Guest HoverButter

I have two questions X.X

14 posts in this topic

Hi guys. I actually posted this on bleepingcomputer.com, but I posted it in the wrong section. My question: Why does Malwarebytes indicate that I'm on [limited] access when I'm scanning as an administrator? For example: http://forums.malwarebytes.org/index.php?showtopic=114233. The log here says "Zeroes :: ROOT [admin]", but when I scan, it says [limited]. Also, after I scan with HJT; when I try to click on AnalyzeThis, it shows me an error that says "No Internet Connection Available". Is the button malfunctioned? I can access the internet perfectly and I don't think it's a malware issue.

Share this post


Link to post
Share on other sites

Hello HoverButter and Welcome to Malwarebytes

In order to assist you better and determine what's really going on if the post you linked to does not answer your question please post the following logs for us to check on for you.

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

Please run a Quick Scan with Malwarebytes and post back that log as well.

Next, Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Thanks

Share this post


Link to post
Share on other sites

Hi AdvancedSetup! Thanks for replying. Logs are attached.

Share this post


Link to post
Share on other sites

Oops, I forgot to attach the dds file.

Share this post


Link to post
Share on other sites

You should back up your registry and then go in and remove all these entries from the compatibility mode in the Registry and then reboot and see if you're still having an issue or not.

If you need further directions please let us know.

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

c:\program files (x86)\warcraft iii\war3.exeREG_SZ DISABLEUSERCALLBACKEXCEPTION

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\OGPlanet\RumbleFighter\RUMBLEFIGHTER.EXEREG_SZ DISABLEUSERCALLBACKEXCEPTION

C:\Users\Owner\Desktop\mmSeq120b7-Setup.exeREG_SZ WINXPSP2

C:\Program Files (x86)\Than Long\Uninstal.exeREG_SZ WINXPSP2

C:\Users\Owner\Desktop\Skype PTT 1.01 Beta\SkypePTT.exeREG_SZ RUNASADMIN

C:\Users\Owner\Desktop\WinRAR\Game Boy Advance\VisualBoyAdvance.exeREG_SZ RUNASADMIN

C:\Users\Owner\Documents\A+\Games\3MLE\3MLE.exeREG_SZ VISTASETUP RUNASADMIN

C:\Users\Owner\AppData\Local\Temp\Temporary Internet Files\Content.IE5\7ARG32CN\startuplite-setup-1.07.exeREG_SZ VISTARTM

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files (x86)\OGPlanet\RumbleFighter\RumbleLauncher.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\OGPlanet\RumbleFighter\gemdumploader.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\OGPlanet\RumbleFighter\rumblefighter.exeREG_SZ RUNASADMIN

SIGN.MEDIA=18A6224 NEBULA\nebula.exeREG_SZ #

C:\Program Files\FRAPS\fraps.exeREG_SZ RUNASADMIN

C:\Users\Owner\Desktop\VirtualDub\Veedub64.exeREG_SZ RUNASADMIN

C:\Program Files\Riot Games\League of Legends\lol.launcher.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\Warcraft III\Frozen Throne.exeREG_SZ RUNASADMIN

C:\Users\Owner\Desktop\NOBODY.exeREG_SZ RUNASADMIN

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXEREG_SZ RUNASADMIN

C:\Users\Owner\Desktop\WinRAR\Game Boy Advance\VisualBoyAdvance.exeREG_SZ WINXPSP3

C:\Program Files (x86)\Kill3rCombo\Elsword\elsword.exeREG_SZ WINXPSP3 RUNASADMIN

C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\Silkroad\sro_client.exeREG_SZ ELEVATECREATEPROCESS

C:\Users\Owner\Documents\A+\Tool\Magnifier.exeREG_SZ WINXPSP2

C:\Program Files (x86)\Planetside 2\LaunchPad.exeREG_SZ DISABLETHEMES DISABLEDWM RUNASADMIN

C:\Program Files (x86)\Planetside 2\PlanetSide2.exeREG_SZ DISABLEDWM

C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exeREG_SZ DISABLEDWM

C:\Program Files (x86)\GooTool\bin\gootool.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\CCleaner\CCleaner64.exeREG_SZ RUNASADMIN

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files (x86)\BrawlBusters(EN)CBT\bin\PbLauncher.exeREG_SZ RUNASADMIN

Share this post


Link to post
Share on other sites

Yay! I removed the registry files and mbam is scanning as administrator now :D I just have a few more questions.

Is it malware that added those registry files?

Is it ok for me to delete registry files in regedit at a later time (the registry files you listed were all the files in those particular folders)?

Is the HJT problem normal?

I have a long startup time, even though there's few startup items in msconfig and nothing on startuplite that indicates unnecessary startups. Someone suggested me to use http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx. I've only deleted a few entries that I know are safe. Sometimes I have a drastically longer startup time and the screen will flicker for 1 second. I'm not sure if that indicates hardware failure. Thanks for your help!

Share this post


Link to post
Share on other sites

Oops, I have one more question. :o

Before and after the registry fix, Malwarebytes' quick scan would freeze at ~17 seconds, scanning around ~1160 files and unpause at ~39 seconds at ~1200 files (this only applies to the first scan after rebooting; first scan would take around 3 mins and subsequent scans are dramatically faster finishing in 48 seconds). The number of scanned files seem to fluctuate depending on the scan. No scan has the same number of files scanned. Is this normal?

Share this post


Link to post
Share on other sites

I forgot to include that before registry deletion, my mbam definition updates were quite small (~6-7 kb). Now it downloads 6679.41 mb every time.

Share this post


Link to post
Share on other sites

Well I don't suggest using MSCONFIG as a Startup Manager. It is a diagnostic tool that can't easily be used as a diagnostic tool when it's being used as a startup manager tool.

I would recommend this tool (which may be what you linked to but your link is broken) Autoruns for Windows - By Mark Russinovich and Bryce Cogswell

In any case... it sounds like you might possibly have a bit more going on there that may require Expert assistance. Please follow the advice from here: Available Assistance for Possibly Infected Computers and one of the Experts will help you check on your system further.

Thanks

Share this post


Link to post
Share on other sites

Well I don't suggest using MSCONFIG as a Startup Manager. It is a diagnostic tool that can't easily be used as a diagnostic tool when it's being used as a startup manager tool.

I would recommend this tool (which may be what you linked to but your link is broken) Autoruns for Windows - By Mark Russinovich and Bryce Cogswell

In any case... it sounds like you might possibly have a bit more going on there that may require Expert assistance. Please follow the advice from here: Available Assistance for Possibly Infected Computers and one of the Experts will help you check on your system further.

Thanks

Yeah, that's the link xD. I guess I'll go with option 1.

Share this post


Link to post
Share on other sites

MBAM is running as [limited] again. I don't know what's going on. :mellow:

Share this post


Link to post
Share on other sites

Oh, sorry. Thanks for your help AdvancedSetup!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.