Jump to content

Protection Module disabled 1.65.0.1400 XP sp2


Recommended Posts

We have two virtually identical computers in our house, both with Windows XP sp2, both with Malwarebytes Pro. Both computers automatically updated from ver. 1.62.0.1300 to ver. 1.65.0.1400 last weekend. There is no problem with the first computer…all is well with it. The second computer, however, is a problem. The protection module does not start with Windows and I cannot start it manually…the tray icon is grayed out.

After reading this forum, I have:

1. Rebooted the computer several times…no joy.

2. Checked Terminal Services…Terminal Services are running, State is 4

3. Run full Malwarebytes scan and full McAfee Anti-Virus scan…no virus/malware infections.

4. Checked the McAfee Anti-virus and Firewall settings between the two computers…the settings are the same.

5. Uninstalled MB with Mbam-clean and reinstalled MB ver. 1.65.0.1400. Since I didn't have to reboot the computer after installation, the Protection Module was active and running…tray icon red. Then I did a double check by rebooting…when Windows came up the Protection Module was AGAIN not active, could not activate it manually, icon grayed out.

6. Gave up on ver. 1.65.0.1400, again uninstalled it with Mbam-clean and reinstalled previous (and working!) ver. 1.62.0.1300. All was well until I tried to update the Database…at which point, MB updated the PROGRAM to ver. 1.65.0.1400…back to square one…Protection Module not active, can't activate it manually, icon grayed out.

--------------------------------------------------------

In another post, someone mentioned BFE (Base Filtering Engine). I may be wrong, but I don't believe Windows XP has BFE…so that's probably not our problem.

At this point I'm fed up with trying to get ver. 1.65.0.1400 to work correctly, feeling really snarky and wondering why we bothered to buy a MB license for this computer.

---------------------------------------------------------

7. Ran mbam-check.exe … here's the log:

mbam-check result log version: 1.10.0.1000

Malwarebytes Version: REG_SZ 1.65.0.1400

Date Log Created: 09/14/12

Time Log Created: 19:41:14

32 bit Operating System

Product Name: REG_SZ Microsoft Windows XP

Current Build Number: 2600

Current Version Number: 5.1

Current CSDVersion: Service Pack 2

OS Product Info: Home Edition

Proxy Status: No proxy is Set

LAN Settings:

=============

No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 4 (The service is running.) (State is stopped)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\WINDOWS\SYSTEM32\msiexec.exeREG_SZ EnableNXShowUI

MBAM Startup Entries:

=====================

Service and Driver Status:

==========================

MBAMProtector:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMService:

==============

Type : 16

State : 4 (The service is running.)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMProtector Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

Type REG_DWORD 2

Start REG_DWORD 3

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys

Group REG_SZ FSFilter Anti-Virus

DependOnService REG_MULTI_SZ FltMgr

DependOnGroup REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances

DefaultInstance REG_SZ MBAMProtector Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance

Altitude REG_SZ 328800

Flags REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum

0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

MBAMService Registry Values:

============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"

DependOnService REG_MULTI_SZ MBAMProtector

DependOnGroup REG_DWORD 0

ObjectName REG_SZ LocalSystem

Description REG_SZ Malwarebytes Anti-Malware service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum

0 REG_SZ Root\LEGACY_MBAMSERVICE\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

advancedheuristics REG_DWORD 1

downloadprogram REG_DWORD 0

hidereg REG_DWORD 0

detectp2p REG_DWORD 0

detectpum REG_DWORD 1

detectpup REG_DWORD 2

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

startipdisabled REG_DWORD 0

notifyinstallprogram REG_DWORD 1

InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

dbdate REG_SZ Fri, 14 Sep 2012 19:00:17 GMT

dbversion REG_SZ v2012.09.14.06

programversion REG_SZ 1.65.0.1400

trialended REG_DWORD 0

SchedulerQueue REG_MULTI_SZ 6148, 30249516, 2960631264, 1, 23 | 30249653, 2966881267

contextmenu REG_DWORD 1

reportthreats REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 1

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

ID XXXXX-XXXXX This is hidden data.

Key XXXX-XXXX-XXXX-XXXX This is hidden data.

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware (Trial)

TrialId There is data here but it is hidden.

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 0

terminateie REG_DWORD 0

Language REG_SZ English.lng

selectedrives REG_SZ C:\|G:\|

HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.4.3 (a)

Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Owner

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.0.1400

DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.65.0.1400

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20120914

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 65

Scheduler Queue:

================

Scheduled Item: Update Schedule Options: | Daily | Random

Start Time: 2012-09-14 03:54 Repeating Every: 1 Recover if missed by: 23

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

MBAM Drivers:

=============

C:\WINDOWS\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

Type REG_DWORD 2

Start REG_DWORD 0

ErrorControl REG_DWORD 1

Tag REG_DWORD 4

ImagePath REG_EXPAND_SZ system32\DRIVERS\fltMgr.sys

DisplayName REG_SZ FltMgr

Group REG_SZ FSFilter Infrastructure

Description REG_SZ File System Filter Manager Driver

AttachWhenLoaded REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 124800 BYTES FileVersion: 5.1.2600.2180

C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5

C:\WINDOWS\system32\olepro32.dll File Size: 83456 BYTES FileVersion: 5.1.2600.2180

List of MBAM Related Directories:

=================================

C:\Program Files\Malwarebytes' Anti-Malware

unins000.dat File Size: 29709 BYTES

mbamext.dll File Size: 79208 BYTES FileVersion: 1.61.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

unins000.msg File Size: 10550 BYTES

mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140

mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0

mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0

mbam.chm File Size: 582708 BYTES

license.txt File Size: 11141 BYTES

changes.txt File Size: 2780 BYTES

unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0

mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0

mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0

mbamnet.dll File Size: 2168392 BYTES FileVersion: 1.62.0.0

mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0

mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0

C:\Program Files\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 21110 BYTES

belarusian.lng File Size: 26026 BYTES

bosnian.lng File Size: 26236 BYTES

bulgarian.lng File Size: 26678 BYTES

catalan.lng File Size: 27226 BYTES

chineseSI.lng File Size: 10642 BYTES

chineseTR.lng File Size: 11588 BYTES

croatian.lng File Size: 25844 BYTES

czech.lng File Size: 23894 BYTES

danish.lng File Size: 25750 BYTES

dutch.lng File Size: 27282 BYTES

english.lng File Size: 23742 BYTES

estonian.lng File Size: 24112 BYTES

finnish.lng File Size: 24990 BYTES

french.lng File Size: 28790 BYTES

german.lng File Size: 28870 BYTES

greek.lng File Size: 28316 BYTES

hebrew.lng File Size: 18714 BYTES

hungarian.lng File Size: 27548 BYTES

italian.lng File Size: 27186 BYTES

japanese.lng File Size: 15814 BYTES

korean.lng File Size: 13710 BYTES

latvian.lng File Size: 26208 BYTES

lithuanian.lng File Size: 26920 BYTES

macedonian.lng File Size: 27830 BYTES

norwegian.lng File Size: 24216 BYTES

polish.lng File Size: 25726 BYTES

portugueseBR.lng File Size: 27720 BYTES

portuguesePT.lng File Size: 28056 BYTES

romanian.lng File Size: 27308 BYTES

russian.lng File Size: 26352 BYTES

serbian.lng File Size: 25970 BYTES

slovak.lng File Size: 24752 BYTES

slovenian.lng File Size: 23998 BYTES

spanish.lng File Size: 29010 BYTES

swedish.lng File Size: 25132 BYTES

thai.lng File Size: 25190 BYTES

turkish.lng File Size: 25046 BYTES

vietnamese.lng File Size: 28574 BYTES

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

mbam-killer.exe File Size: 896072 BYTES

mbam-chameleon.exe File Size: 218696 BYTES

mbam-chameleon.com File Size: 218696 BYTES

mbam-chameleon.pif File Size: 218696 BYTES

mbam-chameleon.scr File Size: 218696 BYTES

svchost.exe File Size: 218696 BYTES

firefox.exe File Size: 218696 BYTES

firefox.com File Size: 218696 BYTES

firefox.pif File Size: 218696 BYTES

firefox.scr File Size: 218696 BYTES

iexplore.exe File Size: 218696 BYTES

winlogon.exe File Size: 218696 BYTES

rundll32.exe File Size: 218696 BYTES

C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================

END OF FILE

-----------------------------------------------------

8. Latest and only Protection Module Log since this is a new installation is attached.

9. Downloaded and ran dds.com … two log files are attached.

-------------------------------------------------------

Hope somebody will overlook my temporary snarkiness and help me find a solution.

Thanks

protection-log-2012-09-14.txt

dds.txt

attach.txt

Link to post
Share on other sites

Hello and welcome, Deuce: :)

Sorry you're having problems updating to 1.65 on one of your two computers.

It sounds as if you have done much of the trouble-shooting.

We'll need to wait for an MBAM staffer to analyze your logs.

Just a quick note about one of your steps:

All was well until I tried to update the Database…at which point, MB updated the PROGRAM to ver. 1.65.0.1400…back to square one…

The reason this happened is that MBAM's default settings in the updater are to automatically d/l and install program updates.

See attached screen shot, in which I have the setting to automatically d/l and install program updates UNCHECKED/disabled.

It's likely checked/enabled on your computer, so it is automatically trying to update the program, not just the databases.

Some of the folks who are having trouble updating are already infected.

Given that your Windows XP SP2 was EOL > 2 years ago & is very insecure, and that you have several outdated, vulnerable programs (Adobe Reader), browsers (IE6 and Fx 3.6.8) and plugins (Java, Flash Player for IE), it would seem that this might be a possible explanation for your problem.

If it isn't the case, then when you get your MBAM updating issues sorted, you'll really need to get XP updated to SP3, and all your programs and plugins updated to the current, more secure versions.

Anyway, please wait for one of the MBAM staff to report back with additional suggestions after reviewing your logs.

Thanks for your patience,

daledoc1

post-29793-0-02769800-1347682422.png

Link to post
Share on other sites

  • Root Admin

Hello Deuce,

The Event Logs show that you're having an issue with the computer. It could be a misconfiguration, a software conflict or possibly even an infection.

==== Event Viewer Messages From Past Week ========

.

9/7/2012 11:40:33 PM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

9/14/2012 1:11:24 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

9/13/2012 11:43:34 AM, error: Service Control Manager [7001] - The Intel® Active Monitor service depends on the SIODRV service which failed to start because of the following error: The system cannot find the device specified.

9/13/2012 11:43:34 AM, error: Service Control Manager [7000] - The SIODRV service failed to start due to the following error: The system cannot find the device specified.

9/12/2012 5:19:55 PM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

9/12/2012 11:34:55 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

.

==== End Of File ===========================

I would recommend as a paying customer that you open a ticket on the help desk and ask for me and I'll assist you in seeing if we can get you fixed up.

Make sure you reference this topic in your new ticket please.

http://forums.malwarebytes.org/index.php?showtopic=115864

http://www.malwarebytes.org/contact_consumer/

Thank you

Link to post
Share on other sites

AdvancedSetup: I followed the contact link and send message...look forward to hearing from you and getting this thing straightened out.

DaleDoc1: Thanks for info and good advice...will take ALL under serious consideration. As for the automatic updater...I'm about 99% certain that I had unclicked that. Where I went wrong was when I clicked on Update button. Guess I thought it would just update the database or give me an option. So how does one just update database and not the program? Is there someplace where the latest database file can be downloaded from? Not that I REALLY want to have to remember to do that manually every few days! LOL

Link to post
Share on other sites

Hi, Deuce:

DaleDoc1: Thanks for info and good advice...will take ALL under serious consideration. As for the automatic updater...I'm about 99% certain that I had unclicked that. Where I went wrong was when I clicked on Update button. Guess I thought it would just update the database or give me an option. So how does one just update database and not the program?

Sorry if I wasn't clear. If you uncheck that option (as shown in my screenshot), MBAM will not automatically d/l the PROGRAM updates, but it will continue to update the databases, both manually and automatically (if you have updates scheduled in the scheduler).

Of course, you need to fix whatever's amiss with your system before this will work correctly. :)

Is there someplace where the latest database file can be downloaded from? Not that I REALLY want to have to remember to do that manually every few days! LOL

Technically, yes - it is possible to download the databases and to transfer the databases from a working computer to a rig that cannot update/access the internet.

Scroll down to item #4 in the FAQ - Section A here for instructions: http://forums.malwar...indpost&p=49525

In your case, though, I would HIGHLY recommend that you please follow forum Admin AdvancedSetup's advice to work with him via the helpdesk to get your computer fixed. :)

Cheers!

daledoc1

Link to post
Share on other sites

Ok, great!

It *is* the weekend.

So, even though AdvancedSetup has been known to burn the midnight (and weekend) oil, please be patient.

You are in good hands and he will work with you to get you back up and running.

Good luck!

daledoc1

(PS While you're waiting, you might want to kill some time by getting your other outdated/insecure XP SP2 rig up to date and fully patched? Win XP SP2 was EOL in July 2010 and is VERY vulnerable to infection. Just a humble suggestion. :D )

Link to post
Share on other sites

Hi! I've just installed the latest version of mbam and encountered the same problem. The protection module is disabled and I can't even see the tray icon of mbam. In my case, I used system restore, today is Sept. 15, the nearest restore point on my computer is Sept. 14. After updating the latest files (note: the computer might display that some files of mbam are missing and is asking to download a new copy, just click ok and it will download the latest files), mbam works perfectly. ^^ Hope this one helps.

@ serpent_lee:

Hello and welcome.

Thanks for your suggestion.

I know you are only trying to help.

Glad it is working for you now.

However, each computer is different and needs its own, custom fix for the issue.

What works for one user might damage the system for another user.

So -- NO offense intended! -- please don't offer advice to the other members.

(This particular member is already working with the forum Admin, so he should be in good hands. :) )

OTOH, if you are still experiencing problems with version 1.65 on your computer, please start your own topic.

That will be less confusing for everyone and will permit the experts to better assist you.

Thanks for your patience and understanding, :)

daledoc1

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.