Jump to content

legaldeejay

Honorary Members
  • Posts

    61
  • Joined

  • Last visited

Everything posted by legaldeejay

  1. Waiting this long for a response as a paid lifetime Premium user is not reasonable, IMO. There should be a customer or technical support phone number for Premium users. Now my computer is at risk for exposure to malware until this is resolved.
  2. I submitted a support ticket and am waiting for a response. Today my version of Malwarebytes went from Premium to Free. When I tried to activate with my license info, a message appeared saying I have hit my device limit. So when I go to sign into my account to Manage Devices, I already see a different email address. After I enter my account with my credentials, it says I have no Subscriptions and I have no way to Managing my devices. I suspect the hacker is using my license on whatever devices they have. My license is already registered so now I am stuck without Malwarebytes Premium. Any suggestions while I wait for the Support team to assist?
  3. Hello. I am using Windows XP with Malwarebytes 1.75. I have created a partition on my hard drive for Windows 7 so that I can dual boot as I prepare to transition to Windows 7. When installing the latest version of Malwarebytes on the Windows 7 partition, it will not let me activate my license. It shows the error "The usage level has exceeded the max volume allowed". I do not yet want to uninstall Malwarebytes from the XP partition because I am still using XP. How can I activate my license on Windows 7 while I am still using it on XP on the same computer? Thanks.
  4. See attached files. In Doc1, this is what the Automated Scheduling Screen looks like below. For Threat Scan, under Frequency, it indicates repeat every 0 weeks. Now, when putting a check mark in the box for the Threat Scan option, and selecting Edit above, this is what appears in Doc2. Notice that the recurrence is actually 1 week, not 0 weeks. When clicking Ok, the prior screen will then say repeat every 1 week, BUT, if restarting the computer, that screen will again say 0 weeks. So it appears this is a cosmetic bug. The dashboard indicates the next scan will be a week after the prior one. See Doc 3. Also, note that this is the latest version 1012, not 1004. And this is happening on 2 XP machines and one Windows 7 machine. Seems improbable that I should have to do clean reinstalls on 3 machinesDoc1.rtfDoc2.rtfDoc3.rtf
  5. Yes, those options are there. The problem is that it is not saving if I choose, for example, every 2 weeks after I restart the computer. It seems to default to 1 week. I suppose it doesn't matter because I would not have it wait that long. Just noticing this behavior on testing. But even when setting it to every week, it will show as repeating every 0 weeks when going to the Automated scheduling section after restarting. However, when going to Edit, it says every week and Dashboard indicates the next week.
  6. OK, well what I just described still exists after updating. It will not allow weekly scans for more than once per week (i.e. does not allow every 2 weeks, 3 weeks, etc.)
  7. OK, thanks. I manually updated on the Malwarebytes site. Should the "clean reinstall" instructions fix the issues I am having on all 3 computers where it it still saying "Repeats once every 0 week(s)" in the Automated Scheduling section, but it is actually still set for once per week, and should this fix the other issue where I cannot set it to scan more than every week?
  8. Before I do this, why didn't it update automatically from 1004 to 1012? I have 2 machines with XP and one with Windows 7 and none of them automatically updated. They all still have 1004, and I cannot find any option to manually update the program. I only see the option to manually update the database.
  9. There appears to be problems with Automated Scheduling. If I set it to scan at 2:00 a.m. once a week, it will start at 1:45 a.m. Also, the Dashboard says next scan will be in a week at 2:01:45 a.m., but the Automated Scheduling section says 2:00 a.m. Also, if I Malwarebytes exits, such as when restarting the computer, if I go into the Automated Scheduling section, under the Frequency column of the table, it says "Repeats once every 0 week(s)". But when going to Edit, it appears it is actually still set for once per week. Also, it will not let me set it for more than once per week. If I set it, for example, to scan every 2 weeks, and then if I restart the computer or otherwise exit the program, and then go back to the Automated Scheduling section, it says "Repeats once every 0 week(s)". But when going to Edit, it is set for once per week. Please advise. I have tested this on 2 separate computers with XP (yes, I know I should be upgrading the OS, but that is not the issue, unless the reasons for these problems have to do with XP) Thanks.
  10. Yes, I appreciate the offer of help, but I've gone through all the steps for eliminating infections in the past and have eliminated them.
  11. And regardless of the issue of infection, there should still be the option to disable the notifications like the last version. But I am confident I am not infected as it only happens when going to certain sites.
  12. Yes, when browsing. Under the old version, you could disable showing notifications while keeping the protection enabled.
  13. OK, so new version 2.0.1.1004 does not have the option to disable the popups advising of malicious websites. You can only either enable or disable the protection. Please add this feature soon as the popups are getting unbearable.
  14. I noticed that if I exit the program from the system tray, then restart it, it starts with protection completely disabled, and then you have to check filesystem protection which will then enable all protection including website blocking. I have XP. Is this normal?
  15. I got a new Blackberry which came out in June in the U.S. To sync data on a PC, you have to use new software called Blackberry Link. However, after installing this on a machine with XP, when rebooting, it prevents website blocking from working. To get it working, I have to exit Malwarebytes and open it again. Then all protection is disabled but then checking filesystem protection enables all protection. The problem goes away after uninstalling this program and Malwarebytes then functions normally. Can anyone here do a test of this software? Here is the link: http://us.blackberry.com/software/blackberry-link.html
  16. I have another question. Assuming MalwareBytes was enabled and working the way it was supposed to, and I also have Avast anti-virus software, how does a rootkit like still still infect a system?
  17. Hi, I decided to do a reformat. I can't even do a System Restore now. This tells me I should be starting over. Thank you for your assistance.
  18. Now the process is getting frustrating because there seems to be no reason for IE8 to now suddenly be behaving like this, unless it's due to the rootkit which was removed. If I do a System Restore, will I have to do all the tests again? Sorry about the rant.
  19. Still no changes. Here is the log. OK for me to do System Restore? ComboFix 13-07-09.01 - Andrew 07/11/2013 6:58.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2036.1517 [GMT -4:00] Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Andrew\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\out.txt . . ((((((((((((((((((((((((( Files Created from 2013-06-11 to 2013-07-11 ))))))))))))))))))))))))))))))) . . 2013-07-11 06:20 . 2013-07-11 06:21 -------- dc-h--w- c:\windows\ie8 2013-07-11 06:14 . 2013-07-11 06:14 -------- d-----w- c:\program files\Microsoft Download Manager 2013-07-11 02:21 . 2013-07-11 02:21 -------- d-----w- c:\windows\ERUNT 2013-07-10 04:26 . 2013-07-10 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak 2013-06-14 10:00 . 2013-06-15 04:29 -------- d-----w- c:\documents and settings\Andrew\Application Data\Research In Motion 2013-06-12 10:05 . 2013-06-14 10:00 -------- d-----w- c:\documents and settings\Andrew\Application Data\XCPCSync.OEM 2013-06-12 05:54 . 2008-04-14 04:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys 2013-06-12 05:54 . 2008-04-14 04:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys 2013-06-12 05:45 . 2013-06-12 05:45 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Research In Motion 2013-06-12 05:44 . 2008-03-21 17:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2013-06-12 05:43 . 2013-06-12 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion 2013-06-12 05:42 . 2013-06-14 09:58 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-27 20:19 . 2013-03-06 04:51 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-27 20:19 . 2011-08-23 01:43 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-27 20:19 . 2011-08-23 01:43 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-08 03:55 . 2008-04-14 04:07 385024 ------w- c:\windows\system32\html.iec 2013-06-07 21:56 . 2008-04-14 09:42 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56 . 2008-04-14 09:41 43520 ------w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-06-04 21:12 . 2013-06-04 21:12 12800 ----a-w- c:\windows\system32\drivers\rimvndis.sys 2013-06-04 07:23 . 2008-04-14 09:42 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40 . 2008-04-14 05:00 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-05-23 13:56 . 2013-05-23 13:56 507904 ----a-r- c:\windows\system32\btwapi.dll 2013-05-13 03:05 . 2012-07-25 01:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-13 03:05 . 2011-08-23 03:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-09 08:59 . 2013-03-06 04:50 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2011-08-23 01:43 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2013-03-06 04:50 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59 . 2011-08-23 01:43 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-05-09 08:59 . 2011-08-23 01:43 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:58 . 2011-08-23 01:43 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2011-08-23 01:43 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-09 04:28 . 2006-10-19 01:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-05-03 01:30 . 2008-04-14 04:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2006-05-03 15:06 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 16:47 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 18:30 216064 --sha-r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-10 05:37 130736 ----a-w- c:\documents and settings\Andrew\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Copernic Desktop Search 2"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-03-03 1583624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2013-03-07 1081856] "RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-03-06 442896] "RIM PeerManager"="c:\program files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2013-06-04 4273664] . c:\documents and settings\Andrew\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2011-8-22 60416] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PictureMover.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snapfish PictureMover.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk backup=c:\windows\pss\Snapfish PictureMover.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^Dropbox.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^Free Music Zilla.lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3520 series.lnk] path=c:\documents and settings\Andrew\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk backup=c:\windows\pss\Monitor Ink Alerts - HP Deskjet 3520 series.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-01-28 17:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck] 2007-11-06 15:08 397312 ------w- c:\program files\Creative\ZEN Media Explorer\CTCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] 2007-07-17 15:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2007-08-30 09:23 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCopy Scan Inbox Monitor] 2008-01-29 22:40 79112 ----a-w- c:\program files\eCopy\Desktop 9.2\Bin\InboxMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDP2eD] 2008-01-29 22:28 144648 ----a-w- c:\program files\eCopy\Desktop 9.2\Bin\eDP2eD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-07-12 04:00 162584 ----a-r- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2001-12-14 16:17 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-07-12 04:00 142104 ----a-r- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2008-10-24 13:14 206112 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2008-10-24 13:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-02-20 16:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-07-12 04:00 138008 ----a-r- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] 2007-07-27 13:10 1133040 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2007-08-09 16:07 227824 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"= "c:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxLiveShare9.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Andrew\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3/6/2013 12:50 AM 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3/6/2013 12:51 AM 175176] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/22/2011 9:43 PM 770344] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/22/2011 9:43 PM 369584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/22/2011 9:43 PM 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/6/2013 12:50 AM 66336] R2 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [3/6/2013 3:24 PM 585728] R2 RIM MDNS;RIM MDNS;c:\program files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [6/4/2013 5:13 PM 389632] R3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [8/16/2012 6:01 AM 86656] R3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [8/16/2012 6:01 AM 28928] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/10/2012 11:16 PM 418376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/5/2012 8:05 AM 701512] S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [6/4/2013 5:13 PM 1263616] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/7/2012 12:38 AM 1691480] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/22/2011 9:48 PM 22856] S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\drivers\rimvndis.sys [6/4/2013 5:12 PM 12800] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-20 19:03 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-10 c:\windows\Tasks\0day CD Pool Search.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-07-07 c:\windows\Tasks\Avast Report.job - c:\documents and settings\All Users\Application Data\AVAST Software\Avast\report\Full System Scan.txt [2012-03-26 02:13] . 2013-07-11 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-01 08:58] . 2013-06-18 c:\windows\Tasks\Beatport.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2013-06-28 c:\windows\Tasks\CCleaner Update.job - c:\program files\CCleaner\CCleaner.exe [2013-06-19 14:13] . 2013-07-11 c:\windows\Tasks\CCleaner.job - c:\program files\CCleaner\CCleaner.exe [2013-06-19 14:13] . 2013-07-11 c:\windows\Tasks\CD Pool Usenet.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-07-11 c:\windows\Tasks\Crooklyn Clan DJZ.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-07-09 c:\windows\Tasks\Crooklyn Clan Soundarea.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2013-07-10 c:\windows\Tasks\Crooklyn Clan TJ's.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2013-07-08 c:\windows\Tasks\DJ Robson Michel.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-07-08 c:\windows\Tasks\DMC FilesTube.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-06-28 c:\windows\Tasks\Funkymix DJZ.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-06-27 c:\windows\Tasks\Funkymix Soundarea.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2013-06-28 c:\windows\Tasks\Funkymix TJ's.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2013-07-07 c:\windows\Tasks\GetRight.job - c:\program files\GetRight\GetRight.exe [2012-04-25 20:16] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 01:43] . 2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 01:43] . 2013-06-28 c:\windows\Tasks\Mastermix FilesTube.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-06-28 c:\windows\Tasks\Pulse87.job - c:\program files\Streamripper\streamripper.exe [2009-03-31 04:10] . 2013-07-07 c:\windows\Tasks\shutdown.job - c:\windows\system32\shutdown.exe [2008-04-14 09:42] . 2013-07-10 c:\windows\Tasks\Soundz for the People DJZ.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-07-11 c:\windows\Tasks\Soundz for the People Soundarea.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2013-07-10 c:\windows\Tasks\Soundz for the People TJ's.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2013-07-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-08-24 19:31] . 2013-06-28 c:\windows\Tasks\Spywareblaster.job - c:\program files\SpywareBlaster\spywareblaster.exe [2011-08-23 19:29] . 2013-07-11 c:\windows\Tasks\SyncBack Backup Mp3 Files.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-09-01 19:42] . 2013-07-11 c:\windows\Tasks\SyncBack Backup.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-09-01 19:42] . 2013-07-11 c:\windows\Tasks\Tiesto Club Life.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-07-07 c:\windows\Tasks\Ultimix DJZ.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-07-08 c:\windows\Tasks\Ultimix Soundarea.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2013-07-07 c:\windows\Tasks\Ultimix TJ's.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2012-04-29 c:\windows\Tasks\Winamp.job - c:\program files\Winamp\winamp.exe [2011-10-26 18:49] . 2013-07-07 c:\windows\Tasks\X-Mix Dance DJZ.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-07-08 c:\windows\Tasks\X-Mix Dance Soundarea.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2013-07-08 c:\windows\Tasks\X-Mix TJ's.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . 2013-07-07 c:\windows\Tasks\X-Mix Urban DJZ.job - c:\program files\Internet Explorer\iexplore.exe [2011-08-23 18:09] . 2013-07-08 c:\windows\Tasks\X-Mix Urban Soundarea.job - c:\program files\Mozilla Firefox\firefox.exe [2013-06-26 02:52] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\haz9lobr.default\ FF - prefs.js: network.proxy.ftp - 116.236.216.116 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - 116.228.143.186 FF - prefs.js: network.proxy.gopher_port - 80 FF - prefs.js: network.proxy.http - 116.236.216.116 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 116.236.216.116 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 116.236.216.116 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-68556778.sys SafeBoot-79053961.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-11 07:02 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-07-11 07:05:31 ComboFix-quarantined-files.txt 2013-07-11 11:05 . Pre-Run: 221,391,306,752 bytes free Post-Run: 221,398,990,848 bytes free . - - End Of File - - DD0ACA124E6B4C03CF47D38DC5FAB027 8F558EB6672622401DA993E1E865C861
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.