ChuckLTC

OK - thank you again for the assistance.

Thanks. Here are the updated logs. Addition.txt FRST.txt

Thanks Ron - appreciate your help. Hope you have a good weekend!

That post should have read: "I didn't run the Clean portion of ADW yet" after the second scan.

Thanks. I ran another ADW scan in the meantime, and now it is alerting about 3 other things: wecutil.exe in Windows and prefs.js in Firefox. I didn't run the scan portion of ADW yet - I thought I should ask first. AdwCleaner11112016-2.txt

Are those the same items MBAM already has quarantined, or other things that need to be removed?

Thank you! Here is the ADW log. It didn't mention anything about ASK, but did clean out the annoying ANT toolbar from a Firefox plugin. AdwCleaner11112016.txt

MBAM found 4 registry keys indicating PUP.Optional.ASK, and successfully quarantined them all. I'd appreciate it if someone could confirm that I do / do not need to perform further cleaning steps. FBAR logs and MBAM scan log are attached. Please let me know if you need any other information. Thanks for your assistance. ScanLog11102016.txt FRST.txt Addition.txt

Hi - Just wanted to follow up on this issue. On Tuesday, I received the latest Win10 update (Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3200970)). The MBAM problem I was having now appears to have corrected itself, and the program is behaving like it used to. Update checks now only take around 30 seconds, and the databases are updating themselves (all of them, instead of only one or two at a time). Just to be sure, could someone take a look at my MBAM-check log to confirm that the program is fully updated? I'd appreciate it. I also attached Protection Logs from the udpate and scan process, FYI. MBAMProtectionLog11112016.txt MBAMProtectionLog11102016.txt CheckResults.txt

Yes, if you could please list all the program and file exclusions that should be listed in Norton Security Suite, I would appreciate it. I don't see a master list in the FAQ. I've added a few things based on other forum posts, but I'd like to make sure all the necessary pieces are listed in Norton.

Sorry for the delay - Windows decided it was time to update itself in the middle of the MBAM / NSS boxing match. MBAM-check log file attached. CheckResults.txt

LOL - It took me 5 tries to connect to data-cdn.mbamupdates.com. The connections kept timing out. I'm using Comcast/Xfinity cable internet, and I get download speeds typically in the 90Mbps range. When the program finally downloaded, I ran it as administrator. It immediately ran an application error "unable to start correctly (0x0000022), and Norton Security Suite alerted to a Heuristic violation of mbamcore.dll - "Heur.AdvML.B". It has quarantined that program (even though it ran fine a couple of weeks ago when I started this topic): ------------------- Filename: mbamcore.dll Threat name: Heur.AdvML.BFull Path: c:\users\chuck\appdata\local\temp\7z70622bac\mbamcore.dll ____________________________ On computers as of 10/11/2016 at 11:35:01 AM Last Used 10/11/2016 at 11:37:02 AM Startup Item: No Launched: No Threat type: Heuristic Virus. Detection of a threat based on malware heuristics. ____________________________ mbamcore.dll Threat name: Heur.AdvML.B Few Users: Hundreds of users in the Norton Community have used this file. Mature: This file was released 2 years 7 months ago. High: This file risk is high. ____________________________ Source: External Media Source File: mbamcore.dll ____________________________ File Actions File: c:\users\chuck\appdata\local\temp\7z70622bac\ mbamcore.dll Removed ____________________________ File Thumbprint - SHA: 990ca3dc5dacf44b1e557d4e503ce2cd1aab24666a7915dbcfc16cd7af7814bf File Thumbprint - MD5: Not available

Thanks for the reply. The link returned: v2016.10.11.07 I tried it with and without MBAM running, and got the same number each time. I just tried to update, and the Malware database downloaded, and now matches that number. As you can see from the Protection log below, the program was still showing the Sept 30 database upon startup. And each time I check for updates, the update process takes about 5 minutes (checking, downloading, installing). I realize I'm on the free version, but that seems like a long time compared to every other program I use and update. -------------- Malwarebytes Anti-Malware www.malwarebytes.org Update, 10/11/2016 9:59 AM, SYSTEM, SORCERER, Manual, Malware Database, 2016.9.30.15, 2016.10.11.7, (end) -------------- Unfortunately, I ran CCleaner yesterday, and forgot to un-check MBAM in its cleaning options. I lost my previous log files. I don't know the status of the other internal databases (IP, Remediation, Domain, etc...). Is there a way to check the version number on those?

I'm still unable to update on 2 separate computers. I saw several other newer threads with similar update problems. Is there any new information about what is happening? ------------------ Latest Daily Protection Log: Error, 10/9/2016 9:32 PM, SYSTEM, SORCERER, Manual, 0, Update, 10/9/2016 9:32 PM, SYSTEM, SORCERER, Manual, Malware Database, Failed, Unable to access update server, 2016.9.30.15, 2016.10.9.8, (end) ------------------ I also saw the instructions about pinging the update servers. Here is what I got, using the admin command prompt: nslookup data-cdn.mbamupdates.com Microsoft Windows [Version 10.0.14393] (c) 2016 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32> nslookup data-cdn.mbamupdates.com Server: cdns02.comcast.net Address: 75.75.76.76 Non-authoritative answer: Name: vip0x062.ssl.hwcdn.net Address: 205.185.208.98 Aliases: data-cdn.mbamupdates.com data-cdn.mbamupdates.com.akadns.net ping data-cdn.mbamupdates.com Microsoft Windows [Version 10.0.14393] (c) 2016 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>ping data-cdn.mbamupdates.com Pinging vip0x062.ssl.hwcdn.net [205.185.208.98] with 32 bytes of data: Reply from 205.185.208.98: bytes=32 time=19ms TTL=57 Reply from 205.185.208.98: bytes=32 time=22ms TTL=57 Reply from 205.185.208.98: bytes=32 time=21ms TTL=57 Reply from 205.185.208.98: bytes=32 time=23ms TTL=57 Ping statistics for 205.185.208.98: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 19ms, Maximum = 23ms, Average = 21ms

Thanks again for looking into this for me. But just to be clear - the slow update process had started before the Win10 Anniversary Update, and still continues when the program actually reaches the update servers. The errors and update failures have never happened before, and didnt start until after the Win10 update. I also remembered that while trying to download the mbam-clean and mbam-install programs (from the direct links in the sticky FAQ post here on the forum), I had to restart them several times as the downloads would time before connecting. That issue may or may not be connected, but just FYI. I only have the free MBAM version. I just use it as a backup to Norton, and scan once every week or two. Someone who has the premium version, with auto-updates and scheduled scanning probably wouldn't notice errors like this. Just thought I'd bring them to the team's attention, in case the Win10 update (or something else) has created an issue. Thanks again for the help - I appreciate it.