Jump to content

dculp

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by dculp

  1. nasdaq -- Generally after exiting Chrome I'm able to restore my previous session (many open windows and tabs) when I restart Chrome. However, after running your tests with your fixlist.txt I wasn't able to do this and the previous history list was gone. I don't know if this was related to your tests but, if so, you should warn of this possibility beforehand. In any case, thanks for your efforts. This problem has been resolved here (https://forums.malwarebytes.com/topic/248677-cant-start-mbamexe/). Don C.
  2. Thanks for your extensive explanation. The problem was resolved by using the Clean button of the Malwarebytes Support Tool. Any idea what might have caused the problem? Don C.
  3. While browsing, a popup said that my computer had been hijacked. I immediately rebooted my computer and ran my antivirus software (ESET) which didn't find any problems. I then tried to run mbam.exe as administrator. I accepted the popup about allowing the program to make changes to my computer but afterwards the mbam UI didn't appear. I then rebooted into safe mode with networking. The mbam UI then ran successfully and didn't detect any threats. However, all protections were off and couldn't be turned on, either individually or by restore defaults. Immediately after normal rebooting (not safe mode), the Windows Task Manager showed that the mbam process was not running. However, after attempting to start mbam.exe the Task Manager showed that the mbam process was running but mbam didn't show in the applications tab. Notes - I worked with nasdaq in the community forum trying to resolve this problem but we couldn't. (See https://forums.malwarebytes.com/topic/248352-cant-start-mbamexe-no-user-interface/?_fromLogin=1#replyForm) I opened a support ticket 2639610 here (https://support.malwarebytes.com/community/contactsupport/pages/home-support) on 6/21 but the response from Adam was "Please continue to work with the people on the forums so we are not providing 2 different answers in 2 different tickets". (I had not previously opened another thicket so I'm unsure of the meaning of Adam's reply.) I responded to Adam but haven't had a further reply. Attached is mbst-grap-results.zip from running Malwarebytes Support Tool Version 1.4.0.615. Thanks, Don C. mbst-grab-results.zip
  4. After running FRST the results are unchanged -- can't start mbam.exe with normal Windows boot but mbam.exe runs and scans OK if boot to safe mode + networking. With normal Windows boot I tried disabling all protections in my ESET security but no change. Below is the info from Fixlog.txt. ================================================================================================= Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019 Ran by dculp (20-06-2019 14:30:52) Run:3 Running from C:\FRST_Farbar Loaded Profiles: dculp (Available Profiles: dculp) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: EmptyTemp: CloseProcesses: HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2012-11-30] (Microsoft Windows -> Microsoft Corporation) HKLM-x32\...\Winlogon: [Shell] explorer.exe [2871808 2012-11-30] (Microsoft Windows -> Microsoft Corporation) SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=CKMB&bmod=CKMB" CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program files\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> CustomCLSID: HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1F2776C4-9468-D082-92E6-56EE85889A47} => No File CustomCLSID: HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FBB964C-9468-D082-1A06-CAEE85889A47} => No File CustomCLSID: HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {504A8032-9468-D082-6410-3BA185889A47} => No File CustomCLSID: HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {504A996F-9468-D082-3909-3BA185889A47} => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer Aided Resonator Design (CARD).lnk -> F:\Temp2\CARD-14.31\CARD.BAT (No File) ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => not found HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => not found "Chrome StartupUrls" => not found HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => not found HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B} => not found HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B} => not found HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850} => not found HKU\S-1-5-21-1750345208-380253357-1962161537-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => not found HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computer Aided Resonator Design (CARD).lnk" => not found =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7772488 B Java, Flash, Steam htmlcache => 1088 B Windows/system/drivers => 12690 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 2494 B dculp => 145481436 B RecycleBin => 0 B EmptyTemp: => 154.2 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 14:33:21 ====
  5. Perhaps Fixlog is being aborted because FRST64.exe is deleted on the reboot so that it can't complete Fixlog.
  6. My C: drive has a root folder FRST (apparently created by FRST, not me). It has subfolders Hives, Logs, and Quarantines. The Logs subfolder has the following files - Addition_16-06-2019 06.18.28.txt (attached) ct.ini (2 lines -- [Run] and ct=2) Fixlog_16-06-2019 15.11.48.txt Fixlog_18-06-2019 15.21.26.txt (most recent, attached) FRST_16-06-2019 06.18.28.txt (attached) The third line of FRST_16-06-2019 06.18.28 is "Running from C:\Users\dculp\AppData\Local\Temp\mwbEEF9.tmp". Before running FRST, I first copy FRST64.exe and fixlist.txt to this folder. I also delete any old Fixlog.txt from this folder. There is nothing else in this folder. I then run FRST64.exe from this folder with the Fix option (after accepting the default checkboxes). Before running FRST64.exe, should there be any other folders or files in C:\Users\dculp\AppData\Local\Temp\mwbEEF9.tmp? Should FRST64.exe be in this folder or can it be run from anywhere? (Note - ESET didn't object to downloading FRST64.exe or to running it. I have a spare copy of FRST64.exe in case it is eventually deleted from this folder.) Should I try running Scan and then Fix? I wonder if Windows or FRST (not ESET) is deleting the files in the mwbEEF9.tmp folder (especially since this is a tmp folder within a Temp folder). Addition_16-06-2019 06.18.28.txt Fixlog_18-06-2019 15.21.26.txt FRST_16-06-2019 06.18.28.txt
  7. I have searched both C: (system) and D: (most programs). There is only one Fixlog.txt which is the one that I uploaded. 6/18/2019 - Starting again from scratch -- I downloaded FRST64.exe to C:\Users\dculp\AppData\Local\Temp\mwbEEF9.tmp (the 4th line of mbst-check-results.txt that I had uploaded on my first post). I also copied Fixlist.txt to the same folder. I ran FRST64.exe as administrator, accepted all checked defaults, and clicked Fix once. Shortly FRST64 displayed -- "Farbar Recovery Scan Tool (x64) Version: 15-06-2019 Fix completed. "Fixlog.txt" is saved in the same directory FRST is located. The computer needs a restart. Please close all open windows. Note that you will not get any notification from the tool after restart. Click OK to restart." OK The computer rebooted. A new Fixlog.txt (per the datestamp) was now in the above folder. FRST64.exe and Fixlist.txt were no longer there or anywhere else on C: . Fixlog.txt -- "dculp => 226463766 B RecycleBin => 0 B EmptyTemp: => 229.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:19:40 ====" Should I just try reinstalling Malwarebytes? Other?
  8. nasdaq -- Attached in Fixlog.txt (after rebooting). No change from previous condition (still unable to start mbam.exe). (BTW, I seldom run mbam.exe explicitly so I don't know if the current problem existed before the hijack attempt.) Next steps? Fixlog.txt
  9. While browsing, a popup said that my computer had been hijacked. I immediately rebooted my computer and ran my antivirus software (ESET) which didn't find any problems. I then tried to run mbam.exe as administrator. I accepted the popup about allowing the program to make changes to my computer but afterwards the mbam UI didn't appear. I then rebooted into safe mode with networking. The mbam UI then ran successfully and didn't detect any threats. However, all protections were off and couldn't be turned on, either individually or by restore defaults. Note - Immediately after normal rebooting (not safe mode), the Windows Task Manager showed that the mbam process was not running. However, after attempting to start mbam.exe the Task Manager showed that the mbam process was running but mbam didn't show in the applications tab. At this point I'm not sure that Malwarebytes is protecting me. Attached is the log file mbst-grab-results.zip from mb-support-1.4.0.615.exe. Windows 7 Pro, mbam.exe v. 3.7.1.2.839 Thanks, Don C. mbst-grab-results.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.