shadowwar

those json files in he log directory actually have the hash of the files detected. The names can be random so wont help me find the files for you.

No problem i will be back on in about 10 hours from now. if you get sooner send me the logs and i will see if i can come up with the files. Worse case you may have to reinstall office 2010 and do the updates if we cant. That should put the msi files back.

Please zip and attach the file here: C:\Users\harry\Downloads\New folder (7)\CheatEngine682.exe

please zip and attach the files listed here: C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\POWERSHELLTOOLS.VS2017,VERSION=4.1.6\PAYLOAD.VSIX C:\WINDOWS\TEMP\VSIX3FEH4MCO.VSIX

Can you please zip the logs that are located here C:\ProgramData\Malwarebytes\MBAMService\ScanResults and attach them to the post or PM me them. Thanks.

its cloud based so should only be 10 mins. These machines have internet correct? Is it possible they are different files then what you attached?

These should no longer be detected. Thanks for reporting.

If you are talking about Avast driver updater then i suggest you read this and our stance. If you still want to use it then follow Firefox's instructions. https://blog.malwarebytes.com/cybercrime/2015/06/driver-updaters-digital-snake-oil-part-2/

The ones above are whitelisted. Can you zip and attach these files so i can check them? C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\POWERSHELLTOOLS.VS2017,VERSION=4.1.5\PAYLOAD.VSIX C:\WINDOWS\TEMP\VSIXUKM4GWU0.VSIX C:\WINDOWS\TEMP\VSIXMADIHPQM.VSIX

Ok 1 more request. Can you send me the MBAMservice.log located here: C:\ProgramData\Malwarebytes\MBAMService\LOGS pm is fine.

Ok replacing this file is not that easy. Everyone but trusted installer only has read access to it. Let me check around and with dev if we can come up with something to make this easier to replace. One way that may work is an offline linux rescue disk.

ok do you know where the first one was located? the first vt result before this post. This is a corrupt one. my bet is its in the winsxswow64 120kb one. https://www.virustotal.com/#/file/dbb88ac48ed1456fb0c8163afb1a652dc2f95deedbf11dcf2684722a07970a72/detection

Can you go to c\:windows and do a file search for: iasrecst.dll And let me know all the locations its found. Thanks

Can you pm me the full cbs.log? You can possibly try this program. I have never used it. https://www.ghacks.net/2015/11/06/sfcfix-comes-to-the-rescue-when-sfc-scannow-cannot-repair-windows-file-corruption/ It looks like it uses the dism tool to repair stuff sfc cant. I recommend backing up the system before hand just in case.

The files are exactly the same. I will look over the log but its nothing to worry about. Its definitely not corrupt. It wont affect the os in any way as the correct file is present and not corrupt.