Jump to content

Cannot open MBAM - Blocked by Group Policy


evanrenaud
 Share

Recommended Posts

  • Root Admin

Hello ,

Please run the following mbam-check tool so that we can get a better look at what's going on.

Create an mbam-check log:

Download mbam-check.exe from here and save it to your desktop

http://downloads.malwarebytes.org/file/mbam_check

Double-click on mbam-check.exe to run it. When done it should then open a log file

Please attach the log to your next reply, it should be on your desktop as "CheckResults.txt"

Next, please download DDS from one of the locations below and save it to your desktop.

here: http://download.bleepingcomputer.com/sUBs/dds.scr

or

here: http://download.bleepingcomputer.com/sUBs/dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

DDS.txt

Attach.txt

Save both reports to your desktop

Please attach the following logs in your next reply: DDS.txt and Attach.txt

You can ignore the note about zipping the Attach.txt file and just attach it to your reply.

Thank you

Link to post
Share on other sites

I can't hit reply to this topic at the top or my browser freezes up and I have to shut down. Weird.

I'll copy-paste the CheckResults below. I tried to run DDS 3 times, but keep getting the same error, where PEV.DAT cannot run, it says close program, and when I hit close, it keeps popping up over and over until I force shut down.

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ 1.65.1.1000

Date Log Created: 11/26/12

Time Log Created: 23:33:47

User Account type: Administrator

64 bit Operating System

Product Name: REG_SZ Windows 7 Home Premium

Current Build Number: 7601

Current Version Number: 6.1

Current CSDVersion: Service Pack 1

Proxy Status: No proxy is Set

Proxy Override:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

ProxyOverride REG_SZ *.local

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume2

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 4 (The service is running.)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 2 (Automatic Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

SIGN.MEDIA=34974CE MSWorks\Setup.exeREG_SZ VISTARTM

C:\Users\Evan\Downloads\Toy Story 2\regsetup.exeREG_SZ WINXPSP2

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exeREG_SZ ELEVATECREATEPROCESS

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Service and Driver Status:

==========================

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

MBAMProtector Registry Values:

==============================

MBAMService Registry Values:

============================

MBAMScheduler Registry Values:

==============================

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ _ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ __CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ __vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

advancedheuristics REG_DWORD 1

downloadprogram REG_DWORD 1

hidereg REG_DWORD 0

detectp2p REG_DWORD 0

detectpum REG_DWORD 1

detectpup REG_DWORD 2

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

startipdisabled REG_DWORD 0

notifyinstallprogram REG_DWORD 1

InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

dbdate REG_SZ Sat, 24 Nov 2012 03:21:31 GMT

dbversion REG_SZ v2012.11.24.03

programversion REG_SZ 1.65.1.1000

contextmenu REG_DWORD 1

reportthreats REG_DWORD 1

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

defaultscan REG_DWORD 1

terminateie REG_DWORD 0

Language REG_SZ English.lng

selectedrives REG_SZ C:\|

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.4.3 (a)

Inno Setup: App Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ Evan

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.65.1.1000

DisplayIcon REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.65.1.1000

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20121123

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 65

EstimatedSize REG_DWORD 19910

Pending File Rename Operations:

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\

PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\Evan\AppData\Local\Temp\EAFA.tmp

Scheduler Queue:

================

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware

MBAM Drivers:

=============

C:\Windows\system32\drivers\mbam.sys File Size: 25928 BYTES FileVersion: 1.60.2.0

Required Dependencies:

======================

BFE:

==============

Type : 32

State : 4 (The service is running.)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001

Group REG_SZ NetworkProvider

ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork

Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002

ObjectName REG_SZ NT AUTHORITY\LocalService

ErrorControl REG_DWORD 1

Start REG_DWORD 2

Type REG_DWORD 32

DependOnService REG_MULTI_SZ RpcSs

ServiceSidType REG_DWORD 3

RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege

FailureActions REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters

ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll

ServiceDllUnloadOnStop REG_DWORD 1

ServiceMain REG_SZ BfeServiceMain

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter

{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter

{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data

{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data

{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data

{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data

{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data

{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data

{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data

{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data

{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data

{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data

{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data

{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data

{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data

{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data

{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data

{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data

{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data

{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data

{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data

{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data

{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data

{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data

{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data

{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data

{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider

{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data

{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data

{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data

{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer

{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data

{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data

{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data

{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

AttachWhenLoaded REG_DWORD 1

DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

Group REG_SZ FSFilter Infrastructure

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000

ErrorControl REG_DWORD 3

Start REG_DWORD 0

Tag REG_DWORD 1

Type REG_DWORD 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514

C:\Windows\SysWOW64\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5

C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34

C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514

List of MBAM Related Directories:

=================================

C:\Program Files (x86)\Malwarebytes' Anti-Malware

changes.txt File Size: 576 BYTES

license.txt File Size: 11141 BYTES

mbam.chm File Size: 582708 BYTES

mbam.dll File Size: 499784 BYTES FileVersion: 1.65.0.0

mbam.exe File Size: 981656 BYTES FileVersion: 1.62.0.140

mbamcore.dll File Size: 1089608 BYTES FileVersion: 1.62.0.0

mbamext.dll File Size: 95304 BYTES FileVersion: 1.61.0.0

mbamgui.exe File Size: 766536 BYTES FileVersion: 1.65.0.0

mbamnet.dll File Size: 2168904 BYTES FileVersion: 1.62.0.0

mbampt.exe File Size: 40008 BYTES FileVersion: 1.61.0.0

mbamscheduler.exe File Size: 399432 BYTES FileVersion: 1.65.0.0

mbamservice.exe File Size: 676936 BYTES FileVersion: 1.65.0.0

ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 29239 BYTES

unins000.exe File Size: 711240 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 10550 BYTES

vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 218184 BYTES

firefox.exe File Size: 218184 BYTES

firefox.pif File Size: 218184 BYTES

firefox.scr File Size: 218184 BYTES

iexplore.exe File Size: 218184 BYTES

mbam-chameleon.com File Size: 218184 BYTES

mbam-chameleon.exe File Size: 218184 BYTES

mbam-chameleon.pif File Size: 218184 BYTES

mbam-chameleon.scr File Size: 218184 BYTES

mbam-killer.exe File Size: 896072 BYTES

rundll32.exe File Size: 218184 BYTES

svchost.exe File Size: 218184 BYTES

winlogon.exe File Size: 218184 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages

arabic.lng File Size: 21110 BYTES

belarusian.lng File Size: 26026 BYTES

bosnian.lng File Size: 26236 BYTES

bulgarian.lng File Size: 26678 BYTES

catalan.lng File Size: 27226 BYTES

chineseSI.lng File Size: 10642 BYTES

chineseTR.lng File Size: 11588 BYTES

croatian.lng File Size: 25844 BYTES

czech.lng File Size: 23894 BYTES

danish.lng File Size: 25750 BYTES

dutch.lng File Size: 27282 BYTES

english.lng File Size: 23742 BYTES

estonian.lng File Size: 24112 BYTES

finnish.lng File Size: 24990 BYTES

french.lng File Size: 28790 BYTES

german.lng File Size: 28870 BYTES

greek.lng File Size: 28316 BYTES

hebrew.lng File Size: 18714 BYTES

hungarian.lng File Size: 27548 BYTES

italian.lng File Size: 27186 BYTES

japanese.lng File Size: 15814 BYTES

korean.lng File Size: 13710 BYTES

latvian.lng File Size: 26208 BYTES

lithuanian.lng File Size: 26920 BYTES

macedonian.lng File Size: 27830 BYTES

norwegian.lng File Size: 24216 BYTES

polish.lng File Size: 25726 BYTES

portugueseBR.lng File Size: 27720 BYTES

portuguesePT.lng File Size: 28056 BYTES

romanian.lng File Size: 27308 BYTES

russian.lng File Size: 26352 BYTES

serbian.lng File Size: 25970 BYTES

slovak.lng File Size: 24752 BYTES

slovenian.lng File Size: 23998 BYTES

spanish.lng File Size: 29010 BYTES

swedish.lng File Size: 25132 BYTES

thai.lng File Size: 25190 BYTES

turkish.lng File Size: 25046 BYTES

vietnamese.lng File Size: 28574 BYTES

C:\Users\Evan\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware

C:\Users\Evan\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

mbam-log-2012-11-23 (23-05-45).txt File Size: 1870 BYTES

mbam-log-2012-11-26 (18-17-14).txt File Size: 1892 BYTES

C:\Users\Evan\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

mbam-setup.exe File Size: 10669952 BYTES FileVersion: 1.65.1.1000

rules.ref File Size: 6423451 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration

build.conf File Size: 140 BYTES

config.conf File Size: 3305 BYTES

custom.conf File Size: 20 BYTES

database.conf File Size: 432 BYTES

local.conf File Size: 538 BYTES

manifest.conf File Size: 545 BYTES

messaging.conf File Size: 1430 BYTES

news.conf File Size: 405 BYTES

===============================================================

END OF FILE

Link to post
Share on other sites

  • Root Admin

Well it's possible that your computer is infected and needs cleaning. Please choose an option below and have someone assist you in checking your computer for a possible infection.

Here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the

Malware Removal forum

so a qualified helper can help you fix any malware related problems or infections you may have.
  • Please read and follow the directions here, skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
    so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.


    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk
here

OPTION 3

If you would like to use our
Malwarebytes Premium Consumer Services
partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
Malwarebytes Premium Services
support site.

Please be patient, someone will assist you as soon as possible.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.