Jump to content

gizmomelb

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I did some testing and if the laptop booted with a network cable attached, the realtime maleware protection could not be enabled. So I removed the driver, then manually deleted the driver files from the \windows\drivercache and \windows\inf directories. Rebooted, the drivers were automatically added, BUT I can now enable and disable the realtime protection module. I'll scan and post the logs as soon as I can.
  2. Hi, I removed the laptop from the domain but I still cannot enable website protection. BUT, when I took the laptop home with me last night and it wasn't connected to either wired or wireless network the website protection was enabled. I connected it back to the wired connection this morning and it is disabled and cannot be enabled. So the issue only seems to be occuring when there is a network connection. I wonder if this is something all the other people experiencing this issue also have in common?
  3. Hi, yeah that's fine - the laptop was on the domain previously, but has been removed as it's used only as a standalone now, on it's own dedicated ADSL line. regards, Craig
  4. Hi, I followed the above steps and I am still unable to enable the Web Blocker. regards, Craig
  5. Yes, that software is installed as part of work, it is almost unique software so I'm not surprised I'm the only entry with it listed I will run and attach the log again in a few minutes. Thank you.
  6. Hi, my apologies for the late reply (Easter Holiday period in Australia) >>Did you set this proxy on purpose ? > >ProxyServer (proxy.clarkrubber.com.au:8080 Yes. I will attach combofix.txt when it finishes running.
  7. Report 3 results: RogueKiller V8.8.15 [Mar 27 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : admin [Admin rights]Mode : Scan -- Date : 04/17/2014 18:22:23| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (proxy.clarkrubber.com.au:8080 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8ACFD158)[Address] SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0x8ACA5D80)[Address] SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (Unknown @ 0x8ACA5B70)[Address] SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (Unknown @ 0x8ACBB238)[Address] SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8AD0E3B0)[Address] SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0x8AD02868)[Address] SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0x8ACA5C50)[Address] SSDT[180] : NtQueueApcThread @ 0x805D2756 -> HOOKED (Unknown @ 0x8ACFD1D0)[Address] SSDT[186] : NtReadVirtualMemory @ 0x805B42CA -> HOOKED (Unknown @ 0x8ABE8510)[Address] SSDT[192] : NtRenameKey @ 0x80623B82 -> HOOKED (Unknown @ 0x8AD01168)[Address] SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8ACBC020)[Address] SSDT[226] : NtSetInformationKey @ 0x80622E7A -> HOOKED (Unknown @ 0x8ACFA3F0)[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8ACB9978)[Address] SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x8ACEA968)[Address] SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0x8AD09498)[Address] SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8ACD0240)[Address] SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8ACFD248)[Address] SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8ACCF0B8)[Address] SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8ACFAE90)[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8ABE8588) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS722080K9A300 +++++--- User ---[MBR] 7281d621448574652533f64b4f9a047c[bSP] c588ad80a8ecfbecf50bd34d917bb106 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 MBUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_04172014_182223.txt >>RKreport[0]_S_04152014_130432.txt
  8. hi thanks for the reply. step 2 report: I'm running the newer MWB, so it was the Hyper scan. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 17/04/2014Scan Time: 6:12:01 PMLogfile: Administrator: Yes Version: 2.00.1.1004Malware Database: v2014.04.17.02Rootkit Database: v2014.03.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: DisabledChameleon: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: admin Scan Type: Hyper ScanResult: CompletedObjects Scanned: 285073Time Elapsed: 17 min, 22 sec Memory: EnabledStartup: EnabledFilesystem: DisabledArchives: EnabledRootkits: EnabledShuriken: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  9. Hi all, I cannot enable the Malicious Website Protection in MBAM 2.01.1004 - it keeps auto disabling itself. I have activated MBAM, I have disabled Self Protection, ran a full scan using MBAM and Kaspersky, rebooted, uninstalled, ran the MBAM cleaner, re-installed, disabled SP again etc. etc. and still cannot enable realtime website protection, so here I am. Hopefully someone can help me please. here is my FRST.txt log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014Ran by admin (administrator) on ANZ5K1GS1S on 15-04-2014 12:05:47Running from C:\Documents and Settings\admin\My Documents\DownloadsMicrosoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.wireshark.org)Wondershare MobileTrans ( Version 3.5.1 ) (HKLM\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 3.5.1 - Wondershare)WRSSMini (Version: 1.00.0000 - Your Company Name) HiddenZTE 3GPhone USB Driver 5.2066.1.6 (HKLM\...\{8472455A-0658-4A6A-98F8-EF3FF6163B59}_is1) (Version: 5.2066.1.6 - ZTE Corporation) ==================== Restore Points ========================= 27-03-2014 10:36:34 System Checkpoint31-03-2014 06:46:18 System Checkpoint01-04-2014 07:08:25 System Checkpoint02-04-2014 07:56:40 System Checkpoint03-04-2014 22:42:37 System Checkpoint07-04-2014 02:29:20 System Checkpoint08-04-2014 03:10:56 System Checkpoint10-04-2014 01:36:24 System Checkpoint14-04-2014 02:04:48 System Checkpoint15-04-2014 00:12:45 Removed Kaspersky PURE 3.0.15-04-2014 01:21:09 Removed Java 6 Update 3815-04-2014 01:21:37 Installed Java 7 Update 51 ==================== Hosts content: ========================== 2008-04-14 22:00 - 2014-03-27 09:24 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-11-03 15:35 - 2009-11-03 15:35 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL2014-02-12 05:29 - 2014-02-12 05:29 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll2011-09-21 08:08 - 2001-10-28 17:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\WINDOWS\system32\vpnapi.dll2014-01-09 14:00 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe2009-04-17 20:01 - 2009-04-17 20:01 - 00247152 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe2008-04-14 22:00 - 2013-01-02 16:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll2012-11-07 15:56 - 2012-04-17 16:13 - 01738352 _____ () C:\Program Files\QNAP\Finder\iSCSIAgent.exe2014-01-09 12:05 - 2013-07-24 08:24 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll2009-11-03 15:35 - 2009-11-03 15:35 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\iWMSProv.dll2014-01-09 12:17 - 2013-04-22 09:46 - 01054320 _____ () C:\Program Files\PdaNet for Android\PdaNetPC.exe2014-04-14 09:19 - 2014-04-02 11:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll2014-04-14 09:19 - 2014-04-02 11:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll2014-04-14 09:19 - 2014-04-02 11:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll2014-04-14 09:19 - 2014-04-02 11:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\admin\Desktop\VNC-Viewer-5.0.3-Windows-32bit.exe:SummaryInformationAlternateDataStreams: C:\Documents and Settings\admin\Desktop\VNC-Viewer-5.0.3-Windows-32bit.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN AdapterDescription: Cisco Systems VPN AdapterClass Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: Cisco SystemsService: CVirtAProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (04/15/2014 11:26:32 AM) (Source: AutoEnrollment) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (04/15/2014 11:26:31 AM) (Source: Userenv) (User: NT AUTHORITY)Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error: (04/15/2014 10:42:54 AM) (Source: AutoEnrollment) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (04/15/2014 10:42:53 AM) (Source: Userenv) (User: NT AUTHORITY)Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error: (04/15/2014 10:24:19 AM) (Source: AutoEnrollment) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (04/15/2014 10:24:18 AM) (Source: Userenv) (User: NT AUTHORITY)Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error: (04/15/2014 09:06:47 AM) (Source: AutoEnrollment) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (04/15/2014 01:06:46 AM) (Source: AutoEnrollment) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (04/14/2014 05:06:37 PM) (Source: AutoEnrollment) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (04/14/2014 09:07:36 AM) (Source: AutoEnrollment) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. System errors:=============Error: (04/15/2014 11:27:23 AM) (Source: DCOM) (User: NT AUTHORITY)Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Error: (04/15/2014 11:27:23 AM) (Source: DCOM) (User: NT AUTHORITY)Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Error: (04/15/2014 11:27:22 AM) (Source: DCOM) (User: NT AUTHORITY)Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Error: (04/15/2014 11:26:32 AM) (Source: NETLOGON) (User: )Description: No Domain Controller is available for domain TYCOFS due to the following: %%1311. Make sure that the computer is connected to the network and tryagain. If the problem persists, please contact your domain administrator. Error: (04/15/2014 10:43:44 AM) (Source: DCOM) (User: NT AUTHORITY)Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Error: (04/15/2014 10:43:44 AM) (Source: DCOM) (User: NT AUTHORITY)Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Error: (04/15/2014 10:43:44 AM) (Source: DCOM) (User: NT AUTHORITY)Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Error: (04/15/2014 10:42:52 AM) (Source: NETLOGON) (User: )Description: No Domain Controller is available for domain TYCOFS due to the following: %%1311. Make sure that the computer is connected to the network and tryagain. If the problem persists, please contact your domain administrator. Error: (04/15/2014 10:25:09 AM) (Source: DCOM) (User: NT AUTHORITY)Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Error: (04/15/2014 10:25:09 AM) (Source: DCOM) (User: NT AUTHORITY)Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Microsoft Office Sessions:========================= ==================== Memory info =========================== Percentage of memory in use: 34%Total physical RAM: 3069.89 MBAvailable physical RAM: 2015.62 MBTotal Pagefile: 4954.31 MBAvailable Pagefile: 3972.24 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1955.53 MB ==================== Drives ================================ Drive c: (ANZ5K1GS1S) (Fixed) (Total:74.53 GB) (Free:29.18 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 84E184E1)Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thank you in advance.
  10. Hi, I literally upgraded / installed 1.51 last night (my local time =+10 DST) using the automatic 'check for updates' and when I just checked my PC (about 22 hours after I installed / upgraded) Malwarebytes is now telling me that my trial period has expired? I thought the trial period was 15 days or something? Can you please help me evaluate your product? Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.