Jump to content

tonytis

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. tonytis
    Hi Ron, Sorry for the late response. The client uses an application named Client Solutions for accounting. They have been using it for ten years and are on the latest version in Windows 7 in a Windows 2008 R2 domain. I installed MBAM and MBAE on the server and all workstations. Right after that, the complained they could not print and their applications were running very slow. it would take 30 minutes for their program to bring up the client info. I was not available that day so all I could suggest is they uninstall both apps. They did that and the problems were immediately resolved. This was a week ago. Is there anything I can do to determine what the problem was so I may reinstall the apps again and get them working properly? I purchased the business version of both apps through distribution for the server and all desktops in the office and can't get a refund on them .
  2. tonytis
    After installing Malwarebytes AM and AE yesterday on a domain with five Windows 7 Pro PC's and one Windows 2008 R2 server, the users say their PC's are very slow, they can't print to a network printer and some programs won't open. One Windows 7 Pc where I didn't install both products works fine. I'm assuming I may need to add exclusions to both products. Malwarebytes AM has the ignore list where I can add the programs and possibly the IP of the network printer. Is there something else that should be adjusted?
  3. tonytis
    Thanks for the replies. I was able to reinstall it and get it working.
  4. tonytis
    MBAM & MBAE for Business subscription were purchased yesterday and downloaded from the link supplied. Installed MBAM with no problem. The icon displayed, app started, ran an update and a full scan. Installed MBAE but the GUI & icon on the taskbar are never displayed after the install. I clicked MBAE in the start menu but it never displayes n icon or notification message at taskbar. I checked the event viewer and there are no entries in the application or system Event logs mentioning Malwarebytes. I rebooted and nothing changes. I opened Word 2013 and the MBAE notification does not display and the app icon is not displayed as running. I opened task manager and the service is running. PC is running Windows 7 Pro, Windows domain with 2008 r2 server, Symantec Endpoint Protection 12x. All non-optional windows updates were already applied.
  5. tonytis
    Thanks for the quick response. Following your directions, the app now says protection is active. I will monitor it and let you know if it stops again.
  6. tonytis
    I installed the previous version that appeared to run perfect. Last week the app displayed a message that an upgrade was available so I applied it. Since then, MB Anti-Ransomware intermittently says the protection has stopped. It will not restart after clicking Fix Now or Start protection. The first time it happened, I uninstalled it, preformed a clean reboot and reinstalled it. That worked for a few days and this morning it has stopped working again. I've followed the same directions that you have provided to others with this problem by zipping the two folders and attaching the zip files. Please advise on the next step. I think installing the previous version may be the proper direction until n updated version is available. Progdata-Marw.zip Logs.zip
  7. tonytis
    I'm running Windows 7 Pro (fully patched) with the latest anti ransomware beta and it's working perfect from what I see, At times, I provide remote support to clients and want to know if you have built-in protection from any ransomware app that may be running on a remote Pc or server I remotely connect to? All remote sessions are to Windows systems. Thanks for your help!
  8. tonytis
    I've been trying to clean a Win7 pc that was hit with a rootkit and multiple viruses. It's been running Symantec Endpoint Protection which logged tons of Trojans being found but couldn't eliminate the problem. Since then, I installed the trial version of Malwarebytes ver 2.2.0.1024 which found and deleted more modules. I activated Scan for Rootkits and kept scanning. After multiple clean scans, I activated the option to Run Malwarebytes Advanced - , Enable Safe Protection Early Start. After selecting that option, I restarted Windows and Malwarebytes started early but it only displayed a white box with nothing inside regarding the operation being run. This message was also displayed: I received the same error mentioned in this posting: https://forums.malwarebytes.org/index.php?/topic/175443-mbam-premium-was-unable-to-load-anti-rootkit-driver-error-20025/?hl=20025 I left it open for 30 minutes with no change, I opened task manager, ended the Malwarebytes application and the desktop was displayed again. After running another scan, Malwarebytes logged the following: Rootkit.0Access was quarantined. How do I make sure it's clean without a Clean install of Windows?
  9. tonytis
    On a one year old Dell desktop running Win7 pro/64 bit, opening IE8 and typeing in Google.com takes me to the Gaya search page. I've checked IE tools/opes and verified there is no proxy and I deleted the IE temp files. I ran Malwarebytes, SuperAntiSpyware and Symantec Endppoint 11.0.6, Germ Rootkit Scanner and DDS. The logs that showed anything are posted below. Here is the DDS log:. DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by Ted at 19:23:32 on 2011-08-03 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8183.6360 [GMT -5:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Nova Development\Print Artist Platinum\ReminderApp.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:25507 uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Print Artist Platinum\ReminderApp.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Ted\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ENABLE~1.LNK - C:\Program Files\Net2Printer RDP\NPEnableRDP.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe uPolicies-explorer: DisallowRun = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 68.87.72.134 68.87.77.134 TCP: Interfaces\{F36D736D-AC64-443D-BE89-6786CC0C4943} : DhcpNameServer = 68.87.72.134 68.87.77.134 IFEO: image file execution options - svchost.exe IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Print Artist Platinum\ReminderApp.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IFEO-X64: image file execution options - svchost.exe IFEO-X64: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect Hosts: 74.125.45.100 4-open-davinci.com Hosts: 74.125.45.100 securitysoftwarepayments.com Hosts: 74.125.45.100 privatesecuredpayments.com Hosts: 74.125.45.100 secure.privatesecuredpayments.com Hosts: 74.125.45.100 getantivirusplusnow.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-14 92160] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-11-8 1839776] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-27 136824] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-08-03 23:44:50 -------- d-----w- C:\GMER Rootkit Scanner . ==================== Find3M ==================== . 2011-07-07 00:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys 2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe . ============= FINISH: 19:23:50.77 =============== Here is the attach log:. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 12/15/2009 5:36:30 PM System Uptime: 8/3/2011 5:51:55 PM (2 hours ago) . Motherboard: Dell Inc. | | 0X231R Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 1307/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 859.307 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP111: 6/15/2011 2:41:56 PM - Windows Update RP112: 6/23/2011 10:16:52 AM - Scheduled Checkpoint RP113: 6/29/2011 4:34:38 PM - Windows Update RP114: 7/7/2011 9:11:07 AM - Scheduled Checkpoint RP115: 7/13/2011 5:38:38 PM - Windows Update RP116: 7/21/2011 9:48:34 AM - Scheduled Checkpoint RP117: 8/1/2011 10:20:53 AM - Scheduled Checkpoint RP118: 8/3/2011 5:00:37 PM - Installed Java 6 Update 26 . ==== Hosts File Hijack ====================== . Hosts: 74.125.45.100 4-open-davinci.com Hosts: 74.125.45.100 securitysoftwarepayments.com Hosts: 74.125.45.100 privatesecuredpayments.com Hosts: 74.125.45.100 secure.privatesecuredpayments.com Hosts: 74.125.45.100 getantivirusplusnow.com Hosts: 74.125.45.100 secure-plus-payments.com Hosts: 74.125.45.100 www.getantivirusplusnow.com Hosts: 74.125.45.100 www.secure-plus-payments.com Hosts: 74.125.45.100 www.getavplusnow.com Hosts: 74.125.45.100 safebrowsing-cache.google.com Hosts: 74.125.45.100 urs.microsoft.com Hosts: 74.125.45.100 www.securesoftwarebill.com Hosts: 74.125.45.100 secure.paysecuresystem.com Hosts: 74.125.45.100 paysoftbillsolution.com Hosts: 74.125.45.100 protected.maxisoftwaremart.com Hosts: 84.19.171.4 www.google.com Hosts: 84.19.171.4 google.com Hosts: 84.19.171.4 google.com.au Hosts: 84.19.171.4 www.google.com.au Hosts: 84.19.171.4 google.be Hosts: 84.19.171.4 www.google.be Hosts: 84.19.171.4 google.com.br Hosts: 84.19.171.4 www.google.com.br Hosts: 84.19.171.4 google.ca . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 4500_Help Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Reader 9.3.4 ArcSoft PhotoBase 3 ArcSoft PhotoStudio 5 ATI Catalyst Control Center Bing Bar Bing Rewards Client Installer bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Portuguese CCC Help Spanish CCC Help Turkish Compatibility Pack for the 2007 Office system Dell Getting Started Guide Destinations DeviceDiscovery DirectXInstallService DocMgr DocProc EMC 10 Content Fax GPBaseService2 HP Update HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply J4500 Java Auto Updater Java 6 Update 26 Junk Mail filter update LiveUpdate 3.3 (Symantec Corporation) LogMeIn Malwarebytes' Anti-Malware version 1.51.1.1800 MarketResearch Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft UI Engine Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Thunderbird (3.0) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Multimedia Card Reader Musicnotes Software Suite 1.2 PowerDVD DX Print Artist Platinum 23 ProductContext Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio Update Manager Scan Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft Office 2007 System (KB2541012) Security Update for Microsoft Office Excel 2007 (KB2541007) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Skins SmartWebPrinting SolutionCenter Sonic CinePlayer Decoder Pack Spelling Dictionaries Support For Adobe Reader 9 Status Toolbox TrayApp Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) WebReg Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Live Writer Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 8/3/2011 5:52:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter 8/3/2011 5:52:42 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified. 7/28/2011 5:18:35 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 7/28/2011 5:18:35 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 7/28/2011 5:18:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} . ==== End Of File =========================== Here is the malwarebytes log Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7367 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/3/2011 5:48:33 PM mbam-log-2011-08-03 (17-48-33).txt Scan type: Full scan (C:\|) Objects scanned: 340918 Time elapsed: 39 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. tonytis
    OK, It's been a week since I emailed them and I have not received a response. Is this the way they normall communicate with resellers?
  11. tonytis
    I'm not sure where this question should be, so if is in the wrong forum, let me know. I'm a system admin for a 40 user Windows 2000/2003 network. To limit bandwidth, I'd like to setup an automated process that downloads the daily anti-malware updates to the Windows 2003 server and setup the XP/Vista workstations to download it daily at noon from the Windows 2003 server. I've ony used the free version of your anti-malware product so I don't know if the purchased version has this functionality in it. I don't plan on running this on the Windows 2003 server, but is there an server version? I would like the server to download the updates at 5 AM CST daily and the workstions to download the updates at 12 Noon. All workstations are 32-bit (XP Pro/Vista Business). Any detailes available to set this up as a trial would relly help. Thanks, Tony
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.