Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Suggestions Needed?.


  • Please log in to reply
24 replies to this topic

#1 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 23 August 2009 - 06:39 AM

Prior to reformatting my PC in May this year I never had problems with either SAS or MBAM. The first thing I did after installing my hard drive, video and Sound card drivers and while my PC was still offline was to install Comodo CIS but due to getting a corrupt file message on the copy of Comodo CIS I had downloaded to a disk prior to reformat I ended up using the Windows Firewall with Avira instead. When I installed SAS and MBAM both to be used as on demand and not installed at start up or working in real time I ran scans with them which came up clean as they had with the Avira AV scan. I noticed though that since then when doing my usual twice weekly scans when I open SAS it took a long time to open and when it did it would sometimes hang for a few minutes before finishing updates I would then scan with it and it found just as much as it always did always just tracking cookies. With MBAM although it would open up straight away I would often get a pop up saying it had encountered a problem and needed to close. I could get it to scan sometimes both full and quick where again it never found anything at all. In the end I got tired of the pop ups and uninstalled it and started using A-Squared as a back up to SAS. It worked fine found a couple of tracking cookies that SAS didn't and I was happy. Since then I have used Comodo CIS and due to update problems with the Comodo AV I now am using Comodo Firewall with Defence+ and Proactive Security and Avira Antivir. I have also scanned my PC with Windows Malicious Removal Tool (full scan), Windows Security Essentials Beta, CWShredder and none of them have ever found anything other than the occasional tracking cookie. I am very security conscious and come here all the time to try and keep up with the latest advice.

In the time I have used the above problems I have reinstalled MBAM at least three different times and always got the same "needs to close" pop up. It is like something on my PC is conflicting with it and I cannot seem to figure it out. My PC is not slower and seems to work just as fast as it ever has. It does not act like I am infected but still this thing with the slow start up of SAS and not being able to explain why MBAM won't work leads me to think I may have some sort of bug which I cannot find. I also have an intermittent problem with twice now my XP account settings have restored to the default settings as well as my Sounds and Audio device settings. Although all my data is still there it seems to all intents like I have a new account.

My problem / question is, does anyone have any idea what would cause these things to happen or am I being too particular and these are just every day bugs and glitches that we all experience sooner or later.

Edited by bluesjunior, 23 August 2009 - 06:43 AM.

Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:19 PM

Posted 23 August 2009 - 10:12 AM

You might want to ask your question over here
http://www.malwarebytes.org/forums/index.php?act=idx
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 bluesjunior

bluesjunior
  • Topic Starter

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 23 August 2009 - 01:11 PM

I tried that already a couple of weeks back Garmanma, I never got one response and got the feeling they offer no help for the free version. I found a couple of threads there in regard to similar but none of them had been resolved.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:19 PM

Posted 23 August 2009 - 04:40 PM

Let me get some more eyes on this
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 danjmilos

danjmilos

  • Members
  • 227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Steeler Nation Capitol, Pittsburgh, PA
  • Local time:11:19 PM

Posted 23 August 2009 - 06:07 PM

I had trouble with SBS&D once and until I used REVO on a failed reinstall in advanced mode it wouldn't work. The REVO uninstall dug a little deeper and took something else out. At that point I was able to reinstall with no problems, ADD/REMOVE just doesn't work sometimes I think.

Dan

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:19 PM

Posted 23 August 2009 - 07:52 PM

You posted in the wrong forum over at MBAM, the general forum would have been best.

The HJT helpers are too busy with infections to troubleshoot compatibility problems

http://www.malwarebytes.org/mbam-clean.exe

Run this MBAM clean tool and reboot

Try to disable Comodo before installing MBAM, or put it in install mode.
Chewy

No. Try not. Do... or do not. There is no try.

#7 bluesjunior

bluesjunior
  • Topic Starter

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 24 August 2009 - 03:48 AM

I will try again using the MBAM clean up tool Chewie but I use Revo Uninstaller to unistall everything now and it should take out everything. I can't see it is a Comodo problem either as I had the same problem when I was using Windows Firewall and Avira Antivir. I always put Comodo in installation mode when installing programs. I can't remember now but was sure I had posted in the general forum at MBAM. Again thanks for the replies and suggestions. I ran a Rootkit Revealer scan this morning and it found three discrepencies which I have written below. What do I do with these results, Is it ok to delete these entries?.

Path. Timestamp Size. Description.
HKLM\SECURITY\Policy\Secrets\SAC* 19/05/09 15:49 0 bytes Key name contains embedded Nulls [*]
HKLM\SECURITY\Policy\Secrets\SAI* 19/05/09 15:49 0 bytes Key name contains embedded Nulls [*]
HKLM\Software\microsoft\MediaPlayer
\UIPlugins\99DB05E3-F81E-4C8A-A252-
F396306AB6DE. 19/05/09 15:35 0 bytes Hidden from Windows API.

Edited by bluesjunior, 24 August 2009 - 03:50 AM.

Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:19 PM

Posted 24 August 2009 - 06:28 AM

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Download process explorer and create a log to paste here
Chewy

No. Try not. Do... or do not. There is no try.

#9 bluesjunior

bluesjunior
  • Topic Starter

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 24 August 2009 - 07:14 AM

Here is the process explorer log you asked for.

Process PID CPU Description Company Name
System Idle Process 0 98.44
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 600 Windows NT Session Manager Microsoft Corporation
csrss.exe 672 Client Server Runtime Process Microsoft Corporation
winlogon.exe 700 Windows NT Logon Application Microsoft Corporation
services.exe 744 Services and Controller app Microsoft Corporation
ati2evxx.exe 932 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 948 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 4108 WMI Microsoft Corporation
svchost.exe 1056 Generic Host Process for Win32 Services Microsoft Corporation
cmdagent.exe 1172 COMODO Internet Security COMODO
svchost.exe 1236 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1376 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1508 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1584 Spooler SubSystem App Microsoft Corporation
sched.exe 1632 Antivirus Scheduler Avira GmbH
svchost.exe 1748 Generic Host Process for Win32 Services Microsoft Corporation
avguard.exe 1788 Antivirus On-Access Service Avira GmbH
svchost.exe 1880 Generic Host Process for Win32 Services Microsoft Corporation
uphclean.exe 176 User Profile Hive Cleanup Service Microsoft Corporation
alg.exe 892 Application Layer Gateway Service Microsoft Corporation
lsass.exe 780 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 5152 ATI External Event Utility EXE Module ATI Technologies Inc.
explorer.exe 1296 Windows Explorer Microsoft Corporation
QveCplSk.exe 5596 Philips Sound Agent 2 QSound Labs, Inc.
cfp.exe 5604 COMODO Internet Security COMODO
avgnt.exe 3648 Antivirus System Tray Tool Avira GmbH
firefox.exe 2780 Firefox Mozilla Corporation
procexp.exe 4968 1.56 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:19 PM

Posted 24 August 2009 - 07:30 AM

Let's uninstall uphclean.exe , your other glitches seem related to that
Chewy

No. Try not. Do... or do not. There is no try.

#11 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 24 August 2009 - 08:13 AM

Looks like what RKR found is normal--Windows does hide stuff too:
http://forum.sysinternals.com/forum_posts....D=8881&PN=1

I am posting because I am experiencing some of the same symptoms you are describing and have yet to figure it out--mostly because I don't use SAS and MBAM very often. But my symptoms are as follows (BTW, I don't have UPHClean installed--it had been a long time ago but didn't help with the problem it was designed for):

1. SAS is very slow to open.
2. When I try to open MBAM I get Error 707 (2). I just discovered this because rarely is a better description of how often I run MBAM.
3. Occasionally (now) when I log into my account, I get the Default Account settings for my Desktop. It's not permanent tho because if I immediately reboot, my account returns to the way it was. This was happening fairly often along with another problem. I have GFI Backup (formerly Titan Backup) installed and for every job I had it set to repeat the backup/sync task if it was missed. So every time I rebooted or logged into my account when it came up as the Default (and sometimes with my normal desktop) backup jobs would run when they weren't scheduled to. I fixed that by disabling the setting to repeat the job/Task if missed, which also has reduced the instances of the Default Desktop coming up. But the latter hasn't gone away completely.

There is still some sort of conflict somewhere for me as well. I haven't looked into it further as I have some other more important projects going. But it may be helpful to both of us to compare which programs we both have installed to see where there is commonality. If you still have a copy of HijackThis, open it to the Misc Tools section, click Open Uninstall Manager, then Open Add/Remvoe software list. Paste the contents of the file that opens into your next reply. Don't worry, there is no danger in doing this as it is just a list of what is installed.

BTW...

I have also scanned my PC with Windows Malicious Removal Tool (full scan), Windows Security Essentials Beta, CWShredder and none of them have ever found anything other than the occasional tracking cookie.

You can save yourself some time--CWShredder has been useless for about four years now--the specific infections it treated no longer exist and before that it wasn't effective with the more advanced CWS infections anyway. Just thought you would like to know there is no point in running it as a routine scanner. :thumbsup:

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#12 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:19 PM

Posted 24 August 2009 - 08:21 AM

Error 707: Error during enumeration of languages. Please reinstall the application.


http://www.malwarebytes.org/forums/index.php?showtopic=10138
Chewy

No. Try not. Do... or do not. There is no try.

#13 bluesjunior

bluesjunior
  • Topic Starter

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 24 August 2009 - 09:11 AM

Chewie,
I will uninstall UPHClean and see how that goes with the account default settings problem but it has no bearing on the MBAM thing as it was happening prior to installing UPHClean.

Papakid,
Here is a copy of the A/R list you requested.

Adobe Flash Player 10 Plugin
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
BestPractice (remove only)
Choice Guard
COMODO Internet Security
Critical Update for Windows Media Player 11 (KB959772)
EPSON Printer Software
ESC79_D78 User's Guide
EVEREST Home Edition v2.20
FileHippo.com Update Checker
Foxit PDF IFilter
Foxit Reader
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
ImgBurn
Intel® 536EP Modem
Java™ 6 Update 16
Logitech iTouch Software
Logitech User's Guide
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MouseWare 9.51
Mozilla Firefox (3.5.2)
MSVCRT
MSXML 6 Service Pack 2 (KB954459)
nLite 1.4.9.1
OpenOffice.org 3.1
Philips Sound Agent 2
PSC Audio Driver
Revo Uninstaller 1.83
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VLC media player 1.0.1
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
winLAME 2009 beta 1
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#14 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:19 PM

Posted 24 August 2009 - 10:05 AM

Even tho you have turned off CIS, it was installed and evidently corrupted?

Did you slipstream that OS disk? Unless Papakid sees something I would suggest running it as a repair disk.

I am wondering about your cd burning reliability also?

Edited by DaChew, 24 August 2009 - 10:06 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#15 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 24 August 2009 - 11:53 AM

I don't see anything that stands out--not sure if a repair is needed tho.

About all we have in common as far as installed programs is AntiVir, SAS and MBAM. I would guess it is a conflict among those for some odd reason. If not a Windows update or .Net framework problem.

Can you confirm that you only have the firewall part of Comodo installed? After your initial problem with Comodo, have you only run AntiVir as your antivirus? If you have tried other AV's or firewalls let me know--every time I try out Online Armor firewall I get strange problems.

Even tho you have turned off CIS, it was installed and evidently corrupted?

If I read the original post correctly, the download was corrupt so it didn't install at all--is that correct. If you can give more detail about that it might help. If you did uninstall Comodo did you use a removal tool?

Are you running version 9 of AntiVir? Had any problems with it at all? If you've tried reinstalling any of these apps let us know that too and how it went. I've had to reinstall AntiVir because of problems with the updater. Reinstalling SAS had no effect on slow opening at all for me.

I'll reinstall MBAM and see if that helps me. May be late today before I can get to it. As mentioned earlier, this is a hard problem to pin down--I haven't looked into my own because of that and I don't think it's malware related so isn't just real critical--more of an annoyance.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users