pgovotsos

It looks like that was a one off. The repeated warning is on another PC, not the one that we've been working on. Every tool that I run is showing the system is clean. I ran both while Windows was running normally as well as boot CDs. I ran MBAM, NOD32, spybot, Super antispyware, emsisoft, McAfee Stinger, Norton, ClamWin, AVG, Dr Web, Avira, Bitdefender, Comodo and Kaspersky. If there was something lingering I'd think at least one of those would find it so we're back where we've been. It doesn't seem to matter what I scan with MBAM. Even just scanning the Windows directory tree with MBAM threat mode with archive scan off takes 15 hours.

I just completed a Threat Scan and the time is worse than ever - 32 and a half hours! You'll see that it found an infection. We have had that pop up the last few days (since using MBAM 2.x) on the resident MBAM. We quarantine it every time, shutdown, restart and all seems well then it pops up again at some time. I don't know if that's related or not. Nothing else that we scan with shows anything related to the HOSTS file or the registry key.

I also ran chkdsk again and the log is attached. chkdsk log.txt

Attached are all the log files. Addition.txt CheckResults.txt FRST.txt Result.txt Shortcut.txt

No problem at all - I'm just grateful that you all are willing to take the time to work with me! I'm with family as well so I won't have time to sit down with it until tomorrow evening. Thanks again for your help!

Hi, The issue is that scans are taking an extremely long time to complete - Hyper Scan 1 hr 45 min, Threat Scan 24+ hrs. Advanced setup asked for the logs from several tools. The place we're at now is waiting for an examination of that data.

bump

Ran chkdsk and the log is attached. Ran a hyper scan and noticed something interesting. It ran faster than before "only" 1 hr 41 min but the interesting thing is that all the scans up to and including startup objects ran in about 1 minute. The heuristic scan took 1 hr 40 min. I ran the hyper scan a couple more times after a reboot and after using the computer for a while. The times were all about the same. Is there anything I can do to find out why heuristics took so long? As an aside, could you ask the GUI people to make the column that lists the tests running a little wider so the user could actually read everything there? chkdsk.txt

Sorry, forgot to add a question. You said to exclude the entire Malwarebytes directory. In another post, one of the staff listed several individual files to exclude. Obviously excluding the directory excludes the individual files, but would there be any reason to _just_ exclude the files and not the whole directory?

OK. I set the exclusion in Eset and turned off archive scanning in MBAM - I hadn't even noticed it was on - I guess it must be default. I know scanning archives would affect the Threat Scan (that's the equivalent of Full scan in 1.75 right?), but Hyper Scan (the equivalent of Flash in 1.75?) shouldn't be affected by the archive setting since it doesn't scan the whole drive right? Are there any exclusions for Eset that I should set in MBAM? As a side question, if Threat Scan = Full Scan (1.75) and Hyper Scan = Flash Scan (1.75), is there an equivalent to Quick Scan (1.75)? Thanks for all your help!

Attached is the result.txt file. Also, FWIW a hyper scan took 1 hour 46 minutes. Thanks Result.txt

Hi, Attached are the 3 files. Thanks for your help! Let me know if there's anything else I can give you. Thanks, Panagiotis Addition.txt CheckResults.txt FRST.txt

I did the clean install & rebooted. Surprisingly the clean tool did NOT remove everything. The program files [x86)\malwarebytes directory remained. There was a .tmp file that looks like it's a DLL still there. It didn't remove the licensing info, exclusions, or quarantine. When I reinstalled, it came up already licensed,the exclusions were still there, in the history tab it showed one file that had been previously quarantined. Strange thing about the exclusions - each time I looked at that setting it replicated them. It's now showing 3 copies of the exclusions. I disabled nod32 and ran a threat scan. 15 hours later it's still running. When it completes I'll post the logs.

Do you run MBAM before generating both log sets or do you do the farbar ones (frst and addition), run MBAM, then mbam-check? Just checking since one of the farbar reports is named frst. Thanks

PS I'm already running 2.0.2.1012