calintexas

Magically, I did get a response from Customer Support about 2 hours ago with 3 new replacement lifetime license numbers. I was able to activate 2 of the licenses on the 2 windows 10 computers that I have Malwarebytes installed on; so, my issues are resolved for now. Assuming Malwarebytes and Cleverbridge haven't been hacked at some point, I think the most likely point of license compromise is from the Yahoo email hacks a few years back as that was where my confirming email receipt of the 3 licenses along with all the license information has been stored since 2008 along with the attached to the email pdf Cleverbridge receipt. Thanks to everyone involved even it was just that I coincidentally came to the top of the customer service list. I am still curious why I couldn't get support chat to work. I'm fine with closing this topic.

Ron, please take a look at this. It's been 5 days total (3 week days). What's the issue with support chat?

I submitted support ticket 2706050 a little after mid-day 09/07/2019 after I discovered that 2 of the lifetime licenses that I purchased in December 2008 and that are registered in my.malwarebytes.com were blacklisted. I have a third lifetime license that I purchased at the same time that I haven't been using (it's also registered in my my.malwarebytes.com) that was not blacklisted, and I was able to re-activate one of my Malwarebytes installations. The third license did show evidence of third party activity. This morning all 3 licenses are blacklisted. I've only received the automated response from Malwarebytes support. I've tried to use the chat feature several times in the last 3 days only to get the Chat offline page. I thought my.malwarebytes.com registration was supposed to fix these issues. If needed I do have the original receipt and the license info with the Cleverbridge number from a screen shot of the original Malwarebytes purchase response. I'm not impressed. Please help.

Just read this thread. That's good news. I have 3 android devices (thankfully, all assigned to the same Google Play account).

Ugh; ok, I'll do a clean and re-install. It will be a few days. before I'm able to do it.

Thanks, I wanted to get some advice before I dove into clean install land. On reflection, the effort (time) to create the requested scans probably isn't much different than a clean and install. I'll wait and see what the pros have to say. Looking around the forum for my issue, I've learned that they've made changes to the way mbamtray.exe is handled. My guess is that there is an issue. Please let me know how things go if this topic is still open in a few days.

I've noticed since installing mbam 3.22 that mbamtray.exe doesn't start if I login to an account (both limited user and admin) quickly after the login screen comes up from computer turn on. If I wait several seconds, mbamtray.exe starts as expected (sorry I haven't done any testing to determine how long I have to wait). Mbam itself and all the protections seems always start and run fine. I can turn on mbamtray.exe by going to the malwarebytes program file and clicking open on mbamtray.exe or a Sign Out and re-login to the account opens it too. The logs I've provided show mbamtray.exe as running. I can provide the same logs with it not running if needed. We have 2 computers that were ordered together and as far as I know are mechanically identical. They are configured very similarly. Both exibit the described behavior. Please advise. mb-check-results.zip

Thanks Becky.

Is the Daily Protection Log gone? Otherwise, MB 3.0.6 seems to be working fine.

All is good now. Thanks.

Sorry if this has been answered, but I couldn't find it in the FAQ's or using search. Will my current 2.X version of mbam Premium be automatically update to version 3.X in the near future, or do I have to manually install 3.X to get it? Never mind: I found the answer with a little browsing of this forum - No auto update from 2.X to 3.X yet.

The original Lenovo Power DVD v10 provided with the computer had files identified tonight as containing a Trojan.Kovter when I attempted to launched the application. As you can see from the log, I allowed the suspect files to run. let me know if all is well or not. PWRDVD 10 Files listed as Tojan.txt Flagged PowerDVD10 Files.zip

Thanks Ron, You've been satisfied with Cyber Ghost? No issues?

daledoc1 what VPN do you use? I'm not a big mobile user (we use Tracfones), but do travel between California and Texas by car a couple of times a year (hotel stays en route). In addition, I prefer to use WIFI when available with my very cheap ZTE Citrine smart phone rather than pre-paid mb's. A 3rd party VPN seems like it would fit my needs at a fairly low cost for both our laptop and pre-paid phone.

Thanks, I'll check these alternatives out. 3rd party VPN's I've seen are in the $40 to $50 per year range. I'm guessing what your suggesting requires a cell data contract and could be costly depending on bandwidth used?

I've been looking at personal use 3rd party VPN supplier info a bit. Can anyone here recommend VPN service provider or recommend a site where I can get good information? We travel quite a bit, and I believe a VPN connection would allow me to use my PC more securely from a hotel room.

Ok to close topic. Thanks to both Maurice and Ron for their help. It's much appreciated. best regards, Cal

Thanks. As you know these logs are busy. Can you recommend a forum? There is no Microsoft Windows header in the Installed Updates file. The snapshot shows the end of the file. There are only 59 records total in the file. It's pretty messed up 2016-02-18 14:09:22:317 1260 1de0 AU Earliest future timer found: 2016-02-18 14:09:22:317 1260 1de0 AU Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2016-02-18 21:55:51, not idle-only, not network-only 2016-02-18 14:09:22:348 1260 1de0 AU Earliest future timer found: 2016-02-18 14:09:22:348 1260 1de0 AU Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2016-02-18 21:55:51, not idle-only, not network-only 2016-02-18 14:09:22:442 1260 1de0 Service ********* 2016-02-18 14:09:22:442 1260 1de0 Service ** END ** Service: Service exit [Exit code = 0x240001] 2016-02-18 14:09:22:442 1260 1de0 Service ************* 2016-02-18 15:54:44:124 1260 17f0 Misc =========== Logging initialized (build: 7.9.9600.18145, tz: -0600) =========== 2016-02-18 15:54:44:124 1260 17f0 Misc = Process: C:\WINDOWS\system32\svchost.exe 2016-02-18 15:54:44:124 1260 17f0 Misc = Module: c:\windows\system32\wuaueng.dll 2016-02-18 15:54:44:124 1260 17f0 Service ************* 2016-02-18 15:54:44:124 1260 17f0 Service ** START ** Service: Service startup 2016-02-18 15:54:44:124 1260 17f0 Service ********* 2016-02-18 15:54:44:139 1260 17f0 IdleTmr Non-AoAc machine. Aoac operations will be ignored. 2016-02-18 15:54:44:139 1260 17f0 Agent * WU client version 7.9.9600.18145 2016-02-18 15:54:44:139 1260 17f0 Agent WARNING: SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled. 2016-02-18 15:54:44:139 1260 17f0 Agent * Base directory: C:\WINDOWS\SoftwareDistribution 2016-02-18 15:54:44:139 1260 17f0 Agent * Access type: No proxy 2016-02-18 15:54:44:139 1260 17f0 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 3. 2016-02-18 15:54:44:139 1260 17f0 Service UpdateNetworkState Ipv4, cNetworkInterfaces = 1. 2016-02-18 15:54:44:139 1260 17f0 Agent * Network state: Connected 2016-02-18 15:54:44:155 1260 17f0 Service UpdateNetworkState Ipv6, cNetworkInterfaces = 3. 2016-02-18 15:54:44:155 1260 17f0 Service UpdateNetworkState Ipv4, cNetworkInterfaces = 1. 2016-02-18 15:54:44:171 1260 17f0 Agent *********** Agent: Initializing global settings cache *********** 2016-02-18 15:54:44:171 1260 17f0 Agent * Endpoint Provider: 00000000-0000-0000-0000-000000000000 2016-02-18 15:54:44:171 1260 17f0 Agent * WSUS server: <NULL> 2016-02-18 15:54:44:171 1260 17f0 Agent * WSUS status server: <NULL> 2016-02-18 15:54:44:171 1260 17f0 Agent * Target group: (Unassigned Computers) 2016-02-18 15:54:44:171 1260 17f0 Agent * Windows Update access disabled: No 2016-02-18 15:54:44:171 1260 17f0 WuTask WuTaskManager delay initialize completed successfully.. 2016-02-18 15:54:44:171 1260 17f0 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2016-02-19 14:04:12, not idle-only, not network-only 2016-02-18 15:54:44:171 1260 17f0 AU Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2016-02-18 21:55:51, not idle-only, not network-only 2016-02-18 15:54:44:171 1260 17f0 AU Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2016-02-18 21:55:51, not idle-only, not network-only 2016-02-18 15:54:44:171 1260 17f0 Report CWERReporter::Init succeeded 2016-02-18 15:54:44:171 1260 17f0 Agent *********** Agent: Initializing Windows Update Agent *********** 2016-02-18 15:54:44:186 1260 17f0 DnldMgr Download manager restoring 0 downloads 2016-02-18 15:54:44:186 1260 17f0 AU ########### AU: Initializing Automatic Updates ########### 2016-02-18 15:54:44:186 1260 17f0 AU Additional Service {117CAB2D-82B1-4B5A-A08C-4D62DBEE7782} with Approval type {Pre-download notify} added to AU services list 2016-02-18 15:54:44:186 1260 17f0 AU AIR Mode is disabled 2016-02-18 15:54:44:186 1260 17f0 AU # Approval type: Pre-download notify (User preference) 2016-02-18 15:54:44:186 1260 17f0 AU # ServiceTypeDefault: Service 117CAB2D-82B1-4B5A-A08C-4D62DBEE7782 Approval type: (Pre-download notify) 2016-02-18 15:54:44:186 1260 17f0 AU # Will interact with non-admins (Non-admins are elevated (User preference)) 2016-02-18 15:54:44:249 1260 17f0 AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80070032 2016-02-18 15:54:44:264 1260 17f0 AU AU finished delayed initialization 2016-02-18 15:54:44:264 1260 17f0 AU Currently AUX is enabled - so not show any WU Upgrade notifications. 2016-02-18 15:54:44:264 1260 1424 DnldMgr Asking handlers to reconcile their sandboxes 2016-02-18 15:55:51:166 1260 17f0 AU Adding timer: 2016-02-18 15:55:51:166 1260 17f0 AU Timer: CF1ABEC6-7887-4964-BB93-B2E21B31CEC1, Expires 2016-02-19 21:55:51, not idle-only, not network-only 2016-02-18 15:55:51:166 1260 17f0 AU Adding timer: 2016-02-18 15:55:51:166 1260 17f0 AU Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2016-02-19 21:55:51, not idle-only, not network-only 2016-02-18 16:04:44:278 1260 714 AU Earliest future timer found: 2016-02-18 16:04:44:278 1260 714 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2016-02-19 14:04:12, not idle-only, not network-only 2016-02-18 16:04:45:279 1260 17f0 AU ########### AU: Uninitializing Automatic Updates ########### 2016-02-18 16:04:45:310 1260 17f0 WuTask Uninit WU Task Manager 2016-02-18 16:04:45:388 1260 17f0 AU Earliest future timer found: 2016-02-18 16:04:45:388 1260 17f0 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2016-02-19 14:04:12, not idle-only, not network-only 2016-02-18 16:04:45:482 1260 17f0 AU Earliest future timer found: 2016-02-18 16:04:45:482 1260 17f0 AU Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2016-02-19 14:04:12, not idle-only, not network-only 2016-02-18 16:04:45:654 1260 17f0 Service ********* 2016-02-18 16:04:45:654 1260 17f0 Service ** END ** Service: Service exit [Exit code = 0x240001] 2016-02-18 16:04:45:654 1260 17f0 Service *************

a. I did rename Catroot2 finally by using a safe mode login. b. Your script worked as you said it would. c. The first 3 listed services were running. The 4th service (System Restore Service) wasn't listed. Unfortunately Windows Update looks and acts like it has from when I first realized there were problems with it. It shows 3 important files to install (images attached). It says they are installed after I click the install updates button. Update history shows them as installed multiple times(image attached), but they re-appear again and again on the important updates to install list and never appear on the installed Updates list (image attached). Before I posted on this forum to look for infections, I tried downloading the 3 "important" KB's and installing them manually. I was able to install KB2990967 & KB3063843 manually, but they still show on the important list and not on the Installed Updates list. In reading about KB2919355 I learned that KB2919442 was a prerequisite. I downloaded both installation packs, but both yielded inappropriate for this computer messages when I attempted to manually install them.

The Catroot2 folder contained several files that were in use by Cryptographic Services and could not be re-named. I turned off Cryptographic Services using the Administrative Tools, but I was still unable to change the name of the Catroot2 folder. Use by Cryptographic Services was still given as the reason. I wasn't willing to disable Cryptograhic Services and try a re-start without asking what now? I was able to delete C:\Windows\SoftwareDistribution\Download without issue. It only had 3 files in it. Wuauserv wasn't running in the first place.

I did use IE (with run as administrator) as you directed. I was in Firefox on another computer when I responded to Ron and used the pop up window from Firefox to show the choice I had. I realised after I posted it that the windows were different. I've attached an image of the choice IE gave me. I've gotten the FIX-IT tool to run a couple of times after I stopped it (images attached). It say everything is all fixed, but nothing has changed in the way Windows Update has been working. I'll try your requested manual changes now.

Ok Maurice. It was still running; so, I cancelled it.

I learned how to do that yesterday. Today, Maurice lead me through how to run a .com file from the administrator cmd window. The current issue is that the Windows Update FIX-IT Tool seems to be stuck in process. It's possible that I've done something procedurally wrong. To clarify, pressing the "Run Now" button on the page that Maurice provided a link to results a window (image attached) offering to open WindowsUpdateDiagnostic.diagcab with the Diagnostics Troubleshooting Wizard (which I did). It's been years since I've done anything with DOS, and I was far from an ace back in the day. If I was supposed to somehow use the Administrator Command Prompt to open IE or run the Windows Update FIX-IT tool, then I need to be lead step by step through that with reference to commands that are available in Windows 8.1.

I'm pretty sure 8.1 doesn't have the Start feature you described. What I did was re-start the computer and login to an administrator account. I then right clicked on the IE icon on the desktop and selected "run as administrator". I then navigated to this thread and clicked on the link you provided. I then clicked on the button to start the 8.1 automated FIX-IT tool. The FIX-IT tool's been running for 2.5+ hours now. Under the Header "Detecting Problems" is the message "Checking registry keys", and there is a green bar scrolling repeatedly below the message. I've checked the Task Manager, and there's 0% CPU activity being used by the Diagnostics Troubleshooting Wizard. Should I let it run, or try to run the FIX-IT tool again?

Thank you Maurice. Yes, dds.com is on my administrator account desk top. The technique using the Administrator Command Prompt worked. The dds output files are attached. FFS.txt was attached to the previous response. dds.txt attach.txt