Jump to content

Recommended Posts

  • Root Admin

The system event logs show a few errors and Malwarebytes is crashing. Let me have you run the following please

 

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Once that's done then go ahead and uninstall Malwarebytes and reinstall it using the following method.

Please uninstall your current version of MBAM and reinstall the latest version using the following guide. MBAM Clean Removal Process 2x

 

Thanks

Link to post
Share on other sites

Thanks, I wish I could. Unfortunately I tried to reboot in safe mode to remove MB as was suggested in the other thread and on restart my screen was black. It flashes on for a split second every15-90 seconds but not enough to where I can see to do anything, even boot to normal mode. Power off returns to black screen safe mode. Apparently on Win10 I can't bring up the boot menu pressing F8 during startup either. Been trying to video the screen and pause as it flashes to see where I'm at but even that isn't working.

Is there a way to access restore points or boot menus without loading Windows that you know of, or am I SOL?

Link to post
Share on other sites

  • Root Admin

Please try the following.

Recovery options in Windows 10
https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options

Advanced Startup Options - Boot to in Windows 10
How to Boot to Advanced Startup Options in Windows 10
https://www.tenforums.com/tutorials/2294-advanced-startup-options-boot-windows-10-a.html

 

Link to post
Share on other sites

Running again. So glad the scans are picking up things, in a sense... Here are the logs, will be running MB Clean in a moment. Thanks!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by jtvt (Administrator) on Wed 02/15/2017 at 21:27:59.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 4 

Successfully deleted: C:\ProgramData\esellerate (Folder) 
Successfully deleted: C:\Users\jtvt\AppData\Local\nativemessaging (Folder) 
Successfully deleted: C:\Users\jtvt\AppData\Roaming\search protection (Folder) 
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut) 

Deleted the following from C:\Users\jtvt\AppData\Roaming\Mozilla\Firefox\Profiles\oa8kq50z.default\prefs.js
user_pref(browser.search.defaultenginename.US, Secure Search);
user_pref(browser.search.order.1, Secure Search);
user_pref(browser.search.selectedEngine, Secure Search);

Registry: 4 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_12BF9C398FDA80AE0B3A7CE2F6F61CD6 (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2F4A8F01-4D30-4089-9746-A649D8604B11} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8F1D39A0-A06A-4F2D-B425-970F31F1CFFF} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D2D0275A-470D-4807-A472-EB606EAB9340} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/15/2017 at 21:32:10.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v6.043 - Logfile created 15/02/2017 at 21:44:19
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : jtvt - JT
# Running from : C:\Users\jtvt\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\jtvt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Key deleted: HKU\S-1-5-21-361230461-721003923-3493222843-1001\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Web browsers ] *****

[-] [C:\Users\jtvt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ch
[-] [C:\Users\jtvt\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\jtvt\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mahgaopgbalgbfohkikbdjfmaapiehaf


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1989 Bytes] - [15/02/2017 21:44:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [2243 Bytes] - [15/02/2017 21:43:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2135 Bytes] ##########
 

 

Nothing found by Sophos

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

Did not see any serious issues in the logs. You have an old version of Java. Please uninstall all versions of Java and if you need Java make sure you're running the latest version.

You can also uninstall the McAfee Security Scan as that does not really do anything.

How is the computer running now?
 

Make sure you make a new System Restore Point before doing anything else.

 

 

Link to post
Share on other sites

This morning all MB real time options were still disabled and still stuck on "starting" when I tried to enable them, and still couldn't turn off self protection. It gave me the same errors when I reinstalled after running Clean as well, which I had to ignore to proceed - mbae64.sys driver and multiple mbamservice paths. I had to go to work so ran a scan and left it. 

Link to post
Share on other sites

Got home recently, all real time protection options still stuck on "starting..." and couldn't disable self protection. Since I've been messing with this, whenever real time protection is stuck on "starting..." Chrome refuses to open any pages, if I close out Chrome and click the tray icon it gives the "wait a sec" icon and then does nothing. When I quit MB Chrome starts normally.

 

The full error paths when I was trying to reinstall after Clean were:

 

C:\WINDOWS\system32\drivers\mbae64.sys

C:\ProgramData\Malwarebytes\MBAMService\clean.mbdb

C:\ProgramData\Malwarebytes\MBAMService\prot.mbdb

C:\ProgramData\Malwarebytes\MBAMService\rdefs.mbdb

C:\ProgramData\Malwarebytes\MBAMService\rules.mbdb

C:\ProgramData\Malwarebytes\MBAMService\scan.mbdb

C:\ProgramData\Malwarebytes\MBAMService\tids.mbdb

C:\ProgramData\Malwarebytes\MBAMService\wprot.mbdb

C:\ProgramData\Malwarebytes\MBAMService\exclusions.txt

C:\ProgramData\Malwarebytes\MBAMService\dynconfig.dat

C:\ProgramData\Malwarebytes\MBAMService\dbmanifest.dat

C:\ProgramData\Malwarebytes\MBAMService\mbdigsig.dat

 

"An error occurred while trying to create a file in the destination directory:

Access is denied.

Click Retry to try again, Ignore to skip this file (not recommended), or Abort to cancel installation."

 

Unless I click ignore or abort this message keeps popping up, if I click ignore to all and try to load MB, the program won't function correctly.

 

Just noticed it's saying my updates are out of date, when I click download it says "downloading" but the hover icon still says they're out of date.

Edited by jtvt
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.