Database update issue sammygen ( only )

sammygem · June 6, 2014

I was using the pro version,last night i noticed it had stopped working,the database was out of date and it would not connect to server,the help button did not work either,after reading a suggestion here i uninstalled it then reinstalled the free version that worked fine last night a full scan of my laptop came up clean,now i have the same message again and it will not can not connect to server.

Maurice Naggar · June 6, 2014

Hello sammygen and welcome to MalwareBytes forum.

I'll need more information to locate the source of the issue.

Please only ATTACH the log files I ask for.

Could you please tell me if you had the self-protection on in the program { on the Settings >> Advanced Settings screen} ?

Also, did you do a Windows restart today ? when was the last time that Windows was started fresh?

Do you have version 2.0.2.1012 installed ?

This tool will collect some information on the installation of Malwarebytes and create a report I need to review:

Download mbam-check.exe and save it to your desktop from http://downloads.malwarebytes.org/file/mbam_check

On Vista/Windows 7, 8, Right-click on mbam-check.exe & select Run as Administrator & allow to Run.

On XP,Double-click on mbam-check.exe to run it.

It should then open a log file CheckResults.txt

You should attach the CheckResults.txt file located on your desktop so that I can review.

sammygem · June 6, 2014

Hi and thankyou i think the info is here.ambam-check result log version: 2.1.0.0002

========================================

User Account type: Administrator

OS: Windows 8 64 bit Operating System

Current Build Number: 9200

Current Version Number: 6.2

Current CSDVersion:

Malwarebytes Anti-Malware:

Installed On: 2014/06/06

Malware Database: 0000.00.00.00

Rootkit Database: 0000.00.00.00

Remediation Database: 0000.00.00.00

IP Database: 0000.00.00.00

Domain Database: 0000.00.00.00

License: Trial

Malware Protection: 4 (The service is running.)

Malicious Website Protection: 1 (The service is not running.)

Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

Log Created: 2014/06/06 18:23:35

Compatibility Flag Settings:

=================================

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:

=======================================================

--------------Driver File Info:--------------

C:\WINDOWS\system32\drivers\mbam.sys

File Size: 25816 BYTES FileVersion: 0.1.13.0 MD5: [f92b0e478c0faa6d6661e6e977247e60]

C:\WINDOWS\system32\drivers\mwac.sys

File Size: 64216 BYTES FileVersion: 1.0.1.0 MD5: [0664f6335f108f38fe08c3ca747311ee]

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

File Size: 122584 BYTES FileVersion: 0.1.7.0 MD5: [8a50d5304e6ae48664cf5838ec32f647]

C:\WINDOWS\system32\drivers\mbamchameleon.sys

File Size: 91352 BYTES FileVersion: 1.0.4.0 MD5: [9d9ed48f841ea37aa5310d54b9e5d3c7]

--------------MBAMProtector:--------------

Type: 2

State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE: 0

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

--------------MBAMService:--------------

Type: 16

State: 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE: 1067

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

--------------MBAMScheduler:--------------

Type: 16

State: 4 (The service is running.)

WIN32_EXIT_CODE: 0

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

--------------MBAMChameleon:--------------

Type: N/A

State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

WIN32_EXIT_CODE: N/A

SERVICE_EXIT_CODE: N/A

CHECKPOINT: N/A

WAIT_HINT: N/A

--------------MBAMWebAccessControl:--------------

Type: 1

State: 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE: 1077

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

Required Dependencies:

======================

--------------BFE:--------------

Type: 32

State: 4 (The service is running.)

WIN32_EXIT_CODE: 0

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001

ErrorControl REG_DWORD 1

Group REG_SZ NetworkProvider

ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork

Start REG_DWORD 2

Type REG_DWORD 32

Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002

DependOnService REG_MULTI_SZ RpcSs

WfpLwfs

ObjectName REG_SZ NT AUTHORITY\LocalService

ServiceSidType REG_DWORD 3

RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege

FailureActions REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters

ServiceDllUnloadOnStop REG_DWORD 1

ServiceMain REG_SZ BfeServiceMain

ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter

{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

{89a89b7c-b5ab-4ed6-bf05-d3059281a5c5}REG_BINARY Binary Data

{84750a0c-b836-48e3-ab80-104985c857db}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Options

EnablePacketQueue REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout

{22001ee0-8e87-4f75-ba58-248f5918a63a}REG_BINARY Binary Data

{79f2a265-b693-4cc9-b480-cbcd87bd4747}REG_BINARY Binary Data

{c4b50f21-503e-4d7a-abd4-ed0a823a2453}REG_BINARY Binary Data

{91e902db-2cef-4040-b8e2-02fe4fd49c25}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter

{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data

{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data

{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data

{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data

{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data

{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data

{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data

{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data

{8b50e2ec-7cF0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data

{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data

{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data

{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data

{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data

{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data

{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data

{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data

{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data

{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data

{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data

{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data

{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data

{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data

{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data

{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data

{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data

{70694559-714a-4a38-a0cd-51439e06f1d8}REG_BINARY Binary Data

{89a89b7c-b5ab-4ed6-bf05-d3059281a5c5}REG_BINARY Binary Data

{84750a0c-b836-48e3-ab80-104985c857db}REG_BINARY Binary Data

{e72646bc-7d3f-4c5c-a679-b3716f8c6cc8}REG_BINARY Binary Data

{b98b75dc-17c0-4e84-bd4e-2080527ca6a6}REG_BINARY Binary Data

{56b4fdc4-bb4e-4c42-a9d8-f627ee15ac21}REG_BINARY Binary Data

{1ba41ed8-151d-4577-9272-317856bc637c}REG_BINARY Binary Data

{9248d57e-f843-4159-807d-3813173e2096}REG_BINARY Binary Data

{4658cd86-525d-44ed-98a5-791a7b8655f1}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider

{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data

{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data

{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data

{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data

{839cd73f-1907-49ea-9aa5-0e6be9048087}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer

{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data

{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data

{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data

{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data

{8c36b346-4e0c-4049-8b55-5295ac35567c}REG_BINARY Binary Data

--------------fltmgr:--------------

Type: 2

State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE: 0

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

AttachWhenLoaded REG_DWORD 1

DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

ErrorControl REG_DWORD 3

Group REG_SZ FSFilter Infrastructure

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

Start REG_DWORD 0

Tag REG_DWORD 1

Type REG_DWORD 2

Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000

C:\WINDOWS\system32\drivers\fltmgr.sys

File Size: 360792 BYTES FileVersion: 6.3.9600.17031 MD5: [46d1df775fff14585218bbe16e5b2c9a]

C:\WINDOWS\SysWOW64\olepro32.dll

File Size: 80384 BYTES FileVersion: 6.3.9600.16384 MD5: [0fc9b04c7f729498b41a19fa55c33573]

MBAM Registry Settings and License Info:

========================================

--------------Settings:--------------

Advanced:

AutomaticQuarantine: true

AutostartProtection: true

LimitedMode: false

StartSilentMode: false

StartupDelay: 0

ApplicationState:

First-Run-After-Installation: false

General:

DaysUntilNotifyExpiration: 5

Language:

RightClickAccess: false

SilentErrors: false

Logging:

ExportLog: true

Notification:

ProtectionTray:

DisplayMilliseconds: 7000

ScanHistory:

Duration_Complete: 136000

Duration_Driver: 0

Duration_Filesystem: 1000

Duration_Heuristics: 320000

Duration_Loading: 0

Duration_MasterBootRecord: 0

Duration_Memory: 40000

Duration_PreScan: 7000

Duration_Registry: 14000

Duration_Sector: 0

Duration_Startup: 3000

ItemCount_Complete: 228770

ItemCount_Driver: 0

ItemCount_Filesystem: 31416

ItemCount_Heuristics: 9688

ItemCount_Loading: 0

ItemCount_MasterBootRecord: 0

ItemCount_Memory: 2797

ItemCount_PreScan: 0

ItemCount_Registry: 630

ItemCount_Sector: 0

ItemCount_Startup: 501

LastScanDateEpoch: 1402023831227

LastScanType: 2 (Custom Scan)

Update:

LastUpdate: 2014-06-06T12:03:05

NotifyInstallReady: true

NotifyOutdatedDatabase: 1

ProxyPassword:

ProxyPort: 0

ProxyServer:

ProxyUsername:

UseProxy: false

UseProxyAuthentication: false

--------------Account:--------------

Account Status: Trial

Expiration Time: 2014/06/19 23:25:58

Activation Time: 2014/06/05 23:25:58

Trial Used: true

--------------Access Policies:--------------

Scheduler Queue:

================

tasks:

58dcabdf-42d5-4035-998c-f7417a0ae81d:

parameters:

NotifyWhenUpdateCompletes: true

ProcessLaunchedFromScheduler: true

TaskType: 3

triggers:

7b57f183-fdef-4b40-9f63-83675bfaf451:

dateinterval: 0:0:0

lastscheduled: Fri, 06 Jun 2014 17:47:52.116936 +0100

lasttriggered: Fri, 06 Jun 2014 17:47:52.116936 +0100

nextscheduled: Fri, 06 Jun 2014 18:48:50.116936 +0100

recovery: 00:00:00

start: Fri, 06 Jun 2014 00:26:44.949201 +0100

timeinterval: 01:00:00

type: 3

uuid: 7b57f183-fdef-4b40-9f63-83675bfaf451

type: update

uuid: 58dcabdf-42d5-4035-998c-f7417a0ae81d

84ce279a-e5bf-4bd6-8702-bfb1a4dfba16:

parameters:

CheckForUpdatesBeforeScanStart: true

ScanConfig:

ExitWhenNoMalwareDetected: false

ExportLog: true

FileSystemOption: true

RebootSystemWhenMalwareDetected: false

RemoveMalwareAutomaticallyWhenScanEnds: false

ScanArchives: true

ScanExtra: true

ScanHeuristic: true

ScanMemoryObjects: true

ScanPUM: 2

ScanPUP: 2

ScanRegistry: true

ScanRootkits: false

ScanStartup: true

ScanTargets:

ScanType: 1 (Threat Scan)

Silent: true

TerminateExplorerWhenMalwareIsRemoved: false

StartTaskFromSystemAccount: false

TaskType: 0

triggers:

1b706990-689b-4e48-8494-68f9981039ef:

dateinterval: 1:0:0

lastscheduled:

lasttriggered:

nextscheduled: Sat, 07 Jun 2014 03:42:15 +0100

recovery: 23:00:00

start: Sat, 07 Jun 2014 03:42:06 +0100

timeinterval: 00:00:00

type: 4

uuid: 1b706990-689b-4e48-8494-68f9981039ef

type: scan

uuid: 84ce279a-e5bf-4bd6-8702-bfb1a4dfba16

Pending File Rename Operations:

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

MBAMProtector Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

Type REG_DWORD 2

Start REG_DWORD 3

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys

Group REG_SZ FSFilter Anti-Virus

DependOnService REG_MULTI_SZ FltMgr

WOW64 REG_DWORD 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances

DefaultInstance REG_SZ MBAMProtector Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance

Altitude REG_SZ 328800

Flags REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters

PassThruFile REG_DWORD 0

ProductPath REG_DWORD 0

MBAMService Registry Values:

============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"

DependOnService REG_MULTI_SZ MBAMProtector

WOW64 REG_DWORD 1

ObjectName REG_SZ LocalSystem

DelayedAutostart REG_DWORD 0

MBAMScheduler Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"

WOW64 REG_DWORD 1

ObjectName REG_SZ LocalSystem

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

--------------TERMService:--------------

Type: 32

State: 1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE: 1077

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume2

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ HH:mm:ss

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: 850 Please refer to this link for details: Here

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

Context Menu Entries:

=====================

List of MBAM Related Directories:

=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\

7z.dll File Size: 920888 BYTES FileVersion: 9.20.0.0 MD5: [9f522b2708cab181c0f137abbcd1de2e]

changes.txt File Size: 2261 BYTES FileVersion: N/A MD5: [af70267bdf9a37a96f1a79a5c3720ae6]

license.rtf File Size: 39478 BYTES FileVersion: N/A MD5: [8627b31943a534aad30d154c2b2c1aaf]

master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea]

mbam.dll File Size: 579896 BYTES FileVersion: 1.0.7.0 MD5: [d32c2a98859cb22d57a665f15f351e7d]

mbam.exe File Size: 6970168 BYTES FileVersion: 1.0.0.532 MD5: [4fbc630768570e6ac35c3de8f6ec79f5]

mbamcore.dll File Size: 1680696 BYTES FileVersion: 1.0.11.0 MD5: [f722fa26739eafcbd8d5f3829b632cd7]

mbamdor.exe File Size: 54072 BYTES FileVersion: 1.0.1.0 MD5: [4da2f2da54a92850f56c0db712058188]

mbamext.dll File Size: 184632 BYTES FileVersion: 3.0.4.0 MD5: [945bb364b09f3a8e998dbff02a0a5a58]

mbampt.exe File Size: 39736 BYTES FileVersion: 1.0.0.0 MD5: [9acd7583584c93ee542c273df8e91dc1]

mbamscheduler.exe File Size: 1809720 BYTES FileVersion: 3.0.2.0 MD5: [d84aea3f3329d622dfc1297dddf6163b]

mbamservice.exe File Size: 860472 BYTES FileVersion: 3.0.2.0 MD5: [4f45ed469906494f9bf754e476390dbd]

mbamsrv.dll File Size: 4437816 BYTES FileVersion: 1.1.0.0 MD5: [9b48e38c35f08fa831b387a0b27c40aa]

mbamtoast.dll File Size: 96568 BYTES FileVersion: 1.70.0.0 MD5: [cb3f6732c7027a65f56bcb4cc7c481d3]

msvcp100.dll File Size: 421688 BYTES FileVersion: 10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]

msvcr100.dll File Size: 774456 BYTES FileVersion: 10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]

QtCore4.dll File Size: 2732856 BYTES FileVersion: 4.8.4.0 MD5: [30490eed6a1e20e8259c0b9c58f488fe]

QtGui4.dll File Size: 8575288 BYTES FileVersion: 4.8.4.0 MD5: [15e21aa7d0c0c994cd565eeb96d13c20]

QtNetwork4.dll File Size: 909112 BYTES FileVersion: 4.8.4.0 MD5: [d7588d42e29080c32a003bee465160d8]

unins000.dat File Size: 23814 BYTES FileVersion: N/A MD5: [d41069ab3002e501fd895084b8b9491f]

unins000.exe File Size: 718037 BYTES FileVersion: 51.52.0.0 MD5: [d2796ecf50731e696f0c065d24c0827a]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows

chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b]

firefox.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

firefox.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

firefox.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

firefox.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

iexplore.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

mbam-chameleon.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

mbam-chameleon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

mbam-chameleon.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

mbam-chameleon.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

mbam-killer.exe File Size: 1181496 BYTES FileVersion: N/A MD5: [c6927fd8f7e9105b64db5d5a08b53731]

rundll32.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

svchost.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

windows.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

winlogon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats

qgif4.dll File Size: 32568 BYTES FileVersion: 4.8.4.0 MD5: [e59f533c26c8375cd120b4791482217e]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages

lang_bg.qm File Size: 144048 BYTES FileVersion: N/A MD5: [9ccb79999432d56b9843a3e2b2c90325]

lang_bs.qm File Size: 145523 BYTES FileVersion: N/A MD5: [6ab7a6274d4f9f7553c944f5c66201ba]

lang_ca.qm File Size: 132254 BYTES FileVersion: N/A MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]

lang_cs.qm File Size: 141243 BYTES FileVersion: N/A MD5: [6b8acee7f461fa69b83d2c45c3725427]

lang_da.qm File Size: 130101 BYTES FileVersion: N/A MD5: [8539796784746218b229419e99ab308d]

lang_de.qm File Size: 149462 BYTES FileVersion: N/A MD5: [fcd3bc376ad219396e8c7d3c87cd8864]

lang_el.qm File Size: 149912 BYTES FileVersion: N/A MD5: [74f13f95f63fe96c08e571598df052d6]

lang_en.qm File Size: 115961 BYTES FileVersion: N/A MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]

lang_es.qm File Size: 130487 BYTES FileVersion: N/A MD5: [33e1c6d40b841cc2e783ec8d8102e66f]

lang_et.qm File Size: 138126 BYTES FileVersion: N/A MD5: [aa215b5f37a72a69854c9163ac543b51]

lang_fi.qm File Size: 144256 BYTES FileVersion: N/A MD5: [18912c339939c3a6629004ec900f4fe4]

lang_fr.qm File Size: 149253 BYTES FileVersion: N/A MD5: [ec2bf2f431c4273f151b8c8a7b84c387]

lang_he.qm File Size: 116101 BYTES FileVersion: N/A MD5: [9e692744e77051c6ce14df32f9b71920]

lang_hr.qm File Size: 139841 BYTES FileVersion: N/A MD5: [3e3737fe86eb595c5f6817eebf731aa7]

lang_hu.qm File Size: 145621 BYTES FileVersion: N/A MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]

lang_id.qm File Size: 143102 BYTES FileVersion: N/A MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]

lang_it.qm File Size: 146851 BYTES FileVersion: N/A MD5: [7e7aea7d0b433d7e912ed9f0887684a7]

lang_ja.qm File Size: 121282 BYTES FileVersion: N/A MD5: [19ac79b7a5e05d665e417c2dd75afc94]

lang_ko.qm File Size: 118033 BYTES FileVersion: N/A MD5: [de213178c14490bf452ea45278d3442d]

lang_nl.qm File Size: 146325 BYTES FileVersion: N/A MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]

lang_no.qm File Size: 142918 BYTES FileVersion: N/A MD5: [4388c08217618af2e24173af6f5d3f97]

lang_pl.qm File Size: 145434 BYTES FileVersion: N/A MD5: [699700c889447d1f9b607c04f07fff67]

lang_pt_BR.qm File Size: 131739 BYTES FileVersion: N/A MD5: [a3430222223d59da8ec6ea1edae5ee2f]

lang_pt_PT.qm File Size: 149128 BYTES FileVersion: N/A MD5: [afdf1907af4c95f9af510d5fc1bb9067]

lang_ro.qm File Size: 121166 BYTES FileVersion: N/A MD5: [1672a2b3a9807a1497fe43824c0026c0]

lang_ru.qm File Size: 122186 BYTES FileVersion: N/A MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]

lang_sk.qm File Size: 119827 BYTES FileVersion: N/A MD5: [8b200d162e8028843e41aa1a927cfd84]

lang_sl.qm File Size: 143191 BYTES FileVersion: N/A MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]

lang_sr.qm File Size: 143261 BYTES FileVersion: N/A MD5: [377d15c0da0249f4a7a58978b6307d81]

lang_sv.qm File Size: 142525 BYTES FileVersion: N/A MD5: [2587ead21967296fefdd0ee0684fe8b4]

lang_tr.qm File Size: 142194 BYTES FileVersion: N/A MD5: [880fcbe97ec6f13ec094f7371b5b295f]

lang_vi.qm File Size: 126874 BYTES FileVersion: N/A MD5: [c61281786b5bfec68afc742a19f6abd9]

lang_zh_tr.qm File Size: 110870 BYTES FileVersion: N/A MD5: [f223d83580b1ee35edea13293cb2c80d]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins

fixdamage.exe File Size: 821560 BYTES FileVersion: 1.1.0.1010 MD5: [3a4dcd021d9f3a5305a22e5e309da305]

C:\Users\kuku\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware

actions.ref File Size: 314 BYTES FileVersion: N/A MD5: [b26a36c0696e299fdfebe180c09c2737]

domains.ref File Size: 38 BYTES FileVersion: N/A MD5: [8c30b536b67543eb68e68b9640d4d498]

exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e]

ips.ref File Size: 33 BYTES FileVersion: N/A MD5: [8a1c580788ea8de3f32862c2c1cf373c]

rules.ref File Size: 8402088 BYTES FileVersion: N/A MD5: [c696f495c7f6af8b1504f4eeb61d3a8f]

swissarmy.ref File Size: 21316 BYTES FileVersion: N/A MD5: [a6d0ca7a44b74627656ca4d3e892e853]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration

build.conf File Size: 217 BYTES FileVersion: N/A MD5: [de2038e3d44c31573d0e8ff4454c6e20]

database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]

gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]

license.conf File Size: 460 BYTES FileVersion: N/A MD5: [30cb7a6b230c58c376281ea778389b9d]

manifest.conf File Size: 2133 BYTES FileVersion: N/A MD5: [1ef357fec19ce78baa49e53a6c8b035c]

marketing.conf File Size: 1434 BYTES FileVersion: N/A MD5: [19533c40d9c9778b2ab423dbcf063d80]

net.conf File Size: 356 BYTES FileVersion: N/A MD5: [63d769c9e239372b96fc2db0e530cd2e]

notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]

scheduler.conf File Size: 2162 BYTES FileVersion: N/A MD5: [cf4fb1c4e5468828edac4c7c05eccc18]

settings.conf File Size: 1991 BYTES FileVersion: N/A MD5: [549b3589ee0b06ca7280a21cb5013880]

statistics.conf File Size: 597 BYTES FileVersion: N/A MD5: [9737939eeb61d4a478bf41c84df131fe]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

mbam-log-2014-06-06 (00-27-03).xml File Size: 2468 BYTES FileVersion: N/A MD5: [bac7cb24bcada37816ee66a8a04cb6c0]

mbam-log-2014-06-06 (04-03-49).xml File Size: 2468 BYTES FileVersion: N/A MD5: [575e0778af4caf642f435db4cedcdf03]

protection-log-2014-06-06.xml File Size: 9605 BYTES FileVersion: N/A MD5: [ac6326e3873286a71f9027a3a61b90a5]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

Malware Exclusions:

===================

Web Exclusions:

================

Quarantined Items:

===================

Unable to access quarantine information: Error code 20002===============================================================

END OF FILE

Maurice Naggar · June 6, 2014

Sammy,

Do all of these next steps. There will be more to do after all that.
If there is any "hiccup" then Stop / provide me all details and do not do any "fixes" on your own.

Go to Control Panel >>All Control Panel items >> Programs and Features. { on XP you use Add-or-Remove programs }
Locate and select **Malwarebytes Anti-Malware** and (( if not there then skip this part )) do a Right click on it and select Uninstall.
Allow the Uninstall to proceed.
Close Control Panel when done.

If the uninstall from Control Panel hiccups or does not work, please go forward and use the mbam-clean step anyway.

Close all opened windows/apps so you will have a clear view to the desktop.
I would suggest, a new clean install as follows:
Download and SAVE mbam-clean utility from http://downloads.malwarebytes.org/file/mbam_clean

then run mbam-clean.exe: Double click the "mbam-clean-2.0.2.0.exe" file to run the clean tool. It runs quickly.

It will ask to restart your computer, please allow it to do so very important

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from
http://downloads.malwarebytes.org/file/mbam

Run the mbam-setup. IF your Windows is Vista / Windows 7 / 8, then do a Right-click on **mbam-setup.exe** and select Run as Administrator and allow to run.
Then after the setup has finished, on the Dashboard screen, press the **Update now** link.
Let me know if the update succeeds.

When all done, do a new (fresh) Windows Restart.

Confirm having done all of this. There is more to follow.

sammygem · June 6, 2014

Hi i have done all of that everything appears to be fine.

Maurice Naggar · June 6, 2014

Good then. Like noted, be sure you did 1 Windows restart so that we can insure all was finalized by Windows to permanent memory.

Suggestions:

Take a look inside the program. Start the Anti-Malware. Click on the Settings icon at the top bar up at top.
Then click the **Advanced Settings** button at the left.
Be sure all top 3 lines on that window are check-marked ( selected ).

Now a couple of changes for each of the Update task & the Threat scan task in the Scheduler.
Click on **Automated Scheduling** button.

Locate and click once on **Check for Updates** line and press Edit. Then press the Advanced button at bottom left.
Slide the window up so you can see all of it. {press the mouse on the very top bar and slide UP }

Look at the "starting time" of the task and use some good time when you know that your computer will be on & powered & that Windows would be on at that time.
Look at the line in Schedule Options. UN-check "Show notification after successful update".

In the Frequency and Settings. Select Hourly and I suggest using the Recurrence at 4 hours.
In the Recovery Options put a check-mark on "Recover missed tasks" and select 1 hour
When done, press the OK button.

Locate and click once on the Threat Scan line and press Edit.Then press the Advanced button at bottom left.
Slide the window up so you can see all of it. {press the mouse on the very top bar and slide UP }

In the Schedule Options, put a check-mark on the line Terminate program when no threats are found
{when no malwares are detected you want the scheduled task to close}.

In the Frequency and Settings block.
You should have Daily and the recurrence set to 1 day.
now UN-check the line Check for updates before scanning {{that line should be always off otherwise the task may not run at the time set. It maybe run +/- 15 minutes of that period.}

In the Recovery Options put a check-mark on "Recover missed tasks" and select 1 hour
When done, press the OK button.

When completely done, close the window.

A fresh Windows start would be good to do at this point. Use Logoff and Restart Windows.

Monitor your system over the next day or two and let me know how it goes.

Finally, as the saying goes, Backup is your best friend. Backup your system to offline ( external) media.

How to Create a System Image in Windows 8 and 8.1
http://www.eightforums.com/tutorials/8956-system-image-create-windows-8-a.html

Also see our Secure Backup program, which can do backups to a cloud server. and you can try it fro free for 14 days.

https://www.malwarebytes.org/securebackup/

sammygem · June 6, 2014

Thank you very much Maurice,i will let you know how it goes.

Maurice Naggar · June 8, 2014

Hello,

Just checking to see how the situation is now. Please let me know if you have any questions or need further assistance.

sammygem · June 8, 2014

Hi maurice

no luck,the next day it was the same,i have scanned with defender nothing,i checked all 13 chamelon no luck,have tried rootkit finders,no luck,i used hitman today,it deleted loads of tracking cookies and came up with the message we have partially removed malware,please restart i did,malwarebytes still wont update.

i have to go out but will check back later.thankyou.

Maurice Naggar · June 8, 2014

Hello Sammygen,

If you would please not use tools on your own, and provide me some fresh new reports, I will work with you and get this cleared up.

First, I need some current reports so that I can review.

This is simply to allow Windows 8 to show all files.

Press and hold Windows-key & then press E key to start Windows Explorer.

When in Windows Explorer, press ALT-key then V key to get VIEW menu
Look at the top ribbon, right side. {the Show/Hide block}
Look at the line "Hidden items". IF it has no checkmark, then Click the box one time so that it is checked.

I would prefer that you attach any reports ( instead of copying/pasting). Thanks.

Please download the Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

save it to your desktop.

RIGHT-click on FRST64.exe and select Run as Administrator to start it and reply Yes to allow to run when prompted by Windows.

When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (**FRST.txt**) in the same directory the tool is run.

Please attach that log to your reply.
The first time the tool is run, it makes a second log (**Addition.txt**).
Please attach that to your reply as well

sammygem · June 8, 2014

Hi maurice sorry had a few problems.i will do these things tomorrow and message you when done many thanks for your help.i will be back.

sammygem · June 9, 2014

Hi again following on from yesterday,i uninstalled and reinstalled,malwareby just to keep safe,i fully expected it to not be working and say databases out of date,it appears to be fine at the moment,should i go ahead with your above instructions or see how it goes ?? many thanks.

Maurice Naggar · June 9, 2014

Hello,

If the program is working ok and if it is updating database ok, then no, no need to do special procedures.

I would just like for you to make a new run with mbam-check.exe

and then attach the new Checkresults.txt

Thank you.

sammygem · June 10, 2014

Hi i think this is it,it wouldnt allow me too post said the post was too long.Document.rtf

Maurice Naggar · June 10, 2014

Your log showed

Malwarebytes Anti-Malware:         2.0.2.1012
Installed On:                      2014/06/09
Malware Database:                  2014.06.10.06

Which means you have the latest program version. That this was installed on Monday ( yesterday)

and that the database definitions are coming thru and fine.

I do notice it showing as in Trial mode. So if you have a License you will need to place back your License Keys thru Activation.

See this article on our site on How to Activate the License Keys into your program
https://helpdesk.malwarebytes.org/entries/20839618

If you only have the free-mode, then disregard this part.

Delete the tools I had you use:

FRST64.exe

Frst.txt

Addition.txt

mbam-clean.exe

Your install is good to go.

sammygem · June 10, 2014

Thankyou for all your help Maurice,the problem i have now is not remembering my cleverbridge activation key,is there any way i can retrive it.?

Maurice Naggar · June 10, 2014

As long as you purchased the license from us ( at malwarebytes.org) the purchase would have been processed by Cleverbridge, and you can do your own lookup by making a search with the email-address you used at the time of purchase.

If you do not have your ID and Key, you may retrieve these from this webpage:

http://www.cleverbridge.com/342/?scope=cusecolp

Also, you should be able to search your emails and search on "Cleverbrige" for your information.

If on the other hand, you purchased at a retail store or any outside source, we do not have any purchase or license records on those.

sammygem · June 10, 2014

Thankyou so much for all your help Maurice,i retreived my key and am now running pro again.hopefully i will have no more problems.Thankyou.

AdvancedSetup · June 10, 2014

As this issue has now been resolved I'll go ahead and close this topic. If you do need further assistance please create a new topic and someone will help you as soon as they can.

Take care

Database update issue sammygen ( only )

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information