpip DeviceIp bckd.sys AttachedDevice DriverTcpip DeviceTcp bckd.sys AttachedDevice DriverTcpip DeviceUdp bckd.sys AttachedDevice DriverTcpip DeviceRawIp bckd.sys AttachedDevice DriverKbdclass DeviceKeyboardClass0 SynTP.sys (Synaptics Touchpad DriverSynaptics, Inc.) AttachedDev
  5. info.txt logfile of random's system information tool 1.06 2010-05-16 11:23:46 ======Uninstall list====== -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} Adobe Acrobat 8.2.2 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000003} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->C:\
  6. You didn't provide any additional details on the Malwarebytes "crash" you had mentioned, so to keep things flowing smoothly here be sure to help me with requested information. You also need to post any logs here, in your forum thread. Since I have them I will just go ahead and post them for you for now. Logfile of random's system information tool 1.07 (written by random/random) Run by Tim at 2010-05-16 11:23:43 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 61 GB (53%) free of 114 GB Total RAM: 511 MB (27% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:23
  7. Welcome to Malwarebytes forum tsdwoodruff, Crashes, in just shuts down without warning, or shuts down the computer? Same with "aborts" - what occurs when these issues occur you can post some details on? To avoid delays while awaiting your reply on that, let's also go ahead and get some scan log info posted here for review. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start -
  8. Sorry if tagging an old thread is against the rules, but as this was a past issue I thought to post here. This system, and the log info: Malwarebytes' Anti-Malware 1.31 Database version: 1593 Windows 5.1.2600 Service Pack 2 1/2/2009 12:15:51 PM mbam-log-2009-01-02 (12-15-51).txt Scan type: Full Scan (C:\|E:\|H:\|J:\|) Objects scanned: 219655 Time elapsed: 8 hour(s), 14 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infecte
  9. Good to go Bruce. I am sure the little Why's in Whyville will be grateful.
  10. Not my system, so best I could do in the time I had was to put the things back, and grab a copy of the log and the file. Never heard of Whyville before, but apparently it is a kid's site with emphasis on learning (whyville.net). Malwarebytes' Anti-Malware 1.44 Database version: 3628 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 2/1/2010 12:48:42 PM mbam-log-2010-02-01 (12-48-42).txt Scan type: Quick Scan Objects scanned: 127697 Time elapsed: 19 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 3
  11. Thanks. Malwarebytes' Anti-Malware 1.41 Database version: 2874 Windows 5.1.2600 Service Pack 3 9/30/2009 8:56:15 AM mbam-log-2009-09-30 (08-56-15).txt Files Infected: C:\WINDOWS\system32\drivers\ltmdmntt.sys (Rootkit.Agent.H) -> Quarantined and deleted successfully. http://www.virustotal.com/analisis/aa3bd4c...0660-1253029303 InternalName ltmodem.sys LegalCopyright Copyright LT 1997 OriginalFilename ltmodem.sys ProductName TOSHIBA V.90 Data+Fax Modem Version 6.08 ProductVersion 6.08 ltmdmntt.zip
  12. If I may ask, is this a laptop with one of those cursor stick pointing devices in the keyboard? What is the make and model as well please?
  13. At some point checks like these may be better off in a user options display, where the user is given info then offered the option to change the setting. Like some of SREng's panels. For now? Tough to predetermine who or what made these settings. But I have at least two threads where these were the reason the member started the thread, so must be others out there with similar concerns. Not critical, just issues.
  14. Hello, I have been getting a few threads that show no malware, they have Norton installed and keeping getting repeats like these: Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Especially the firewall one. As Norton does disable the Windows firewall, just going on assumptio
  15. A deleted, malware embedded (as usual) ISO copy of a cracked Autocad 2009 - currently selling for around 42,000 Swedish Krona. Someone there is a thief Marco, and other than potentially facing criminal charges should downloads like these be monitored such as those of the recording industries are (if my software sells for that much I surely would have my methods of knowing this), someone there has a serious problem with the concept of honesty. Why not do a web search right now using the following: 4EAE8F8E-0C2E-4814-9A04-635AFB9050AA The same Esset product code on someone else's system. Esset,
  16. Kaspersky will locate what you and I will then remove. Yes, it is slow going, but has been very up to date with current malware methods lately so will give us a fairly accurate look at things there.
  17. Good - only Eset and Daemon Tools functions being picked up by Gmer. I do have to be upfront with you Marco - the system has all the obvious indications of torrent use to steal expensive software, and then of course the nasty infection that comes with that. Just one of the softwares showing costs a few thousand kroners most likely, and other than it being stealing what is someone else's property, the only people who gain from these activities are here (and always appreciate the support they receive). No outright malware files or settings showing in these views at this point, but it does sound
  18. Mostly malware remnants in these views. You do have CiD's Messenger Plus! Live installed. This is the installer for it's Lop adware - what it calls a "sponsor". This also maintains it's own independent net access with CiD's servers. Although I don't see the adware portion active here, as we are removing malware and it's sources I will need you to uninstall Messenger Plus! Live through Add/Remove Programs as part of that. Should you wish to reinstall an adware vendor's products after we are through here that of course is your choice. Let's do some corrections then some repair scanning after.
  19. Welcome to Malwarebytes Eagles20, Yes, malware has placed it's own filtering function in the Winsock there, so is likely interfering with quite a bit of net access right now. Before we try to remove it from the Winsock though we are going to need to shut down the process itself. Let's see if we can use what you have on hand for now. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software thr
  20. Welcome to Malwarebytes Marco, Some infection settings still showing in this view, so let's get more details and see what still needs to be addressed there. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan. If necessary allow it to locate
  21. Hello Nick. Go ahead and completely remove all the self-promotional signature information please. Once you have done that run and post a new RSIT log. Also Go here and download reglooks.exe to your Desktop. Doubleclick on it to run it and when it has finished scanning, a log named result.txt will open in Notepad. Copy the log and post it in this thread. Please do not post logs with any of the self-promoting sig info remaining. I do not want to have this thread lead away from the task of malware removal. We will review the situation once all logs have been posted.
  22. Since there is a repair in progress with the system here, it would be perhaps better if Stef just stayed the course with repairs there. Any additional info on the Malwarebytes problem can surely be posted here as things unfold.
  23. Think I posted myself into a corner here. Probably won't make things any better, but since AVG7 has been run on the system where the earlier Mbam results came from: C:\WINDOWS\system32\drivers\avg7core.sys v7.5.0.498 exefile\shell\open\command "%1" %* scrfile\shell\open\command "%1" %* batfile\shell\open\command "%1" %* cmdfile\shell\open\command "%1" %* comfile\shell\open\command "%1" %* piffile\shell\open\command "%1" %* giffile\shell\open\command htmlfile\shell\open\command htafile\shell\open\command jpegfile\shell\open\command txtfile\shell\open\command %windir%\NOTEPAD.EXE %1 Haven't look
  24. You know you're slow when you miss 'em while they're in bate. Scanned with 1.29 and no, it didn't alert to the "%1" %* reg value this time. Nice tip from Mo was looking through the default HIVECLS.INF strings, though these do indicate "%1" /S as well. Not quite sold though that some apps don't need the %* for their uses.
  25. I don't see that RD, or at least the location. Maybe if you bumped the thread for me? Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.