Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes real time protection layers turned off by itself


  • This topic is locked This topic is locked
6 replies to this topic

#1 Bmd62

Bmd62

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 11 March 2017 - 09:36 AM

I opened malwarebytes, and noticed the real time protection layers were disabled, they turned back on except malware protection and had to turn it on manually. Weird thing is, that while they appeared disabled and the program said pc its not fully protected, when i right clicked the small icon of malwarebytes in lower right corner and looked at the protection layers there, they were all ON. Is this malwarebytes bug?

 

Anyway, here are farbar logs.

 

Addition file copypasted:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017
Ran by GFWFC (11-03-2017 16:21:28)
Running from C:\Users\GFWFC\Downloads
Windows 10 Home Version 1607 (X64) (2017-03-10 09:50:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-411239517-1037814369-3224382315-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-411239517-1037814369-3224382315-503 - Limited - Disabled)
GFWFC (S-1-5-21-411239517-1037814369-3224382315-1001 - Administrator - Enabled) => C:\Users\GFWFC
Guest (S-1-5-21-411239517-1037814369-3224382315-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ansel (Version: 378.78 - NVIDIA Corporation) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.26.1 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Asus Sonic Suite Plugins (x32 Version: 2.1.2501 - ASUSTeKcomputer.Inc) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
F-Secure KEY (HKLM-x32\...\{AB59B22F-4F3B-4464-AFD3-A80585015974}) (Version: 4.5.107 - F-Secure Corporation)
F-Secure KEY: User Data (HKLM-x32\...\{F6A4621C-F31F-42E2-BD11-632615967A56}) (Version: 1.1.0.0 - F-Secure Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-411239517-1037814369-3224382315-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-GB)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0 - Mozilla)
NahimicSettingsConfigurator (Version: 2.1.2501 - ASUSTeKcomputer.Inc) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
SafeZone Stable 3.55.2393.590 (x32 Version: 3.55.2393.590 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Sonic Radar II (HKLM\...\{A70B8D38-273A-4D6A-B7D5-AEBEDEEE5D28}) (Version: 2.1.2501 - ASUSTeKcomputer.Inc)
Sonic Studio Plugin (Version: 2.1.2501 - ASUSTeKcomputer.Inc) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {028467CD-1804-4330-9C89-D5D37E4AE3B8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {117D3E57-FE23-4797-9FD2-6E303B161B0B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {2D07A3EF-AF17-4BC5-84FF-449A61BEA7B2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {3859E00E-1B64-4A67-BC35-54B12E10F8B0} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {4749934B-DB19-43AC-B5E7-88B9C7B5D5DC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {731521D2-E7D9-4A64-B30C-FC17BF9138CF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-03-10] (AVAST Software)
Task: {B2EFB9B6-E3F9-4261-9032-00785DF7F078} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] ()
Task: {C226A7ED-7073-414D-BB8E-2E9008DBAA58} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {CEAE1A6C-56D1-4834-A661-DF8B0EA1A4E6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-10] (AVAST Software)
Task: {D7B67134-9056-4B68-8341-F999063B85D5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {FE120803-09C6-42F1-93F1-1B425F638F84} - System32\Tasks\SafeZone scheduled Autoupdate 1489139941 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-03] (Avast Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-10 11:45 - 2017-03-10 11:45 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-10 11:47 - 2017-02-23 10:28 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-10 09:58 - 2014-07-23 03:59 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2017-03-10 09:58 - 2014-07-23 03:59 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2017-03-10 10:00 - 2014-05-22 10:24 - 00096568 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2017-03-10 10:21 - 2017-03-10 10:21 - 01457128 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
2017-03-11 08:45 - 2017-03-11 08:47 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-11 08:45 - 2017-03-11 08:47 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-11 08:45 - 2017-03-11 08:47 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-11 08:45 - 2017-03-11 08:47 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-10 11:45 - 2017-03-10 11:45 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-23 00:55 - 2016-11-23 00:55 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-10 11:45 - 2017-03-10 11:45 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-10 11:45 - 2017-03-10 11:45 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-10 11:45 - 2017-03-10 11:45 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-10 11:45 - 2017-03-10 11:45 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-10 11:45 - 2017-03-10 11:45 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-10 11:45 - 2017-03-10 11:45 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-10 11:45 - 2017-03-10 11:45 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-10 10:18 - 2017-02-23 20:34 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-03-10 10:18 - 2017-02-23 20:34 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-10 10:07 - 2017-02-24 08:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-10 10:07 - 2017-02-24 08:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-10 09:58 - 2017-03-11 08:35 - 00038696 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2017-03-10 09:58 - 2014-07-23 03:59 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2017-03-10 10:29 - 2017-02-03 03:42 - 00668960 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-03-10 10:29 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-03-10 10:29 - 2017-03-10 00:37 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2017-03-10 10:29 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-03-10 10:29 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-03-10 10:29 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-03-10 10:29 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-03-10 10:29 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-03-10 10:29 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-03-10 10:29 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-03-10 10:29 - 2017-03-10 00:37 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-03-10 10:29 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-03-10 11:57 - 2017-03-10 11:57 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-10 11:57 - 2017-03-10 11:57 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-10 11:57 - 2017-03-10 11:57 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-03-10 11:57 - 2017-03-10 11:57 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-03-10 10:30 - 2017-01-30 23:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-03-10 10:29 - 2017-03-10 00:37 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-07-11 01:37 - 2015-07-11 01:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-03-10 10:21 - 2017-03-10 10:22 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libcef.dll
2017-03-10 10:22 - 2017-03-10 10:22 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\ortp.dll
2017-03-10 10:22 - 2017-03-10 10:22 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libEGL.dll
2017-03-10 10:22 - 2017-03-10 10:22 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libGLESv2.dll
2017-03-10 10:22 - 2017-03-10 10:22 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libglesv2.dll
2017-03-10 10:22 - 2017-03-10 10:22 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libegl.dll
2017-03-10 10:21 - 2017-03-10 10:21 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\ffmpegsumo.dll
2017-03-10 10:29 - 2015-09-25 01:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-03-10 10:18 - 2017-02-23 16:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-03-10 10:18 - 2017-02-23 16:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-03-10 10:18 - 2017-02-23 16:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-03-10 10:18 - 2017-02-23 20:34 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-10 10:18 - 2017-02-23 20:34 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-03-10 10:18 - 2017-02-23 16:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-03-10 10:18 - 2017-02-23 16:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-03-10 10:18 - 2017-02-23 16:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-03-10 10:18 - 2017-02-23 20:33 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76107767.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76107767.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2015-10-30 09:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-411239517-1037814369-3224382315-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6BC4F9B2-8042-4185-B594-B556D1DAB066}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{15F707B7-EC54-44E0-AFB6-7F11B999AA06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CDE86DB2-E78E-40C0-8F91-439B7C06286A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{BEB40FD9-BA8E-4B1A-BE09-CD158520C46C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{208CF96E-C5CB-4363-B562-D662657D2F6C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{10ACC2D9-CA08-4C80-BA5F-DD6F46D5FB7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{C08E9FBE-EB8E-4879-BD10-4D7179F01CEB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FFD376F-EB94-441A-959D-615F5519C068}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8516B36F-0D42-414A-8C09-3C0D7B66C9FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{55451E5D-06A0-4562-B1E2-C29396B836FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DE338998-BFA8-4C95-BFAD-2564B85D5736}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{989F5BE2-44E6-4976-B695-779A12443F83}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{C892C064-6081-4E47-A849-E8C45398068E}C:\program files (x86)\starcraft ii\versions\base51149\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base51149\sc2_x64.exe
FirewallRules: [UDP Query User{34D9BF31-5A40-4DBE-9830-4078D7663066}C:\program files (x86)\starcraft ii\versions\base51149\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base51149\sc2_x64.exe
FirewallRules: [{E1A49991-6411-4A94-94D4-3F7993003BE0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe

==================== Restore Points =========================

10-03-2017 10:15:03 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2017 04:13:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.14393.479 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: d38

Start Time: 01d29a31b48821a1

Termination Time: 1535

Application Path: C:\Windows\explorer.exe

Report Id: dc80935e-0664-11e7-af05-888888888788

Faulting package full name:

Faulting package-relative application ID:

Error: (03/11/2017 04:12:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: arwlib.dll, version: 3.0.0.390, time stamp: 0x58af57f8
Exception code: 0xc0000005
Fault offset: 0x0000000000070b94
Faulting process ID: 0x9c4
Faulting application start time: 0x01d29a31b3f6be37
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
Report ID: 9946da43-6525-489c-a81b-fc5a9e7186a3
Faulting package full name:
Faulting package-relative application ID:

Error: (03/11/2017 08:47:23 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/11/2017 08:47:23 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/11/2017 08:47:16 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/11/2017 08:47:16 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/10/2017 10:49:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BV92L4S)
Description: Activation of application Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/10/2017 10:34:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BV92L4S)
Description: Activation of application Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/10/2017 10:24:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BV92L4S)
Description: Activation of application Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/10/2017 10:19:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-BV92L4S)
Description: Activation of application Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (03/11/2017 04:13:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/11/2017 08:35:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/11/2017 08:35:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 10:34:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 10:30:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/10/2017 10:30:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (03/10/2017 10:18:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 10:05:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 11:58:57 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The aswbIDSAgent service terminated with the following service-specific error:
%%3758213665

Error: (03/10/2017 11:54:08 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-BV92L4S)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-BV92L4S\GFWFC SID (S-1-5-21-411239517-1037814369-3224382315-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 27%
Total physical RAM: 16324.37 MB
Available physical RAM: 11861.86 MB
Total Virtual: 19268.37 MB
Available Virtual: 14398.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:395.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B18D04C0)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Bmd62, 11 March 2017 - 10:19 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:49 AM

Posted 11 March 2017 - 03:51 PM

Greetings Bmd62 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please follow these troubleshooting steps and let me know if it resolves the issue.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Bmd62

Bmd62
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 13 March 2017 - 04:43 PM

So did those logs tell anything?



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,999 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 14 March 2017 - 05:20 PM

Hi Bmd62 :)

 

You asked:

So did those logs tell anything?

The logs looked fine.

 

Were you able to get any relief when you tried the solutions on the Malwarebytes' forum regarding real-time protection layer turning off? Other users have found it quite helpful.

 

Let me know if you have any questions.

 

polskamachina


Edited by polskamachina, 14 March 2017 - 05:21 PM.


#5 Bmd62

Bmd62
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 14 March 2017 - 11:07 PM

Did you check these new frst and addition logs too? These are what matter right now, since this is new OS installation.

 

I am pretty sure its malwarebytes bugging, since others have same issue too. Also i got out of date notification when updates were current and reboot solved it, also it solves malware protection layer issue, though earlier it was showing out of date updates also in the actual update section in the program, but it was in the old installation before secure erase.

I sent the log screen317 earlier in your pm but didnt see your answer on it, but here it is:

 

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (52.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Intel iCLS Client AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


Edited by Bmd62, 14 March 2017 - 11:09 PM.


#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,999 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 15 March 2017 - 10:03 PM

Hi Bmd62 :)
 
Your logs look fantastic. I'm glad your Malwarebytes security program is working. I think we can both agree that there was a bug in the MB program but there is no malware on your computer.

Please continue with the following steps that will remove all the diagnostic tools you used to scan and clean your system.

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.

Below are some security tips to read. Following these guidelines will help you avoid another visit to the Malware Removal Forum. :woot:

Be safe. :hello:

polskamachina



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,379 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:49 AM

Posted 17 March 2017 - 01:00 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users