squire

I have the latest version and have rebooted. So, if/when it happens again I will do the uninstall routine and let you know the results. Thanks.

pbust, mbae-default.log, windows log application, and windows log system attached. I changed the file type from evtx to log for the event viewer files, because the uploader wouldn't allow evtx files. Good luck. Let me know if you want anything else. mbae-default.log windows logs application.log windows logs system.log

pbust, mbae is set to automatic and is currently running. It did start at boot today. I have the mbae=default.log, and when I know how to to attach it I will send it to you. I don't see a paper clip or other symbol indicating attaching files in the reply toolbar. I have opened Windows Event Viewer and find no command for exporting.

I can't find a file x.log in the anti-exploit folder. I con't figure out what you are referring to by "signature", or, nothing I am clicking on gives any info about logs.

Will do, but may not be till Monday, when I am back at that computer.

Not on delayed start. I wouldn't say that the computer is particularly slow. 2.1ghz processor.

Happens about 80% of time. I have the current version, I get error message telling me it failed to start, service will be terminated. then I have to start the service manually. after that it runs ok. How do i get it to start at boot reliably?

yes, submitted files found to be ok. I will get around to reinstalling rollback and see what happens.

great. thank you.

ok. I was only trying to clarify if I was still to expect a response regarding the particuar files that I sent. I guess not. I let you know about further results.

I take that confidance is high that it is false positives and the files that I sent aren't going to be reviewed? If problem continues i'll try the rollback uninstall. probably won't happen right away. I'll report back eventually.

wow, that is a quick response. good guess, yes I have Rollback installed. Thing is, Rollback has been installed for several years. this problem just started a couple of months ago. In dec if I remember correctly. How would one know if a detection is false positive or something that needs action? I guess "unknown" in the label is a clue.

I have submitted the 4 files and log . Interestingly, when running the scan again to get a log for submission, per the submission instructions, only 2 of the files were found. 4 were found a few hours ago. the two that weren't found on the latest scan had been restored. the other two recreated at reboot.

These are the same 4 files detected in the last 2 monthly scans by mbam, and this afternoon. I quarantine them and after reboot they are back. 3 of them are mbam files. In normal operations, Avast says nothing about them, Rubotted says nothing. 2 of the files have been scanned again by avast, and superantispyware: nothing found. the whole \driver folder has been scanned by Housecall: nothing found. the log and copies of the 4 files are attached. the scan log is from earlier today, at which time the four files were detected. when I ran the scan again, from run, per web site instructions, no log file was produced and only 2 of the files were detected: mrxdav.sys, and tdx.sys. I had rebooted and all four files were copied from the \driver folder while the scan was running, so I know that they were there during the scan. I am interested to hear the results of your investigation. Jeffrey mbam.zip mrxdav.zip mwac.zip tdx.zip mbam scan log.txt

might it matter that avast rootkit scans hasn't found anything, and rubotted (rootkit scanner) hasn't found anything? could they be false postives?