Jump to content

I can't enable filesystem protection or malicious website blocking


Recommended Posts

This use to work but since I assumed it was still working, I never checked to see if it was actually marked. Now it's disabled for some reason and it will not allow me to enable it. Here are my logs below:

mbam-check result log version: 1.10.0.1000

Malwarebytes Version: REG_SZ 1.65.0.1400

Date Log Created: 09/29/12

Time Log Created: 15:49:36

64 bit Operating System

Product Name: REG_SZ Windows 7 Enterprise

Current Build Number: 7600

Current Version Number: 6.1

Current CSDVersion:

Proxy Status: No proxy is Set

Proxy Override:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

ProxyOverride REG_SZ <local>;*.local

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 1077

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files (x86)\eHOT Line\eHOTline.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\BIOSTAR\TOVERCLOCKER\TOC.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\BIOSTAR\T-Utility Green Power Utility II\GPU.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\BIOSTAR\T-Utility Green Power Utility II\GPUAuto.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\BIOScreen EFI\LOGO.exeREG_SZ RUNASADMIN

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Windows\SysWow64\cmicnfgp.dllREG_DWORD 0

MBAM Startup Entries:

=====================

Service and Driver Status:

==========================

MBAMProtector:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMService:

==============

Type : 16

State : 4 (The service is running.) (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMProtector Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

Type REG_DWORD 2

Start REG_DWORD 3

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys

Group REG_SZ FSFilter Anti-Virus

DependOnService REG_MULTI_SZ FltMgr

WOW64 REG_DWORD 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances

DefaultInstance REG_SZ MBAMProtector Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance

Altitude REG_SZ 328800

Flags REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum

0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

MBAMService Registry Values:

============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

DependOnService REG_MULTI_SZ MBAMProtector

WOW64 REG_DWORD 1

ObjectName REG_SZ LocalSystem

Description REG_SZ Malwarebytes Anti-Malware service

DelayedAutostart REG_DWORD 1

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ _ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ __CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ __vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

InstallPath REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware

Affiliate REG_SZ https://store.malwarebytes.org/342/?scope=checkout&cart=29945

dbversion REG_SZ v2012.09.27.10

programversion REG_SZ 1.65.0.1400

dbdate REG_SZ Thu, 27 Sep 2012 19:54:56 GMT

hidereg REG_DWORD 0

startipdisabled REG_DWORD 0

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

advancedheuristics REG_DWORD 1

detectpup REG_DWORD 2

detectpum REG_DWORD 1

detectp2p REG_DWORD 0

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

downloadprogram REG_DWORD 1

ID XXXXX-XXXXX This is hidden data.

Key XXXX-XXXX-XXXX-XXXX This is hidden data.

SchedulerQueue REG_MULTI_SZ 6148, 30226110, 3354051440, 1, 23 | 30252521, 2230698568

notifyinstallprogram REG_DWORD 1

contextmenu REG_DWORD 1

reportthreats REG_DWORD 1

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID

There is data here but it is hidden.

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

language REG_SZ english.lng

selectedrives REG_SZ C:\|D:\|

terminateie REG_DWORD 0

autosavelog REG_DWORD 1

openlog REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanstartups REG_DWORD 1

defaultscan REG_DWORD 1

HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.4.3 (a)

Inno Setup: App Path REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware

InstallLocation REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Burrito

Inno Setup: Selected Tasks REG_DWORD 0

Inno Setup: Deselected Tasks REG_SZ desktopicon,quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.0.1400

DisplayIcon REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "D:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "D:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.65.0.1400

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20120911

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 65

EstimatedSize REG_DWORD 19772

Scheduler Queue:

================

Scheduled Item: Update Schedule Options: | Daily | Random

Start Time: 2012-05-20 19:28 Repeating Every: 1 Recover if missed by: 23

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

MBAM Drivers:

=============

C:\Windows\system32\drivers\mbam.sys File Size: 25928 BYTES FileVersion: 1.60.2.0

C:\Windows\SysWOW64\drivers\mbamswissarmy.sys File Size: 38224 BYTES FileVersion: 1.50.1.0

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

AttachWhenLoaded REG_DWORD 1

DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

Group REG_SZ FSFilter Infrastructure

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000

ErrorControl REG_DWORD 3

Start REG_DWORD 0

Tag REG_DWORD 1

Type REG_DWORD 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\Windows\system32\drivers\fltmgr.sys File Size: 290368 BYTES FileVersion: 6.1.7600.16385

C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34

C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7600.16385

List of MBAM Related Directories:

=================================

D:\Program Files (x86)\Malwarebytes' Anti-Malware

changes.txt File Size: 2780 BYTES

license.txt File Size: 11141 BYTES

mbam.chm File Size: 582708 BYTES

mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0

mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140

mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0

mbamext.dll File Size: 95304 BYTES FileVersion: 1.61.0.0

mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0

mbamnet.dll File Size: 2168392 BYTES FileVersion: 1.62.0.0

mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0

mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0

mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 28992 BYTES

unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 10550 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 218696 BYTES

firefox.exe File Size: 218696 BYTES

firefox.pif File Size: 218696 BYTES

firefox.scr File Size: 218696 BYTES

iexplore.exe File Size: 218696 BYTES

mbam-chameleon.com File Size: 218696 BYTES

mbam-chameleon.exe File Size: 218696 BYTES

mbam-chameleon.pif File Size: 218696 BYTES

mbam-chameleon.scr File Size: 218696 BYTES

mbam-killer.exe File Size: 896072 BYTES

rundll32.exe File Size: 218696 BYTES

svchost.exe File Size: 218696 BYTES

winlogon.exe File Size: 218696 BYTES

D:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 21110 BYTES

belarusian.lng File Size: 26026 BYTES

bosnian.lng File Size: 26236 BYTES

bulgarian.lng File Size: 26678 BYTES

catalan.lng File Size: 27226 BYTES

chineseSI.lng File Size: 10642 BYTES

chineseTR.lng File Size: 11588 BYTES

croatian.lng File Size: 25844 BYTES

czech.lng File Size: 23894 BYTES

danish.lng File Size: 25750 BYTES

dutch.lng File Size: 27282 BYTES

english.lng File Size: 23742 BYTES

estonian.lng File Size: 24112 BYTES

finnish.lng File Size: 24990 BYTES

french.lng File Size: 28790 BYTES

german.lng File Size: 28870 BYTES

greek.lng File Size: 28316 BYTES

hebrew.lng File Size: 18714 BYTES

hungarian.lng File Size: 27548 BYTES

italian.lng File Size: 27186 BYTES

japanese.lng File Size: 15814 BYTES

korean.lng File Size: 13710 BYTES

latvian.lng File Size: 26208 BYTES

lithuanian.lng File Size: 26920 BYTES

macedonian.lng File Size: 27830 BYTES

norwegian.lng File Size: 24216 BYTES

polish.lng File Size: 25726 BYTES

portugueseBR.lng File Size: 27720 BYTES

portuguesePT.lng File Size: 28056 BYTES

romanian.lng File Size: 27308 BYTES

russian.lng File Size: 26352 BYTES

serbian.lng File Size: 25970 BYTES

slovak.lng File Size: 24752 BYTES

slovenian.lng File Size: 23998 BYTES

spanish.lng File Size: 29010 BYTES

swedish.lng File Size: 25132 BYTES

thai.lng File Size: 25190 BYTES

turkish.lng File Size: 25046 BYTES

vietnamese.lng File Size: 28574 BYTES

C:\Users\Burrito\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware

C:\Users\Burrito\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

mbam-log-2012-05-20 (14-35-43).txt File Size: 878 BYTES

mbam-log-2012-05-24 (12-25-45).txt File Size: 1868 BYTES

mbam-log-2012-05-30 (17-05-02).txt File Size: 1890 BYTES

mbam-log-2012-05-31 (17-38-08).txt File Size: 1866 BYTES

mbam-log-2012-05-31 (21-28-52).txt File Size: 1890 BYTES

mbam-log-2012-06-06 (20-46-04).txt File Size: 1888 BYTES

mbam-log-2012-07-13 (19-50-32).txt File Size: 1912 BYTES

mbam-log-2012-07-14 (14-45-09).txt File Size: 1910 BYTES

mbam-log-2012-07-24 (02-08-41).txt File Size: 1912 BYTES

mbam-log-2012-07-28 (20-58-45).txt File Size: 1912 BYTES

mbam-log-2012-08-10 (20-10-06).txt File Size: 1912 BYTES

mbam-log-2012-08-18 (01-10-16).txt File Size: 1912 BYTES

mbam-log-2012-09-04 (17-42-31).txt File Size: 1910 BYTES

mbam-log-2012-09-11 (12-09-47).txt File Size: 1916 BYTES

mbam-log-2012-09-14 (12-05-05).txt File Size: 1914 BYTES

mbam-log-2012-09-23 (10-53-57).txt File Size: 1916 BYTES

C:\Users\Burrito\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

exclusions.dat File Size: 2 BYTES

link.txt File Size: 115 BYTES

mbam-setup.exe File Size: 10524080 BYTES FileVersion: 1.65.0.1400

news.txt File Size: 78 BYTES

rules.ref File Size: 7120001 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration

build.conf File Size: 140 BYTES

config.conf File Size: 3276 BYTES

custom.conf File Size: 20 BYTES

database.conf File Size: 432 BYTES

local.conf File Size: 762 BYTES

manifest.conf File Size: 545 BYTES

messaging.conf File Size: 20 BYTES

news.conf File Size: 405 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

protection-log-2012-05-20.txt File Size: 936 BYTES

protection-log-2012-05-21.txt File Size: 698 BYTES

protection-log-2012-05-22.txt File Size: 238 BYTES

protection-log-2012-05-23.txt File Size: 1980 BYTES

protection-log-2012-05-24.txt File Size: 2512 BYTES

protection-log-2012-05-25.txt File Size: 4088 BYTES

protection-log-2012-05-26.txt File Size: 2784 BYTES

protection-log-2012-05-27.txt File Size: 1304 BYTES

protection-log-2012-05-28.txt File Size: 652 BYTES

protection-log-2012-05-29.txt File Size: 6044 BYTES

protection-log-2012-05-30.txt File Size: 2784 BYTES

protection-log-2012-05-31.txt File Size: 3436 BYTES

protection-log-2012-06-01.txt File Size: 2132 BYTES

protection-log-2012-06-02.txt File Size: 4088 BYTES

protection-log-2012-06-03.txt File Size: 1956 BYTES

protection-log-2012-06-04.txt File Size: 2784 BYTES

protection-log-2012-06-05.txt File Size: 2784 BYTES

protection-log-2012-06-06.txt File Size: 4076 BYTES

protection-log-2012-06-07.txt File Size: 652 BYTES

protection-log-2012-06-08.txt File Size: 652 BYTES

protection-log-2012-06-09.txt File Size: 652 BYTES

protection-log-2012-06-10.txt File Size: 2784 BYTES

protection-log-2012-06-11.txt File Size: 2784 BYTES

protection-log-2012-06-12.txt File Size: 1304 BYTES

protection-log-2012-06-13.txt File Size: 4884 BYTES

protection-log-2012-06-14.txt File Size: 1304 BYTES

protection-log-2012-06-15.txt File Size: 8812 BYTES

protection-log-2012-06-16.txt File Size: 652 BYTES

protection-log-2012-06-17.txt File Size: 5146 BYTES

protection-log-2012-06-18.txt File Size: 3666 BYTES

protection-log-2012-06-19.txt File Size: 8796 BYTES

protection-log-2012-06-20.txt File Size: 4360 BYTES

protection-log-2012-06-21.txt File Size: 2784 BYTES

protection-log-2012-06-22.txt File Size: 5074 BYTES

protection-log-2012-06-23.txt File Size: 652 BYTES

protection-log-2012-06-24.txt File Size: 4916 BYTES

protection-log-2012-06-25.txt File Size: 4740 BYTES

protection-log-2012-06-26.txt File Size: 1722 BYTES

protection-log-2012-06-27.txt File Size: 4088 BYTES

protection-log-2012-06-28.txt File Size: 652 BYTES

protection-log-2012-06-29.txt File Size: 652 BYTES

protection-log-2012-07-01.txt File Size: 3126 BYTES

protection-log-2012-07-02.txt File Size: 5392 BYTES

protection-log-2012-07-03.txt File Size: 6064 BYTES

protection-log-2012-07-04.txt File Size: 652 BYTES

protection-log-2012-07-05.txt File Size: 652 BYTES

protection-log-2012-07-06.txt File Size: 1304 BYTES

protection-log-2012-07-07.txt File Size: 652 BYTES

protection-log-2012-07-08.txt File Size: 1480 BYTES

protection-log-2012-07-09.txt File Size: 1136 BYTES

protection-log-2012-07-10.txt File Size: 3436 BYTES

protection-log-2012-07-11.txt File Size: 3268 BYTES

protection-log-2012-07-12.txt File Size: 2608 BYTES

protection-log-2012-07-13.txt File Size: 7014 BYTES

protection-log-2012-07-14.txt File Size: 2558 BYTES

protection-log-2012-07-15.txt File Size: 3762 BYTES

protection-log-2012-07-16.txt File Size: 4088 BYTES

protection-log-2012-07-17.txt File Size: 10920 BYTES

protection-log-2012-07-18.txt File Size: 2784 BYTES

protection-log-2012-07-19.txt File Size: 1304 BYTES

protection-log-2012-07-20.txt File Size: 2784 BYTES

protection-log-2012-07-21.txt File Size: 3436 BYTES

protection-log-2012-07-22.txt File Size: 2784 BYTES

protection-log-2012-07-23.txt File Size: 2600 BYTES

protection-log-2012-07-24.txt File Size: 2132 BYTES

protection-log-2012-07-25.txt File Size: 2784 BYTES

protection-log-2012-07-26.txt File Size: 2784 BYTES

protection-log-2012-07-27.txt File Size: 1304 BYTES

protection-log-2012-07-28.txt File Size: 2132 BYTES

protection-log-2012-07-29.txt File Size: 3436 BYTES

protection-log-2012-07-30.txt File Size: 6364 BYTES

protection-log-2012-07-31.txt File Size: 2784 BYTES

protection-log-2012-08-01.txt File Size: 2132 BYTES

protection-log-2012-08-02.txt File Size: 3436 BYTES

protection-log-2012-08-03.txt File Size: 3434 BYTES

protection-log-2012-08-04.txt File Size: 652 BYTES

protection-log-2012-08-05.txt File Size: 1956 BYTES

protection-log-2012-08-06.txt File Size: 3436 BYTES

protection-log-2012-08-07.txt File Size: 3436 BYTES

protection-log-2012-08-08.txt File Size: 3436 BYTES

protection-log-2012-08-09.txt File Size: 2784 BYTES

protection-log-2012-08-10.txt File Size: 5384 BYTES

protection-log-2012-08-11.txt File Size: 1956 BYTES

protection-log-2012-08-12.txt File Size: 4916 BYTES

protection-log-2012-08-13.txt File Size: 2132 BYTES

protection-log-2012-08-14.txt File Size: 4088 BYTES

protection-log-2012-08-15.txt File Size: 2784 BYTES

protection-log-2012-08-16.txt File Size: 2132 BYTES

protection-log-2012-08-17.txt File Size: 4740 BYTES

protection-log-2012-08-18.txt File Size: 2444 BYTES

protection-log-2012-08-19.txt File Size: 4264 BYTES

protection-log-2012-08-20.txt File Size: 2784 BYTES

protection-log-2012-08-21.txt File Size: 2784 BYTES

protection-log-2012-08-22.txt File Size: 3436 BYTES

protection-log-2012-08-23.txt File Size: 2784 BYTES

protection-log-2012-08-24.txt File Size: 1722 BYTES

protection-log-2012-08-25.txt File Size: 652 BYTES

protection-log-2012-08-26.txt File Size: 2474 BYTES

protection-log-2012-08-27.txt File Size: 4088 BYTES

protection-log-2012-08-28.txt File Size: 4960 BYTES

protection-log-2012-08-29.txt File Size: 908 BYTES

protection-log-2012-08-30.txt File Size: 1812 BYTES

protection-log-2012-08-31.txt File Size: 6870 BYTES

protection-log-2012-09-01.txt File Size: 652 BYTES

protection-log-2012-09-02.txt File Size: 4790 BYTES

protection-log-2012-09-03.txt File Size: 2602 BYTES

protection-log-2012-09-04.txt File Size: 3436 BYTES

protection-log-2012-09-05.txt File Size: 888 BYTES

protection-log-2012-09-06.txt File Size: 1956 BYTES

protection-log-2012-09-07.txt File Size: 1304 BYTES

protection-log-2012-09-08.txt File Size: 652 BYTES

protection-log-2012-09-09.txt File Size: 3436 BYTES

protection-log-2012-09-10.txt File Size: 2784 BYTES

protection-log-2012-09-11.txt File Size: 2324 BYTES

protection-log-2012-09-13.txt File Size: 852 BYTES

protection-log-2012-09-14.txt File Size: 852 BYTES

protection-log-2012-09-15.txt File Size: 852 BYTES

protection-log-2012-09-16.txt File Size: 852 BYTES

protection-log-2012-09-17.txt File Size: 852 BYTES

protection-log-2012-09-18.txt File Size: 852 BYTES

protection-log-2012-09-20.txt File Size: 852 BYTES

protection-log-2012-09-21.txt File Size: 510 BYTES

protection-log-2012-09-23.txt File Size: 1360 BYTES

protection-log-2012-09-24.txt File Size: 852 BYTES

protection-log-2012-09-25.txt File Size: 852 BYTES

protection-log-2012-09-27.txt File Size: 852 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================

END OF FILE

Protection logs:

2012/09/24 19:19:44 -0700 BURRITO-PC Burrito MESSAGE Executing scheduled update: Daily

2012/09/24 19:19:54 -0700 BURRITO-PC Burrito MESSAGE Scheduled update executed successfully: database updated from version v2012.09.24.01 to version v2012.09.25.02

2012/09/24 19:23:57 -0700 BURRITO-PC Burrito MESSAGE Executing scheduled update: Daily

2012/09/24 19:23:58 -0700 BURRITO-PC Burrito MESSAGE Database already up-to-date

2012/09/25 19:28:40 -0700 BURRITO-PC Burrito MESSAGE Executing scheduled update: Daily

2012/09/25 19:28:49 -0700 BURRITO-PC Burrito MESSAGE Scheduled update executed successfully: database updated from version v2012.09.25.02 to version v2012.09.26.02

2012/09/25 19:32:48 -0700 BURRITO-PC Burrito MESSAGE Executing scheduled update: Daily

2012/09/25 19:32:48 -0700 BURRITO-PC Burrito MESSAGE Database already up-to-date

2012/09/27 19:17:18 -0700 BURRITO-PC Burrito MESSAGE Executing scheduled update: Daily

2012/09/27 19:17:43 -0700 BURRITO-PC Burrito MESSAGE Scheduled update executed successfully: database updated from version v2012.09.26.02 to version v2012.09.27.10

2012/09/27 19:32:05 -0700 BURRITO-PC Burrito MESSAGE Executing scheduled update: Daily

2012/09/27 19:32:06 -0700 BURRITO-PC Burrito MESSAGE Database already up-to-date

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Burrito at 15:58:38 on 2012-09-29

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.8173.5659 [GMT -7:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\HsMgr.exe

C:\Windows\system\HsMgr64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Users\Burrito\AppData\Local\Akamai\netsession_win.exe

D:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe

C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE

C:\Users\Burrito\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

D:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Burrito\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Burrito\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Burrito\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Burrito\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Burrito\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\Burrito\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Burrito\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Burrito\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = <local>;*.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Akamai NetSession Interface] "C:\Users\Burrito\AppData\Local\Akamai\netsession_win.exe"

uRun: [Google Update] "C:\Users\Burrito\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steelSeries Engine] D:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

mRun: [biosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [bCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIO-RE~1.LNK - C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62

TCP: Interfaces\{90CF800D-05F3-480F-9067-EC2FCB35DBF4} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [biosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

Link to post
Share on other sites

Hi, WasabiPeas:

Sorry you are having a problem with the MBAM Protection Module.

Until one of the experts/staff arrives to review your logs in detail, you might try the following:

It appears that your Terminal Service is Disabled

Please do the following.

Click on START and type in CMD.EXE and when it shows on the menu right click over it and choose "Run as administrator"

Then type in or copy/paste the following and then press the Enter key on the keyboard.

sc config termservice start= demand

Then restart the computer and see if you're able to enable the protection module now.

Let us know if that resolves your issue.

Thanks,

daledoc1

Link to post
Share on other sites

  • Root Admin

Actually the Terminal Services show they are set okay

TERMService:

==============

Type : 32

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 1077

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

However your DDS logs are not complete. Please ATTACH both of the logs to your post. Do not copy/paste directly into your post as the logs are sometimes not complete that way.

DDS.TXT

and

ATTACH.TXT

Also, please do the following

  • Download & SAVE to your Desktop the Tigzy's RogueKiller from one of the links below.
    Tigzy's RogueKiller - site 1

    Tigzy's RogueKiller - site 2

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, Right-click on the program, select Run as Administrator to start, when prompted allow it to run.
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on the Scan button at upper right of screen.
  • Wait until the Status box shows Scan Finished
  • The log should be found in RKreport[1].txt on your Desktop
  • Please ATTACH that log on your next reply
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Thank you

Link to post
Share on other sites

  • Root Admin

I don't see anything obvious that would be preventing it from loading.

Please do the following and let us know if this corrects the issue for you or not.

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
      You can also look up your ID and Key from the Registry and copy and paste it to a Notepad document before running the mbam-clean utility.
      Location for Windows x86

      HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

      Location for Windows x64

      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

      If you cannot locate your registration in the Registry and no longer have access to your order number you can contact Cleverbridge to obtain information about your order and registration information.
      Cleverbridge customer service
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

If this does not work then please contact the Help Desk and open a ticket and someone will assist you further.

Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.