Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. I have attached the mbst-grab-results file here. Also, it appears to toggle between malware protection and ransomware on reboots. Currently it's the malware protection that won't start now with ransomware turned on. mbst-grab-results.zip
  3. Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2019 01 Ran by Dearmad (23-07-2019 11:29:51) Run:1 Running from C:\Users\Dearmad\Desktop Loaded Profiles: Dearmad (Available Profiles: Dearmad) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: EmptyTemp: CloseProcesses: HKLM-x32\...\Run: [AutoEJCD_0ACE20FF] => [X] HKLM-x32\...\Run: [ZDWLan_Utility] => [X] HKU\S-1-5-21-935524465-3841456996-1072460685-1001\...\MountPoints2: {a5e69c49-0f7e-11e9-b6e7-806e6f6e6963} - "D:\D?VDSetup.exe" HKU\S-1-5-21-935524465-3841456996-1072460685-1001\...\MountPoints2: {d29ab6e5-0f7e-11e9-b6e8-00d8610bc8da} - "L:\Setup.exe" SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-935524465-3841456996-1072460685-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 FF NewTab: Mozilla\Firefox\Profiles\fhyz18vj.Dearmad -> hxxp://www.bing.com/?pc=COSP&ptag=D031619-N0600A21ABFDD9D88F4162B1F&form=CONMHP&conlogo=CT3332016 S3 ct?hdb; \SystemRoot\system32\DRIVERS\cthdb.sys [X] CustomCLSID: HKU\S-1-5-21-935524465-3841456996-1072460685-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Dearmad\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-935524465-3841456996-1072460685-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Dearmad\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-935524465-3841456996-1072460685-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Dearmad\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\amd64\FileSyncShell64.dll => No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File FirewallRules: [{1109CD4D-C4C8-4D46-AC71-D7EB0E5887CE}] => (Allow) E:\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe No File FirewallRules: [{3CA7C58F-61AC-45D6-9401-6A4111779421}] => (Allow) E:\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe No File FirewallRules: [{FBDC0AE9-29AD-4DDB-930D-E3BA571EF162}] => (Allow) E:\New folder\Settlers 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe No File FirewallRules: [{AB030D2E-4719-49EC-8D84-6FA45657EC91}] => (Allow) E:\New folder\Settlers 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe No File FirewallRules: [TCP Query User{32B0D047-4C79-42F7-AD2B-857B9AB60A6C}E:\new folder\settlers 7\data\base\_dbg\bin\release\uplaybrowser.exe] => (Allow) E:\new folder\settlers 7\data\base\_dbg\bin\release\uplaybrowser.exe No File FirewallRules: [UDP Query User{2167E044-F5E2-4ECB-8DE3-A14D45879AE0}E:\new folder\settlers 7\data\base\_dbg\bin\release\uplaybrowser.exe] => (Allow) E:\new folder\settlers 7\data\base\_dbg\bin\release\uplaybrowser.exe No File CMD: netsh int ip reset CMD: ipconfig /flushDNS ***************** Restore point was successfully created. Processes closed successfully. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AutoEJCD_0ACE20FF" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ZDWLan_Utility" => removed successfully HKU\S-1-5-21-935524465-3841456996-1072460685-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5e69c49-0f7e-11e9-b6e7-806e6f6e6963} => removed successfully HKLM\Software\Classes\CLSID\{a5e69c49-0f7e-11e9-b6e7-806e6f6e6963} => not found HKU\S-1-5-21-935524465-3841456996-1072460685-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d29ab6e5-0f7e-11e9-b6e8-00d8610bc8da} => removed successfully HKLM\Software\Classes\CLSID\{d29ab6e5-0f7e-11e9-b6e8-00d8610bc8da} => not found HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKU\S-1-5-21-935524465-3841456996-1072460685-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found "Firefox newtab" => removed successfully ct?hdb => service not found. HKU\S-1-5-21-935524465-3841456996-1072460685-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully HKU\S-1-5-21-935524465-3841456996-1072460685-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully HKU\S-1-5-21-935524465-3841456996-1072460685-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1109CD4D-C4C8-4D46-AC71-D7EB0E5887CE}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CA7C58F-61AC-45D6-9401-6A4111779421}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBDC0AE9-29AD-4DDB-930D-E3BA571EF162}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB030D2E-4719-49EC-8D84-6FA45657EC91}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{32B0D047-4C79-42F7-AD2B-857B9AB60A6C}E:\new folder\settlers 7\data\base\_dbg\bin\release\uplaybrowser.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2167E044-F5E2-4ECB-8DE3-A14D45879AE0}E:\new folder\settlers 7\data\base\_dbg\bin\release\uplaybrowser.exe" => removed successfully ========= netsh int ip reset ========= Resetting Compartment Forwarding, OK! Resetting Compartment, OK! Resetting Control Protocol, OK! Resetting Echo Sequence Request, OK! Resetting Global, OK! Resetting Interface, OK! Resetting Anycast Address, OK! Resetting Multicast Address, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting Potential, OK! Resetting Prefix Policy, OK! Resetting Proxy Neighbor, OK! Resetting Route, OK! Resetting Site Prefix, OK! Resetting Subinterface, OK! Resetting Wakeup Pattern, OK! Resetting Resolve Neighbor, OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= ipconfig /flushDNS ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 9199616 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 427877178 B Java, Flash, Steam htmlcache => 412142691 B Windows/system/drivers => 2126704 B Edge => 7993170 B Chrome => 0 B Firefox => 41618437 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B LocalService => 0 B NetworkService => 396030 B NetworkService => 0 B Dearmad => 190579800 B RecycleBin => 0 B EmptyTemp: => 1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 11:30:14 ====
  4. Then please stay like that. by the way, we seem to be having very very rapid back and forth replies. Lets slow down the pace. It just happens I am working other cases too. Re-Review my preceding reply in post # 36 about Services. Lets be sure that those services are NOT disabled. . Next, do one new Scan with Malwarebytes for Windows. There should be no malware reported. Let me lnow. Next, do one new scan at Microsoft The Microsoft Safety Scanner is a free stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download take a minute to locate & then send the log that it made, named msert.log It should be at C:\Windows\debug\msert.log
  5. Yes I am currently in safe mode with networking only devices connected -mouse -keyboard -monitor -power cable -netgear network adapter
  6. Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks
  7. Get it into SAFE mode with NETWORKING you can temporarily ( just only for limited purpose) put the system into Safe Mode with Networking, which would hopefully allow means of doing some things ( later). Let us see if you could simply just get this machine into Safe mode With NETWORKING just so we could look around. That would be strictly temporary. *Do unplug all devices from your computer, including: Printers, scanners, copiers, external attached devices, etc.* *The only devices you should leave attached to your computer are your monitor, mouse and keyboard, if the computer is a desktop.* *And if this PC is a laptop or notebook be sure it is directly connected to Power with power cord.* Turn off your pc. Wait about a minute. Restart your pc. And right away, tap & retap the F8 Function-key on your keyboard. You should see Windows Advanced Options menu. Select Safe Mode with Networking NOTE: if the F8 function key-method did not prove usable, some systems may use F5 instead. And on some systems you may need to press the F2 function key to get hardware boot options. .
  8. Please remove uvests.com from your blacklist. There was a malware issue weeks ago, but it has been clean ever since.
  9. N.B. I do have a question at this time. What is the active / resident antivirus presently on this machine? Is it Kaspersky ?
  10. I am unable to get it to load into Regular windows. It reboots after getting to the Windows 10 logo/spinning wheel part. 😨
  11. Without change I would assume it would create the same issue. It's up to you but better to get it working when not needed then to find you need it and it won't work. Let me know Thanks again Ron
  12. Yes I agree, Chrome needs a fresh clean reinstall to root out Conduit.. Make clean install of Google Chrome, see if that clears the issue... If your Chrome Bookmarks are important do this first: Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks..... For your Passwords go here: https://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/ Continue for a clean install: Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html Next, Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings/syncSetup hit enter... In the new window that opens "Sync everthing" will probably be selected, scroll down to and select "Managed sync data on Google Dashboard" A new window will open, scroll down to and select "Reset Sync" that will clear synced data from Google Server... Continue to next step to completely Uninstall Chrome.... Next. Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!! Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata) For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Install Google Chrome : Next, Import your Bookmarks... (instructions in the first step) Import Passwords... (instructions in second step above) Next, Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en Does that help
  13. You cannot backup installed software. It must be reinstalled. You can use this method to backup data https://answers.microsoft.com/en-us/windows/forum/windows_10-update/rescue-files-when-windows-wont-start/862c143f-9239-4e63-8968-635e8ba9efd6 You could also use this software to build a USB disk to have a GUI for copying files. Don't expect it can fix Windows - you can try but if Windows can't repair itself then I don't think this software will either. We just want it for the GUI to copy files to your external hard drive. https://www.paragon-software.com/free/rk-free/
  14. I was working on this write up here, before I got your very last message. I do not know why your system is doing the reboots. ! Thanks for that preceding information. Lets not try any further Windows Update. I am going to be referring you to the Sysnative forum for help on that. . I am very much hoping you can do all of the that follows in Normal mode of Windows. Without spending a whole lot of time; lets just have you look at the status of some Windows 10 services. Press and hold the Windows-flag-key on keyboard and tap the *R* key to get the RUN menu option. type in services.msc and press Enter key. The list of Windows services should be displayed in alpha order. If they are not, click once on the column titled "Name". Locate DCOM Server Process Launcher then right click on that line and go to Properties. In the Startup type select Automatic. look on the Status column for that service. IF it does not show Running .... then look on the upper left corner and click on Start service. Scroll down the list. Look for "Remote Procedure Call ( RPC )". Does it show in the list as Running? If it does not, then click the line "Remote Procedure Call ( RPC } to be sure it is selected look on the upper left corner and click on Start service. Scroll down the list. Look for "RPC Endpoint Mapper". Does it show in the list as Running? If it does not, then click the line "RPC Endpoint Mapper " to be sure it is selected look on the upper left corner and click on Start service. Scroll back UP the list. Look for "COM + Event System". Does it show in the list as Running? If it does not, then click the line "COM + Event System " to be sure it is selected look on the upper left corner and click on Start service. . Scroll down the list. Look for "Shell Hardware Detection". Does it show in the list as Running? If it does not, then click the line "Shell Hardware Detection " to be sure it is selected look on the upper left corner and click on Start service. . I am very much hoping you can do all of the above in Normal mode of Windows. After this, I may have you do one or 2 scans just as a safety check to see that there is no infection now. Then I am going to refer you to SYSNATIVE forum for other help on Windows and on Windows Update. Sincerely,
  15. I discovered this in my junk mail about five times at first glance. It referred to two passwords which I haven't used in many years to sites I've probably long since disused. My passwords are much stronger these days. They claim to have put malware on my computer and then removed it. The laughable part is the webcam recording. I'm a terminal cancer patient and sex is the furthest thing from my mind and body. The only thing they may be catching a video of is me vomiting into a pail next to my bed. LOL!!! I'm not going to worry too much about it as any information they may have gotten with those old passwords are most likely obsolete.
  16. Hi, Can you provide logs?
  17. That was my next step after looking at the logs. But good job you fixed it. If you have any other issues post the logs otherwise good job and best wishes.
  18. I already downloaded the MB repair tool. After the repair my system had to reboot. Once back in Windows, the icon was back in the systray. And also another application I was having trouble with was also fixed. LOL. I'll try to attach the log file. But thanks for the reply, and willingness to help. mbst-fix-results.txt
  19. So... something slightly alarming. I can't load into regular Windows 10 anymore. It constantly reboots. Never gets to the login screen. I can get to safe mode just fine via f8.
  20. Today
  21. If you get us the logs mentiond in the automated reply that would help
  22. Malwarebytes scan is above. The FRST log is attached. Note: I restored my Chrome folder after I discovered these method you suggested deleted some important browser history yet didn't remove the PUP, so that may be reflected in the FRST scan. Also, I may have to reinstall Chrome now since one of my accounts is malfunctioning after the restore. Because of this, I may just live with the PUP since it may be related to one of my Chrome extensions that I use. But I'm willing to try a bit more if you're confident that this can be removed without negative consequences. I appreciate your help thus far. FRST.txt
  23. ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: If you are having licensing issues, please do the following: Thanks in advance for your patience. -The Malwarebytes Forum Team
  24. Up until recently, the MB icon was loaded in the system tray with every boot-up of Win10x64. But just recently it has stopped putting the icon there. The option to have this load in the ST is grayed out and can't be turned on. Any idea why this is happening, and what I can do about it?
  25. How to backup installed software? I have an external HDD to do backup.
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.