Search the Community

It used to be ON. I am able to turn that back on and it sticks, and PC seems to be fine, but how did it get turned off? Scarry!

I can confirm that this issue is to do with Windows 10 and Cloning your OS. I know this thread is dead but I found it and wanted to give advice to anyone else that comes across it. If you have this issue, the best way to fix is to remove all the software. You can use something like Revo Uninstaller to make sure every trace is gone. Then reinstall. It's a hassle but it seemed to have fixed it for me.

Hi, gang. I'm a licensed user of Malwarebytes Premium 3.7.1. Under Settings > Protection tab > Startup Options, I've chosen "Start Malwarebytes at Windows startup." https://imgur.com/OA5yLhd (screenshot) However, Malwarebytes won't load with Windows unless I manually add a program shortcut to the Windows Start Menu. Obviously, this isn't a pressing issue, but if I've overlooked a software setting, I'd appreciate it if you would let me know. Kind thanks, Brooks Windows 10 Pro x64 (release 1809) Malwarebytes Premium 3.7.1

Hi guys. you can consider for the antimalware starts with the system in the free version , once you completed the 14 days off, and stay icon on the taskbar?

Hi there I found this thread on google. I am another customer of cloudsouth and I had similar issues in past, So I hope my information may help you in fixing the problem. Two times my server has been infected by this virus. Both time I had to format all hard drives and re-install windows. both times I sent passwords in ticket to support and I believe the hacker stole the password from ticketing system. In event viewer I saw IP address from Russia logged to my server, The IP belonged to a VPN service provider. Probably the hacker hiding behind a VPN. on Nov-2017 the hacker logged into my server and installed the below malware. I believe this is the same hacker that install on OP server as well. He download the virus from below link http://baterky-noze.sk/cache/work.exe https://www.virustotal.com/#/file/2f41840b1780ab42d1b20036a7b6b04ea84e655013d67b98c215c24a4d4223cb/detection on May-2018 he logged into my server again and he installed this malware. He executed this application on my server but he forgot to fully remove it. I uploaded it to virus total. https://www.virustotal.com/#/file/d5e28c675d4f467cb1e917818480396e992ffd1515399b4eadd3adec4031d92e/detection I tried Avast, McAfee and AVG, All of them find and remove the virus but the virus will return the next day.

Hello, for a while now I have problems with some miners . Idk if its worldwide or they are targeting just https://www.cloudsouth.com/ I have 20+ servers from them and most of them are with miners. I reinstalled the OS a few times and soon after the servers will become infected again. I think they are bruteforcing them. I started using 24 characters for passwords on newly reinstalled servers. Here's a report from malwarebytes. (attached below) Even if malwarebytes cleaned the system, and a new check will result in a "clean" pc, the virus is still there and its not being detected. If I open Task Manager , the virus will instantly pause itself and the pc/server will start working normally. A few minutes later the virus will close the task manager and it will start itself. The pc/server will start to lag hard as the virus is using 90% of cpu when its running. Doing a virus scan without opening task manager is impossible. It won't even start. the pc is lagging that hard. Updated windows defender won't pick it up either. In task manager is using some of the following names SHELLEXPERIENCEHOST1.EXE Windowsshellexperiencehost.exe Windowsshellexperiencehoste.exe Windowsshellexperiencehostp.exe Any idea how can I remove these pesky miners? I can provider access via RDP to some infected servers. NP Bitcoin miners report.txt

mb-check-results.zip

Hello, I have found on the task manager five windows process managers (32 bit) Every time I launch a game on steam, one or two of them would suddenly jump from 60% to 80% CPU usage. I have searched for a solution, scanned with malware-bytes free and adware cleaner, but nothing worked. Then I got mbar, but it just does not start. When I launch it, it would ask for administrator permission, and then nothing would happen. Malwarebytes log Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 12/22/17 Scan Time: 9:43 AM Log File: 6cf58efe-e726-11e7-901b-4ccc6a8170c6.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3543 License: Free -System Information- OS: Windows 10 (Build 15063.786) CPU: x64 File System: NTFS User: MSI\Legitozone (H) -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 351463 Threats Detected: 5 Threats Quarantined: 3 Time Elapsed: 3 min, 52 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 5 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXF.DLL, Removal Failed, [1136], [296186],1.0.3543 PUP.Optional.RelevantKnowledge, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\TEMP\~OSCD9C.TMP\RLXG.DLL, Removal Failed, [1136], [296186],1.0.3543 PUP.Optional.Conduit, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Sync Data\SyncData.sqlite3, Replaced, [532], [454835],1.0.3543 PUP.Optional.Conduit, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Web Data, Replaced, [532], [454835],1.0.3543 PUP.Optional.Trovi, C:\USERS\LEGITOZONE (H)\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Web Data, Replaced, [4703], [454808],1.0.3543 Physical Sector: 0 (No malicious items detected) (end) Adwarecleaner log # AdwCleaner 7.0.4.0 - Logfile created on Fri Dec 22 14:57:08 2017 # Updated on 2017/27/10 by Malwarebytes # Database: 12-21-2017.1 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy, C:\ProgramData\Tencent PUP.Optional.Legacy, C:\ProgramData\Application Data\Tencent PUP.Optional.Legacy, C:\Users\All Users\Tencent ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [2112 B] - [2017/11/2 23:13:50] C:/AdwCleaner/AdwCleaner[C1].txt - [1556 B] - [2017/11/26 5:31:49] C:/AdwCleaner/AdwCleaner[C2].txt - [1564 B] - [2017/11/27 15:30:46] C:/AdwCleaner/AdwCleaner[S0].txt - [2059 B] - [2017/11/2 23:13:30] C:/AdwCleaner/AdwCleaner[S1].txt - [1590 B] - [2017/11/26 5:25:15] C:/AdwCleaner/AdwCleaner[S2].txt - [1449 B] - [2017/11/26 5:28:29] C:/AdwCleaner/AdwCleaner[S3].txt - [1414 B] - [2017/11/27 15:29:53] C:/AdwCleaner/AdwCleaner[S4].txt - [1423 B] - [2017/12/1 21:59:41] C:/AdwCleaner/AdwCleaner[S5].txt - [1491 B] - [2017/12/2 15:42:21] C:/AdwCleaner/AdwCleaner[S6].txt - [1559 B] - [2017/12/6 19:20:20] C:/AdwCleaner/AdwCleaner[S7].txt - [1627 B] - [2017/12/10 2:8:35] C:/AdwCleaner/AdwCleaner[S8].txt - [1823 B] - [2017/12/22 14:35:53] ########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt ##########

Even though it's turned ON in the Startup Options in the settings, Malwarebytes will not start with my Windows 10 on startup. Any suggestions to resolve? Thank you.

Can't run or uninstall malwarebytes. File addition.txt -FRST- attached. Request help Addition.txt

Hi, My issue is the same as almost everyone else here. I have MB Pro and just updated to the latest edition. Now, I get a "Cannot connect to service" error notice when I try to open it. And I cannot uninstall it. I have used MBAM-clean and it does nothing. When can we expect this issue to be fixed? Thanks, Paul

I've been using MBAM Premium 3.0.6 on Windows 10. Today I downloaded and installed ARW beta 8 from the Malwarebytes site . The version showed as 0.9.17.661. ARW appeared in my ProgramFiles folder but when I tried to start it, I got the message "Unable to start - unable to connect to Service". I also found that my MBAM Premium would not open after installing ARW. I tried to uninstall ARW, and that seemed to work, but MBAM still won't start. I get the error that three dll's are missing. Thos dll's are - IPHLPAPI.dll - MPR.dll - and NETAPI32.dll - all with the recommendation that I should "reinstall the program". Which program does this instruction refer to - MBAM itself, or the individual dll's? And if it's the dll's, where do I find these?

MBARW fails to start following latest patches to Windows 10 Anniversary Update (1607). Security updates installed 8/10/2016. After that , can't start protection. I have uninstalled and reinstalled twice with no luck.

When i start up my computer the icon appears in the taskbar after about 10 seconds. When I click this icon the dialogue box appears. Sometimes the app is enabled and other times it is disabled. When I press Fix the app is enabled. It would be better if the app was enabled at each start up. My work around seems to work each time.

I upgraded from Windows 7 to Windows 10 recently. Noticed yesterday that MBAM was not starting and showing up in the system tray automatically, at boot-up. I did the following: Ran the Clean Removal ProcessDownloaded and installed the latest versionEntered registration informationPerformed several shut-down/start-ups, MBAM started as expectedRan a full scan - removed several PUP's - restart required to complete cleanupUpon that restart, MBAM is once again NOT loading at Windows startup.MBAM starts OK when selected from the Start menu list of apps. The "Start MBAM with Windows" and all protections are enabled, as well as self-protection and self-protection early start. Yet, it doesn't start when first entering Windows. Thanks in advance for any guidance you can provide.

I have used your software for several years. It has helped me with plenty of jobs. I thank you for that because I have never paid a penny which I am grateful for. Before you released the needless flashy interface that screams, "BUY MORE STUFF!" there was something of great concern to me that caused me to remove the software installed on my system. Last year I used your software to scan a newly installed Win Vista with both service packs installed offline from packages downloaded from Microsoft. Never connected to the internet. Once I did connect I installed FIrefox and then Malware Bytes was downloaded and updated. On it's first scan it showed everything was fine. Now the computer is not on the internet and the only website visited (or manually entered) was malwarebytes.org. Computer was offline for a few days. Nothing in the My Documents folder, nothing anywhere. PC wasn't being used. I ran a scan on it before downloading an additional scanner and Malware bytes found "malware" that is labled on the internet as "fake virus" in My Documents folder? The only software installed was Malware bytes. I never came here and mentioned it because a website had mentioned that out of all the programs out there, the people running Malware bytes were fighting the good fight. In Windows 7 you have the option of selecting what items to show in your start menu. When I select to not show My Computer I should never have to be told by my virus scanner that something hijacked my start menu. There is nothing there, nothing is being removed it just sets it back to show My Computer again. I can view My Computer just fine when I click on my User Account name in the start menu that brings me to the computer browser with a menu on the left that shows not only my computer by control panel as well. The locked topic on these forums that explains the issue described in this paragraph fails to mention it. May be true and you're fighting the good fight under the radar and the scanner is great but I can take one look at your new interface and see Malware Bytes riding the fine line between selling out and staying true to the concept their program relies on. I am weary of your software since my experience last year; FInding malware on a fresh OS (which I have setup 1,000's of times in my short life) sitting in the My Documents folder. Best of luck to you Malware Bytes. Keep fighting the good fight. For the sake of the internet and the freedom to use it.

Hello everyone! I'm currently using Malwarebytes free version, but sometimes, the program open by itself and updates automatically. Is that normal? Sometimes it's annoying, when I'm running a program in fullscreen. Thank you for the help.

I have been running premium for almost a year with great results. The other day I received a fake Java update notice (with the Java icon and everything". I clicked okay and started installing a bunch of crap, disabled Mbam and now it won't run. Tried uninstall re-install in safe mode even purchased a new Mbam premium down load and can't install it. Multiple run time errors during install. Mbam won't launch upon completion and several redirects to fake "your system is infected ransom sites". They What to do?

As the title says, malwarebytes WONT start. When clicking on the .exe, it opens as a process in task manager, then closes immdietly. I have done a small scan with Malwarebytes anti rootkit, however mid scan I cancelled to post a topic, as the warning scared me a bit. Please help. Thank you!

My Vista laptoop Has been having troubles, but I have been able to get on up til now. Today I was able to get to the Windows signon, then sighnon, but then the computer went into an endless 'welcome' loop. Eventually forced shutdown. Have tried to get on in Safe Mode. Same thing Finally I got the following Windows error message: The instruction at 0x00bf1e8e referenced memory at 0x000001fe. The memory could not be written. Click OK to terminate program. Anyone got any ideas as to how to get past this? Thanks

Pro version. In an office of 10+ computers, several with XP SP3, I find myself as the only one dealing with this recent update problem. Icon remains grayed out, cannot enable services even with clicking on them directly. Starts grayed out with windows. Have tried multiple restarts, have done uninstall (with clean tool) and reinstall. Termincal services is automatic. Attached info that seems necessary. Only have 2 protection logs present. Looking for immediate assistance. Thanks. ------------- mbam-check result log version: 1.10.0.1000 Malwarebytes Version: REG_SZ 1.65.0.1400 Date Log Created: 09/13/12 Time Log Created: 10:29:20 32 bit Operating System Product Name: REG_SZ Microsoft Windows XP Current Build Number: 2600 Current Version Number: 5.1 Current CSDVersion: Service Pack 3 OS Product Info: Professional Proxy Status: No proxy is Set Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ <local> LAN Settings: ============= No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 4 (The service is running.) (State is stopped) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 2 (Automatic Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers c:\Program Files\Kofax\ImgCtls\bin\Vrs.ScanApp.Admin.exeREG_SZ RUNASADMIN c:\Program Files\Kofax\ImgCtls\DesktopProductivity\bin\Vrs.ScanApp.Admin.exeREG_SZ RUNASADMIN C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exeREG_SZ EnableNXShowUI HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers c:\Program Files\Kofax\ImgCtls\bin\Vrs.ScanApp.Admin.exeREG_SZ RUNASADMIN c:\Program Files\Kofax\ImgCtls\DesktopProductivity\bin\Vrs.ScanApp.Admin.exeREG_SZ RUNASADMIN Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: ===================== Service and Driver Status: ========================== MBAMProtector: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMService: ============== Type : 16 State : 4 (The service is running.) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr DependOnGroup REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum 0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector DependOnGroup REG_DWORD 0 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum 0 REG_SZ Root\LEGACY_MBAMSERVICE\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware advancedheuristics REG_DWORD 1 downloadprogram REG_DWORD 1 hidereg REG_DWORD 0 detectp2p REG_DWORD 0 detectpum REG_DWORD 1 detectpup REG_DWORD 2 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 contextmenu REG_DWORD 1 reportthreats REG_DWORD 0 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 startipdisabled REG_DWORD 0 silentipmode REG_DWORD 0 notifyinstallprogram REG_DWORD 1 trialpromptshown REG_DWORD 0 InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware dbdate REG_SZ Thu, 13 Sep 2012 13:41:54 GMT dbversion REG_SZ v2012.09.13.07 programversion REG_SZ 1.65.0.1400 ID XXXXX-XXXXX This is hidden data. Key XXXX-XXXX-XXXX-XXXX This is hidden data. SchedulerQueue REG_MULTI_SZ 6148, 30249149, 994728896, 1, 23 | 30249395, 1522243132 HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 0 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 Language REG_SZ English.lng selectedrives REG_SZ C:\| HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 0 terminateie REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.4.3 (a) Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware Inno Setup: User REG_SZ conport Inno Setup: Selected Tasks REG_DWORD 0 Inno Setup: Deselected Tasks REG_SZ desktopicon,quicklaunchicon Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.0.1400 DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ 1.65.0.1400 Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20120912 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 65 Scheduler Queue: ================ Scheduled Item: Update Schedule Options: | Daily | Random Start Time: 2012-09-12 08:04 Repeating Every: 1 Recover if missed by: 23 Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ MBAM Drivers: ============= C:\WINDOWS\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0 Required Dependencies: ====================== fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr Type REG_DWORD 2 Start REG_DWORD 0 ErrorControl REG_DWORD 1 Tag REG_DWORD 1 ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys DisplayName REG_SZ FltMgr Group REG_SZ FSFilter Infrastructure Description REG_SZ File System Filter Manager Driver AttachWhenLoaded REG_DWORD 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512 C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5 C:\WINDOWS\system32\mscomctl.ocx File Size: 1070352 BYTES FileVersion: 6.1.98.33 C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512 List of MBAM Related Directories: ================================= C:\Program Files\Malwarebytes' Anti-Malware unins000.dat File Size: 15328 BYTES unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0 mbamext.dll File Size: 80968 BYTES FileVersion: 1.61.0.0 mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0 mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0 mbamnet.dll File Size: 2168392 BYTES FileVersion: 1.62.0.0 mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140 mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0 mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0 mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0 mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0 mbam.chm File Size: 582708 BYTES license.txt File Size: 11141 BYTES changes.txt File Size: 2780 BYTES ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3 vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 unins000.msg File Size: 10550 BYTES C:\Program Files\Malwarebytes' Anti-Malware\Languages arabic.lng File Size: 21110 BYTES belarusian.lng File Size: 26026 BYTES bosnian.lng File Size: 26236 BYTES bulgarian.lng File Size: 26678 BYTES catalan.lng File Size: 27226 BYTES chineseSI.lng File Size: 10642 BYTES chineseTR.lng File Size: 11588 BYTES croatian.lng File Size: 25844 BYTES czech.lng File Size: 23894 BYTES danish.lng File Size: 25750 BYTES dutch.lng File Size: 27282 BYTES english.lng File Size: 23742 BYTES estonian.lng File Size: 24112 BYTES finnish.lng File Size: 24990 BYTES french.lng File Size: 28790 BYTES german.lng File Size: 28870 BYTES greek.lng File Size: 28316 BYTES hebrew.lng File Size: 18714 BYTES hungarian.lng File Size: 27548 BYTES italian.lng File Size: 27186 BYTES japanese.lng File Size: 15814 BYTES korean.lng File Size: 13710 BYTES latvian.lng File Size: 26208 BYTES lithuanian.lng File Size: 26920 BYTES macedonian.lng File Size: 27830 BYTES norwegian.lng File Size: 24216 BYTES polish.lng File Size: 25726 BYTES portugueseBR.lng File Size: 27720 BYTES portuguesePT.lng File Size: 28056 BYTES romanian.lng File Size: 27308 BYTES russian.lng File Size: 26352 BYTES serbian.lng File Size: 25970 BYTES slovak.lng File Size: 24752 BYTES slovenian.lng File Size: 23998 BYTES spanish.lng File Size: 29010 BYTES swedish.lng File Size: 25132 BYTES thai.lng File Size: 25190 BYTES turkish.lng File Size: 25046 BYTES vietnamese.lng File Size: 28574 BYTES C:\Program Files\Malwarebytes' Anti-Malware\Chameleon chameleon.chm File Size: 186068 BYTES mbam-killer.exe File Size: 896072 BYTES mbam-chameleon.exe File Size: 218696 BYTES mbam-chameleon.com File Size: 218696 BYTES mbam-chameleon.pif File Size: 218696 BYTES mbam-chameleon.scr File Size: 218696 BYTES svchost.exe File Size: 218696 BYTES firefox.exe File Size: 218696 BYTES firefox.com File Size: 218696 BYTES firefox.pif File Size: 218696 BYTES firefox.scr File Size: 218696 BYTES iexplore.exe File Size: 218696 BYTES winlogon.exe File Size: 218696 BYTES rundll32.exe File Size: 218696 BYTES C:\Documents and Settings\conport\Application Data\Malwarebytes\Malwarebytes' Anti-Malware C:\Documents and Settings\conport\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs mbam-log-2012-09-13 (09-09-51).txt File Size: 1926 BYTES mbam-log-2012-09-13 (09-28-37).txt File Size: 1956 BYTES C:\Documents and Settings\conport\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine =============================================================== END OF FILE protection-log-2012-09-13.txt protection-log-2012-09-12.txt attach.txt dds.txt