Need help with system registry question

[villandra]

I'm trying to install Malwarebytes Anti-Malware on my Windows XP Pro
Service Pack 3 computer. I recently had fake av infection; it may
be entirely off my computer or may not be. The program installs but
the service, MBAMService, won't appear in the services.msc or msconfig
service lists, and the program is not able to start. Malabytes tech
support seems to have both limited competence and an attitude. He
had me run some stuff and send him some logs and says no running
processes are interfering with the service installing, but he refuses
to look at the entries that pertain to mbam in my system registry.
He keeps wanting me to run ComboFix, and after looking into that
program I won't touch it with a ten foot pole. Both ComboFix and
Malawrebytes tech support have terrible safety records. Both
routinely leave users' entire systems nonfunctioning and
irreperable.

Here is the result of searching my entire registry for mbam, after
uninstalling anti-malware and running Malwarebytes' MBAM_Clean
tool.

Can someone please tell me if any of the following entries are causing
the mbam service to fail to install.

Also is it alright to delete these entries, after uninstalling the
program, and before re-installing it?

Thanks!

Also I need to know more about how to back up the registry, especially
what means to save an entry before deleting it - hard to know what on
earth that means. And in what file is it better to export registry
files - reg or txt or the third option csv or whatever?

Yours,
Dora Smith


HKEY_LOCAL_MACHINE
System
Control Set 002 (after folder for Control Set 001 w/ + in front of it)
Enum
Root

LEGACY_MBAMCHAMELEON Default REG_SZ (value not set)
NextInstance REG_DWORD 0x00000001 (1)

0000 (Default) REG_SZ (value not set)
Class " LegacyDriver
ClassGUID " {BECCO55D-047F-11D1-AS37-0000F8753ED1}
ConfigFlags REG_DWORD 0x00000000 (0)
Device Desc REG_SZ mbamchameleon
Legacy REG_DWORD 0x00000001 (1)
Service REG_SZ mbamchameleon


LEGACY_MBAMPROTECTOR {Default} REG_SZ (value not set)
NextInstance REG_DWORD 0x00000001(1)

0000 - values the same as above except MBAMProtector instead of
mbamchamelon

LEGACY_MBAMSERVICE same values as above.

0000 same values as above except MBAMService

LEGACY_MBAMSWISSARMY same values as above. 0x00000001 (1)





ControlSet003 - the same entries.

CurrentControlSet the same entries.



HKEY_USERS
5-1-5-21-4 long series numbers and dashes
Softare
Microsoft
Windows
Current Version
Applets
Regedit
{Default} REG_SZ (value not set)
FindFlags REG_DWORD 0x0000000e (14)
LastKey REG_SZ My computer]HKEY_LOCALMACHINE]SOFTWARE
\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShExt
View REG_BINARY 2c long strings of numbers. /f, ae, et.

HKEY_CURRENT_USERS
everything above except the line 5-1-5-21 etc.

----------------------------------------

There was also this value, which I removed; it referrs to a file that
is no longer in E:\Program Files.

HKEY_CURRENT_USER
Software
Microsoft
Windows
ShellNoRoam/ MUI Cache
E:\ Program Files\REG_SZ Malabytes Anti-Malware

[Marky]

To backup registry, right click on the key (folder) you want to backup
and export it as a *.reg to your docs folder etc. If you want to
backup the whole registry, right click on computer at the top and
perform the same procedure.

You would then just double click on the exported reg file to import/
restore it back.

Regarding, MBAM, Ive always found that to be a good product without
causing issues.

Regarding install problem, I assume your are doing it as an
administrator. Are you able to try installing a few other small Apps,
do they install ok?

How are these MBAM reg entires relevant here? The program failed to
install properly on the first run (when there was no MBAM entries in
the registry).

That means its not an MBAM issue but something else. Have you got any
AV software running and did you have any ones you recently
uninstalled. I would run the AV remover tool for all AV programs you
have had running and then try MBAM again.

From experience, there are two things that cause an anti-malware
program to not install. 1) your machine was infected prior to install
2) remnants of an old AV like Norton causing interferance.

I think no1 is your issue here.

[Dora Smith]

I already had the virus infection when I first tried to install MBAM. So
conceivably the virus could have put the entries in the registry. My
specific question is if these registry entries are blocking the program from
installing or running.

Two other antivirus programs and their services installed with no trouble.
That was AFTER I first tried to install MBAM, so they aren't what's
interfering with it.

I first tried it in safe mode as an administrator. Didn't make a
difference.

When I first tried to install I had Vipre running, But it didn't stopp
anything else. Now I have Microsoft Security Essentials and PCSpywareDoc or
something, and the latter isn't running.

Why is everyone finding it so hard to simply look at the registry entries
and answer my question? MBAM support personnel managed to determine
nothing running is interfering with the install of that program. I even said
so.

Dora

--
You received this message because you are subscribed to the Google Groups
"Windows XP" group.
To post to this group, send email to wind...@googlegroups.com.
To unsubscribe from this group, send email to
windowsxp+...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/windowsxp?hl=en.

[villandra]

What AV remover tool?

Dora

[Marky]

"I already had the virus infection when I first tried to install
MBAM. So
conceivably the virus could have put the entries in the registry. My
specific question is if these registry entries are blocking the
program from
installing or running."

Well according to this: http://techdows.com/2011/12/malwarebytes-chameleon.html

MBAM 1.60 comes with a little Chameleon App which kicks in when the
main mbam.exe file is targeted by a virus etc.

Although, there is little reference to what reg entries are created,
the ones you posted are clearly related to the chameleon app.

I don't beleive a virus created them. They would have been created
after your first attempt at installing MBAM. The MBAM removal tool
obvioulsy didnt remove the chameleon component. What version of the
removal tool did u run? If it was slightly out of date, it would not
have been aware of chameleon feature.

If you feel brave, you could backup the registry and then manually
delete the reg keys in question but unless you find them all, it
probably won't help.

As a test, you could try and install an older program version of MBAM,
i.e. pre 1.60 version. There is normally a couple of places where you
can find it. If you installed an older version that doesnt use the
chameleon app, it might install since it won't care about those reg
keys (you have mentioned).

Another thought is this: maybe the MBAM service is not running because
chameleon app is protecting it as it should. You did say that your
machine had been recently infected. The MBAM service will not kick in
until chameleon app gives it the all clear.

You can force this to happen using Exile360's suggestion from here:
http://forums.malwarebytes.org/index.php?showtopic=103729

P.S. I see you have posted the same thread on several other websites.

> For more options, visit this group athttp://groups.google.com/group/windowsxp?hl=en.- Hide quoted text -
>
> - Show quoted text -

[Marky]

By the way, regarding final suggestion of running Browse to C:\Program
Files\Malwarebytes' Anti-Malware\Chameleon\Mbam Cameleon.

You will of course have to reinstall MBAM 1.60.

> > For more options, visit this group athttp://groups.google.com/group/windowsxp?hl=en.-Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -

[Dora Smith]

OK. Let me try MY ACTUAL QUESTION, ONE More time.

Or is there a different forum where people both can read the English
language, and can read a sytem registry file?

Which of these entries is preventing the MBAM service MBAMservice.exe from
installing and running?

Yours,
Dora Smith

[Dora Smith]

Marky, this won't work - because the problem is not that the install program
won't work. The problem is that the files the program installs aren't
working, and the service in particular isn't going where services need to go
to to install.

I did try Chameleon, and of course it didn't work.

Now, if you DON"T WANT TO READ THE REGISTRY ENTRIES THAT I KEEP POSTING and
SPECIFICALLY tell me what they may have to do with those files not
installing, could you please just straightforwardly admit it, instead of
discussing everything else on the face of the planet?

Thanks!

[Marky]

Hey, grow up will ya and stop acting like a spoilt brat.

Your attitude quite frankly sux. Your just mass posting and abusing
people who supposedly haven't found the answer (which you also don't
have).

Even MABAM support themsleves couldn't give you a direct answer.

I suggest you pull youself together here and start thinking laterally
here and stop wishing for a simple answere that may not be there.

By the way, I did make several comments about those registry entires
so it is you that needs to read carefully.

Peace out!!!

> athttp://groups.google.com/group/windowsxp?hl=en.-Hide quoted text -

>
> > - Show quoted text -
>
> --
> You received this message because you are subscribed to the Google Groups
> "Windows XP" group.
> To post to this group, send email to wind...@googlegroups.com.
> To unsubscribe from this group, send email to
> windowsxp+...@googlegroups.com.

> For more options, visit this group athttp://groups.google.com/group/windowsxp?hl=en.- Hide quoted text -

[Dora Smith]

"Peace out"?

Marky, you wouldn't know a spoiled brat if you met one, since you're a
hippy.