mhbmd Posted June 30, 2016 ID:1048578 Share Posted June 30, 2016 I am posting here as suggested in my post in the MBAM Help forum: It seems unlikely that I have been infected with malware, as I have always used anti-virus (currently Bitdefender Free) and MBAM Premium. However, I am attaching the suggested logs in hopes that someone can suggest a solution to the repeated issue of real time protection becoming disabled. Thanks in advance for any help. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted June 30, 2016 ID:1048591 Share Posted June 30, 2016 Hello, I don't think your're infected. Did you try mbam-clean tool? Link to post Share on other sites More sharing options...
mhbmd Posted June 30, 2016 Author ID:1048597 Share Posted June 30, 2016 Yes. As stated in my MBAM Help post, I have followed the instructions in this post to the letter, three separate times. I am still having the "Protection Disabled" issue. I also do not believe that I am infected, but the response in the MBAM Help forum advised me to post here. If the logs do not indicate an infection, what is my next step? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 1, 2016 ID:1048695 Share Posted July 1, 2016 Can you run mbam-tool again, but do not install MalwareBytes after. Then: Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system. Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Make sure that Addition option is checked. Press Scan button and wait. The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt. Please upload them into your next reply.. Link to post Share on other sites More sharing options...
mhbmd Posted July 1, 2016 Author ID:1048810 Share Posted July 1, 2016 Thank you for your help. I've done as you suggested. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 2, 2016 ID:1048940 Share Posted July 2, 2016 Check Disk Press the button, type cmd, then right click and Run as Administrator. Copy/Enter the command below and press Enter: chkdsk C: /r You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter. All you should do now is to restart your PC and let the Check Disk process finish uninterrupted. Check Disk report: Press the + R on your keyboard at the same time. Type powershell.exe and click OK. Copy and paste the following command inside powershell window and press Enter: get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt Paste the contents into your next reply. Link to post Share on other sites More sharing options...
mhbmd Posted July 2, 2016 Author ID:1048967 Share Posted July 2, 2016 Here you go. Thanks. Potential issues: ============================== MBAMService ====================== Type: 16 State: 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE: 1067 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 MbamWebAccessControl ====================== Type: 2 State: 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mbam-check result log version: 2.3.2.0 ======================================== User Account type: Administrator DomainComputer: No OS: Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System Current Version and Build: 6.1.7601 Malwarebytes Anti-Malware: 2.2.1.1043 Installed On: 2016/06/22 Malware Database: 2016.06.27.07 Rootkit Database: 2016.05.27.01 Remediation Database: 2016.06.21.01 IP Database: 2016.06.27.01 Domain Database: 2016.06.27.04 License: Premium Malware Protection: 4 (The service is running.) Malicious Website Protection: 1 (The service is not running.) Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon Log Created: 2016/06/27 18:11:40 User Information for Local System: =========================================== User Account: Administrator Account Level: Admin User Account: Guest Account Level: Guest User Account: HomeGroupUser$ Account Level: Guest User Account: Michael Account Level: Admin Total # of user entries: 4 UAC Settings: =================== SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA DWORD 0 Status: OFF SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin DWORD 0 Status: OFF AntiVirus Information: =================== AntiVirus Software Installed: "Bitdefender Antivirus Free Edition" FireWall Information: =================== NO 3rd Party Firewall Software Installed AntiSpyware Information: =================== AntiSpyware Software Installed: "Bitdefender Antivirus Free Edition" AntiSpyware Software Installed: "Windows Defender" Machine Information =============================================== Machine ID: 6ffb13f491bc2e24c3c805989131bb91415aa55c Installation Token: L6mzZMG2pSNaAREWqmbn System has been up for: 24.6642 Hours Current Date: 2016-Jun-27 22:11:41.889904 Date Booted: 2016-Jun-26 22:11:41.889904 Detection and Protection Settings =============================================== Use Advanced Heuristics Engine (Shuriken): true Scan for rootkits: false Scan within archives: true PUP (Potentially Unwanted Program) detections: Treat Detections as Malware PUM (Potentially Unwanted Modification) detections: Treat Detections as Malware Compatibility Flag Settings: ================================= Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked: MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Malwarebytes Anti-Malware Service and Driver Status: ======================================================= --------------Driver File Info:-------------- C:\Windows\system32\drivers\mbam.sys File Size: 27008 BYTES FileVersion: 0.1.16.0 MD5: [78bff5425e044086e74e78650a359fbb] C:\Windows\system32\drivers\mwac.sys File Size: 64896 BYTES FileVersion: 1.0.6.0 MD5: [452acb7a9914398d9e18cccffcf92208] C:\Windows\system32\drivers\mbamswissarmy.sys File Size: 217328 BYTES FileVersion: 4.1.0.51 MD5: [b65efc9029517b820bf14c94c3499738] C:\Windows\system32\drivers\mbamchameleon.sys File Size: 140672 BYTES FileVersion: 1.1.22.0 MD5: [1239597bab7eed2bb16d035af87e65d9] --------------MBAMProtector:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMService:-------------- Type: 16 State: 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE: 1067 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMScheduler:-------------- Type: 16 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 --------------MBAMChameleon:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMWebAccessControl:-------------- Type: 2 State: 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 Required Dependencies: ====================== --------------BFE:-------------- Type: 32 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 1 Start REG_DWORD 2 Type REG_DWORD 32 DependOnService REG_MULTI_SZ RpcSs ServiceSidType REG_DWORD 3 RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll ServiceDllUnloadOnStop REG_DWORD 1 ServiceMain REG_SZ BfeServiceMain HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data {9db5e469-b3f9-47cd-89cb-8da4a2b41a36}REG_BINARY Binary Data {6b53db2e-45ed-4aff-939d-031714733d82}REG_BINARY Binary Data {ea19a789-4ee7-4112-869e-9ecb7abe12c1}REG_BINARY Binary Data {98395d45-4563-4372-adf6-e4590a8e998b}REG_BINARY Binary Data {440cc24d-d9dd-4c4a-8985-2662e3e9f58f}REG_BINARY Binary Data {ed6afcce-ffdf-4c25-b8b5-0d0914226613}REG_BINARY Binary Data {8c0b86f2-9252-4475-82b6-feb428802c51}REG_BINARY Binary Data {fcc81bf5-5c83-4f71-843e-b00ee1b9483c}REG_BINARY Binary Data {f94da470-0558-4a08-aeb2-20c327d4d6b6}REG_BINARY Binary Data {4049000f-b01c-4950-a95f-ff0ca619abec}REG_BINARY Binary Data {671a4cc2-a19f-49a7-a5a8-a20c4cc9affe}REG_BINARY Binary Data {57fb7286-f5cc-4af2-9d67-cb4ed258bc11}REG_BINARY Binary Data {e638b86c-ebee-42ae-b6db-2bc3fefb54ba}REG_BINARY Binary Data {3dda1213-65cc-4d07-9f32-c574de510bf6}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout {971fe817-a416-4447-b577-1dd38109858e}REG_BINARY Binary Data {982a0ed3-8535-4b32-8907-63780de8bb88}REG_BINARY Binary Data {49bc316e-22f6-4ebf-ae58-75b3e49ec111}REG_BINARY Binary Data {03288309-b852-4761-8181-d399cff7f23e}REG_BINARY Binary Data {351f5661-b48e-465a-9f2b-c35915e41602}REG_BINARY Binary Data {d83c4ddf-b5b4-44a3-9221-b4da15b2708f}REG_BINARY Binary Data {1f03505a-2c31-4da5-b01e-f6ae6e6acf09}REG_BINARY Binary Data {43c2cb5a-4daa-4461-9a1d-988c81896a4a}REG_BINARY Binary Data {86002faf-e455-4493-a901-375a1045f74f}REG_BINARY Binary Data {ecb859dd-8793-4556-ad85-4c1f8fff61d6}REG_BINARY Binary Data {6ed7b0a9-ff49-4418-89e3-814735afc4ce}REG_BINARY Binary Data {e33fb58c-a13c-4763-b08c-dd3fdd87418a}REG_BINARY Binary Data {beb7d817-855c-4a44-90f5-11f95b2a6519}REG_BINARY Binary Data {c2e7b6d5-4acf-4a81-b2ad-4343823c8d90}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data {f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data {4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data {be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data {716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data {1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data {07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data {5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data {b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data {0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data {91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data {64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data {13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data {cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data {375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data {b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data {3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data {9db5e469-b3f9-47cd-89cb-8da4a2b41a36}REG_BINARY Binary Data {c0ec88f6-8f29-487f-b75f-9ec70244e72c}REG_BINARY Binary Data {6b53db2e-45ed-4aff-939d-031714733d82}REG_BINARY Binary Data {7f3d2317-8fa9-4733-82f1-16e199869978}REG_BINARY Binary Data {ea19a789-4ee7-4112-869e-9ecb7abe12c1}REG_BINARY Binary Data {c681227d-0b6f-4aa1-b3db-d629969608f1}REG_BINARY Binary Data {98395d45-4563-4372-adf6-e4590a8e998b}REG_BINARY Binary Data {308ff412-9eba-44d5-9cea-a9be44cfdb4b}REG_BINARY Binary Data {440cc24d-d9dd-4c4a-8985-2662e3e9f58f}REG_BINARY Binary Data {6f347775-aaec-49f5-8aae-813452bfc3d4}REG_BINARY Binary Data {ed6afcce-ffdf-4c25-b8b5-0d0914226613}REG_BINARY Binary Data {7e96a182-5655-4b32-9abb-53d86f946a27}REG_BINARY Binary Data {8c0b86f2-9252-4475-82b6-feb428802c51}REG_BINARY Binary Data {73402305-c771-421c-9a9e-676e632cd58d}REG_BINARY Binary Data {fcc81bf5-5c83-4f71-843e-b00ee1b9483c}REG_BINARY Binary Data {f7f1e7a9-2a28-4fd8-9257-37b661a77308}REG_BINARY Binary Data {f94da470-0558-4a08-aeb2-20c327d4d6b6}REG_BINARY Binary Data {44a6bed6-4a59-486a-8900-d496fc034712}REG_BINARY Binary Data {4049000f-b01c-4950-a95f-ff0ca619abec}REG_BINARY Binary Data {8fd772d5-328b-4ea3-9671-36427c79d37f}REG_BINARY Binary Data {671a4cc2-a19f-49a7-a5a8-a20c4cc9affe}REG_BINARY Binary Data {cc155c6c-d1f7-4775-b8ee-6ceff2bb16c2}REG_BINARY Binary Data {57fb7286-f5cc-4af2-9d67-cb4ed258bc11}REG_BINARY Binary Data {72513c0a-8dd8-44be-b3dd-a32818022fc5}REG_BINARY Binary Data {e638b86c-ebee-42ae-b6db-2bc3fefb54ba}REG_BINARY Binary Data {3c83dd70-7e3a-43f0-854f-4b770f01a148}REG_BINARY Binary Data {3dda1213-65cc-4d07-9f32-c574de510bf6}REG_BINARY Binary Data {127e6889-bf6e-4394-aab5-d204bcf00dc0}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data {e5e8c522-9d0e-48dc-b4fd-16789ad052e5}REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data {ff2e84f6-a3b5-4993-a23c-03f63edf942f}REG_BINARY Binary Data --------------fltmgr:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 ErrorControl REG_DWORD 3 Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741] C:\Windows\SysWOW64\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51] C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070232 BYTES FileVersion: 6.1.98.46 MD5: [273676426739b02a45a0fc9349500b65] C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96] MBAM Registry Settings and License Info: ======================================== --------------Settings:-------------- Advanced: AutomaticQuarantine: true AutostartProtection: true LimitedMode: false StartSilentMode: false StartupDelay: -15 ApplicationState: First-Run-After-Installation: false General: DaysUntilNotifyExpiration: 5 Language: en RightClickAccess: true SilentErrors: false Logging: ExportLog: true Marketing: LastPostScanMarketingIndex: 5 Notification: ProtectionTray: DisplayMilliseconds: 3000 ScanHistory: Duration_Complete: 57406 Duration_Driver: 0 Duration_Filesystem: 676 Duration_Heuristics: 368973 Duration_Loading: 0 Duration_MasterBootRecord: 0 Duration_Memory: 40000 Duration_PreScan: 19586 Duration_Registry: 7163 Duration_Sector: 0 Duration_Startup: 15408 ItemCount_Complete: 238315 ItemCount_Driver: 0 ItemCount_Filesystem: 44683 ItemCount_Heuristics: 20569 ItemCount_Loading: 0 ItemCount_MasterBootRecord: 0 ItemCount_Memory: 2797 ItemCount_PreScan: 19500 ItemCount_Registry: 581 ItemCount_Sector: 0 ItemCount_Startup: 2212 LastRemovalRequiredDOR: false LastScanDateEpoch: 1467010333823 LastScanType: 1 (Threat Scan) Update: LastUpdate: 2016-06-27T21:18:16 NotifyInstallReady: true NotifyOutdatedDatabase: 7 ProxyPassword: ProxyPort: 0 ProxyServer: ProxyUsername: UseProxy: false UseProxyAuthentication: false CheckProgramUpdates: true --------------Account:-------------- Account Status: Premium Expiration Time: Activation Time: 2016/06/22 22:14:16 Trial Used: true --------------Access Policies:-------------- Scheduler Queue: ================ tasks: 3e2e0096-e4ff-4e1a-9538-5ad976873e50: parameters: NotifyWhenUpdateCompletes: false TaskType: 3 triggers: b2da439a-14f7-4445-a45d-0eeaba1f9ce5: dateinterval: 0:0:0 (Days:Months:Years) lastscheduled: Mon, 27 Jun 2016 18:04:32.473343 -0400 lasttriggered: Mon, 27 Jun 2016 18:04:32.473343 -0400 nextscheduled: Mon, 27 Jun 2016 18:21:59.473599 -0400 recovery: 00:00:00 (Hours:Minutes:Seconds) start: Wed, 22 Jun 2016 23:11:46.473599 -0400 timeinterval: 01:00:00 (Hours:Minutes:Seconds) type: Hourly uuid: b2da439a-14f7-4445-a45d-0eeaba1f9ce5 type: update uuid: 3e2e0096-e4ff-4e1a-9538-5ad976873e50 e801e474-57ec-48d7-b3d2-01e153f660cf: parameters: AutoDelete: false CheckForUpdatesBeforeScanStart: true ScanConfig: ExportLog: true FileSystemOption: true Quarantine: Prompt RebootSystemWhenMalwareDetected: false ScanArchives: true ScanExtra: true ScanHeuristic: true ScanMemoryObjects: true ScanPUM: Treat Detections as Malware ScanPUP: Treat Detections as Malware ScanRegistry: true ScanRootkits: false ScanSource: 1 ScanStartup: true ScanTargets: ScanType: 1 (Threat Scan) Silent: true StartTaskFromSystemAccount: false TaskType: 0 triggers: 48fb7704-e690-4f58-b6d0-01e3080d1219: dateinterval: 1:0:0 (Days:Months:Years) lastscheduled: Mon, 27 Jun 2016 02:52:08.009138 -0400 lasttriggered: Mon, 27 Jun 2016 02:52:08.009138 -0400 nextscheduled: Tue, 28 Jun 2016 02:54:14 -0400 recovery: 23:00:00 (Hours:Minutes:Seconds) start: Thu, 23 Jun 2016 02:51:39 -0400 timeinterval: 00:00:00 (Hours:Minutes:Seconds) type: Daily uuid: 48fb7704-e690-4f58-b6d0-01e3080d1219 type: scan uuid: e801e474-57ec-48d7-b3d2-01e153f660cf Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. MBAMProtector Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector Type REG_DWORD 2 Start REG_DWORD 3 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys Group REG_SZ FSFilter Anti-Virus DependOnService REG_MULTI_SZ FltMgr WOW64 REG_DWORD 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances DefaultInstance REG_SZ MBAMProtector Instance HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance Altitude REG_SZ 328800 Flags REG_DWORD 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters PassThruFile REG_SZ mbampt.exe ProductPath REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum 0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 MBAMService Registry Values: ============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" DependOnService REG_MULTI_SZ MBAMProtector WOW64 REG_DWORD 1 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware service DelayedAutostart REG_DWORD 0 MBAMScheduler Registry Values: ============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler Type REG_DWORD 16 Start REG_DWORD 2 ErrorControl REG_DWORD 1 ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" WOW64 REG_DWORD 1 ObjectName REG_SZ LocalSystem Description REG_SZ Malwarebytes Anti-Malware scheduler Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== --------------TERMService:-------------- Type: 32 State: 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE: 1077 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 TermService Start is set to: 3 (Manual Startup) Proxy Status: No proxy is Set Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ *.local LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware List of MBAM Related Directories: ================================= C:\Program Files (x86)\Malwarebytes Anti-Malware\ 7z.dll File Size: 922080 BYTES FileVersion: 9.20.0.0 MD5: [14079a2411fa2bb7f78bc100c92bbcc2] changes.txt File Size: 1596 BYTES FileVersion: N/A MD5: [09371a0c8bd9e9554571da257d554d3e] cloud-enumeration.dll File Size: 287200 BYTES FileVersion: 1.0.1.0 MD5: [84ac20b9327dbd4d94039be93384dad5] cloud.dll File Size: 352736 BYTES FileVersion: 1.0.1.0 MD5: [5659790448fb136a80be407c4a0dbb50] license.rtf File Size: 38870 BYTES FileVersion: N/A MD5: [ed36ea764c3a452334416713c8cf1eed] master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea] mbam.dll File Size: 609760 BYTES FileVersion: 1.0.40.0 MD5: [c4a51c1cb174066fdaf383c09f0d574b] mbam.exe File Size: 9926112 BYTES FileVersion: 2.3.173.0 MD5: [8e98e3ec16d2641005b4748cd330fb45] mbamcore.dll File Size: 2127840 BYTES FileVersion: 1.3.24.0 MD5: [63ce66ef2b30a09308eafe29baec6a75] mbamdor.exe File Size: 55264 BYTES FileVersion: 1.0.2.0 MD5: [297c1bdcc26adb339d4c0f0550e434d6] mbamext.dll File Size: 431072 BYTES FileVersion: 3.1.1.0 MD5: [67a6ec1735c77c2623b49cc1f284c8a0] mbampt.exe File Size: 40928 BYTES FileVersion: 1.0.57.0 MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b] mbamresearch.exe File Size: 1949152 BYTES FileVersion: 1.1.1.0 MD5: [e601f9ca6a72493bc8185bedda17eee8] mbamscheduler.exe File Size: 1514464 BYTES FileVersion: 3.1.7.0 MD5: [9611577752e293259c7dce19e9026362] mbamservice.exe File Size: 1136608 BYTES FileVersion: 3.2.21.0 MD5: [f1a89a34388b5626f1548d393b23ecb1] mbamsrv.dll File Size: 3863008 BYTES FileVersion: 2.1.10.0 MD5: [a33629c51295570fe9f252a39ddcea93] msvcp100.dll File Size: 422880 BYTES FileVersion: 10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c] msvcr100.dll File Size: 775648 BYTES FileVersion: 10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c] Qt5Core.dll File Size: 4646880 BYTES FileVersion: 5.4.1.0 MD5: [91c7c50b2a290b82604163b5a679ea24] Qt5Gui.dll File Size: 4640224 BYTES FileVersion: 5.4.1.0 MD5: [1d59b3e632aef8e24cc1707fd411113b] Qt5Network.dll File Size: 673248 BYTES FileVersion: 5.4.1.0 MD5: [e089635a8cbed229ec30cdbe29748c08] Qt5Widgets.dll File Size: 4474848 BYTES FileVersion: 5.4.1.0 MD5: [33881dda0ccc3898facadf1e4d1df237] unins000.dat File Size: 37462 BYTES FileVersion: N/A MD5: [d8f240b2103654eebc0e9ac911c164b9] unins000.exe File Size: 720085 BYTES FileVersion: 51.52.0.0 MD5: [f1505d347325c77e3eeef418495e1f57] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b] firefox.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] iexplore.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-killer.exe File Size: 1504736 BYTES FileVersion: 3.0.15.0 MD5: [b79d3c2fca170c4dd15d7316067a1fd3] rundll32.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] svchost.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] windows.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] winlogon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats qgif.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d] qico.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [7b36d94db81b8b0dfd9323228dd96b51] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages lang_ar.qm File Size: 87404 BYTES FileVersion: N/A MD5: [269d3107ca72a75fe154ce4ff718af50] lang_bg.qm File Size: 133911 BYTES FileVersion: N/A MD5: [376ad1e4ad206bc32da09b12b564ecc4] lang_ca.qm File Size: 92634 BYTES FileVersion: N/A MD5: [2d35f58b0c2db44ad2717f4a4526a085] lang_cs.qm File Size: 105193 BYTES FileVersion: N/A MD5: [2c191de828d5e05fd7afa27ee1245023] lang_da.qm File Size: 88039 BYTES FileVersion: N/A MD5: [f8a4941d5d388160d252832a77ab584f] lang_de.qm File Size: 139276 BYTES FileVersion: N/A MD5: [b55f37281f0fcadfae67aecf0bf4cca5] lang_el.qm File Size: 126897 BYTES FileVersion: N/A MD5: [bd671253e071bac626beea63393abcda] lang_en.qm File Size: 3081 BYTES FileVersion: N/A MD5: [e2790b3cd9fdd9d3e266e9623fe477af] lang_es.qm File Size: 138468 BYTES FileVersion: N/A MD5: [cc4f3aab63d933d5964e2bba62df4277] lang_et.qm File Size: 107794 BYTES FileVersion: N/A MD5: [aa4845cd64b20377cea0ebc66eed4a42] lang_fi.qm File Size: 130793 BYTES FileVersion: N/A MD5: [00653d1fb2f790817aef991025c176aa] lang_fr.qm File Size: 141996 BYTES FileVersion: N/A MD5: [e06db8ef6b826b75ec5859913651ed44] lang_he.qm File Size: 98928 BYTES FileVersion: N/A MD5: [2954e902664f2e129f8a8d8238e90552] lang_hu.qm File Size: 132359 BYTES FileVersion: N/A MD5: [6bf3b8c78fd393ef2811a19742518b9a] lang_id.qm File Size: 129135 BYTES FileVersion: N/A MD5: [6be058072a90897595c6f097a3caa797] lang_it.qm File Size: 134154 BYTES FileVersion: N/A MD5: [183990148beec433023688db65a7bf2e] lang_ja.qm File Size: 73762 BYTES FileVersion: N/A MD5: [f6bfd643cb92fa760ae6ec64344ee7e1] lang_ko.qm File Size: 85731 BYTES FileVersion: N/A MD5: [53b5a94eb309d69993a5bc3cd43a85e4] lang_lt.qm File Size: 90799 BYTES FileVersion: N/A MD5: [eecd8edca1fb068ad3bd88aa711bdae2] lang_lv.qm File Size: 90659 BYTES FileVersion: N/A MD5: [683950904e725821740217824df440ff] lang_nl.qm File Size: 133514 BYTES FileVersion: N/A MD5: [442a6cf7e07e6f676d8b5ae41637549c] lang_no.qm File Size: 129833 BYTES FileVersion: N/A MD5: [8949e21e367e5a32ca9f36d8d22c9771] lang_pl.qm File Size: 133827 BYTES FileVersion: N/A MD5: [48379f4ac164adfc8d448bf53c8e2df8] lang_pt_BR.qm File Size: 136918 BYTES FileVersion: N/A MD5: [b1ea2002cf5362b24ca0a026f448e3f1] lang_pt_PT.qm File Size: 136982 BYTES FileVersion: N/A MD5: [5e23b66cb6d8d9894b991cc8f33658af] lang_ro.qm File Size: 90458 BYTES FileVersion: N/A MD5: [bcf524020255c4f7a6fdbae8df2bfe81] lang_ru.qm File Size: 137874 BYTES FileVersion: N/A MD5: [5e28394fbd12f21301e2b7e1a9dbac94] lang_sk.qm File Size: 131080 BYTES FileVersion: N/A MD5: [68e0e95e7131d101188a57e3a413dee5] lang_sl.qm File Size: 107631 BYTES FileVersion: N/A MD5: [83755001a3f1bd527d0b4b7a77d0b37d] lang_sv.qm File Size: 129135 BYTES FileVersion: N/A MD5: [b3c38242beb63f895fabcc14bbc6807a] lang_tr.qm File Size: 88838 BYTES FileVersion: N/A MD5: [1e4a3c0dcd7074ad4a3971ce67762cda] lang_vi.qm File Size: 133386 BYTES FileVersion: N/A MD5: [586de19c023986bf884ad56fc29c8f5e] lang_zh_TW.qm File Size: 87797 BYTES FileVersion: N/A MD5: [e120a014cf077bdcbcdcbf98c3438188] C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms qwindows.dll File Size: 929760 BYTES FileVersion: 5.4.1.0 MD5: [6c54d2ebeaacbe9b56816536041c8281] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins fixdamage.exe File Size: 823776 BYTES FileVersion: 1.4.0.1001 MD5: [bbfc25590af3e45d8cca1fab95648b40] C:\Users\Michael\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware actions.ref File Size: 8263 BYTES FileVersion: N/A MD5: [c312abcb0e4fa4d6007dcd1976b49b77] akadomains.ref File Size: 92 BYTES FileVersion: N/A MD5: [73d5774cbd8df165274a0691ae264808] akaips.ref File Size: 92 BYTES FileVersion: N/A MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c] domains.ref File Size: 665145 BYTES FileVersion: N/A MD5: [c5b6eb9fd96e185b2c4cdc2caa228bf2] exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] ips.ref File Size: 137904 BYTES FileVersion: N/A MD5: [6c3fc2a051bf681388457c4b1d17bb2e] rules.ref File Size: 9675350 BYTES FileVersion: N/A MD5: [2c025f363acb9ae6333bbc50cd923e73] swissarmy.ref File Size: 28249 BYTES FileVersion: N/A MD5: [796931ca33465057e4349a3844809397] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration build.conf File Size: 4598 BYTES FileVersion: N/A MD5: [de66cec162c8eeb42c3ff3cc3b434524] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 2853 BYTES FileVersion: N/A MD5: [436b7b4e11a29387cb6f04c6d1439abd] manifest.conf File Size: 3409 BYTES FileVersion: N/A MD5: [a259c8937f6c031b339ee4d2ba785e75] marketing.conf File Size: 6974 BYTES FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28] net.conf File Size: 7338 BYTES FileVersion: N/A MD5: [6ad43ddd04d0b2763cd94a4a0d504d3a] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 2119 BYTES FileVersion: N/A MD5: [20dbb46a83942d98c351415128d14dcb] settings.conf File Size: 2093 BYTES FileVersion: N/A MD5: [1f5d565586117876ea09c1ab576b3be3] statistics.conf File Size: 513 BYTES FileVersion: N/A MD5: [e713fece491720c3a582e47c11e63dc2] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore build.conf File Size: 4179 BYTES FileVersion: N/A MD5: [20d9566b3cf94f1e395de8f40046fc68] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 23 BYTES FileVersion: N/A MD5: [0ec01df616b565180556881d8042255b] manifest.conf File Size: 3171 BYTES FileVersion: N/A MD5: [a6e5576f7723acab40490fb9e64dfc1c] marketing.conf File Size: 6974 BYTES FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28] net.conf File Size: 6530 BYTES FileVersion: N/A MD5: [9fb4acfdc11c7af48a760db4c7bfebf0] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] settings.conf File Size: 1724 BYTES FileVersion: N/A MD5: [e27b42126b89352fdaae8f1630b9a8d8] statistics.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs mbam-log-2016-06-22 (22-14-34).xml File Size: 2616 BYTES FileVersion: N/A MD5: [e6ef8d325758e449ba5cf05e8e4bc954] mbam-log-2016-06-23 (03-06-15).xml File Size: 2616 BYTES FileVersion: N/A MD5: [082dc3f29cfcb20e436a8f2fc8e8c642] mbam-log-2016-06-24 (02-44-05).xml File Size: 2616 BYTES FileVersion: N/A MD5: [c232f2105f638ce03a040b0e727619c4] mbam-log-2016-06-24 (02-59-50).xml File Size: 2616 BYTES FileVersion: N/A MD5: [46401a1734e87cd6a9e18f5547e4d4f2] mbam-log-2016-06-25 (02-43-27).xml File Size: 2616 BYTES FileVersion: N/A MD5: [0c2b9f6d127861bdba627abe7ea7a776] mbam-log-2016-06-25 (03-03-38).xml File Size: 2616 BYTES FileVersion: N/A MD5: [fadd2af966dd1804806bc0483d805e8e] mbam-log-2016-06-26 (03-05-08).xml File Size: 2616 BYTES FileVersion: N/A MD5: [dcfc42a5b468361b396a48dc36830062] mbam-log-2016-06-27 (02-52-08).xml File Size: 2616 BYTES FileVersion: N/A MD5: [c4f08b854280fcb72a5e2de40e03d3ec] protection-log-2016-06-22.xml File Size: 6928 BYTES FileVersion: N/A MD5: [814ac49a279ac6f56281ef4b3999b7d4] protection-log-2016-06-23.xml File Size: 22391 BYTES FileVersion: N/A MD5: [1a8c06bf5e9475345b0b61b58b711320] protection-log-2016-06-24.xml File Size: 7735 BYTES FileVersion: N/A MD5: [2cd4be9610eac18d24696ab6eb9b0d88] protection-log-2016-06-25.xml File Size: 23090 BYTES FileVersion: N/A MD5: [6a05ad581b39a3b11319d5f2bf74f3ae] protection-log-2016-06-26.xml File Size: 13601 BYTES FileVersion: N/A MD5: [548f35d4ee2d129337106e879612e339] protection-log-2016-06-27.xml File Size: 11785 BYTES FileVersion: N/A MD5: [e6c0ff91ff526866a6dcd734db97c24b] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine Malware Exclusions: =================== Web Exclusions: ================ Quarantined Items: =================== =============================================================== END OF FILE Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 3, 2016 ID:1049089 Share Posted July 3, 2016 Can you perform Check disk procedure I asked you to do? Link to post Share on other sites More sharing options...
mhbmd Posted July 3, 2016 Author ID:1049148 Share Posted July 3, 2016 I did, exactly as you suggested in your last post. I don't understand these logs; do they suggest that I didn't run check disc? It ran on restart for at least 20 minutes. I then immediately ran powershell as you asked and posted the logs. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 3, 2016 ID:1049158 Share Posted July 3, 2016 Log you posted is not from check disk. Link to post Share on other sites More sharing options...
mhbmd Posted July 3, 2016 Author ID:1049162 Share Posted July 3, 2016 Sorry, that one was CheckResults.txt, not CHKDSKResults.txt. Thanks again for your help. Let's try this: TimeCreated : 7/2/2016 11:23:56 AM Message : Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 214784 file records processed. File verification completed. 1453 large file records processed. 0 bad file records processed. 0 EA records processed. 9359 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 287102 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 214784 file SDs/SIDs processed. Cleaning up 1112 unused index entries from index $SII of file 0x9 . Cleaning up 1112 unused index entries from index $SDH of file 0x9 . Cleaning up 1112 unused security descriptors. Security descriptor verification completed. 36160 data files processed. CHKDSK is verifying Usn Journal... 265549688 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 214768 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 35838408 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bi tmap. Windows has made corrections to the file system. 219673599 KB total disk space. 75661116 KB in 176315 files. 109092 KB in 36161 indexes. 0 KB in bad sectors. 549755 KB in use by the system. 65536 KB occupied by the log file. 143353636 KB available on disk. 4096 bytes in each allocation unit. 54918399 total allocation units on disk. 35838409 allocation units available on disk. Internal Info: 00 47 03 00 07 3e 03 00 51 29 06 00 00 00 00 00 .G...>..Q)...... 0e 02 00 00 8f 24 00 00 00 00 00 00 00 00 00 00 .....$.......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 3, 2016 ID:1049164 Share Posted July 3, 2016 How is your PC behaving now? Link to post Share on other sites More sharing options...
mhbmd Posted July 3, 2016 Author ID:1049172 Share Posted July 3, 2016 I still haven't re-installed MBAM. I can do so and see if it will function properly, though it may take several days to really tell. The issue has taken a few days to recur in the past. Is that your suggestion? Did the logs suggest something specific? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 3, 2016 ID:1049194 Share Posted July 3, 2016 Yes, I think you should install MalwareBytes now and test it. Logs didn't show what could be the cause of this. Link to post Share on other sites More sharing options...
mhbmd Posted July 4, 2016 Author ID:1049210 Share Posted July 4, 2016 Thanks for your help. I'll re-install and report back on the results. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 5, 2016 Root Admin ID:1054775 Share Posted August 5, 2016 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts