Malwarebytes Crashes as soon as it tries to update

[55555stitch55555]

I am a computer tech in SW Florida and myself and another technician have run into the same problem.

After installing and opening the latest version of Malwarebytes it tries to update and crashes saying "Malwarebytes has stopped working, Windows is searching for a solution...". Windows doesn't find anything and so it closes. We have tried many things including; running the latest mbam-clean.exe, manualy removing left over files from app data and program data, Installing Windows updates, and running CCleaner after the removal but nothing seems to work. Every time Malwarebytes is opened and tries to update it crashes. When checking the Event Viewer logs we found this error associated with the crash.

Any other ideas? We like the program and would like to continue to use it in the future...

[1PW]

Hello and

Without making any other changes, or run different diagnostics to the computer, please generate and attach these requested diagnostic output text logs in a reply to this topic.

Thank you.

[55555stitch55555]

Sorry i took so long to reply. The computer we saw this on was no longer in our possession when I saw this reply. Here is the contents of the log file...

 

 

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2014

Ran by George (administrator) on GEORGE-HP on 01-07-2014 15:46:46

Running from C:\Users\George\Desktop

Platform: Windows 7 Home Premium (X64) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe

(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe

() C:\Program Files\pcmax\pcmax.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

() C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\SupraSavingsService64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

() C:\Program Files (x86)\Bench\Proxy\pwdg.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)

HKLM-x32\...\Run: [bench Communicator Watcher] => C:\Program Files (x86)\Bench\Proxy\pwdg.exe [113152 2014-06-17] ()

HKLM-x32\...\Run: [bench Settings Cleaner] => C:\Program Files (x86)\Bench\Proxy\cl.exe [55296 2014-06-17] ()

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-24] (Hewlett-Packard)

HKLM-x32\...\Runonce: [browser Guardian] -  [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe [535216 2014-05-14] (Adobe Systems Incorporated)

HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\MountPoints2: {515464fc-fe7c-11e0-a302-6c626dba1323} - J:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-304265352-2529404635-3209431853-1000\...\MountPoints2: {db9f71e2-faec-11e0-b688-6c626dba1323} - J:\VZAccess_Manager.exe /z detect

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

SearchScopes: HKCU - DefaultScope {45D62A98-3E69-4CD8-BF9B-9E80F55E8355} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US747&p={SearchTerms}

SearchScopes: HKCU - {45D62A98-3E69-4CD8-BF9B-9E80F55E8355} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US747&p={SearchTerms}

SearchScopes: HKCU - {899B35FF-D18B-8FBB-580A-E99390A9E0B2} URL = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111214&iesrc={referrer:source}

SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.1.10.2

 

FireFox:

========

FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\uq0nh8ss.default

FF DefaultSearchEngine: Secure Search

FF SearchEngineOrder.1: Secure Search

FF SelectedSearchEngine: Secure Search

FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A111US747&p=

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @winzip.com/Winzip Courier - C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\uq0nh8ss.default\searchplugins\startnow.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml

FF Extension: EpicPlay Games - C:\Users\George\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-12-14]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-08-12]

FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt

FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt [2011-01-02]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=6A55159D-9E75-4299-B0BE-499A1E8E21E4"

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-06-18]

 

==================== Services (Whitelisted) =================

 

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2011-09-06] (Autodesk)

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [518144 2009-07-13] (Microsoft Corporation) [File not signed]

R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]

R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]

R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)

R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]

R2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)

R2 RpcSs; C:\Windows\system32\rpcss.dll [518144 2009-07-13] (Microsoft Corporation) [File not signed]

R2 SupraSavingsService64; C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S2 0033821404239571mcinstcleanup; C:\Windows\TEMP\003382~1.EXE -cleanup -nolog [X]

 

==================== Drivers (Whitelisted) ====================

 

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-01] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)

R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)

S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)

S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-07-20] (support.com, Inc)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-14] (Anchorfree Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-07-01 15:46 - 2014-07-01 15:47 - 00017613 _____ () C:\Users\George\Desktop\FRST.txt

2014-07-01 15:46 - 2014-07-01 15:46 - 02083328 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe

2014-07-01 15:46 - 2014-07-01 15:46 - 00000000 ____D () C:\FRST

2014-07-01 15:38 - 2014-07-01 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-07-01 15:32 - 2014-07-01 15:47 - 00000003 _____ () C:\Users\George\AppData\Local\proxy.log

2014-07-01 15:32 - 2014-07-01 15:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-01 15:32 - 2014-07-01 15:32 - 00265752 _____ (Secure By Design Inc.) C:\Users\George\Downloads\Ninite 7Zip Firefox Malwarebytes NET Reader Installer.exe

2014-07-01 15:32 - 2014-07-01 15:32 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-sys.job

2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-S-1-5-21-304265352-2529404635-3209431853-1000.job

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Guardian

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Browser Guardian

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\BenchUpdater

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Bench

2014-07-01 15:32 - 2014-05-12 08:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-01 15:32 - 2014-05-12 08:05 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-01 15:32 - 2014-05-12 08:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-01 15:31 - 2014-07-01 15:31 - 00095512 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-01 15:30 - 2014-07-01 15:30 - 04979904 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-01 15:30 - 2014-07-01 15:30 - 00000356 _____ () C:\Windows\PFRO.log

2014-07-01 15:30 - 2014-07-01 15:30 - 00000056 _____ () C:\Windows\setupact.log

2014-07-01 15:30 - 2014-07-01 15:30 - 00000022 _____ () C:\Windows\S.dirmngr

2014-07-01 15:30 - 2014-07-01 15:30 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-01 11:21 - 2014-07-01 11:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Hard Disk Sentinel

2014-07-01 11:17 - 2014-07-01 11:17 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-07-01 11:17 - 2014-07-01 11:17 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-01 11:16 - 2014-07-01 11:16 - 03736040 _____ (Piriform Ltd) C:\Users\George\Downloads\ccsetup415_slim.exe

2014-07-01 11:06 - 2014-07-01 11:06 - 00000000 ____D () C:\Program Files\SupraSavings

2014-07-01 11:04 - 2014-07-01 11:05 - 00000000 ____D () C:\AdwCleaner

2014-07-01 11:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-01 10:53 - 2014-07-01 10:53 - 00000000 ____D () C:\Windows\ERUNT

2014-06-30 18:55 - 2014-06-30 18:55 - 00016384 _____ () C:\BCD_backup

2014-06-30 18:55 - 2014-06-30 18:55 - 00013312 ___SH () C:\BCD_backup.LOG

2014-06-30 18:53 - 2009-07-13 21:38 - 00383562 __RSH () C:\bootmgr

2014-06-30 10:50 - 2014-06-30 10:50 - 00000000 ___HD () C:\ProgramData\Backup

2014-06-26 15:27 - 2014-06-30 16:09 - 00000000 ____D () C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45

2014-06-13 15:12 - 2014-06-17 07:50 - 00026624 _____ () C:\Users\George\Documents\Drawing1_recover.dwg

2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys

2014-06-10 08:47 - 2014-06-10 08:47 - 00000000 ____D () C:\Users\George\AppData\Roaming\QuickScan

2014-06-10 08:46 - 2014-06-10 08:52 - 00000000 ____D () C:\ProgramData\SmartPCScan

2014-06-10 08:29 - 2014-06-10 08:29 - 01831520 _____ (iyogi) C:\Users\George\Downloads\iyogi-scc-w0yc301gghghg758z1d1g65g6xwxygwexzg8jic40jc90.exe

2014-06-10 08:28 - 2014-06-10 09:07 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock

2014-06-09 16:45 - 2014-06-10 09:15 - 00037376 _____ () C:\Windows\system32\mzusel.gey

2014-06-09 16:42 - 2014-06-09 16:42 - 00000000 ____D () C:\Windows\Sun

2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-06-05 12:32 - 2014-06-30 16:09 - 00000000 ____D () C:\Program Files\pcmax

2014-06-05 12:32 - 2014-06-05 12:32 - 00003694 _____ () C:\Windows\System32\Tasks\pcreg

2014-06-05 12:31 - 2014-06-05 12:31 - 00509232 _____ (App.install) C:\Users\George\Downloads\Autodesk%20DWG%20Trueview.exe

2014-06-05 12:28 - 2014-06-05 12:28 - 00311884 _____ () C:\Users\George\Downloads\X-PLANS.dwg

2014-06-04 13:50 - 2014-06-30 19:28 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGeorge

2014-06-04 13:50 - 2014-06-30 19:28 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGeorge.job

2014-06-04 05:56 - 2014-06-04 05:56 - 00000218 _____ () C:\Users\George\AppData\Local\recently-used.xbel

 

==================== One Month Modified Files and Folders =======

 

2014-07-01 15:47 - 2014-07-01 15:46 - 00017613 _____ () C:\Users\George\Desktop\FRST.txt

2014-07-01 15:47 - 2014-07-01 15:32 - 00000003 _____ () C:\Users\George\AppData\Local\proxy.log

2014-07-01 15:46 - 2014-07-01 15:46 - 02083328 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe

2014-07-01 15:46 - 2014-07-01 15:46 - 00000000 ____D () C:\FRST

2014-07-01 15:46 - 2011-08-26 15:03 - 00000000 ____D () C:\Users\George\AppData\Local\CrashDumps

2014-07-01 15:38 - 2014-07-01 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-07-01 15:38 - 2011-08-12 16:27 - 00001846 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk

2014-07-01 15:38 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-01 15:38 - 2009-07-14 00:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-01 15:34 - 2010-12-27 16:18 - 01465952 _____ () C:\Windows\WindowsUpdate.log

2014-07-01 15:33 - 2014-07-01 15:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-01 15:32 - 2014-07-01 15:32 - 00265752 _____ (Secure By Design Inc.) C:\Users\George\Downloads\Ninite 7Zip Firefox Malwarebytes NET Reader Installer.exe

2014-07-01 15:32 - 2014-07-01 15:32 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-sys.job

2014-07-01 15:32 - 2014-07-01 15:32 - 00000346 _____ () C:\Windows\Tasks\bench-S-1-5-21-304265352-2529404635-3209431853-1000.job

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Guardian

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Browser Guardian

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\BenchUpdater

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-01 15:32 - 2014-07-01 15:32 - 00000000 ____D () C:\Program Files (x86)\Bench

2014-07-01 15:32 - 2011-12-14 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2014-07-01 15:32 - 2011-12-14 09:38 - 00000000 ____D () C:\Program Files (x86)\7-Zip

2014-07-01 15:32 - 2011-08-12 13:41 - 00000000 ____D () C:\temp

2014-07-01 15:31 - 2014-07-01 15:31 - 00095512 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-01 15:30 - 2014-07-01 15:30 - 04979904 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-01 15:30 - 2014-07-01 15:30 - 00000356 _____ () C:\Windows\PFRO.log

2014-07-01 15:30 - 2014-07-01 15:30 - 00000056 _____ () C:\Windows\setupact.log

2014-07-01 15:30 - 2014-07-01 15:30 - 00000022 _____ () C:\Windows\S.dirmngr

2014-07-01 15:30 - 2014-07-01 15:30 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-01 15:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-01 15:17 - 2013-03-26 17:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-01 15:02 - 2013-09-04 08:03 - 00000000 ____D () C:\Windows\Minidump

2014-07-01 15:02 - 2011-01-01 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\ExpressFiles

2014-07-01 15:02 - 2009-07-24 15:22 - 00000000 ____D () C:\Windows\Panther

2014-07-01 14:32 - 2011-08-12 12:56 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-07-01 11:21 - 2014-07-01 11:21 - 00000000 ____D () C:\Users\George\AppData\Roaming\Hard Disk Sentinel

2014-07-01 11:21 - 2014-05-12 09:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-01 11:17 - 2014-07-01 11:17 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-07-01 11:17 - 2014-07-01 11:17 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-07-01 11:17 - 2014-07-01 11:17 - 00000000 ____D () C:\Program Files\CCleaner

2014-07-01 11:16 - 2014-07-01 11:16 - 03736040 _____ (Piriform Ltd) C:\Users\George\Downloads\ccsetup415_slim.exe

2014-07-01 11:06 - 2014-07-01 11:06 - 00000000 ____D () C:\Program Files\SupraSavings

2014-07-01 11:05 - 2014-07-01 11:04 - 00000000 ____D () C:\AdwCleaner

2014-07-01 10:55 - 2009-07-14 01:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-01 10:53 - 2014-07-01 10:53 - 00000000 ____D () C:\Windows\ERUNT

2014-07-01 10:14 - 2014-04-07 14:52 - 00000084 _____ () C:\Windows\system32\vtkycg.fno

2014-07-01 10:10 - 2010-12-27 16:29 - 00000000 ____D () C:\ProgramData\PDFC

2014-07-01 02:00 - 2011-12-14 10:09 - 00000000 ____D () C:\Users\George\AppData\Local\Adobe

2014-06-30 19:28 - 2014-06-04 13:50 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGeorge

2014-06-30 19:28 - 2014-06-04 13:50 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGeorge.job

2014-06-30 18:55 - 2014-06-30 18:55 - 00016384 _____ () C:\BCD_backup

2014-06-30 18:55 - 2014-06-30 18:55 - 00013312 ___SH () C:\BCD_backup.LOG

2014-06-30 18:45 - 2013-06-20 08:00 - 00000000 ____D () C:\ProgramData\Recovery

2014-06-30 16:09 - 2014-06-26 15:27 - 00000000 ____D () C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45

2014-06-30 16:09 - 2014-06-05 12:32 - 00000000 ____D () C:\Program Files\pcmax

2014-06-30 16:09 - 2010-12-27 16:29 - 00000000 ____D () C:\ProgramData\RoxioNow

2014-06-30 16:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration

2014-06-30 14:57 - 2011-08-09 13:09 - 00000000 ____D () C:\Users\George

2014-06-30 13:29 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-06-30 10:50 - 2014-06-30 10:50 - 00000000 ___HD () C:\ProgramData\Backup

2014-06-25 15:50 - 2011-08-09 14:11 - 00000000 ____D () C:\Users\George\Documents\elevator

2014-06-25 15:40 - 2011-09-23 15:50 - 00014137 _____ () C:\Users\George\Documents\plot.log

2014-06-25 13:27 - 2011-11-02 12:33 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-06-25 13:27 - 2011-08-10 17:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-06-19 12:00 - 2012-05-03 10:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-18 03:02 - 2013-08-14 16:39 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-18 03:00 - 2011-08-12 08:17 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-17 07:50 - 2014-06-13 15:12 - 00026624 _____ () C:\Users\George\Documents\Drawing1_recover.dwg

2014-06-17 07:50 - 2011-09-06 08:34 - 00000383 _____ () C:\Users\George\Documents\acad.err

2014-06-12 15:05 - 2014-06-12 15:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys

2014-06-10 09:15 - 2014-06-09 16:45 - 00037376 _____ () C:\Windows\system32\mzusel.gey

2014-06-10 09:15 - 2014-04-07 14:42 - 00000105 _____ () C:\Windows\system32\pzlgy.dxi

2014-06-10 09:07 - 2014-06-10 08:28 - 00000000 ____D () C:\Program Files (x86)\iYogi Support Dock

2014-06-10 08:52 - 2014-06-10 08:46 - 00000000 ____D () C:\ProgramData\SmartPCScan

2014-06-10 08:47 - 2014-06-10 08:47 - 00000000 ____D () C:\Users\George\AppData\Roaming\QuickScan

2014-06-10 08:29 - 2014-06-10 08:29 - 01831520 _____ (iyogi) C:\Users\George\Downloads\iyogi-scc-w0yc301gghghg758z1d1g65g6xwxygwexzg8jic40jc90.exe

2014-06-09 16:42 - 2014-06-09 16:42 - 00000000 ____D () C:\Windows\Sun

2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2014-06-06 13:39 - 2014-06-06 13:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-06-06 13:39 - 2013-03-26 17:02 - 00001933 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2014-06-06 13:39 - 2013-03-26 17:02 - 00000000 ____D () C:\ProgramData\McAfee Security Scan

2014-06-05 12:32 - 2014-06-05 12:32 - 00003694 _____ () C:\Windows\System32\Tasks\pcreg

2014-06-05 12:31 - 2014-06-05 12:31 - 00509232 _____ (App.install) C:\Users\George\Downloads\Autodesk%20DWG%20Trueview.exe

2014-06-05 12:28 - 2014-06-05 12:28 - 00311884 _____ () C:\Users\George\Downloads\X-PLANS.dwg

2014-06-05 09:19 - 2011-10-13 03:19 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGEORGE-HP$

2014-06-05 09:19 - 2011-10-13 03:19 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForGEORGE-HP$.job

2014-06-04 05:56 - 2014-06-04 05:56 - 00000218 _____ () C:\Users\George\AppData\Local\recently-used.xbel

2014-06-04 05:56 - 2014-04-07 08:36 - 00000000 ____D () C:\Users\George\AppData\Local\gtk-2.0

2014-06-04 05:53 - 2014-04-07 08:24 - 00000000 ____D () C:\Users\George\AppData\Roaming\gnupg

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll

[2009-07-13 20:00] - [2009-07-13 21:41] - 0518144 ____A (Microsoft Corporation) BD3275F3ED33E7E1A6C2319373EB3B5C

 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-06-30 15:16

 

==================== End Of Log ============================

[55555stitch55555]

And...

 

 

mbam-check result log version:     2.1.0.0002

========================================

 

User Account type:                 Administrator

OS:                                Windows 7  64 bit Operating System

Current Build Number:              7600

Current Version Number:            6.1

Current CSDVersion:                

Malwarebytes Anti-Malware:         2.0.2.1012

Installed On:                      2014/07/01

Malware Database:                  2014.03.a04.09

Rootkit Database:                  2014.02.20.01

Remediation Database:              2013.10.16.01

IP Database:                       0000.00.00.00

Domain Database:                   0000.00.00.00

License:                           Free

Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector

Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl

Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

Log Created:                       2014/07/01 16:07:22

Compatibility Flag Settings:

=================================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

SIGN.MEDIA=FE8F60 setup.exe   REG_SZ WINXPSP2

C:\Program Files\auto cad\acad.exeREG_SZ DISABLEUSERCALLBACKEXCEPTION

 

 

 

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

 

MBAM Startup Entries: 

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce

Browser Guardian              REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

NCPluginUpdater               REG_SZ "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

 

Malwarebytes Anti-Malware Service and Driver Status:

=======================================================

 

--------------Driver File Info:--------------

C:\Windows\system32\drivers\mbam.sys

File Size: 25816     BYTES FileVersion: 0.1.13.0 MD5: [283f3371f0f1d2a4b48cd444f3458e56]

C:\Windows\system32\drivers\mwac.sys

File Size: 63704     BYTES FileVersion: 1.0.1.0 MD5: [fca94ae3e87bd2f18c12371d97479231]

C:\Windows\system32\drivers\mbamswissarmy.sys

File Size: 119000    BYTES FileVersion: 0.1.3.0 MD5: [b429327b1ccd987efd87fa603870827d]

C:\Windows\system32\drivers\mbamchameleon.sys

File Size: 91352     BYTES FileVersion: 1.0.4.0 MD5: [881f6206d3a8065e42118df11f90fe06]

 

--------------MBAMProtector:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

--------------MBAMService:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

--------------MBAMScheduler:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

--------------MBAMChameleon:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

--------------MBAMWebAccessControl:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

Required Dependencies:

======================

 

--------------BFE:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: BFE

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

 

--------------fltmgr:--------------

Type:                   2

State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE:        0

SERVICE_EXIT_CODE:      0

CHECKPOINT:             0

WAIT_HINT:              0

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

AttachWhenLoaded              REG_DWORD 1

DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

Group                         REG_SZ FSFilter Infrastructure

ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys

Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000

ErrorControl                  REG_DWORD 3

Start                         REG_DWORD 0

Tag                           REG_DWORD 1

Type                          REG_DWORD 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0                             REG_SZ Root\LEGACY_FLTMGR\0000

Count                         REG_DWORD 1

NextInstance                  REG_DWORD 1

 

 

C:\Windows\system32\drivers\fltmgr.sys

File Size: 290368    BYTES FileVersion: 6.1.7600.16385 MD5: [f7866af72abbaf84b1fa5aa195378c59]

C:\Windows\SysWOW64\comctl32.ocx

File Size: 608448    BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51]

C:\Windows\SysWOW64\mscomctl.ocx

File Size: 1066176   BYTES FileVersion: 6.0.88.62 MD5: [714cf24fc19a20ae0dc701b48ded2cf6]

C:\Windows\SysWOW64\olepro32.dll

File Size: 90112     BYTES FileVersion: 6.1.7600.16385 MD5: [c10459dbdc2099c5a8428cb7d87db85f]

 

 

MBAM Registry Settings and License Info:

========================================

--------------Settings:--------------

Advanced: 

    AutomaticQuarantine:                                       true 

    AutostartProtection:                                       true 

    LimitedMode:                                               false 

    StartSilentMode:                                           false 

    StartupDelay:                                              0 

ApplicationState: 

    First-Run-After-Installation:                              false 

General: 

    DaysUntilNotifyExpiration:                                 5 

    Language:                                                  en 

    RightClickAccess:                                          false 

    SilentErrors:                                              false 

Logging: 

    ExportLog:                                                 true 

Notification: 

ProtectionTray: 

    DisplayMilliseconds:                                       7000 

ScanHistory: 

    Duration_Driver:                                           0 

    Duration_Filesystem:                                       96000 

    Duration_Heuristics:                                       8000 

    Duration_Loading:                                          0 

    Duration_MasterBootRecord:                                 0 

    Duration_Memory:                                           40000 

    Duration_PreScan:                                          44000 

    Duration_Registry:                                         3000 

    Duration_Sector:                                           0 

    Duration_Startup:                                          7000 

    ItemCount_Driver:                                          0 

    ItemCount_Filesystem:                                      6890 

    ItemCount_Heuristics:                                      108509 

    ItemCount_Loading:                                         0 

    ItemCount_MasterBootRecord:                                0 

    ItemCount_Memory:                                          2797 

    ItemCount_PreScan:                                         0 

    ItemCount_Registry:                                        38948 

    ItemCount_Sector:                                          0 

    ItemCount_Startup:                                         447 

    LastScanDateEpoch:                                         0 

    LastScanType:                                              0 (No Previous Scans)

Update: 

    NotifyInstallReady:                                        true 

    NotifyOutdatedDatabase:                                    1 

    ProxyPassword:                                              

    ProxyPort:                                                 0 

    ProxyServer:                                                

    ProxyUsername:                                              

    UseProxy:                                                  false 

    UseProxyAuthentication:                                    false 

--------------Account:--------------

  Account Status:                                              Free 

  Expiration Time:                                              

  Activation Time:                                              

  Trial Used:                                                  false 

--------------Access Policies:--------------

 

Scheduler Queue:

================

 

 

Pending File Rename Operations: 

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Pending File Rename Operations: 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\

PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\George\AppData\Local\Temp\nsvEFF.tmp\nsProcess.dll

 

 

 

MBAMProtector Registry Values:

==============================

 

 

 

MBAMService Registry Values:

============================

 

 

 

MBAMScheduler Registry Values:

==============================

 

 

 

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

 

--------------TERMService:--------------

Type:                   32

State:                  1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE:        1077

SERVICE_EXIT_CODE:      0

CHECKPOINT:             0

WAIT_HINT:              0

 

 

TermService Start is set to: 3 (Manual Startup)

 

Proxy Status: Proxy is Set <--PROXY IS SET FOR INTERNET SETTINGS

 

Proxy Server: 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

ProxyServer REG_SZ http=127.0.0.1:3128

 

Proxy Override: 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

ProxyOverride REG_SZ <-loopback>

 

LAN Settings:

=============

 

only 'Use a proxy server for your LAN' is selected

 

SystemPartition:

================

 

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume2

 

Balloon Tips Status:

====================

 

Enabled

 

Time Format Settings:

=====================

 

Should be:

h:mm:ss tt

AM 

PM 

:

 

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

 

Language and Regional Settings:

===============================

 

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

 

Startup Folders for Error_Expanding_Variables Check:

====================================================

 

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

 

 

Context Menu Entries:

=====================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

List of MBAM Related Directories:

=================================

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\

7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [aa82857a35dfb4d0f99ed2009b30c830]

changes.txt                             File Size: 2261      BYTES FileVersion:  N/A            MD5: [af70267bdf9a37a96f1a79a5c3720ae6]

license.rtf                             File Size: 39478     BYTES FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]

master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]

mbam.dll                                 File Size: 579896    BYTES FileVersion:  1.0.7.0        MD5: [a10321662c4fb2726615bea7d10cf32d]

mbam.exe                                 File Size: 6970168   BYTES FileVersion:  1.0.0.532      MD5: [92a70eadc9ac6b02e49e6ac9f309f9a4]

mbamcore.dll                             File Size: 1680696   BYTES FileVersion:  1.0.11.0       MD5: [f598e8dd3eee6466e0a45a4fd08b5136]

mbamdor.exe                             File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [a67e07737f8e8a21306a5f6a5f01e2ca]

mbamext.dll                             File Size: 184632    BYTES FileVersion:  3.0.4.0        MD5: [c12706c0a683c88813d3cb5d8852569a]

mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.0.0        MD5: [b18ff4e30636cf7a0afc0148b8e41999]

mbamscheduler.exe                       File Size: 1809720   BYTES FileVersion:  3.0.2.0        MD5: [aabac37acaa1f25d18f1b24f4c9aaa2c]

mbamservice.exe                         File Size: 860472    BYTES FileVersion:  3.0.2.0        MD5: [f683d469fca8dd31a234ad784ceea5a6]

mbamsrv.dll                             File Size: 4437816   BYTES FileVersion:  1.1.0.0        MD5: [6986487982ef74c2a0f5d7e00a7c8617]

msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [2d4ee528fb5564b6d124a01da469000f]

msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [aec1bf70e7f56883a7a88a63f1c57056]

QtCore4.dll                             File Size: 2732856   BYTES FileVersion:  4.8.4.0        MD5: [afb6f2eda95849f32ae4eff2178dc01b]

QtGui4.dll                               File Size: 8575288   BYTES FileVersion:  4.8.4.0        MD5: [5903e1e9faaab499a21a02d176fcdc93]

QtNetwork4.dll                           File Size: 909112    BYTES FileVersion:  4.8.4.0        MD5: [3cc76ae3c0be1f02a58543ca774b45d4]

unins000.dat                             File Size: 23383     BYTES FileVersion:  N/A            MD5: [c8a11a1601106c418081750b89bcbbe8]

unins000.exe                             File Size: 718037    BYTES FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows

chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]

firefox.com                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

firefox.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

firefox.pif                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

firefox.scr                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

iexplore.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

mbam-chameleon.com                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

mbam-chameleon.exe                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

mbam-chameleon.pif                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

mbam-chameleon.scr                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

mbam-killer.exe                         File Size: 1181496   BYTES FileVersion:  N/A            MD5: [79f920356c1ea6e778b0323f3eea5fec]

rundll32.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

svchost.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

windows.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

winlogon.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [5597e8dfe73d7492b8f052106cd0615d]

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats

qgif4.dll                               File Size: 32568     BYTES FileVersion:  4.8.4.0        MD5: [8f364b442b18875d98382e2b25074b5e]

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages

lang_bg.qm                               File Size: 144048    BYTES FileVersion:  N/A            MD5: [9ccb79999432d56b9843a3e2b2c90325]

lang_bs.qm                               File Size: 145523    BYTES FileVersion:  N/A            MD5: [6ab7a6274d4f9f7553c944f5c66201ba]

lang_ca.qm                               File Size: 132254    BYTES FileVersion:  N/A            MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]

lang_cs.qm                               File Size: 141243    BYTES FileVersion:  N/A            MD5: [6b8acee7f461fa69b83d2c45c3725427]

lang_da.qm                               File Size: 130101    BYTES FileVersion:  N/A            MD5: [8539796784746218b229419e99ab308d]

lang_de.qm                               File Size: 149462    BYTES FileVersion:  N/A            MD5: [fcd3bc376ad219396e8c7d3c87cd8864]

lang_el.qm                               File Size: 149912    BYTES FileVersion:  N/A            MD5: [74f13f95f63fe96c08e571598df052d6]

lang_en.qm                               File Size: 115961    BYTES FileVersion:  N/A            MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]

lang_es.qm                               File Size: 130487    BYTES FileVersion:  N/A            MD5: [33e1c6d40b841cc2e783ec8d8102e66f]

lang_et.qm                               File Size: 138126    BYTES FileVersion:  N/A            MD5: [aa215b5f37a72a69854c9163ac543b51]

lang_fi.qm                               File Size: 144256    BYTES FileVersion:  N/A            MD5: [18912c339939c3a6629004ec900f4fe4]

lang_fr.qm                               File Size: 149253    BYTES FileVersion:  N/A            MD5: [ec2bf2f431c4273f151b8c8a7b84c387]

lang_he.qm                               File Size: 116101    BYTES FileVersion:  N/A            MD5: [9e692744e77051c6ce14df32f9b71920]

lang_hr.qm                               File Size: 139841    BYTES FileVersion:  N/A            MD5: [3e3737fe86eb595c5f6817eebf731aa7]

lang_hu.qm                               File Size: 145621    BYTES FileVersion:  N/A            MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]

lang_id.qm                               File Size: 143102    BYTES FileVersion:  N/A            MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]

lang_it.qm                               File Size: 146851    BYTES FileVersion:  N/A            MD5: [7e7aea7d0b433d7e912ed9f0887684a7]

lang_ja.qm                               File Size: 121282    BYTES FileVersion:  N/A            MD5: [19ac79b7a5e05d665e417c2dd75afc94]

lang_ko.qm                               File Size: 118033    BYTES FileVersion:  N/A            MD5: [de213178c14490bf452ea45278d3442d]

lang_nl.qm                               File Size: 146325    BYTES FileVersion:  N/A            MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]

lang_no.qm                               File Size: 142918    BYTES FileVersion:  N/A            MD5: [4388c08217618af2e24173af6f5d3f97]

lang_pl.qm                               File Size: 145434    BYTES FileVersion:  N/A            MD5: [699700c889447d1f9b607c04f07fff67]

lang_pt_BR.qm                           File Size: 131739    BYTES FileVersion:  N/A            MD5: [a3430222223d59da8ec6ea1edae5ee2f]

lang_pt_PT.qm                           File Size: 149128    BYTES FileVersion:  N/A            MD5: [afdf1907af4c95f9af510d5fc1bb9067]

lang_ro.qm                               File Size: 121166    BYTES FileVersion:  N/A            MD5: [1672a2b3a9807a1497fe43824c0026c0]

lang_ru.qm                               File Size: 122186    BYTES FileVersion:  N/A            MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]

lang_sk.qm                               File Size: 119827    BYTES FileVersion:  N/A            MD5: [8b200d162e8028843e41aa1a927cfd84]

lang_sl.qm                               File Size: 143191    BYTES FileVersion:  N/A            MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]

lang_sr.qm                               File Size: 143261    BYTES FileVersion:  N/A            MD5: [377d15c0da0249f4a7a58978b6307d81]

lang_sv.qm                               File Size: 142525    BYTES FileVersion:  N/A            MD5: [2587ead21967296fefdd0ee0684fe8b4]

lang_tr.qm                               File Size: 142194    BYTES FileVersion:  N/A            MD5: [880fcbe97ec6f13ec094f7371b5b295f]

lang_vi.qm                               File Size: 126874    BYTES FileVersion:  N/A            MD5: [c61281786b5bfec68afc742a19f6abd9]

lang_zh_tr.qm                           File Size: 110870    BYTES FileVersion:  N/A            MD5: [f223d83580b1ee35edea13293cb2c80d]

 

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins

fixdamage.exe                           File Size: 821560    BYTES FileVersion:  1.1.0.1010     MD5: [b366caf17832094cffe451c53208c6d5]

 

C:\Users\George\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

 

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware

actions.ref                             File Size: 314       BYTES FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]

domains.ref                             File Size: 38        BYTES FileVersion:  N/A            MD5: [8c30b536b67543eb68e68b9640d4d498]

exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]

ips.ref                                 File Size: 33        BYTES FileVersion:  N/A            MD5: [8a1c580788ea8de3f32862c2c1cf373c]

rules.ref                               File Size: 7349775   BYTES FileVersion:  N/A            MD5: [a4c6832946d2ce099c41d812792259c0]

swissarmy.ref                           File Size: 21081     BYTES FileVersion:  N/A            MD5: [a6d56a73c602e64853aa689bf3400769]

 

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration

build.conf                               File Size: 4518      BYTES FileVersion:  N/A            MD5: [db13f15599e76bf0a3e7dfc3b5874cdb]

database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]

manifest.conf                           File Size: 1573      BYTES FileVersion:  N/A            MD5: [5783f572b2f913ca675e1454d95b56ca]

marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]

net.conf                                 File Size: 6074      BYTES FileVersion:  N/A            MD5: [866688a6887d125ff074f93367ad93ef]

notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

settings.conf                           File Size: 1866      BYTES FileVersion:  N/A            MD5: [3c9f137698ad300d150ec205ccc27073]

statistics.conf                         File Size: 173       BYTES FileVersion:  N/A            MD5: [142a25b6fb71ade7f64dcc0357e4c84b]

 

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

 

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

 

Malware Exclusions:

===================

Web Exclusions:

================

Quarantined Items:

===================

===============================================================

END OF FILE

[1PW]

Hello and

Without making any other changes, or run different diagnostics to the computer, please generate and attach these requested diagnostic output text logs in a reply to this topic.

Thank you.

 

Hello 55555stitch55555:

 

For the required analysis to begin, we require the 3 diagnostic files. Please do not copy & paste nor zip. Only attach the files that were generated to your desktop, in a single reply to this thread.

 

1. FRST.txt

2. Addition.txt

3. CheckResults.txt

 

Thank you for your patience and understanding.

[1PW]

Hello 55555stitch55555:

 

If you wish to defer action for now we understand.

 

When you have the time to spend with helpers/staffers later to get everything working as it should, do reawaken this thread.

 

Thank you.

[55555stitch55555]

We did find some proxy settings and have removed them but still no luck...

 

 

FRST.txt

Addition.txt

CheckResults.txt

[Maurice Naggar]

Hello,

 

If you are unable to update Malwarebytes Anti-Malware's database, please follow the steps below :

1: Download our netconf replacement tool from the link below

https://malwarebytes.box.com/shared/static/4pro228sfm3mzl3f7eyl.zip

2: Extract the Net Conf Fix folder on your desktop. If you are unsure how to extract the contents of the .zip folder, please see this tutorial from Microsoft:

http://windows.microsoft.com/en-us/windows/compress-uncompress-files-zip-files

3: Once extracted, open the Net Conf Fix folder.

4: Double click on the net-replace.bat file. If you are using Windows Vista or higher, please right-click the net-replace.bat file and click Run as Administrator from the menu.

5: After the tool has run, launch Malwarebytes Anti-Malware and click Update Now

Please let me know if you are able to update the database after running this tool.

Edited July 2, 2014 by Maurice Naggar

[Maurice Naggar]

Questions for you:

 

I see these processes running

HKLM-x32\...\Run: [bench Communicator Watcher] => C:\Program Files (x86)\Bench\Proxy\pwdg.exe [113152 2014-06-17] ()
HKLM-x32\...\Run: [bench Settings Cleaner] => C:\Program Files (x86)\Bench\Proxy\cl.exe [55296 2014-06-17] ()
 
HKLM-x32\...\Runonce: [Browser Guardian]

 

Are these 2 your diagnostics:   Bench Communicator Watcher. Bench Settings Cleaner ?

 

 

Browser Guardian is a PUP, classified by MS as BrowserModifier:Win32/BrowserGuardian
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=BrowserModifier:Win32/BrowserGuardian

 

You will need to clean this system first before proceeding forward.

Edited July 2, 2014 by Maurice Naggar

[Maurice Naggar]

At what point exactly do you experience the "abort" issue?   What is shown when it abends?

 

Do you see something like "Malwarebytes Anti-Malware has stopped working" ?

 

What does the Windows event viewer log show?

 

or do you just get a message like the one shown here?

[55555stitch55555]

I appreciate the assistance. About when Malwarebytes crashes, it seems to crash right after you click on the "Update Now>>" button. It fades out and says Malwarebytes has stopped working then closes out.

[AdvancedSetup]

Are you using a RAM Disk on this system?

[bmfjr92]

Hi 55555stitch55555 I work in a small pc repair shop in central Florida and we have the same problem here a couple of times also. This seems to be a sign of a bigger issue when we see it here. The user files have changed directory to C:\Windows\system32\config\systemprofile. You can verify this by hitting the start button and right clicking say Documents and clicking Properties. Whenever we see this issue we create a new admin user after running an initial scans with adwc and mbam. On the new user the directory should be correct and will now let mbam update. To be on the safe side here we normally just recreate the user profile so that we can verify everything is where it is supposed to be. I hope this helps.

[computercare]

Hi 55555stitch55555 I work in a small pc repair shop in central Florida and we have the same problem here a couple of times also. This seems to be a sign of a bigger issue when we see it here. The user files have changed directory to C:\Windows\system32\config\systemprofile. You can verify this by hitting the start button and right clicking say Documents and clicking Properties. Whenever we see this issue we create a new admin user after running an initial scans with adwc and mbam. On the new user the directory should be correct and will now let mbam update. To be on the safe side here we normally just recreate the user profile so that we can verify everything is where it is supposed to be. I hope this helps.

 

THANK YOU for that tip -- much more helpful than most of the crack-ho suggestions (deflections) listed above. Didn't think about a corrupt profile causing this issue. What's weird is that everything else seems to work normally except for the MBAM update.

[AdvancedSetup]

Abusive posts are subject to removal. There is no need to disparage other users on the forum.