jimkkk Posted September 30, 2020 ID:1410918 Share Posted September 30, 2020 New MBAM member. Searching for cause of current PC issues on Win7 Pro 64 SP1. I tried to install MB stand alone scanner but it wouldn't install. Then bought MB personal suite; v4 wouldn't install, but v3 would, so I did and ran the internal scanner which bogged down on the TEMP folder showing me what/where it was. Tried DEL /F/Q/S which only seemed to cause the folder to grow. Write protect did nothing so I assume there's some sort of Malware within the folder. There's currently over 800K files in the folder. What next? Thanks Jim Link to post Share on other sites More sharing options...
kevinf80 Posted September 30, 2020 ID:1410922 Share Posted September 30, 2020 Hello jimkkk and welcome to Malwarebytes, Run the following: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin Link to post Share on other sites More sharing options...
jimkkk Posted September 30, 2020 Author ID:1410925 Share Posted September 30, 2020 Good morning Kevin. Thanks for the quick reply. I happened to be in safe mode when I responded to this. Let me know if I need to do this in normal mode. Attached are the logs as requested. Note: The rogue TEMP folder is located at 😄\Windows\TEMP FRST.txt Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted September 30, 2020 ID:1410935 Share Posted September 30, 2020 Hiya jimkkk, Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Boot your system to Normal mode, continue: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here When the install completes, continue: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs... Thank you, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
jimkkk Posted September 30, 2020 Author ID:1411014 Share Posted September 30, 2020 Hey Kevin, Just an update. FRST fix is running and I suspect will be for a few hours yet. Just letting you know I'm on this and will get back with you as soon as I get it all run. Jim Link to post Share on other sites More sharing options...
kevinf80 Posted September 30, 2020 ID:1411030 Share Posted September 30, 2020 Hiya Jim, I`m in the UK, my local time is 22:50. I usually finish up 24:00, then back in the morning about 08:00 Thanks, Kevin Link to post Share on other sites More sharing options...
jimkkk Posted October 1, 2020 Author ID:1411251 Share Posted October 1, 2020 Kevin, Try my best, I can't get the MBAM scanner to complete a scan. The best its done is freeze during the HA scan. I found a couple user remarks about a problem with updates, so I turned those off, rebooted and tried again. This time, it hung up early in "files." Meanwhile, you initial FBAR script successfully killed the self-generating TEMP folder, SFC finds nothing and the computer has more life. I still can't install MB4. It opens, confirms its for personal use, starting installing.....no progress bar, and shuts off. It did produce a report which I have attached, but doesn't appear to have quarantined the items. Windows updates fail, too. So what next? Thanks again for your help! Jim MBAM scan 9.31.20.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 1, 2020 ID:1411291 Share Posted October 1, 2020 Hello jimkkk, Can I see the log from FRST fix, also the log from AdwCleaner. The Malwarebytes log is complete, only problem being no action was taken. For a full log to be compiled as per the attachment, Malwarebytes must have been installed correctly.. Thank you, Kevin... Link to post Share on other sites More sharing options...
jimkkk Posted October 2, 2020 Author ID:1411359 Share Posted October 2, 2020 Kevin. v4 won't install at all. Even after running the Support Tool. That said, v3 does install, so that's what I've been using. In v3, it freezes at random points during the scan. I've run 5 scans so far. Each freezing at a different point. I'm running the Support Tool again now as I type this. After the reboot, I will re-install v3, accept the updates and run the scanner again. If I can get the Scan to complete, I'll let you know. Meanwhile, attached are the other logs as requested. Jim AdwCleaner[C00].txt msert.log Link to post Share on other sites More sharing options...
kevinf80 Posted October 2, 2020 ID:1411420 Share Posted October 2, 2020 Hiya Jim, Can I also see the log from FRST fix frst.log Copies of logs are saved here: C:\FRST\Logs. If possible boot your system to Normal mode and run Malwarebytes again, even if V3 is is the only version you can install. When prompted after the scan make sure to Quarantin all found entries.. Thank you, Kevin... Link to post Share on other sites More sharing options...
jimkkk Posted October 2, 2020 Author ID:1411426 Share Posted October 2, 2020 Still no-go on completing a Scan. I'm running in normal mode. A few minutes ago, I found the install exe for MBAM 2 and am installing it now to see if it will complete a scan. Thanks again for all your help. Jim Fixlog_30-09-2020 17.32.09.txt Addition_30-09-2020 10.37.26.txt FRST_30-09-2020 10.37.26.txt mbst-fix-results.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 2, 2020 ID:1411428 Share Posted October 2, 2020 Hello Jim, Wow, FRST fix removed 62 GB of temp stuff. That is a big chunk of data.. As you are running Windows 7 Windows defender does not have any anti-virus components, therefore if Malwarebytes is not installed correctly you have no AV protection. From Addition.txt it does show two instances of Malwarebytes in Security Center, but in the installed programs list no instances of Malwarebytes show as installed... Quote ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Have look at the following link for a free version AV program to keep you protected until we can find out why Malwarebytes will not install... https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2316629 Thank you, Kevin... Link to post Share on other sites More sharing options...
jimkkk Posted October 2, 2020 Author ID:1411445 Share Posted October 2, 2020 v2 scanner ran and completed successfully. Then, I ran the Clean program and installed v3, but it hangs as before. Attached is the v2 log. 62G in temp files.....HAH! .....and each time I'd make an effort to delete them, they folder would grow a couple more Thanks for the list of free versions. I'm installing Kaspersky. Also, if it helps, be aware I'm also unable to install Windows updates. Also, I'm unable to install drivers for a couple printers I'm trying to test drive.....which I suspect is related to un-installed updates. Thanks again for everything. Jim MB2 scan 191920.txt Link to post Share on other sites More sharing options...
jimkkk Posted October 2, 2020 Author ID:1411453 Share Posted October 2, 2020 Kevin. Update: Kaspersky wouldn't install, either. Avast seems to be working. Trying to think if there's been any other "symptoms" that might provide some clues. A couple little things: Firefox quit remembering logins. All the typical reasons have been checked and are fine. Outlook boots slow. Runs fine once its completely loaded. Link to post Share on other sites More sharing options...
jimkkk Posted October 2, 2020 Author ID:1411458 Share Posted October 2, 2020 Check that.......Avast scanner hangs, too. Link to post Share on other sites More sharing options...
kevinf80 Posted October 2, 2020 ID:1411465 Share Posted October 2, 2020 Not sure if you are aware but Microsoft stopped supporting Windows 7 14th January 2020. That does mean software and security updates also cease. https://support.microsoft.com/en-gb/help/4467761/windows-what-happens-when-windows-7-support-ends Now might be a good time to upgrade your Windows 7 to Windows 10: https://www.howtogeek.com/266072/you-can-still-get-windows-10-for-free-with-a-windows-7-8-or-8.1-key/ Link to post Share on other sites More sharing options...
jimkkk Posted October 2, 2020 Author ID:1411469 Share Posted October 2, 2020 Another update: Total AV almost installs, but the last step is that it wants to get to the Internet to look for updates., but can't. I get an Total AV popup that says" Completing setup..... 0%......waiting for Internet connection. But I have plenty of bandwidth. Link to post Share on other sites More sharing options...
kevinf80 Posted October 2, 2020 ID:1411473 Share Posted October 2, 2020 Hiya Jim, Did you read my last reply..? As Windows 7 is no longer supported that may explain why you have so many problems. All updates for W7 are no longer available since 14 January 2020... Regards, Kevin.. Link to post Share on other sites More sharing options...
jimkkk Posted October 2, 2020 Author ID:1411474 Share Posted October 2, 2020 Yea.... I have 10 on my laptop. Maybe its just that I'm just an old IT guy...... over the hill and stuck in my ways, but I just don't like it much. Meanwhile, I have another PC with 7 which has been getting updates as recently as last week. This one got "one" update about 3 weeks ago amidst 20 that failed. Fortunately, I have everything backed up x2. I've been using the laptop so this one can sit for hours making sure the software is locked, so at least I'm making an effort to "get with the times" but then again, I'm not a big fan of tablets, either.......so maybe I'm just a lost cause. Jim Link to post Share on other sites More sharing options...
kevinf80 Posted October 2, 2020 ID:1411536 Share Posted October 2, 2020 If you are determined to keep hold of W7 maybe a repair install may help fix what is wrong..... https://www.sevenforums.com/tutorials/3413-repair-install.html Let me know if that is any good... Link to post Share on other sites More sharing options...
jimkkk Posted October 5, 2020 Author ID:1412019 Share Posted October 5, 2020 Problem solved...or at least greatly improved! I needed to walk away from it for a bit and think about it while driving somewhere....when it came to me. I'm familiar with MS's "Repair Install" and knew I kinda wanted to avoid that. One small program I tried installing threw an error message that the computer didn't have a Temp folder to set up shop in. I'd seen that before which was how I discovered the 80g (and growing) folder....and contacted you. But trying to load it recently, threw the same error, so I looked at the Environmental Variables and spotted it. The local TEMP value syntax was wrong and the way it was written, had no target. So, that was easy to correct and now, MBv4 (and everything else I've tried including Windows Updates) loads without issue. I have attached the scan results for your consideration. If there's anything else you'd like me to do, please let me know. Thanks for all your time and assistance. Jim Malware v4 scan.txt Link to post Share on other sites More sharing options...
Solution kevinf80 Posted October 5, 2020 Solution ID:1412030 Share Posted October 5, 2020 Hiya Jim, Good to hear your problems are gone, if no remaining issues or concerns continue to clean up.. Right click on FRST here: C:\Users\Jim\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted October 7, 2020 ID:1412536 Share Posted October 7, 2020 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts