AdvancedSetup

Root Admin
  • Content count

    64,960
  • Joined

  • Last visited

About AdvancedSetup

  • Rank
    Staff

Contact Methods

  • Website URL
    http://www.malwarebytes.org

Profile Information

  • Location
    US

Recent Profile Visitors

328,368 profile views
  1. Please restart the computer one more time. Do not install Malwarebytes if prompted, cancel out of it. Then run the clean removal again as described below. Please read and try the following. If the clean removal and reinstall works, great, if not then please post back all of the requested logs so we can check and see what's going on. Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - Malwarebytes mb-clean tool (NOTE: After uninstalling with the mb-clean tool you will be asked to reboot. Once you reboot it will ask you if you want to re-install Malwarebytes, you can select YES or you can download the latest version (currently v3.0.6 CU4.1) to re-install from HERE) If that does not correct the issue, then please read the following and attach to your next reply the 4 requested logs - Diagnostic Logs (the 4 logs are: mbam logs zipped, FRST.txt, Addition.txt and mb-checkResult.txt) NOTE: More info about the latest Malwarebytes 3.0.6 CU4.1 HERE; MB 3 User Guide ONLINE; MB 3 User Guide PDF; MB 3 FAQ: Malwarebytes 3.0 - Frequently Asked Questions Please let us know how it goes. Ron
  2. We're not done yet. Sorry for the delay. The logs were not complete which means something stopped them from completing. Let's try doing a full disk check of the system. Please click on the "Search the web and Windows" box. Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator" In the command prompt please type the following exactly. CHKDSK C: /R This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use. Press the Y key to tell it to run on the next restart of the computer. Then restart the computer and let it run. Then find and copy the disk check entry from the Event Logs and paste back the results here. How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10
  3. Did you fix the C:\Windows\system32\codeintegrity\Bootcat.cache missing issue? Did you run Process Monitor and Process Explorer during an install to see what's going on? Where do you have your %temp% files going to?
  4. Hi Vincent, Going to be in and out tomorrow so will probably need to help you with this more on Monday. But on Monday what I'd like to do is do a Clean Removal but don't reinstall Malwarebytes yet. After the removal please post the mbam-clean log and a new set of FRST and Addition.txt logs. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Then I'll review your logs and see what is going on, before we reinstall Malwarebytes. Thanks Ron
  5. Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!
  6. Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt After the restart then run Malwarebytes and check for updates. Thanks
  7. Okay, sounds good. Take care and have a great weekend. Ron
  8. Yes, the installation token is not getting set as it can't connect to our server properly. I'd need to get all the logs from Malwarebytes zipped up so I can take a look but they probably won't tell me what's wrong with DNS or connection, only that it could not connect. Let me get the following files please and we'll see if we can find something in these logs to account for the issue. Please, read the topic here Available Assistance for Possibly Infected Computers and attach those logs back here and I'll review them and see what I can find going on. Ron
  9. At this time there are no more signs of an infection on your system. However if you are still seeing any signs of an infection please let me know. Let's go ahead and remove the tools and logs we've used during this process. Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time. They are often updated daily so if you went to use them again in the future they would be outdated anyways. The following procedures will implement some cleanup procedures to remove these tools. Download Delfix from here and save it to your desktop. (you may already have this) Ensure Remove disinfection tools is checked. Click the Run button. Reboot Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete) IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall. If there are any other left over Folders, Files, Logs then you can delete them on your own. Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time. How to Delete System Protection Restore Points in Windows 7 and Windows 8 Remove all but the most recent Restore Point on Windows XP As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers How do I disable Java in my web browser? - Disable Java A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data. Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor. How Malware Spreads - How did I get infected Best Practices for Safe Computing - Prevention of Malware Infection Avoiding those unwanted free applications A close look at how Oracle installs deceptive software with Java updates IAC / Ask.com toolbars Malwarebytes Unpacked Blog If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
  10. That is not even close to being the full CBS.log file. That is normally a multiple MB size file that requires zipping to upload. I'm not saying that this is the issue either, only that something has altered your bootup record and you don't know why or how. Your taking A+ 220-902 which is an indicator that you're probably heavily playing with your system. I'm here to help you with getting the program working but you need to help me to help you too please. Take the file from another working computer and copy it to your computer and see if that works to fix the boot loading issue or not. Download the Microsoft Process Explorer and exam what happens when you try to install. https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx Use the Microsoft Process Monitor to also review what's going on during install https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx Where do you have your %temp% files going to? I don't think the computer is infected, I think that there is some odd setting that is not normal that is causing this issue and we need to track down what that is. Let's go ahead though and double check that the computer is not infected. Please download and run the following Kaspersky tool to remove any found threats Kaspersky Virus Removal Tool It should create a log when done. Please post back that log. Thank you Ron
  11. I've split the topic to its own. @hallvw3 Please read and try the following. If the clean removal and reinstall works, great, if not then please post back all of the requested logs so we can check and see what's going on. Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - Malwarebytes mb-clean tool (NOTE: After uninstalling with the mb-claen tool you will be asked to reboot. Once you reboot it will ask you if you want to re-install Malwarebytes, you can select YES or you can download the latest version (currently v3.0.6 CU4.1) to re-install from HERE) If that does not correct the issue, then please read the following and attach to your next reply the 4 requested logs - Diagnostic Logs (the 4 logs are: mbam logs zipped, FRST.txt, Addition.txt and mb-checkResult.txt) NOTE: More info about the latest Malwarebytes 3.0.6 CU4.1 HERE; MB 3 User Guide ONLINE; MB 3 User Guide PDF; MB 3 FAQ: Malwarebytes 3.0 - Frequently Asked Questions Please let us know how it goes. Thank you Ron
  12. More than likely there is some image, link, or advertisement in the forum link where you Moderate is all. Overall not a big issue. It should not stop that forum from loading but can be slow while it blocks the other link. Our program probably did not remove "all" traces of your old backup software and may require a reinstall and then immediately uninstall it so as to fully remove it. Which may require temporarily disabling Malwarebytes Protection Module while you install and uninstall the old backup program. The logs do not show any signs that the computer is infected. We can run another tool from Kaspersky if it will help give you a better feeling of safety. Please download and run the following Kaspersky tool to remove any found threats Kaspersky Virus Removal Tool As for a donation, no donation is required but thank you for the kind gesture. Thanks again Ron
  13. Hello @Dude7 Please read and try the following. If the clean removal and reinstall works, great, if not then please post back all of the requested logs so we can check and see what's going on. Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - Malwarebytes mb-clean tool (NOTE: After uninstalling with the mb-claen tool you will be asked to reboot. Once you reboot it will ask you if you want to re-install Malwarebytes, you can select YES or you can download the latest version (currently v3.0.6 CU4.1) to re-install from HERE) If that does not correct the issue, then please read the following and attach to your next reply the 4 requested logs - Diagnostic Logs (the 4 logs are: mbam logs zipped, FRST.txt, Addition.txt and mb-checkResult.txt) NOTE: More info about the latest Malwarebytes 3.0.6 CU4.1 HERE; MB 3 User Guide ONLINE; MB 3 User Guide PDF; MB 3 FAQ: Malwarebytes 3.0 - Frequently Asked Questions Please let us know how it goes. Thank you Ron
  14. Hello @smithyommite Looks to be some type of DNS, Firewall, or possibly other Security software block going on preventing access back to our Activation server. Please run the following for me and post back the log as an attachment. Create and obtain an mb-check log: Download mb-check from here and save to your desktop Run mb-check and within a few second the command window will open and then close This will produce one log file on your desktop: mb-checkResult.txt Attach this log file to your post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area Thanks Ron
  15. Hello @dave1510 The computer has what appears to be a corrupted, or broken Windows Search - this may just be due to some type of disk corruption. A full disk check may fix it. Error: (04/19/2017 08:11:42 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. This could be temporary or could be that some other piece of software is conflicting. Needs further analysis to determine cause Error: (04/14/2017 11:13:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Needs further analysis to determine cause Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. There appears to possibly be a policy set that has your System Restore disabled. This needs to be removed HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION Appears to be a group policy restriction on the system as well GroupPolicy: Restriction <======= ATTENTION HKU\S-1-5-21-457163509-3813027254-3722488355-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-457163509-3813027254-3722488355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04202017213248849\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-457163509-3813027254-3722488355-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04212017212421930\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION I would recommend trying to correct these issues and then trying a clean removal and reinstall of Malwarebytes and see if you're still having an issue or not. Please click on the "Search the web and Windows" box. Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator" In the command prompt please type the following exactly. CHKDSK C: /R This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use. Press the Y key to tell it to run on the next restart of the computer. Then restart the computer and let it run. Then find and copy the disk check entry from the Event Logs and paste back the results here. How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10 Please read and try the following. If the clean removal and reinstall works, great, if not then please post back all of the requested logs so we can check and see what's going on. Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - Malwarebytes mb-clean tool (NOTE: After uninstalling with the mb-claen tool you will be asked to reboot. Once you reboot it will ask you if you want to re-install Malwarebytes, you can select YES or you can download the latest version (currently v3.0.6 CU4.1) to re-install from HERE) If that does not correct the issue, then please read the following and attach to your next reply the 4 requested logs - Diagnostic Logs (the 4 logs are: mbam logs zipped, FRST.txt, Addition.txt and mb-checkResult.txt) NOTE: More info about the latest Malwarebytes 3.0.6 CU4.1 HERE; MB 3 User Guide ONLINE; MB 3 User Guide PDF; MB 3 FAQ: Malwarebytes 3.0 - Frequently Asked Questions Please let us know how it goes. Thank you Ron