Jump to content

Malwarebytes Protection Module Will Not Start

jeffreyabr
 Share

Recommended Posts

jeffreyabr

jeffreyabr

Posted
Posted

I noticed a few days ago that the Protection Module on my laptop was not running. I figured that after a reboot it should come back up, but that didn't solve it. I checked MSCONFIG and checked the only Malwarebytes entry, but that just started the application itself.

I am running Windows 7 Ultimate on a Dell Vostro 1520. I have been running Malwarebytes for quite some time without issue before the latest major update.

I took a screenshot of the error that I get when I try to enable the Protection Module.

Help?

eB0Sb.jpg

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hello and welcome, jeffreyabr: :)

Sorry you are having a problem enabling the protection module, and that rebooting the computer has not resolved the issue for you.

You might want to try a clean reinstall of MBAM PRO (instructions below).

If not, or if doing so does not resolve the issue for you, please follow the instructions below and post back with the following logs:

  • Checkresults.txt from mbam-check
  • A couple of protection logs, if you have them
  • DDS.txt from DDS
  • Attach.txt from DDS

These will provide the MBAM staff with a bit of information that will permit them to pinpoint the cause and the solution for you.

Alternatively, if you prefer, you may contact the helpdesk directly. They can be reached here: Contact Customer Support.

Thanks!

daledoc1

-----------------------------------------------

MBAM Clean Reinstall Instructions

  • If you are running MBAM PRO, please be sure you have your license ID and key available (sent via email at the time of online purchase, or in the box).

You can also look up your ID and Key from the Registry and copy and paste it to a Notepad document before running the mbam-clean utility.

Location for Windows x86

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

Location for Windows x64

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
  • Download and run mbam-clean.exe from HERE.
  • It will ask to restart your computer; please allow it to do so - this is very important!
  • After the computer restarts, download the latest version of Malwarebytes' Anti-Malware from HERE, then temporarily disable your Anti-Virus and run the installer. (Ignore all 'Recommended' or 'Sponsored' software which are prominently displayed on the mirror sites -- they are ads and MBAM does not have any association with them.)
  • If you are using MBAM PRO, you will need to reactivate (register) the program using the license ID & key.
  • Launch the MBAM program and (if you are using MBAM PRO) set the Protection and Registration.
  • Then go to the UPDATE tab (if not done during installation) and check for updates.
  • Restart the computer again and verify that MBAM is in the system tray (if using the PRO version).
  • Now set up any file exclusions, as may be required in your Anti-Virus/Internet-Security/Firewall applications, and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQs HERE, or ask and we'll explain how to do it.

---------------------------------------------

Step 1 -- Create an mbam-check log:

Download mbam-check.exe from HERE and save it to your desktop.

Double-click on mbam-check.exe to run it, it should then open a log file.

Please attach to your next reply here the CheckResults.txt file which should now be located on your desktop.

Then, if you can, please also upload your 3 most recent Protection module logs:

In Windows XP, these logs are located in: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

In Windows Vista/7, these logs are located in: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Step 2 -- Run DDS and create 2 logs:

Download DDS from one of the locations below and save it to your Desktop:

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once it is downloaded, you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


  • When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop
  • Please include the both of the following logs in your next reply: DDS.txt and Attach.txt
    --->You can ignore the note about zipping the Attach.txt file in most cases.

Link to post
Share on other sites
jeffreyabr

jeffreyabr

Posted
  • Author
Posted

Step 1 -- Create an mbam-check log:

Download mbam-check.exe from HERE and save it to your desktop.

Double-click on mbam-check.exe to run it, it should then open a log file.

Please copy and paste the entire contents of the log into your next post, or, if you prefer, you may attach the CheckResults.txt file which should now be located on your desktop to your next post instead

Then, if you can, please also upload your 3 most recent Protection module logs:

In Windows XP, these logs are located in: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

In Windows Vista/7, these logs are located in: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

mbam-check result log version: 1.10.0.1000

Malwarebytes Version: REG_SZ 1.65.0.1400

Date Log Created: 09/30/12

Time Log Created: 15:15:11

64 bit Operating System

Product Name: REG_SZ Windows 7 Ultimate

Current Build Number: 7601

Current Version Number: 6.1

Current CSDVersion: Service Pack 1

Proxy Status: No proxy is Set

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE : 1077

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

E:\Setups\Firefox Setup 3.5.3.exeREG_SZ VISTARTM

C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exeREG_SZ DISABLEUSERCALLBACKEXCEPTION

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files (x86)\Wondershare\DemoCreator\DemoCreator.exeREG_SZ RUNASADMIN

E:\Nerd Stuff\Active UNDELETE7 Enterprise\UndeleteAgent.exeREG_SZ RUNASADMIN

E:\Nerd Stuff\Active UNDELETE7 Enterprise\Undelete.exeREG_SZ RUNASADMIN

C:\Program Files (x86)\RadioComm\RadioComm v11.11.11\RadioComm.exeREG_SZ # WINXPSP2

C:\Program Files (x86)\Winnydows\XviD4PSP60\XviD4PSP.exeREG_SZ VISTARTM DISABLETHEMES RUNASADMIN

C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exeREG_SZ DisableNXShowUI

C:\Users\Jeff\Downloads\MARIO.EXEREG_SZ WIN98 256COLOR RUNASADMIN

C:\Users\Jeff\D-Fend Reloaded\VirtualHD\MARIO2.EXEREG_SZ WIN95

C:\Users\Jeff\Desktop\PC_Sierras 3D Ultra Mini Golf -Ready2Run\MINIGOLF\MINIGOLF.EXEREG_SZ WIN98 256COLOR DISABLETHEMES DISABLEDWM HIGHDPIAWARE

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files (x86)\DVDFab 7\DVDFab.exeREG_SZ DisableNXShowUI

C:\Program Files (x86)\DVDFab 7\Options\DVDFabDVD2DVD.exeREG_SZ DisableNXShowUI

C:\Program Files (x86)\DVDFab 7\Options\DVDFabDVD2Mobile.exeREG_SZ DisableNXShowUI

C:\Program Files (x86)\DVDFab 7\Options\DVDFabBluRay2BluRay.exeREG_SZ DisableNXShowUI

C:\Program Files (x86)\DVDFab 7\Options\DVDFabFile2Mobile.exeREG_SZ DisableNXShowUI

C:\Program Files (x86)\DVDFab 7\Options\DVDFabFileMover.exeREG_SZ DisableNXShowUI

C:\Program Files\Avid\Avid Media Composer\DSM\DSM_Server.exeREG_SZ DisableNXShowUI

C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exeREG_SZ DisableNXShowUI

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\

Malwarebytes' Anti-Malware REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

Malwarebytes' Anti-Malware (reboot) REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

Service and Driver Status:

==========================

MBAMProtector:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMService:

==============

Type : 16

State : 4 (The service is running.) (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMProtector Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

Type REG_DWORD 2

Start REG_DWORD 3

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys

Group REG_SZ FSFilter Anti-Virus

DependOnService REG_MULTI_SZ FltMgr

WOW64 REG_DWORD 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances

DefaultInstance REG_SZ MBAMProtector Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance

Altitude REG_SZ 328800

Flags REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum

0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

MBAMService Registry Values:

============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe"

DependOnService REG_MULTI_SZ MBAMProtector

WOW64 REG_DWORD 1

ObjectName REG_SZ LocalSystem

Description REG_SZ Malwarebytes Anti-Malware service

DelayedAutostart REG_DWORD 1

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ _ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ __CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ __vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

InstallPath REG_SZ C:\Users\Jeff\AppData\Local\Temp\HBCD\Malwarebytes

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

hidereg REG_DWORD 0

startipdisabled REG_DWORD 0

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

downloadprogram REG_DWORD 1

advancedheuristics REG_DWORD 1

InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

Affiliate REG_SZ https://store.malwar...kout&cart=29945

dbversion REG_SZ v2012.09.27.08

programversion REG_SZ 1.65.0.1400

dbdate REG_SZ Thu, 27 Sep 2012 15:21:10 GMT

detectpup REG_DWORD 2

detectpum REG_DWORD 1

detectp2p REG_DWORD 0

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

notifyinstallprogram REG_DWORD 1

ID XXXXX This is hidden data.

Key XXXX-XXXX-XXXX-XXXX This is hidden data.

SchedulerQueue REG_MULTI_SZ 6148, 30212764, 2598453856, 1, 23 | 30252837, 2822328233

8396804, 30212858, 771308032, 1, 0 | 30252722, 2195020288

contextmenu REG_DWORD 1

reportthreats REG_DWORD 1

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 1

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID

There is data here but it is hidden.

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

selectedrives REG_SZ C:\|

terminateie REG_DWORD 0

autosavelog REG_DWORD 1

openlog REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

defaultscan REG_DWORD 1

language REG_SZ english.lng

alwaysscanstartups REG_DWORD 1

HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.4.3 (a)

Inno Setup: App Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Jeff

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.0.1400

DisplayIcon REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.65.0.1400

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20120923

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 65

EstimatedSize REG_DWORD 19772

Scheduler Queue:

================

Scheduled Item: Update Schedule Options: | Daily | Random

Start Time: 2012-03-15 11:13 Repeating Every: 1 Recover if missed by: 23

Scheduled Item: Scan Schedule Options: Quick Scan | Daily | Scan Terminate

Start Time: 2012-03-15 22:23 Repeating Every: 1 Recover if missed by: 0

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

MBAM Drivers:

=============

C:\Windows\system32\drivers\mbam.sys File Size: 25928 BYTES FileVersion: 1.60.2.0

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

AttachWhenLoaded REG_DWORD 1

DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

Group REG_SZ FSFilter Infrastructure

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000

ErrorControl REG_DWORD 3

Start REG_DWORD 0

Tag REG_DWORD 1

Type REG_DWORD 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514

C:\Windows\SysWOW64\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5

C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34

C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514

List of MBAM Related Directories:

=================================

C:\Program Files (x86)\Malwarebytes' Anti-Malware

changes.rtf File Size: 785 BYTES

changes.txt File Size: 2780 BYTES

license.txt File Size: 11141 BYTES

mbam.chm File Size: 582708 BYTES

mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0

mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140

mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0

mbamext.dll File Size: 95304 BYTES FileVersion: 1.61.0.0

mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0

mbamnet.dll File Size: 2168392 BYTES FileVersion: 1.62.0.0

mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0

mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0

mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 79422 BYTES

unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 10550 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 218696 BYTES

firefox.exe File Size: 218696 BYTES

firefox.pif File Size: 218696 BYTES

firefox.scr File Size: 218696 BYTES

iexplore.exe File Size: 218696 BYTES

mbam-chameleon.com File Size: 218696 BYTES

mbam-chameleon.exe File Size: 218696 BYTES

mbam-chameleon.pif File Size: 218696 BYTES

mbam-chameleon.scr File Size: 218696 BYTES

mbam-killer.exe File Size: 984648 BYTES FileVersion: 1.60.0.47

rundll32.exe File Size: 218696 BYTES

svchost.exe File Size: 218696 BYTES

winlogon.exe File Size: 218696 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 21110 BYTES

belarusian.lng File Size: 26026 BYTES

bosnian.lng File Size: 26236 BYTES

bulgarian.lng File Size: 26678 BYTES

catalan.lng File Size: 27226 BYTES

chineseSI.lng File Size: 10642 BYTES

chineseTR.lng File Size: 11588 BYTES

croatian.lng File Size: 25844 BYTES

czech.lng File Size: 23894 BYTES

danish.lng File Size: 25750 BYTES

dutch.lng File Size: 27282 BYTES

english.lng File Size: 23742 BYTES

estonian.lng File Size: 24112 BYTES

finnish.lng File Size: 24990 BYTES

french.lng File Size: 28790 BYTES

german.lng File Size: 28870 BYTES

greek.lng File Size: 28316 BYTES

hebrew.lng File Size: 18714 BYTES

hungarian.lng File Size: 27548 BYTES

italian.lng File Size: 27186 BYTES

japanese.lng File Size: 15814 BYTES

korean.lng File Size: 13710 BYTES

latvian.lng File Size: 26208 BYTES

lithuanian.lng File Size: 26920 BYTES

macedonian.lng File Size: 27830 BYTES

norwegian.lng File Size: 24216 BYTES

polish.lng File Size: 25726 BYTES

portugueseBR.lng File Size: 27720 BYTES

portuguesePT.lng File Size: 28056 BYTES

romanian.lng File Size: 27308 BYTES

russian.lng File Size: 26352 BYTES

serbian.lng File Size: 25970 BYTES

slovak.lng File Size: 24752 BYTES

slovenian.lng File Size: 23998 BYTES

spanish.lng File Size: 29010 BYTES

swedish.lng File Size: 25132 BYTES

thai.lng File Size: 25190 BYTES

turkish.lng File Size: 25046 BYTES

vietnamese.lng File Size: 28574 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware

changes.rtf File Size: 804 BYTES

license.txt File Size: 11141 BYTES

mbam.chm File Size: 409786 BYTES

mbam.dll File Size: 472136 BYTES FileVersion: 1.60.0.23

mbam.exe File Size: 981680 BYTES FileVersion: 1.60.0.61

mbamcore.dll File Size: 1081416 BYTES FileVersion: 1.60.1.0

mbamext.dll File Size: 90960 BYTES FileVersion: 1.50.1.0

mbamgui.exe File Size: 460872 BYTES FileVersion: 1.60.0.8

mbamnet.dll File Size: 2227784 BYTES FileVersion: 1.60.0.18

mbampt.exe File Size: 39496 BYTES FileVersion: 1.60.0.1

mbamservice.exe File Size: 652360 BYTES FileVersion: 1.60.1.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 64185 BYTES

unins000.exe File Size: 709968 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 10498 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 191200 BYTES

firefox.com File Size: 182856 BYTES

firefox.exe File Size: 182856 BYTES

firefox.pif File Size: 182856 BYTES

firefox.scr File Size: 182856 BYTES

iexplore.exe File Size: 182856 BYTES

mbam-chameleon.com File Size: 182856 BYTES

mbam-chameleon.exe File Size: 182856 BYTES

mbam-chameleon.pif File Size: 182856 BYTES

mbam-chameleon.scr File Size: 182856 BYTES

mbam-killer.exe File Size: 984648 BYTES FileVersion: 1.60.0.47

rundll32.exe File Size: 182856 BYTES

svchost.exe File Size: 182856 BYTES

winlogon.exe File Size: 182856 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 20716 BYTES

bosnian.lng File Size: 25860 BYTES

bulgarian.lng File Size: 26296 BYTES

catalan.lng File Size: 26822 BYTES

chineseSI.lng File Size: 10480 BYTES

chineseTR.lng File Size: 11384 BYTES

croatian.lng File Size: 25546 BYTES

czech.lng File Size: 23540 BYTES

danish.lng File Size: 25384 BYTES

dutch.lng File Size: 26940 BYTES

english.lng File Size: 23390 BYTES

estonian.lng File Size: 24112 BYTES

finnish.lng File Size: 24580 BYTES

french.lng File Size: 28342 BYTES

german.lng File Size: 28506 BYTES

greek.lng File Size: 27864 BYTES

hebrew.lng File Size: 18372 BYTES

hungarian.lng File Size: 27124 BYTES

italian.lng File Size: 26812 BYTES

latvian.lng File Size: 25804 BYTES

lithuanian.lng File Size: 26666 BYTES

macedonian.lng File Size: 27830 BYTES

norwegian.lng File Size: 23864 BYTES

polish.lng File Size: 25304 BYTES

portugueseBR.lng File Size: 27330 BYTES

portuguesePT.lng File Size: 27628 BYTES

romanian.lng File Size: 26914 BYTES

russian.lng File Size: 25952 BYTES

serbian.lng File Size: 25606 BYTES

slovak.lng File Size: 24392 BYTES

slovenian.lng File Size: 23622 BYTES

spanish.lng File Size: 28542 BYTES

swedish.lng File Size: 24782 BYTES

thai.lng File Size: 24952 BYTES

turkish.lng File Size: 24640 BYTES

vietnamese.lng File Size: 28118 BYTES

C:\Users\Jeff\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware

C:\Users\Jeff\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

mbam-log-2012-08-07 (17-38-13).txt File Size: 1936 BYTES

mbam-log-2012-08-10 (09-19-45).txt File Size: 1940 BYTES

mbam-log-2012-08-10 (22-23-04).txt File Size: 1906 BYTES

mbam-log-2012-08-11 (22-23-03).txt File Size: 1906 BYTES

mbam-log-2012-08-12 (22-23-04).txt File Size: 1906 BYTES

mbam-log-2012-08-13 (22-23-03).txt File Size: 1906 BYTES

mbam-log-2012-08-15 (21-09-01).txt File Size: 1938 BYTES

mbam-log-2012-08-16 (22-23-04).txt File Size: 1906 BYTES

mbam-log-2012-09-07 (06-51-55).txt File Size: 2164 BYTES

mbam-log-2012-09-11 (06-47-00).txt File Size: 1938 BYTES

mbam-log-2012-09-11 (22-23-03).txt File Size: 1906 BYTES

mbam-log-2012-09-12 (22-23-04).txt File Size: 1904 BYTES

mbam-log-2012-09-16 (22-23-04).txt File Size: 1906 BYTES

mbam-log-2012-09-18 (22-23-10).txt File Size: 1906 BYTES

mbam-log-2012-09-19 (22-23-04).txt File Size: 1906 BYTES

mbam-log-2012-09-23 (20-06-46).txt File Size: 3972 BYTES

mbam-log-2012-09-23 (22-23-07).txt File Size: 1896 BYTES

mbam-log-2012-09-23 (22-23-11).txt File Size: 1896 BYTES

mbam-log-2012-09-25 (22-23-04).txt File Size: 1908 BYTES

mbam-log-2012-09-25 (22-23-06).txt File Size: 1908 BYTES

mbam-log-2012-09-26 (18-40-09).txt File Size: 1942 BYTES

mbam-log-2012-09-26 (22-23-05).txt File Size: 1908 BYTES

mbam-log-2012-09-26 (22-23-07).txt File Size: 1908 BYTES

mbam-log-2012-09-27 (22-23-04).txt File Size: 1908 BYTES

mbam-log-2012-09-27 (22-23-07).txt File Size: 1908 BYTES

mbam-log-2012-09-29 (22-23-04).txt File Size: 1908 BYTES

C:\Users\Jeff\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

1119206278.data File Size: 731 BYTES

1119206278.quar File Size: 65536 BYTES

2431690859.data File Size: 731 BYTES

2431690859.quar File Size: 157696 BYTES

2570427854.data File Size: 849 BYTES

2588282019.data File Size: 760 BYTES

2588282019.quar File Size: 59392 BYTES

2890256480.data File Size: 746 BYTES

2890256480.quar File Size: 135168 BYTES

4263512715.data File Size: 740 BYTES

4263512715.quar File Size: 47104 BYTES

4551915362.data File Size: 761 BYTES

4551915362.quar File Size: 81920 BYTES

5472778374.data File Size: 761 BYTES

5472778374.quar File Size: 676960 BYTES

5935967507.data File Size: 729 BYTES

5935967507.quar File Size: 65536 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

92522679 File Size: 106 BYTES

94668660 File Size: 56 BYTES

exclusions.dat File Size: 2574 BYTES

link.txt File Size: 115 BYTES

mbam-setup.exe File Size: 10524080 BYTES FileVersion: 1.65.0.1400

news.txt File Size: 78 BYTES

rules.ref File Size: 7117553 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration

build.conf File Size: 140 BYTES

config.conf File Size: 3276 BYTES

custom.conf File Size: 20 BYTES

database.conf File Size: 432 BYTES

local.conf File Size: 812 BYTES

manifest.conf File Size: 545 BYTES

messaging.conf File Size: 20 BYTES

news.conf File Size: 405 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

protection-log-2012-03-15.txt File Size: 2714 BYTES

protection-log-2012-03-16.txt File Size: 1546 BYTES

protection-log-2012-03-18.txt File Size: 1734 BYTES

protection-log-2012-03-19.txt File Size: 846 BYTES

protection-log-2012-03-20.txt File Size: 474 BYTES

protection-log-2012-03-21.txt File Size: 2288 BYTES

protection-log-2012-03-22.txt File Size: 2038 BYTES

protection-log-2012-03-23.txt File Size: 2576 BYTES

protection-log-2012-03-24.txt File Size: 448 BYTES

protection-log-2012-03-25.txt File Size: 6454 BYTES

protection-log-2012-03-26.txt File Size: 4284 BYTES

protection-log-2012-03-27.txt File Size: 1916 BYTES

protection-log-2012-03-28.txt File Size: 2496 BYTES

protection-log-2012-03-29.txt File Size: 3656 BYTES

protection-log-2012-03-30.txt File Size: 2868 BYTES

protection-log-2012-03-31.txt File Size: 2288 BYTES

protection-log-2012-04-01.txt File Size: 2976 BYTES

protection-log-2012-04-02.txt File Size: 35664 BYTES

protection-log-2012-04-03.txt File Size: 2288 BYTES

protection-log-2012-04-04.txt File Size: 2776 BYTES

protection-log-2012-04-05.txt File Size: 2288 BYTES

protection-log-2012-04-06.txt File Size: 2820 BYTES

protection-log-2012-04-07.txt File Size: 2288 BYTES

protection-log-2012-04-08.txt File Size: 2288 BYTES

protection-log-2012-04-09.txt File Size: 2868 BYTES

protection-log-2012-04-10.txt File Size: 2288 BYTES

protection-log-2012-04-11.txt File Size: 2868 BYTES

protection-log-2012-04-12.txt File Size: 3884 BYTES

protection-log-2012-04-13.txt File Size: 1180 BYTES

protection-log-2012-04-14.txt File Size: 3864 BYTES

protection-log-2012-04-15.txt File Size: 3974 BYTES

protection-log-2012-04-16.txt File Size: 3300 BYTES

protection-log-2012-04-17.txt File Size: 3302 BYTES

protection-log-2012-04-18.txt File Size: 2496 BYTES

protection-log-2012-04-19.txt File Size: 952 BYTES

protection-log-2012-04-20.txt File Size: 6244 BYTES

protection-log-2012-04-21.txt File Size: 1408 BYTES

protection-log-2012-04-22.txt File Size: 4374 BYTES

protection-log-2012-04-23.txt File Size: 4256 BYTES

protection-log-2012-04-24.txt File Size: 18898 BYTES

protection-log-2012-04-25.txt File Size: 4524 BYTES

protection-log-2012-04-26.txt File Size: 2288 BYTES

protection-log-2012-04-27.txt File Size: 3198 BYTES

protection-log-2012-04-29.txt File Size: 2288 BYTES

protection-log-2012-04-30.txt File Size: 5708 BYTES

protection-log-2012-05-01.txt File Size: 2288 BYTES

protection-log-2012-05-02.txt File Size: 2288 BYTES

protection-log-2012-05-03.txt File Size: 3298 BYTES

protection-log-2012-05-04.txt File Size: 2496 BYTES

protection-log-2012-05-05.txt File Size: 1930 BYTES

protection-log-2012-05-06.txt File Size: 2288 BYTES

protection-log-2012-05-07.txt File Size: 2288 BYTES

protection-log-2012-05-08.txt File Size: 3200 BYTES

protection-log-2012-05-09.txt File Size: 3096 BYTES

protection-log-2012-05-10.txt File Size: 1862 BYTES

protection-log-2012-05-11.txt File Size: 1916 BYTES

protection-log-2012-05-13.txt File Size: 1916 BYTES

protection-log-2012-05-14.txt File Size: 2288 BYTES

protection-log-2012-05-15.txt File Size: 5656 BYTES

protection-log-2012-05-16.txt File Size: 1916 BYTES

protection-log-2012-05-17.txt File Size: 12916 BYTES

protection-log-2012-05-18.txt File Size: 3482 BYTES

protection-log-2012-05-21.txt File Size: 5040 BYTES

protection-log-2012-05-22.txt File Size: 3142 BYTES

protection-log-2012-05-23.txt File Size: 2962 BYTES

protection-log-2012-05-24.txt File Size: 10880 BYTES

protection-log-2012-05-25.txt File Size: 1142 BYTES

protection-log-2012-05-26.txt File Size: 6188 BYTES

protection-log-2012-05-27.txt File Size: 3630 BYTES

protection-log-2012-05-28.txt File Size: 4322 BYTES

protection-log-2012-05-29.txt File Size: 2288 BYTES

protection-log-2012-05-30.txt File Size: 3826 BYTES

protection-log-2012-05-31.txt File Size: 8828 BYTES

protection-log-2012-06-01.txt File Size: 4578 BYTES

protection-log-2012-06-02.txt File Size: 2288 BYTES

protection-log-2012-06-03.txt File Size: 3398 BYTES

protection-log-2012-06-04.txt File Size: 3310 BYTES

protection-log-2012-06-05.txt File Size: 1258 BYTES

protection-log-2012-06-06.txt File Size: 1032 BYTES

protection-log-2012-06-07.txt File Size: 12258 BYTES

protection-log-2012-06-08.txt File Size: 1336 BYTES

protection-log-2012-06-09.txt File Size: 1916 BYTES

protection-log-2012-06-10.txt File Size: 372 BYTES

protection-log-2012-06-11.txt File Size: 2288 BYTES

protection-log-2012-06-12.txt File Size: 970 BYTES

protection-log-2012-06-13.txt File Size: 2868 BYTES

protection-log-2012-06-14.txt File Size: 3448 BYTES

protection-log-2012-06-15.txt File Size: 2496 BYTES

protection-log-2012-06-16.txt File Size: 2496 BYTES

protection-log-2012-06-17.txt File Size: 2288 BYTES

protection-log-2012-06-18.txt File Size: 2868 BYTES

protection-log-2012-06-19.txt File Size: 3672 BYTES

protection-log-2012-06-20.txt File Size: 2496 BYTES

protection-log-2012-06-21.txt File Size: 2868 BYTES

protection-log-2012-06-22.txt File Size: 2496 BYTES

protection-log-2012-06-23.txt File Size: 1916 BYTES

protection-log-2012-06-24.txt File Size: 3192 BYTES

protection-log-2012-06-25.txt File Size: 3192 BYTES

protection-log-2012-06-26.txt File Size: 1916 BYTES

protection-log-2012-06-27.txt File Size: 2868 BYTES

protection-log-2012-06-28.txt File Size: 7034 BYTES

protection-log-2012-06-29.txt File Size: 2496 BYTES

protection-log-2012-06-30.txt File Size: 2288 BYTES

protection-log-2012-07-01.txt File Size: 6396 BYTES

protection-log-2012-07-02.txt File Size: 2288 BYTES

protection-log-2012-07-03.txt File Size: 3048 BYTES

protection-log-2012-07-04.txt File Size: 1924 BYTES

protection-log-2012-07-05.txt File Size: 1856 BYTES

protection-log-2012-07-06.txt File Size: 2288 BYTES

protection-log-2012-07-07.txt File Size: 1916 BYTES

protection-log-2012-07-08.txt File Size: 1924 BYTES

protection-log-2012-07-09.txt File Size: 4326 BYTES

protection-log-2012-07-10.txt File Size: 1814 BYTES

protection-log-2012-07-11.txt File Size: 952 BYTES

protection-log-2012-07-12.txt File Size: 1028 BYTES

protection-log-2012-07-13.txt File Size: 3094 BYTES

protection-log-2012-07-14.txt File Size: 4412 BYTES

protection-log-2012-07-15.txt File Size: 372 BYTES

protection-log-2012-07-16.txt File Size: 1916 BYTES

protection-log-2012-07-18.txt File Size: 1916 BYTES

protection-log-2012-07-19.txt File Size: 762 BYTES

protection-log-2012-07-20.txt File Size: 952 BYTES

protection-log-2012-07-21.txt File Size: 4276 BYTES

protection-log-2012-07-23.txt File Size: 11156 BYTES

protection-log-2012-07-24.txt File Size: 4824 BYTES

protection-log-2012-07-25.txt File Size: 2394 BYTES

protection-log-2012-07-26.txt File Size: 2784 BYTES

protection-log-2012-07-27.txt File Size: 56354 BYTES

protection-log-2012-07-28.txt File Size: 35274 BYTES

protection-log-2012-07-29.txt File Size: 4224 BYTES

protection-log-2012-07-30.txt File Size: 3760 BYTES

protection-log-2012-07-31.txt File Size: 12114 BYTES

protection-log-2012-08-01.txt File Size: 7652 BYTES

protection-log-2012-08-02.txt File Size: 13680 BYTES

protection-log-2012-08-03.txt File Size: 16726 BYTES

protection-log-2012-08-04.txt File Size: 7170 BYTES

protection-log-2012-08-05.txt File Size: 4652 BYTES

protection-log-2012-08-06.txt File Size: 48024 BYTES

protection-log-2012-08-07.txt File Size: 3070 BYTES

protection-log-2012-08-08.txt File Size: 3448 BYTES

protection-log-2012-08-09.txt File Size: 3076 BYTES

protection-log-2012-08-10.txt File Size: 2514 BYTES

protection-log-2012-08-11.txt File Size: 7260 BYTES

protection-log-2012-08-12.txt File Size: 19576 BYTES

protection-log-2012-08-13.txt File Size: 31038 BYTES

protection-log-2012-08-14.txt File Size: 2496 BYTES

protection-log-2012-08-15.txt File Size: 4894 BYTES

protection-log-2012-08-16.txt File Size: 10292 BYTES

protection-log-2012-08-18.txt File Size: 4046 BYTES

protection-log-2012-08-19.txt File Size: 7362 BYTES

protection-log-2012-08-20.txt File Size: 3070 BYTES

protection-log-2012-08-21.txt File Size: 2820 BYTES

protection-log-2012-08-22.txt File Size: 5308 BYTES

protection-log-2012-08-23.txt File Size: 9796 BYTES

protection-log-2012-08-24.txt File Size: 6234 BYTES

protection-log-2012-08-25.txt File Size: 1916 BYTES

protection-log-2012-08-26.txt File Size: 11366 BYTES

protection-log-2012-08-27.txt File Size: 23792 BYTES

protection-log-2012-08-28.txt File Size: 4304 BYTES

protection-log-2012-08-29.txt File Size: 6620 BYTES

protection-log-2012-08-30.txt File Size: 8842 BYTES

protection-log-2012-08-31.txt File Size: 6402 BYTES

protection-log-2012-09-01.txt File Size: 7134 BYTES

protection-log-2012-09-02.txt File Size: 36288 BYTES

protection-log-2012-09-03.txt File Size: 15582 BYTES

protection-log-2012-09-04.txt File Size: 4628 BYTES

protection-log-2012-09-05.txt File Size: 6180 BYTES

protection-log-2012-09-06.txt File Size: 16044 BYTES

protection-log-2012-09-07.txt File Size: 11972 BYTES

protection-log-2012-09-08.txt File Size: 8428 BYTES

protection-log-2012-09-09.txt File Size: 6962 BYTES

protection-log-2012-09-10.txt File Size: 9620 BYTES

protection-log-2012-09-11.txt File Size: 2288 BYTES

protection-log-2012-09-12.txt File Size: 1450 BYTES

protection-log-2012-09-13.txt File Size: 7340 BYTES

protection-log-2012-09-14.txt File Size: 1916 BYTES

protection-log-2012-09-15.txt File Size: 12538 BYTES

protection-log-2012-09-16.txt File Size: 7316 BYTES

protection-log-2012-09-17.txt File Size: 7340 BYTES

protection-log-2012-09-18.txt File Size: 2288 BYTES

protection-log-2012-09-19.txt File Size: 7260 BYTES

protection-log-2012-09-20.txt File Size: 10920 BYTES

protection-log-2012-09-22.txt File Size: 3272 BYTES

protection-log-2012-09-23.txt File Size: 744 BYTES

protection-log-2012-09-24.txt File Size: 474 BYTES

protection-log-2012-09-25.txt File Size: 1218 BYTES

protection-log-2012-09-26.txt File Size: 1126 BYTES

protection-log-2012-09-27.txt File Size: 1524 BYTES

protection-log-2012-09-28.txt File Size: 378 BYTES

protection-log-2012-09-29.txt File Size: 1130 BYTES

protection-log-2012-09-30.txt File Size: 378 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

1457511028.data File Size: 648 BYTES

1457511028.quar File Size: 114176 BYTES

2067990024.data File Size: 657 BYTES

2067990024.quar File Size: 53248 BYTES

2504373494.data File Size: 652 BYTES

2504373494.quar File Size: 196608 BYTES

3169516049.data File Size: 662 BYTES

3169516049.quar File Size: 34816 BYTES

3859400343.data File Size: 632 BYTES

3859400343.quar File Size: 53248 BYTES

9313334229.data File Size: 663 BYTES

9313334229.quar File Size: 431104 BYTES

===============================================================

END OF FILE

Step 2 -- Run DDS and create 2 logs:

Download DDS from one of the locations below and save it to your Desktop:

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once it is downloaded, you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


  • When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop
  • Please include the both of the following logs in your next reply: DDS.txt and Attach.txt
    --->You can ignore the note about zipping the Attach.txt file in most cases.

Logs.zip

Attach and DDS.zip

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The computer appears to be infected.

==== Event Viewer Messages From Past Week ========

.

9/30/2012 2:40:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

9/30/2012 2:39:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

9/30/2012 12:18:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

9/30/2012 1:58:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aspi32

9/30/2012 1:57:57 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

9/30/2012 1:57:44 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

9/30/2012 1:57:44 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

9/30/2012 1:57:44 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

9/30/2012 1:57:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Akamai NetSession Interface service to connect.

9/30/2012 1:57:38 PM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

9/30/2012 1:56:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdp_device service to connect.

9/30/2012 1:56:32 PM, Error: Service Control Manager [7000] - The lxdp_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/30/2012 1:45:56 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.

9/30/2012 1:45:55 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.

9/30/2012 1:45:40 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

9/30/2012 1:43:13 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.

9/29/2012 1:36:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.

9/29/2012 1:36:52 AM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/29/2012 1:19:01 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read.

9/25/2012 7:14:58 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

9/23/2012 7:13:42 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

9/23/2012 6:40:50 PM, Error: Microsoft-Windows-HttpEvent [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.

.

==== End Of File ===========================

Here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the

Malware Removal forum

so a qualified helper can help you fix any malware related problems or infections you may have.
  • Please read and follow the directions here, skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
    so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.


    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk
here

OPTION 3

If you would like to use our
Malwarebytes Premium Consumer Services
partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
Malwarebytes Premium Services
support site.

Please be patient, someone will assist you as soon as possible.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.