Trav

Greetings! This last week we've suffered from really slow internet speeds. I disconnected my computer from the internet and disabled the router until my ISP could be sent out. Fast forward to today, I open up my computer after the technicians replaced my modem, and Malwarebytes reports 6 Machine Learning detected infections. I've attached all of the relevant logs I could find and look forward to any advice you can share with me about this. Warm Regards, ~Trav Addition.txt FRST.txt 3-6-2022 Report.txt

Understood @AdvancedSetup! Thanks for taking the time to view the logs and see if we can find a definitive cause. If a definitive cause cannot be found that is absolutely fine, I would appreciate what you might think the top three most likely potential causes are. I don't need absolute certainty. Thanks again! ~Travis

Greetings Advanced Setup! Thanks so much for reaching out so quickly! I've downloaded the Malwarebytes Support tool and I have to say, this is really spectacular! I love the user interface and design. This is tangential to the present ticket, but does Malwarebytes offer any system maintenance tools? I avoid Iobit after they were caught seemingly stealing from your organization, and was wondering if you have any toolkits you either make yourselves for maintaining a system and improving its performance or if there are any tools you strongly recommend for users of the Malwarebytes product. I've attached the logs you requested below. Thanks again for your help, regardless of whether we figure out exactly what has happened! :) ! mbst-grab-results.zip

Greetings, I do not know how it happened, but somehow or another Malwarebytes settings were modified to no longer auto-start. I don't know how long this was for, but have since turned on tamper control for Malwarebytes and reinstated autostart. I've also turned on rootkit scanning and other settings. I don't recall changing this setting in Malwarebytes, but I'm also not God and I can forget things. Please find all of the recommended logs I believe should be included attached. Warm Regards, ~Trav Malwarebytes Report 12-10-2021.txt FRST.txt Addition.txt

Thank you for your hasty response! Have a fantastic Mother's day!

Greetings, Tonight on a scheduled scan a few libraries from my Anaconda distribution were flagged, the xz packages. Unless there is currently some malware infesting Anaconda distributions, I suspect these flags are probably false positives. Most non-programmers wouldn't have these kinds of files readily available on their hard drives. If it does turn out to be malicious please let me know. Warm Regards, ~Trav Scan Report AI - 1353985121.txt xz.zip

This seemingly harmless church website is being blocked as a phishing website. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/25/21 Protection Event Time: 6:43 PM Log File: f8f7d590-a61f-11eb-bd1c-089798bb38fa.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1273 Update Package Version: 1.0.39799 License: Premium -System Information- OS: Windows 10 (Build 19042.928) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: www.gracemankato.com IP Address: 199.34.228.159 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)

Greetings, Please find the log attached. Fixlog.txt

Greetings Advanced Setup, Pleasure doing business with you again. No need to apologize for the delay, I know you are busy. For future reference, is there someplace people that are paying for Malwarebytes Premium should put support tickets? I remember reading something about their being an accelerated help system for premium members, and since I have a 2 year Malwarebytes Premium license I am curious where such things should be put. If I am mistaken on that front, or misunderstanding what would be covered under such a service, please let me know. I would just be kicking myself if I had a service like that and wasn't taking advantage of it. Before getting your response tonight, I was alarmed to see my computer was associated with a homegroup when inspecting the Farbar logs, something I had never done. So I removed the association and deleted all user accounts on the system I do not personally use. The absence of those accounts and the resulting changes in the logs will reflect this. All scan operations functioned without issue. Logs attached. ---- # AdwCleaner 7.0.8.0 - Logfile created on Wed Feb 21 11:54:14 2018 # Updated on 2018/08/02 by Malwarebytes # Running on Windows 7 Professional (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\ProgramData\IObit\Advanced SystemCare Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\Users\All Users\IObit\Advanced SystemCare Deleted: C:\Users\Trav\AppData\LocalLow\IObit\Advanced SystemCare Deleted: C:\Users\Trav\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\ProgramData\IObit\Advanced SystemCare Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\Users\All Users\IObit\Advanced SystemCare Deleted: C:\Users\Trav\AppData\LocalLow\IObit\Advanced SystemCare Deleted: C:\Users\Trav\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\ProgramData\Yahoo! Companion Deleted: C:\ProgramData\Application Data\Yahoo! Companion Deleted: C:\Users\All Users\Yahoo! Companion Deleted: C:\Program Files (x86)\Yahoo!\Companion Deleted: C:\Users\Trav\AppData\Roaming\Yahoo!\Companion Deleted: C:\Users\Trav\AppData\Roaming\Tencent Deleted: C:\ProgramData\IObit\ASCDownloader Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader Deleted: C:\Users\All Users\IObit\ASCDownloader Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons Deleted: C:\Program Files (x86)\Coupons ***** [ Files ] ***** Deleted: C:\Program Files (x86)\Yahoo!\Common\unyt.exe ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Driver Booster Scheduler ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC Deleted: [Key] - HKLM\SOFTWARE\IObit\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\IObit\RealTimeProtector Deleted: [Key] - HKLM\SOFTWARE\IObit\ASC Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex \ContextMenuHandlers\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion Deleted: [Key] - HKU\S-1-5-21-1784569228-3558506064-3848259016-1001\Software\Yahoo\Companion Deleted: [Key] - HKU\S-1-5-21-1784569228-3558506064-3848259016-1001\Software\AppDataLow \Software\Yahoo\Companion Deleted: [Key] - HKCU\Software\Yahoo\Companion Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion Deleted: [Key] - HKU\S-1-5-21-1784569228-3558506064-3848259016-1001\Software\Yahoo\YFriendsBar Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1 Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32- C1FB-11D2-892F-0090271D4F88} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EF99BD32-C1FB-11D2-892F- 0090271D4F88} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2- 892F-0090271D4F88} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB- 11D2-892F-0090271D4F88} Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EF99BD32-C1FB- 11D2-892F-0090271D4F88} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9 -4EFB-9B51-7695ECA05670} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB- 9B51-7695ECA05670} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9- 4EFB-9B51-7695ECA05670} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8- 9C17-86F7AC245081} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2- 4FD8-9C17-86F7AC245081} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy \{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\yt.DLL Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTBM.DLL Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [15225 B] - [2018/2/21 11:52:27] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Addition.txt FRST.txt AdwCleaner[C0].txt Threat Report 2-21-2018.txt

Greetings, I've been encountering some REALLY strange system behavior recently. Sometimes my system randomly has the network connection and disconnection sound go on and off. I have routinely had to restart the computer to restore functioning of the wifi connection. The REALLY strange behavior is connected to my Skype account. After these little network hiccups, my Skype account routinely has the majority of my contacts deleted - with my status changed to a random string of letters. This happens despite me resetting the accounts password on a fairly routine basis. I have reinstalled MalwareBytes, and ran a scan that found nothing. At this point I think my laptop is infected with something really nasty. Any help I could get to try and purge the potential infection or workout what is happening would be appreciated. Warm Regards, ~Trav Addition.txt FRST.txt

Greetings, Recently the web protection shield in Malwarebytes has failed to load. When I go into settings and attempt to enable it the switch hangs on "starting". The shield has been working fine since I purchased the license in May and I have been overall very pleased with the product. Any advice to assist me in resolving this issue would be appreciated. I've attached the mb-check-results file as per the forums instructions. Any advice you could provide would be highly helpful. mb-check-results.zip

Gotcha, good to know. The system is running better overall, but still operates strangely when firefox is involved. What spooks me about it is watching command prompt windows open every time firefox starts or closes. I do not notice the same behavior with Chrome. This might just be a faulty diagnostic in Firefox actually showing the command prompt windows, but I'm innately suspicious, and would much rather find out exactly why I'm getting random command prompts I never used to get. What I particularly dislike about them is watching them open for a split second, then immediately close. This behavior started ~ three weeks ago. Warm Regards, ~Trav

Greetings, All tools were run, log attached. It is interesting to note that on reboot the system began repairing its OS. I got the classic, "Scanning and Repairing Disk" message that loads sometimes when a system's OS has been damaged. It booted fine after the scan and repair though. Fixlog.txt

Greetings, Everything but Sohpos was run. Sophos hung, with an error preventing it from scanning.All other logs have been attached. FRST.txt Addition.txt JRT.txt AdwCleaner[C0].txt

Greetings Thanks as always. I know I can be somewhat difficult to work with. I really do appreciate how much help you have provided me over the years :). Files attached, as per your request. I saw a bunch of MS-DOS windows open recently on startup, so I suspect it is a batch file. Otherwise, I'm just being paranoid. I just know I left my laptop alone around the fella', and I don't trust him as far as I can throw him. Warm Regards, ~Trav FRST.txt Addition.txt