Jump to content

bobbyrae

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. OOPS! Looks like I was wrong. It quit working and I cannot get it going again. Even using the same procedure I tried before. I was browsing, had around 10 FireFox windows open, and the icon in the tray went from red to gray. Checkboxes WILL NOT respond to clicks again. It's almost as if some malware is turning it off. I HAVE run the mbam scanner, plus Avira. I found some viruses, but they are gone now. What now?
  2. Suddenly it is working! amazing! Here's what I did: I opened the scanner, went to the protections tab and disabled every checkbox there. Then I went to the settings tab, scanner settings subtab and disabled every checkbox there. Then I rebooted. I opened the scanner and turned all the checkboxes back on, (except the two main protection checkboxes because they just won't respond) Then I rebooted again. There may have been an extra reboot in there, I forget. But, the last reboot had MBam working! And just to make I wasn't dreaming or experiencing random flukes, I rebooted again and it was still working. Let's cross our fingers because that make actually make a difference! This tells me a couple of things: There is no problem on my system and all these logs I am asked to generate won't tell us anything. There is some strange user interface problem with MBam that requires resetting the checkboxes and rebooting many times. It SHOULD work like it used to, that is, correctly.
  3. Something odd has just happened! I am now partially protected. The filesystem box is now checked, but the website checkbox refuses to respond when I click on it. Until now, neither box would check. I wonder what changed? I CANNOT get DDS to run to completion! I had this same problem months ago when trying to recover from a virus. I downloaded the latest version and tried today, but got the exact same result. It seems to run for a minute then stops and eventually the system becomes locked up and I have to press the reset button. I have copied in two logs however... 2012/09/23 03:00:34 -0700 RIONXP Rion MESSAGE Starting protection 2012/09/23 03:00:34 -0700 RIONXP Rion MESSAGE Protection started successfully 2012/09/23 03:00:34 -0700 RIONXP Rion MESSAGE Starting IP protection 2012/09/23 03:00:53 -0700 RIONXP Rion ERROR IP protection failed: PfBindInterfaceToIPAddress failed with error code 87 2012/09/10 01:23:34 -0700 RIONXP MESSAGE Starting protection 2012/09/10 01:23:42 -0700 RIONXP MESSAGE Protection started successfully 2012/09/10 01:23:45 -0700 RIONXP MESSAGE Starting IP protection 2012/09/10 01:24:04 -0700 RIONXP Rion MESSAGE IP Protection started successfully 2012/09/10 01:26:12 -0700 RIONXP Rion MESSAGE Starting database refresh 2012/09/10 01:26:12 -0700 RIONXP Rion MESSAGE Stopping IP protection 2012/09/10 01:26:12 -0700 RIONXP Rion MESSAGE IP Protection stopped 2012/09/10 01:26:41 -0700 RIONXP Rion MESSAGE Database refreshed successfully 2012/09/10 01:26:41 -0700 RIONXP Rion MESSAGE Starting IP protection 2012/09/10 01:26:58 -0700 RIONXP Rion MESSAGE IP Protection started successfully 2012/09/10 02:25:18 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:25:19 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:25:21 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:25:22 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:25:27 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:25:28 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:25:40 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:25:43 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:25:49 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:27:36 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:27:37 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:27:39 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:27:40 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:27:45 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:27:46 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:27:58 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:27:58 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:27:58 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:28:01 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:28:01 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:28:01 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:28:07 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:28:07 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:28:07 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:28:19 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:28:22 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:28:28 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:29:12 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:29:12 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:29:14 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:29:15 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:29:20 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:29:21 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:29:33 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:29:36 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:29:42 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:30:10 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:30:10 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:30:13 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:30:13 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:30:19 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:30:19 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:30:31 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:30:34 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:30:40 -0700 RIONXP Rion IP-BLOCK 89.108.68.76 (Type: outgoing) 2012/09/10 02:31:12 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:12 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:12 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:15 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:15 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:15 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:15 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:21 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:21 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:21 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:21 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:33 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:33 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:33 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:33 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:33 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:36 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:36 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:36 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:42 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:42 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:54 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:31:57 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:32:03 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:37:20 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:37:20 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:37:23 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:37:23 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:37:29 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:37:29 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:37:41 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:37:41 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:37:44 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:37:50 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:38:02 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:38:05 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:38:11 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:38:23 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:38:26 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:38:32 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:39:31 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:39:31 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:39:33 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:39:34 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:39:39 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:39:40 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:39:52 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:39:55 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:40:01 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:40:13 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:40:16 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:40:22 -0700 RIONXP Rion IP-BLOCK 199.21.148.98 (Type: outgoing) 2012/09/10 02:40:34 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:40:37 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:40:43 -0700 RIONXP Rion IP-BLOCK 199.21.148.89 (Type: outgoing) 2012/09/10 02:44:54 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing) 2012/09/10 02:44:54 -0700 RIONXP Rion IP-BLOCK 89.248.174.55 (Type: outgoing) 2012/09/10 02:44:55 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing) 2012/09/10 02:44:57 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing) 2012/09/10 02:44:57 -0700 RIONXP Rion IP-BLOCK 89.248.174.55 (Type: outgoing) 2012/09/10 02:44:58 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing) 2012/09/10 02:45:03 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing) 2012/09/10 02:45:03 -0700 RIONXP Rion IP-BLOCK 89.248.174.55 (Type: outgoing) 2012/09/10 02:45:04 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing) 2012/09/10 02:45:16 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing) 2012/09/10 02:45:19 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing) 2012/09/10 02:45:25 -0700 RIONXP Rion IP-BLOCK 93.174.93.246 (Type: outgoing) 2012/09/10 02:45:34 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:45:34 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:45:37 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:45:37 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:45:37 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:45:43 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:45:43 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:45:55 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:45:58 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 02:46:04 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 03:02:15 -0700 RIONXP Rion MESSAGE Stopping IP protection 2012/09/10 03:02:15 -0700 RIONXP Rion MESSAGE IP Protection stopped 2012/09/10 03:27:05 -0700 RIONXP Rion MESSAGE Starting IP protection 2012/09/10 03:27:25 -0700 RIONXP Rion MESSAGE IP Protection started successfully 2012/09/10 03:29:53 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:29:53 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:29:56 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:29:56 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:30:02 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:30:02 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:30:05 -0700 RIONXP Rion MESSAGE Stopping IP protection 2012/09/10 03:30:05 -0700 RIONXP Rion MESSAGE IP Protection stopped 2012/09/10 03:32:50 -0700 RIONXP Rion MESSAGE Starting IP protection 2012/09/10 03:33:11 -0700 RIONXP Rion MESSAGE IP Protection started successfully 2012/09/10 03:33:11 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:33:19 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: incoming) 2012/09/10 03:33:27 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:33:27 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:33:30 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:33:30 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:33:35 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:33:36 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:33:36 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:33:48 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:33:51 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:33:57 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:34:23 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:35:59 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 03:37:41 -0700 RIONXP Rion IP-BLOCK 212.117.164.245 (Type: incoming) 2012/09/10 03:37:59 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 04:01:17 -0700 RIONXP Rion IP-BLOCK 218.10.19.83 (Type: incoming) 2012/09/10 04:39:27 -0700 RIONXP Rion IP-BLOCK 60.190.222.198 (Type: incoming) 2012/09/10 14:02:45 -0700 RIONXP MESSAGE Starting protection 2012/09/10 14:02:52 -0700 RIONXP MESSAGE Protection started successfully 2012/09/10 14:02:55 -0700 RIONXP Rion MESSAGE Starting IP protection 2012/09/10 14:03:09 -0700 RIONXP Rion MESSAGE IP Protection started successfully 2012/09/10 14:42:54 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 14:42:55 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 14:42:57 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 14:42:58 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 14:43:03 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 14:43:04 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 14:43:16 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 14:43:19 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 14:43:25 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 14:51:16 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:51:16 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:51:16 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:51:19 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:51:19 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:51:19 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:51:25 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:51:25 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:51:37 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:51:37 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:51:37 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:51:37 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:51:40 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:51:40 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:51:46 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:51:46 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:51:58 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:51:58 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:51:59 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:01 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:01 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:02 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:07 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:07 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:08 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:19 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:19 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:20 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:20 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:22 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:22 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:23 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:28 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:28 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:29 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:52:34 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:34 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:37 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:37 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:40 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:40 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:40 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:41 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:41 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:43 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:43 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:43 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:43 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:44 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:44 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:49 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:49 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:52:50 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:50 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:55 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:52:58 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:53:01 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:53:01 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:53:03 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:53:04 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:53:04 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:53:06 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:53:10 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:53:12 -0700 RIONXP Rion IP-BLOCK 46.17.100.67 (Type: outgoing) 2012/09/10 14:53:22 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:53:25 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:53:32 -0700 RIONXP Rion IP-BLOCK 91.224.160.206 (Type: outgoing) 2012/09/10 14:53:44 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:53:44 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:53:47 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 14:53:53 -0700 RIONXP Rion IP-BLOCK 91.224.160.212 (Type: outgoing) 2012/09/10 15:03:44 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:03:44 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:03:46 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:03:47 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:03:53 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:03:53 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:05 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:08 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:11 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:11 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:14 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:14 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:14 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:20 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:20 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:32 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:35 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:04:42 -0700 RIONXP Rion IP-BLOCK 212.117.180.69 (Type: outgoing) 2012/09/10 15:26:07 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 15:26:08 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 15:26:10 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 15:26:10 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 15:26:11 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 15:26:16 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 15:26:16 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 15:26:17 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 15:26:29 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 15:26:32 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 15:26:38 -0700 RIONXP Rion IP-BLOCK 93.174.93.77 (Type: outgoing) 2012/09/10 16:01:41 -0700 RIONXP Rion IP-BLOCK 60.173.11.147 (Type: incoming) 2012/09/10 19:23:52 -0700 RIONXP Rion MESSAGE Starting protection 2012/09/10 19:23:52 -0700 RIONXP Rion MESSAGE Protection started successfully 2012/09/10 19:23:52 -0700 RIONXP Rion MESSAGE Starting IP protection 2012/09/10 19:24:07 -0700 RIONXP Rion MESSAGE IP Protection started successfully 2012/09/10 19:25:14 -0700 RIONXP Rion MESSAGE Starting database refresh 2012/09/10 19:25:14 -0700 RIONXP Rion MESSAGE Stopping IP protection 2012/09/10 19:25:14 -0700 RIONXP Rion MESSAGE IP Protection stopped successfully 2012/09/10 19:25:37 -0700 RIONXP Rion MESSAGE Database refreshed successfully 2012/09/10 19:25:37 -0700 RIONXP Rion MESSAGE Starting IP protection 2012/09/10 19:25:49 -0700 RIONXP Rion MESSAGE IP Protection started successfully
  4. Below is the mbam check log. Hopefully it tells you how to get mbam working on my system again. I've had the product working on my system since 2009. The failure started IMMEDIATELY after the upgrade and there is no message indicating a problem, but it is impossible to turn on protection. The checkboxes to enable protection WILL NOT check! It really looks like a user interface bug. mbam-check result log version: 1.10.0.1000 Malwarebytes Version: REG_SZ 1.65.0.1400 Date Log Created: 09/19/12 Time Log Created: 07:51:02 32 bit Operating System Product Name: REG_SZ Microsoft Windows XP Current Build Number: 2600 Current Version Number: 5.1 Current CSDVersion: Service Pack 3 OS Product Info: Professional Proxy Status: No proxy is Set Proxy Server: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyServer REG_SZ :0 LAN Settings: ============= No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 4 (The service is running.) (State is stopped) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\WINDOWS\system32\nvsvc32.exeREG_SZ DisableNXShowUI HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: ===================== Service and Driver Status: ========================== MBAMProtector: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMService: ============== Type : 16 State : 4 (The service is running.) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr DependOnGroup REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum 0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector DependOnGroup REG_DWORD 0 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service DisplayName REG_SZ MBAMService HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum 0 REG_SZ Root\LEGACY_MBAMSERVICE\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\mbam.script (Default): REG_SZ Malwarebytes' Anti-Malware script HKEY_CLASSES_ROOT\mbam.script\shell HKEY_CLASSES_ROOT\mbam.script\shell\open HKEY_CLASSES_ROOT\mbam.script\shell\open\command (Default): REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" %1 HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware Affiliate REG_SZ https://www.cleverbr...kout&cart=29945 ID XXXXX This is hidden data. Key XXXX-XXXX-XXXX-XXXX This is hidden data. updating REG_DWORD 1 scanreboot REG_DWORD 1 dbversion REG_SZ v2012.09.19.05 programversion REG_SZ 1.65.0.1400 dbdate REG_SZ Wed, 19 Sep 2012 07:28:06 GMT hidereg REG_DWORD 0 startipdisabled REG_DWORD 0 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 downloadprogram REG_DWORD 0 advancedheuristics REG_DWORD 1 detectpup REG_DWORD 2 detectpum REG_DWORD 1 detectp2p REG_DWORD 0 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 notifyinstallprogram REG_DWORD 1 contextmenu REG_DWORD 1 reportthreats REG_DWORD 1 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware\UUID There is data here but it is hidden. HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware language REG_SZ english.lng firstrun REG_DWORD 1 defaultscan REG_DWORD 0 selectedrives REG_SZ C:\|D:\|E:\| terminateie REG_DWORD 1 autosavelog REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 startminimized REG_DWORD 0 autoupdate REG_DWORD 0 autoscan REG_DWORD 0 updatetime REG_DWORD 1 scantime REG_DWORD 1 updating REG_DWORD 1 openlog REG_DWORD 1 alwaysscanstartups REG_DWORD 1 HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 contextmenu REG_DWORD 1 defaultscan REG_DWORD 0 reportthreats REG_DWORD 1 terminateie REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 0 HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 contextmenu REG_DWORD 1 defaultscan REG_DWORD 0 reportthreats REG_DWORD 1 terminateie REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 silentipmode REG_DWORD 0 trialpromptshown REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.4.3 (a) Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Anti-Malware Inno Setup: User REG_SZ Rion Inno Setup: Selected Tasks REG_SZ desktopicon Inno Setup: Deselected Tasks REG_SZ quicklaunchicon Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.0.1400 DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ 1.65.0.1400 Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20120910 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 65 Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ MBAM Drivers: ============= C:\WINDOWS\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0 Required Dependencies: ====================== fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr Description REG_SZ File System Filter Manager Driver DisplayName REG_SZ FltMgr ErrorControl REG_DWORD 1 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Start REG_DWORD 0 Type REG_DWORD 2 Tag REG_DWORD 1 AttachWhenLoaded REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512 C:\WINDOWS\system32\mscomctl.ocx File Size: 1081616 BYTES FileVersion: 6.1.97.82 C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512 List of MBAM Related Directories: ================================= C:\Program Files\Malwarebytes' Anti-Malware unins000.dat File Size: 175715 BYTES mbamnet.dll File Size: 2168392 BYTES FileVersion: 1.62.0.0 mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140 changes.rtf File Size: 785 BYTES mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0 mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0 mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0 mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0 mbamext.dll File Size: 80968 BYTES FileVersion: 1.61.0.0 mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0 mbam.chm File Size: 582708 BYTES license.txt File Size: 11141 BYTES changes.txt File Size: 2780 BYTES unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0 ssubtmr6.dll File Size: 44688 BYTES FileVersion: 1.1.0.3 vbalsgrid6.ocx File Size: 495248 BYTES FileVersion: 2.0.0.40 mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0 unins000.msg File Size: 10550 BYTES C:\Program Files\Malwarebytes' Anti-Malware\Languages russian.lng File Size: 26352 BYTES hungarian.lng File Size: 27548 BYTES serbian.lng File Size: 25970 BYTES slovak.lng File Size: 24752 BYTES ukrainian.lng File Size: 13097 BYTES spanish.lng File Size: 29010 BYTES swedish.lng File Size: 25132 BYTES turkish.lng File Size: 25046 BYTES norwegian.lng File Size: 24216 BYTES arabic.lng File Size: 21110 BYTES bosnian.lng File Size: 26236 BYTES catalan.lng File Size: 27226 BYTES slovenian.lng File Size: 23998 BYTES croatian.lng File Size: 25844 BYTES czech.lng File Size: 23894 BYTES bulgarian.lng File Size: 26678 BYTES danish.lng File Size: 25750 BYTES dutch.lng File Size: 27282 BYTES english.lng File Size: 23742 BYTES estonian.lng File Size: 24112 BYTES finnish.lng File Size: 24990 BYTES french.lng File Size: 28790 BYTES german.lng File Size: 28870 BYTES greek.lng File Size: 28316 BYTES hebrew.lng File Size: 18714 BYTES italian.lng File Size: 27186 BYTES latvian.lng File Size: 26208 BYTES chineseSI.lng File Size: 10642 BYTES lithuanian.lng File Size: 26920 BYTES macedonian.lng File Size: 27830 BYTES chineseTR.lng File Size: 11588 BYTES polish.lng File Size: 25726 BYTES portugueseBR.lng File Size: 27720 BYTES portuguesePT.lng File Size: 28056 BYTES romanian.lng File Size: 27308 BYTES thai.lng File Size: 25190 BYTES vietnamese.lng File Size: 28574 BYTES belarusian.lng File Size: 26026 BYTES korean.lng File Size: 13710 BYTES japanese.lng File Size: 15814 BYTES albanian.lng File Size: 13924 BYTES C:\Program Files\Malwarebytes' Anti-Malware\Chameleon mbam-killer.exe File Size: 984648 BYTES FileVersion: 1.60.0.47 chameleon.chm File Size: 186068 BYTES mbam-chameleon.exe File Size: 218696 BYTES mbam-chameleon.com File Size: 218696 BYTES mbam-chameleon.pif File Size: 218696 BYTES mbam-chameleon.scr File Size: 218696 BYTES svchost.exe File Size: 218696 BYTES firefox.exe File Size: 218696 BYTES firefox.com File Size: 218696 BYTES firefox.pif File Size: 218696 BYTES firefox.scr File Size: 218696 BYTES iexplore.exe File Size: 218696 BYTES winlogon.exe File Size: 218696 BYTES rundll32.exe File Size: 218696 BYTES C:\Documents and Settings\Rion\Application Data\Malwarebytes\Malwarebytes' Anti-Malware C:\Documents and Settings\Rion\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs mbam-log-2009-03-23 (07-04-33).txt File Size: 3733 BYTES mbam-log-2009-03-23 (07-33-02).txt File Size: 1219 BYTES mbam-log-2009-03-23 (08-15-18).txt File Size: 1157 BYTES mbam-log-2009-03-23 (08-19-37).txt File Size: 1157 BYTES mbam-log-2009-03-23 (08-23-42).txt File Size: 1143 BYTES mbam-log-2009-03-23 (09-32-19).txt File Size: 1291 BYTES mbam-log-2010-01-26 (16-10-10).txt File Size: 943 BYTES mbam-log-2010-06-17 (19-19-23).txt File Size: 891 BYTES mbam-log-2010-07-24 (16-25-14).txt File Size: 905 BYTES mbam-log-2010-08-18 (18-02-13).txt File Size: 889 BYTES mbam-log-2010-08-18 (18-03-14).txt File Size: 890 BYTES mbam-log-2010-08-18 (18-31-40).txt File Size: 906 BYTES mbam-log-2010-09-07 (17-24-35).txt File Size: 905 BYTES mbam-log-2011-01-03 (01-49-00).txt File Size: 912 BYTES mbam-log-2011-01-06 (22-54-37).txt File Size: 883 BYTES mbam-log-2011-01-06 (22-57-37).txt File Size: 898 BYTES mbam-log-2011-01-21 (16-20-33).txt File Size: 898 BYTES mbam-log-2011-01-21 (16-42-04).txt File Size: 913 BYTES mbam-log-2011-01-24 (00-44-21).txt File Size: 913 BYTES mbam-log-2011-01-24 (00-46-47).txt File Size: 899 BYTES mbam-log-2011-01-28 (01-19-32).txt File Size: 898 BYTES mbam-log-2011-06-10 (06-51-49).txt File Size: 1127 BYTES mbam-log-2011-07-12 (03-36-20).txt File Size: 1496 BYTES mbam-log-2011-07-12 (04-39-23).txt File Size: 885 BYTES mbam-log-2011-07-12 (04-42-07).txt File Size: 897 BYTES mbam-log-2011-07-26 (16-34-59).txt File Size: 913 BYTES mbam-log-2011-08-26 (22-24-19).txt File Size: 1370 BYTES mbam-log-2011-09-04 (23-27-54).txt File Size: 898 BYTES mbam-log-2011-09-09 (12-50-28).txt File Size: 1038 BYTES mbam-log-2011-09-12 (10-45-00).txt File Size: 899 BYTES mbam-log-2011-10-17 (17-15-11).txt File Size: 913 BYTES mbam-log-2011-11-28 (11-48-20).txt File Size: 915 BYTES mbam-log-2012-01-03 (07-05-20).txt File Size: 1920 BYTES mbam-log-2012-01-03 (07-23-04).txt File Size: 1904 BYTES mbam-log-2012-01-12 (20-59-24).txt File Size: 2418 BYTES mbam-log-2012-01-12 (21-07-20).txt File Size: 1882 BYTES mbam-log-2012-01-12 (21-08-49).txt File Size: 1906 BYTES mbam-log-2012-01-25 (13-00-37).txt File Size: 1880 BYTES mbam-log-2012-02-02 (07-24-00).txt File Size: 1880 BYTES mbam-log-2012-02-07 (12-33-09).txt File Size: 1904 BYTES mbam-log-2012-02-07 (12-43-49).txt File Size: 1904 BYTES mbam-log-2012-03-18 (21-15-07).txt File Size: 1904 BYTES mbam-log-2012-03-18 (21-16-31).txt File Size: 1906 BYTES mbam-log-2012-03-24 (11-29-22).txt File Size: 1884 BYTES mbam-log-2012-04-10 (07-59-16).txt File Size: 1904 BYTES mbam-log-2012-04-30 (16-42-02).txt File Size: 2094 BYTES mbam-log-2012-06-13 (05-28-50).txt File Size: 1882 BYTES mbam-log-2012-06-13 (05-33-44).txt File Size: 1904 BYTES mbam-log-2012-07-17 (01-34-28).txt File Size: 1906 BYTES mbam-log-2012-07-17 (01-36-06).txt File Size: 1906 BYTES mbam-log-2012-07-25 (23-36-45).txt File Size: 2250 BYTES mbam-log-2012-08-06 (20-34-08).txt File Size: 1904 BYTES mbam-log-2012-08-20 (03-54-26).txt File Size: 1904 BYTES mbam-log-2012-09-12 (00-17-17).txt File Size: 1910 BYTES mbam-log-2012-09-13 (16-21-21).txt File Size: 1906 BYTES mbam-log-2012-09-15 (05-04-56).txt File Size: 1908 BYTES mbam-log-2012-09-17 (13-36-31).txt File Size: 1906 BYTES C:\Documents and Settings\Rion\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine QUAR3.18578 File Size: 192 BYTES BACKUP3.18578 File Size: 85 BYTES QUAR3.72880 File Size: 661 BYTES BACKUP3.72880 File Size: 122 BYTES QUAR3.29283 File Size: 382 BYTES BACKUP3.29283 File Size: 168 BYTES QUAR3.18814 File Size: 165 BYTES BACKUP3.18814 File Size: 191 BYTES QUAR3.90667 File Size: 143 BYTES BACKUP3.90667 File Size: 87 BYTES QUAR3.14882 File Size: 196 BYTES BACKUP3.14882 File Size: 124 BYTES QUAR1.17363 File Size: 94724 BYTES BACKUP1.17363 File Size: 68 BYTES QUAR1.12323 File Size: 94724 BYTES BACKUP1.12323 File Size: 68 BYTES QUAR1.81344 File Size: 94724 BYTES BACKUP1.81344 File Size: 68 BYTES QUAR1.62579 File Size: 94724 BYTES BACKUP1.62579 File Size: 68 BYTES QUAR1.15092 File Size: 94724 BYTES BACKUP1.15092 File Size: 68 BYTES QUAR1.63342 File Size: 94724 BYTES BACKUP1.63342 File Size: 68 BYTES QUAR1.84558 File Size: 94724 BYTES BACKUP1.84558 File Size: 68 BYTES QUAR1.50786 File Size: 94724 BYTES BACKUP1.50786 File Size: 68 BYTES BACKUP2.79138 File Size: 103 BYTES BACKUP2.74090 File Size: 121 BYTES BACKUP2.88099 File Size: 126 BYTES QUAR1.43918 File Size: 1776 BYTES BACKUP1.43918 File Size: 135 BYTES QUAR3.21811 File Size: 831 BYTES BACKUP3.21811 File Size: 91 BYTES BACKUP4.57637 File Size: 176 BYTES QUAR1.13868 File Size: 280 BYTES BACKUP1.13868 File Size: 111 BYTES QUAR3.37381 File Size: 2826 BYTES BACKUP3.37381 File Size: 90 BYTES BACKUP4.40230 File Size: 179 BYTES QUAR3.28182 File Size: 156 BYTES BACKUP3.28182 File Size: 98 BYTES QUAR3.47048 File Size: 158 BYTES BACKUP3.47048 File Size: 99 BYTES QUAR1.36734 File Size: 8152 BYTES BACKUP1.36734 File Size: 75 BYTES QUAR1.81641 File Size: 126468 BYTES BACKUP1.81641 File Size: 83 BYTES QUAR3.64056 File Size: 577 BYTES BACKUP3.64056 File Size: 92 BYTES QUAR1.77801 File Size: 19528 BYTES BACKUP1.77801 File Size: 130 BYTES QUAR1.95211 File Size: 20096 BYTES BACKUP1.95211 File Size: 110 BYTES QUAR1.28749 File Size: 91136 BYTES BACKUP1.28749 File Size: 76 BYTES BACKUP4.35422 File Size: 193 BYTES BACKUP4.73602 File Size: 193 BYTES QUAR3.90026 File Size: 278 BYTES BACKUP3.90026 File Size: 144 BYTES BACKUP2.64532 File Size: 82 BYTES QUAR1.64121 File Size: 40489 BYTES BACKUP1.64121 File Size: 96 BYTES QUAR1.92336 File Size: 91136 BYTES BACKUP1.92336 File Size: 114 BYTES QUAR1.90496 File Size: 91136 BYTES BACKUP1.90496 File Size: 114 BYTES QUAR1.59768 File Size: 267442 BYTES BACKUP1.59768 File Size: 117 BYTES QUAR1.32915 File Size: 267442 BYTES BACKUP1.32915 File Size: 117 BYTES QUAR1.41705 File Size: 264704 BYTES BACKUP1.41705 File Size: 145 BYTES 9326624216.data File Size: 916 BYTES 0961083979.data File Size: 813 BYTES 0554451680.data File Size: 779 BYTES 0554451680.quar File Size: 2339840 BYTES 9184066120.data File Size: 832 BYTES 1844460524.data File Size: 741 BYTES 1844460524.quar File Size: 614 BYTES =============================================================== END OF FILE
  5. I ALSO have windowsXP and MB 1.65. I am seeing THE EXACT SAME PROBLEM. I AM ALSO GETTING TIRED OF ALL THE STRANGE STARTUP PROBLEMS WITH THIS PRODUCT!!! A couple of weeks ago the right-click popup menu was not working and it was doing something in the background that bogged my system down for about 5 minutes. It took a week of updates before it finally went away. There are frequently messages at startup about MB failing to take off. So a little more testing on the basics is in order. It sounds like some <expletive> is just ASSUMING certain things work instead of testing them properly, undoubtedly in an effort to save time.
  6. Thanks again, guys! Again this is post fix. Here is the HijackThis file: *********************************************************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:51:55 PM, on 3/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Anvshell.exe C:\WINDOWS\shicoxp.exe C:\WINDOWS\System32\NILaunch.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Dantz\Retrospect\retrorun.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\RION\Application Data\Mozilla\Profiles\default\gy9pacdk.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RION\Application Data\Mozilla\Profiles\default\gy9pacdk.slt\prefs.js) O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\My Program Files\TechSmith\SnagIt6\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\My Program Files\TechSmith\SnagIt6\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [Xerox PanelMgr] C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader80\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\My Program Files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Shortcut to TOTALCMD.lnk = C:\totalcmd\TOTALCMD.EXE O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rion\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: HushEncryptionEngine - https://mailserver5.hushmail.com/shared/Hus...ptionEngine.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- End of file - 7604 bytes *************************************************************************** here is the log file from comfix: **************************************************************************** ComboFix 09-03-22.01 - Rion 2009-03-26 16:48:09.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.186 [GMT -7:00] Running from: e:\installs\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))))) . 2009-03-25 02:10 . 2009-03-25 02:10 <DIR> d-------- c:\program files\Twisted Pair Computer Based Training 2009-03-25 02:10 . 2006-04-19 02:08 68,496 --a------ c:\windows\UnDeploy.exe 2009-03-23 08:58 . 2009-03-23 08:58 <DIR> d-------- c:\program files\Trend Micro 2009-03-23 06:31 . 2009-03-23 06:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-23 06:31 . 2009-03-23 06:31 <DIR> d-------- c:\documents and settings\Rion\Application Data\Malwarebytes 2009-03-23 06:31 . 2009-03-23 06:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-23 06:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-23 06:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-23 04:34 . 2009-03-23 04:34 3,153,920 --a------ c:\windows\system32\secsetup.sdb 2009-03-23 00:49 . 2009-03-23 00:49 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-23 00:41 . 2009-03-23 00:41 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-23 00:41 . 2009-03-23 00:41 <DIR> d-------- c:\program files\AVG 2009-03-23 00:41 . 2009-03-23 00:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-23 00:41 . 2009-03-23 00:41 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-23 00:41 . 2009-03-23 00:41 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-23 00:41 . 2009-03-23 00:41 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-09 04:26 . 2009-03-09 04:26 <DIR> d--hs---- C:\FOUND.004 2009-03-05 04:46 . 2009-03-05 04:46 <DIR> d--hs---- C:\FOUND.003 2009-03-04 00:44 . 2009-03-04 00:44 <DIR> d--hs---- C:\FOUND.002 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-03 01:00 --------- d-----w c:\documents and settings\All Users\Application Data\Comcast 2009-01-17 04:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2008-08-19 01:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080819\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-23_12.58.29.31 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-23 19:57:14 219,244 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-03-26 23:41:54 219,249 ----a-w c:\windows\system32\inetsrv\MetaBase.bin + 2009-03-26 23:37:48 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_1e8.dat + 2009-03-26 23:38:04 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_530.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-11 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Anvshell"="c:\windows\Anvshell.exe" [2002-10-21 331776] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "shicoxp"="c:\windows\shicoxp.exe" [2003-05-14 45056] "Net-It Launcher"="c:\windows\System32\NILaunch.exe" [1998-02-05 24576] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072] "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2005-03-18 589824] "Xerox PanelMgr"="c:\windows\Xerox\PanelMgr\ssmmgr.exe" [2006-12-01 520192] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader80\Reader\Reader_sl.exe" [2008-01-11 39792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016] "QuickTime Task"="c:\my program files\quicktime\qttask.exe" [2008-05-27 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-23 1932568] "nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe] c:\documents and settings\Rion\Start Menu\Programs\Startup\ Shortcut to TOTALCMD.lnk - c:\totalcmd\TOTALCMD.EXE [2003-08-15 691748] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-23 00:41 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\System32\\ftp.exe"= "c:\\WINDOWS\\System32\\mmc.exe"= "c:\\Program Files\\Messenger\\MSMSGS.EXE"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\RC40 Scale\\RC40 Rate Update.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2003-05-09 89749] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-23 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-23 107912] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-23 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-23 298264] R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\drivers\NVTUNEP.SYS [2003-08-15 15968] R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\drivers\NVTVSND.SYS [2003-08-15 13776] S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [2003-08-15 7888] S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2008-07-31 32840] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Rion\Start Menu\Programs\IMVU\Run IMVU.lnk DPF: DirectAnimation Java Classes DPF: HushEncryptionEngine - hxxps://mailserver5.hushmail.com/shared/HushEncryptionEngine.cab DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\Rion\Application Data\Mozilla\Firefox\Profiles\6mo1uipe.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin.dll FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin2.dll FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin3.dll FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin4.dll FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin5.dll FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin6.dll FF - plugin: c:\my program files\quicktime\Plugins\npqtplugin7.dll FF - plugin: c:\program files\Adobe\Reader80\Reader\browser\nppdf32.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-26 16:49:45 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-789336058-287218729-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Completion time: 2009-03-26 16:50:55 ComboFix-quarantined-files.txt 2009-03-26 23:50:54 ComboFix2.txt 2009-03-23 19:59:18 Pre-Run: 5,053,038,592 bytes free Post-Run: 5,146,378,240 bytes free 148 --- E O F --- 2009-03-23 12:15:24
  7. For some unfortunate reason, I am one of the few who end up getting completely ignored! Well, nevertheless, I am really grateful that this forum is here because I found someone with a similar issue where combofix.exe was the recommended solution. I tried it and it seems to have worked. If anyone wants to see the log files afterward, I would be glad to upload.
  8. What symptoms were you having? Since I seem to have the same issue with two registry entries regarding userinit.exe, I am wondering if it might even be the same spyware. In my case, I was watching the registry entries while I ran malwarebytes and tried to delete, but I saw no change. That is, the quarantine and delete operation apparently did nothing. At first I thought that the spyware was somehow restoring the entries, but now I don't think so.
  9. I get alerts about a security problem followed by prompts to download some software. I initially used AVG virus scan version 8.5 and it removed some files, but issue persisted. Rogue spyware type 621? It was also claiming that IEXPLORE.EXE was infected, so I uninstalled IE7, then reinstalled, but issue persists. Then a kind soul suggested your software, which initially found 17 objects and removed, but wait, two reg entries don't seem to change. Issue persists. So here are the logs... sorry about all the extra stuff I have going! ********************************************************************* Malwarebytes' Anti-Malware 1.34 Database version: 1888 Windows 5.1.2600 Service Pack 3 3/23/2009 9:32:19 AM mbam-log-2009-03-23 (09-32-19).txt Scan type: Quick Scan Objects scanned: 70400 Time elapsed: 3 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. [2666712424696817196720701818696620682069192570177125211768717120] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. [2666712424696817196720701818696620682069192570177125211768717120] Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) *************************************************************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:39:36 AM, on 3/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Anvshell.exe C:\WINDOWS\shicoxp.exe C:\WINDOWS\System32\NILaunch.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\totalcmd\TOTALCMD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\RION\Application Data\Mozilla\Profiles\default\gy9pacdk.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RION\Application Data\Mozilla\Profiles\default\gy9pacdk.slt\prefs.js) O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\My Program Files\TechSmith\SnagIt6\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\My Program Files\TechSmith\SnagIt6\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe O4 - HKLM\..\Run: [windows auto update] msblast.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [Xerox PanelMgr] C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe /autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader80\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\My Program Files\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Shortcut to TOTALCMD.lnk = C:\totalcmd\TOTALCMD.EXE O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rion\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: HushEncryptionEngine - https://mailserver5.hushmail.com/shared/Hus...ptionEngine.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- End of file - 7961 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.