Jump to content

950 instances of MBAM running in Task Manager Processes, each ~6M


Recommended Posts

Win7Ultx64 Chrome in a pro-built box with AMD FX-6100 6-core 3.3GHz & 16GBRAM; very little installed software - mostly CAD, but all name-brand

 

I'm getting infrequent system freezes (maybe 1 or 2 per day) where the cursor moves intermittently, and then stops moving for ~10-15 minutes.  During that time, it may simply freeze as-is, or it may change to the pulsing blue ring.  For very brief moments, it may jump if I've moved the mouse recently, but I can't actually make anything happen, even with the keyboard.  After a while, it goes back to working like nothing happened, and I see no signs of active malware.

 

But I do see almost a thousand instances of MBAM running (23 pages of 41), and I don't have permission to end any of them (of the few that I tried).

 

What's going on, and are these 2 related? Do I need to upload screenshots of TaskMan & Programs?  Thanks.

Link to post
Share on other sites

Hello and welcome back: :)
 
We need a bit more information in order to better assist you.

Please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

Also, yes a screenshot or two showing the issue you report would also be helpful.

 

We'll go from there.

 

Thanks!

Link to post
Share on other sites


It froze when I started reading your reply, and never unfroze, so I unplugged my external HDD and hit reset.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01

Ran by Steve (ATTENTION: The user is not administrator) on PINK6CORE (15-01-2016 11:33:27)

Running from C:\Users\Steve\Desktop

Loaded Profiles: Steve (Available Profiles: Steve B & Steve)

Platform: Windows 7 Ultimate (X64) Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

Failed to access process -> smss.exe

Failed to access process -> csrss.exe

Failed to access process -> wininit.exe

Failed to access process -> csrss.exe

Failed to access process -> services.exe

Failed to access process -> winlogon.exe

Failed to access process -> lsass.exe

Failed to access process -> lsm.exe

Failed to access process -> svchost.exe

Failed to access process -> nvvsvc.exe

Failed to access process -> nvSCPAPISvr.exe

Failed to access process -> svchost.exe

Failed to access process -> svchost.exe

Failed to access process -> svchost.exe

Failed to access process -> svchost.exe

Failed to access process -> svchost.exe

Failed to access process -> svchost.exe

Failed to access process -> AvastSvc.exe

Failed to access process -> nvxdsync.exe

Failed to access process -> nvvsvc.exe

Failed to access process -> spoolsv.exe

Failed to access process -> taskeng.exe

Failed to access process -> svchost.exe

Failed to access process -> AdAppMgrSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

Failed to access process -> armsvc.exe

Failed to access process -> atkexComSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

Failed to access process -> aaHMSvc.exe

Failed to access process -> AsSysCtrlService.exe

Failed to access process -> Connect.Service.ContentService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Autodesk Inc.) C:\Users\Steve\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe

Failed to access process -> dsHttpApiService.exe

Failed to access process -> E_S40STB.EXE

Failed to access process -> E_S40RPB.EXE

Failed to access process -> mbamscheduler.exe

Failed to access process -> mbamservice.exe

Failed to access process -> svchost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Failed to access process -> WLIDSVC.EXE

Failed to access process -> WLIDSVCM.EXE

Failed to access process -> WmiPrvSE.exe

Failed to access process -> AvastVBoxSVC.exe

Failed to access process -> SearchIndexer.exe

Failed to access process -> svchost.exe

Failed to access process -> WUDFHost.exe

Failed to access process -> svchost.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

Failed to access process -> wmpnetwk.exe

Failed to access process -> svchost.exe

Failed to access process -> WmiPrvSE.exe

(Microsoft Corporation) C:\Windows\System32\mspaint.exe

Failed to access process -> dllhost.exe

Failed to access process -> sppsvc.exe

Failed to access process -> svchost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Failed to access process -> SearchProtocolHost.exe

Failed to access process -> SearchFilterHost.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)

HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-04] (Autodesk Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-06] (AVAST Software)

HKLM-x32\...\RunOnce: [0] => C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\firefox.com [893752 2015-06-18] (MalwareBytes)

HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\24432de7-2437-42a8-9c2d-8054d50f44f8.exe [183232 2015-12-17] (AVAST Software)

HKU\S-1-5-21-4094499240-2171833406-46901898-1003\...\MountPoints2: {afe35463-2079-11e5-a7ba-5404a6423961} - G:\VerizonWirelessUpgradeAssistantSetup.exe -a

HKU\S-1-5-21-4094499240-2171833406-46901898-1003\...\MountPoints2: {afe35466-2079-11e5-a7ba-5404a6423961} - M:\iLinker.exe

HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-03] (AVAST Software)

ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.)

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

GroupPolicyScripts: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Tcpip\..\Interfaces\{936706AC-7C13-47D3-977D-E7A336C159BA}: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

Internet Explorer:

==================

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-03] (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-03] (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)

Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-20] (Microsoft Corporation)

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-12-21] (Microsoft Corporation)

Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-12-20] (Microsoft Corporation)

 

FireFox:

========

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]

 

Chrome: 

=======

CHR HomePage: Default -> hxxps://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2016-01-15]

CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]

CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]

CHR Extension: (Add to Amazon Wish List) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2015-07-03]

CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]

CHR Extension: (Search by Image (by Google)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-07-03]

CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-07-03]

CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-19]

CHR Extension: (AdBlock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-15]

CHR Extension: (Save to Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2015-07-03]

CHR Extension: (Avast Online Security) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-12]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]

CHR Extension: (Personal Blocklist (by Google)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-08-24]

CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03]

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-14]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-14]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-10-12] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-10-12] (ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-10-12] (ASUSTeK Computer Inc.)

R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-03] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-14] (Avast Software)

R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123904 2015-05-30] (Dassault Systèmes) [File not signed]

R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-10-12] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-10-12] ()

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-03] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-03] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-03] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-03] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-03] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-03] (AVAST Software)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R0 mbamchameleon; C:\Windows\System32\drivers\mbamchameleon.sys [109272 2015-07-27] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-20] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-03] (AVAST Software)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-14] (Avast Software)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-15 11:33 - 2016-01-15 11:33 - 01696144 _____ (Malwarebytes) C:\Users\Steve\Desktop\mbam-check-2.3.0.0.exe

2016-01-15 11:33 - 2016-01-15 11:33 - 00016964 _____ C:\Users\Steve\Desktop\FRST.txt

2016-01-15 11:33 - 2016-01-15 11:33 - 00000000 ____D C:\FRST

2016-01-15 11:32 - 2016-01-15 11:32 - 02370560 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-15 11:31 - 2009-07-13 23:13 - 00783218 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-15 11:31 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf

2016-01-15 11:27 - 2015-06-30 18:44 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-15 11:26 - 2015-06-30 23:46 - 00000000 ____D C:\ProgramData\NVIDIA

2016-01-15 11:26 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-15 10:28 - 2015-06-30 18:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-15 02:23 - 2009-07-13 22:45 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-01-15 02:23 - 2009-07-13 22:45 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

 

==================== Files in the root of some directories =======

 

2015-07-06 18:42 - 2015-07-06 18:42 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

 

Some files in TEMP:

====================

C:\Users\Steve B\AppData\Local\Temp\AcDeltree.exe

C:\Users\Steve B\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

C:\Users\Steve B\AppData\Local\Temp\_is8A55.exe

C:\Users\Steve B\AppData\Local\Temp\_is915.exe

C:\Users\Steve B\AppData\Local\Temp\_isEB29.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

ATTENTION: ==> Could not access BCD. The user is not administrator

 

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01

Ran by Steve (2016-01-15 11:34:07)

Running from C:\Users\Steve\Desktop

Windows 7 Ultimate (X64) (2015-06-29 21:55:18)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-4094499240-2171833406-46901898-500 - Administrator - Disabled)

Guest (S-1-5-21-4094499240-2171833406-46901898-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-4094499240-2171833406-46901898-1002 - Limited - Enabled)

Lisa (S-1-5-21-4094499240-2171833406-46901898-1004 - Limited - Enabled)

Steve (S-1-5-21-4094499240-2171833406-46901898-1003 - Limited - Enabled) => C:\Users\Steve

Steve B (S-1-5-21-4094499240-2171833406-46901898-1000 - Administrator - Enabled) => C:\Users\Steve B

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)

ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden

ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)

AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)

AMD Catalyst Install Manager (HKLM\...\{F02E145C-56BD-9AED-7816-9067D84A8D28}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)

AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden

AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden

AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden

Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)

Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)

Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)

Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)

Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)

Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)

Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)

Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden

Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden

Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)

Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)

Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)

Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)

Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)

Cool Edit Pro 2.1 (HKLM-x32\...\Cool Edit Pro 2.1) (Version:  - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DraftSight 2015 SP3 x64 (HKLM\...\{D63D8992-93C6-4998-A744-3E6870015FFC}) (Version: 13.3.1037 - Dassault Systemes)

EPSON Artisan 50 Series Printer Uninstall (HKLM\...\EPSON Artisan 50 Series) (Version:  - SEIKO EPSON Corporation)

Epson Easy Photo Print 2 (HKLM-x32\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)

Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)

EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version:  - SEIKO EPSON Corporation)

FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)

NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)

SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => 

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-4094499240-2171833406-46901898-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 75.75.75.75 - 75.75.76.76

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{214895C1-F9E2-4819-B6FF-F7C80D9B5803}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

FirewallRules: [{7058A81E-C1C2-4F68-98BA-317E9C3E0124}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

FirewallRules: [{ECBB9492-C154-41FA-8A4A-5B3A642CE53A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{C63C1BC1-9811-4922-B29C-7F05706B2DD2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{A295ADDD-64B7-411C-90FB-030413279AF3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{D645EBCE-A28C-4F35-B6C2-2B71E88BD8CD}] => (Allow) LPort=2869

FirewallRules: [{7D966CBD-8C24-48AC-9A9D-DD9C7BFBAA79}] => (Allow) LPort=1900

FirewallRules: [{91788F5A-B266-4A56-8017-D8B270485879}] => (Allow) LPort=50248

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [TCP Query User{1A66EBF3-0987-491D-A1FF-9856747CF09E}C:\users\steve b\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\steve b\appdata\local\akamai\netsession_win.exe

FirewallRules: [uDP Query User{779148EF-4D33-4BC7-B181-B4CD26F916FF}C:\users\steve b\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\steve b\appdata\local\akamai\netsession_win.exe

FirewallRules: [{4A431B96-8361-4A2F-A43D-97ADE84A472B}] => (Allow) C:\Users\Steve B\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{A57C3794-F3EC-4736-9829-51DB3918B82E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{7F244A87-EE23-4074-9E8A-BC5FBF7B221B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{2962EC4A-0041-469B-97BC-1AE72AA1755D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

ATTENTION: System Restore is disabled

Check "winmgmt" service or repair WMI.

 

 

==================== Faulty Device Manager Devices =============

 

Name: hp scanjet 7400c

Description: hp scanjet 7400c

Class Guid: 

Manufacturer: 

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/11/2016 11:11:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt>with error: This operation returned because the timeout period expired.

.

 

Error: (01/11/2016 11:09:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt>with error: This operation returned because the timeout period expired.

.

 

Error: (01/11/2016 11:09:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt>with error: This operation returned because the timeout period expired.

.

 

Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation.

.

 

Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation.

.

 

Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation.

.

 

Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation.

.

 

Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation.

.

 

Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation.

.

 

Error: (01/07/2016 08:25:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt>with error: The specified server cannot perform the requested operation.

.

 

 

System errors:

=============

Error: (01/15/2016 11:26:32 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 11:24:45 AM on ‎1/‎15/‎2016 was unexpected.

 

Error: (01/15/2016 11:26:05 AM) (Source: mbamchameleon) (EventID: 28930) (User: )

Description: Mbamchameleon failed to initiate Object Manager filtering - C01C0007

 

Error: (01/15/2016 11:26:05 AM) (Source: mbamchameleon) (EventID: 28929) (User: )

Description: Mbamchameleon failed to initiate File System filtering - C01C0007

 

Error: (01/14/2016 12:22:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (01/14/2016 12:22:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

 

 

CodeIntegrity:

===================================

  Date: 2015-12-19 16:25:08.959

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-12-19 16:25:08.959

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-12-04 01:25:10.981

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-12-04 01:25:10.980

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-11-18 00:57:56.235

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-11-18 00:57:56.235

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: AMD FX-6100 Six-Core Processor 

Percentage of memory in use: 19%

Total physical RAM: 16329.36 MB

Available physical RAM: 13080.52 MB

Total Virtual: 32656.85 MB

Available Virtual: 29153.59 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.76 GB) (Free:392.78 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hi:

 

Thanks for the update. :)

Unfortunately, those FRST logs aren't helpful as they were not generated from a Windows Admin account. :(

The diagnostic tools, including FRST, mbam-check and others, need to be run from an Admin account.

 

So, let's start again. ;)

 

I suggest the following:

 

First, please delete those logs.

Next, please log in to Windows from an Admin account.

Next, please re-run FRST  -- before scanning, please place a checkmark in the "Addition.txt" option.

Then, please run mbam-check as previously suggested.

 

Then, please ATTACH (if possible, rather than copy/paste) all 3 logs to your next reply here in this thread.

The 3 logs will be FRST.txt, Addition.txt, Checkresults.txt.

 

Thanks,

Link to post
Share on other sites

Hi:

 

Not sure why you're having trouble with mbam-check... :(

 

But your other logs show a few things on preliminary review:

 

First, you are running an older, outdated version of MBAM (2.1.8).

The current version is 2.2.0.

So, let's try this:

Please carefully follow all of the steps in this pinned topic: MBAM Clean Removal Process 2x

It's very important to reboot when prompted by the removal tool.

It's a good idea to reboot again after the reinstall.

Please let us know if that resolves your issue.

 

Also (likely unrelated to your MBAM problem): your logs show that you are running Windows 7 with Internet Explorer 8.   IE 8 is no longer supported.

So, as a separate issue, you might want to head over to the PC Help section after getting your MBAM issue sorted, for assistance with upgrading to IE11, the only supported version of IE, as of January 12, 2016.

 

Thanks,

Link to post
Share on other sites

I don't use IE, and I think it's uninstalled in Programs & Features.  Is malware known to bring in old versions of IE?

 

Does TaksMan look suspicious to you?  I don't recognize several of the entries in it, like SearchProtocol (which appears momentarily & disappears for ~30sec), that Akamai NetSession installer, AlertHelper (do I need help with alerts?), aitkexComSvc (or whatever it is), COM Surrogate (which I never like to see), 2 DWMs (why do the windows need to be managed?), EzUpdate (updating WHAT???), 2 crash handlers, 2 Live IDs, 2 Paints (I was only running 1 to collect the screenshots), and a windows installer (I wasn't installing anything - the desktop had only JUST appeared).  The previous screenshots from when I was logged in as a regular user don't show most of that stuff.

 

When I logged in to my admin account, the screen stayed black for a long time behind an MBAM Chameleon command prompt window that wasn't doing anything. Eventually, I had to start TaskMan to end the application before I got the desktop, but my TaskMan screenshots show Chameleon is trying to run firefox.com (which I don't think is installed).

Link to post
Share on other sites

While I was reading about the cleaning tool, I noticed in its file Properties at the bottom of the General tab that it's "blocked to protect this computer", so I clicked the "Unblock" button.  Then I went to mbamcheck and did the same thing, but it still won't let me run it.  Same permission error.

Link to post
Share on other sites

Hi:
 
Thanks for the update.
Sorry you are still having problems.

 
Did you try the suggestions here?
 

First, you are running an older, outdated version of MBAM (2.1.8).
The current version is 2.2.0.
So, let's try this:
Please carefully follow all of the steps in this pinned topic: MBAM Clean Removal Process 2x
It's very important to reboot when prompted by the removal tool.
It's a good idea to reboot again after the reinstall.
Please let us know if that resolves your issue.

 
Also, even if IE is not used as the default or preferred web browser, it must be kept updated, as Windows and certain programs use it "in the background".  It's deeply integrated into the Windows Operating System, so it's not a good idea to try to remove it or uninstall it from the computer. 

Doing so can cause performance and stability problems. :(
 
If the MBAM clean upgrade suggested above does not resolve your issue, then deeper work will be needed.
Such work cannot be performed here, in this particular area of the forum.
So, I would suggest you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

I'm not saying that you are necessarily infected -- merely that deeper work to fix your issues must be conducted in a different area of the forum. :)

Thanks,

Link to post
Share on other sites

No, I haven't made much progress on this - it's a busy time...

 

But the first thing in the article you linked says to only use that cleaner tool if the normal uninstall doesn't work.  How will I know if I need to use the cleaner tool?

Link to post
Share on other sites

Hi:

 

Please disregard the statement about using the removal tool "only if..." and proceed with the clean reinstall instructions. :)

 

A proper clean reinstall is often the fastest way to get back up and running for minor problems with MBAM.

As you have been unable to run the other tool (mbam-check) that we would normally request, the MBAM clean reinstall is the first step in routine troubleshooting.

 

So: Please carefully follow all of the steps in this pinned topic: MBAM Clean Removal Process 2x

It's very important to reboot when prompted by the removal tool.

It's a good idea to reboot again after the reinstall.

>>If you have MBAM Premium (paid), use Method 1.

>>If you have MBAM Free, use Method 2.

 

>>It may help to print out the instructions before you proceed, so that you can refer to them along the way.  The process is not as hard as it looks.

 

Please let us know if that resolves your issue.

 

>>Alternatively, if you prefer to be assisted one-on-one via email (instead of here at the forum), you may wish to open a ticket at the help desk.

To do that, you may wish to complete the form HERE.

A support agent will help you via email.

 

Thanks,

 

Link to post
Share on other sites

As of last night, when I right-click the desktop, I only get the rotating cursor for a long time - no context menu.  And I can't click anything on the desktop.  And when I click Windows Explorer in the shortcut menu, a small window pops up saying "System Call failed." with only an "OK" button.  (WHY is there never a "No, that's NOT OK" button???)  So even though I already downloaded the cleaner tool & the new version of MBAM, I can't get to them now.

Link to post
Share on other sites

I was able to get at them by right-clicking my avatar, clicking "Save as", and then browsing the folder structure. So I'm running avast! on C: first - not that avast! seems to have ever stopped ANYTHING from getting onto my system, or removed it once it was here.

Link to post
Share on other sites

Scanning C:, avast showed no threats found. Scanning my external HDD, it hung on a Thumbs.db file, and one instance of mbam.exe*32 (with NO description) appeared in TaskMan, and I couldn't end it. I ended the scan & restarted it, and it hung on a different Thumbs.db file.

Link to post
Share on other sites

I jerked out the external HDD's USB, and it took almost a minute before the sound of disconnected hardware was played. But I opened the cleaner tool.  AFTER disabling avast & closing all applications, I let it start & it seemed to run.  I let it boot when it wanted to, but then I restarted in an admin account, and was finally able to run mbam-checker.  Its log is attached.

 

Firefox

I already attached (or posted) the other 2 earlier in this thread.

CheckResults.txt

Link to post
Share on other sites

I ran avast again (waste of time), unplugged the Ethernet, then installed the latest MBAM (downloaded a few days ago) & ran it, then plugged in Ethernet, updated MBAM, and ran it again.  It never finds any problems - not one. And now MBAM-Checker won't run again.

Link to post
Share on other sites

Hi:

 

Hmmmmmmm, we seem to be running a bit in circles here.

 

Thanks for that last log from mbam-check. :)

Unfortunately, it shows that MBAM is not installed on your system at this time.

 

1) Is that correct?

2) Have you tried cleanly reinstalling the program, as previously suggested?

 

A proper clean reinstall is often the fastest way to get back up and running for minor problems with MBAM.

 

So: Please carefully follow all of the steps in this pinned topic: MBAM Clean Removal Process 2x

It's very important to reboot when prompted by the removal tool.

It's a good idea to reboot again after the reinstall.

>>If you have MBAM Premium (paid), use Method 1.

>>If you have MBAM Free, use Method 2.

 

>>Alternatively, if you prefer to be assisted one-on-one via email (instead of here at the forum), you may wish to open a ticket at the help desk.

To do that, you may wish to complete the form HERE.

A support agent will help you via email.

 

Thank you again, :)

Link to post
Share on other sites

I don't know what you mean about circles. I'm doing what you're suggesting in the order you said.  The only problem is that MBAM-checker won't run for me while MBAM is installed.  Did you read post #19?

Link to post
Share on other sites

  • Root Admin

Hi Steve,

 

I've read your topic and no one is saying you've not provided information. I'm just saying that you have something very different going on here and it's probably best to have someone from the internal support team assist you and why I recommend that you open a ticket with our Help Desk and a Technician can assist you further with getting to the bottom of what's going on here and getting it resolved.They have much more access to resources than we do here on the forums.

 

You can fill out a form here and that will create a ticket for you.

 

https://support.malwarebytes.org/customer/portal/emails/new?b_id=6438

 

Thank you

 

Ron

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.