Jump to content

Mbam Silently Uninstalled


moo4x
Go to solution Solved by moo4x,

Recommended Posts

Win 10 Pro. A few minutes ago, I got a Win message center notice that Mbam was turned off. I went to turn it back on & none of the shortcuts worked. So apparently something on the net was able to uninstall it.  I dl'd, reinstalled, & my license was still in the pc's registry. I'm scanning now.

My browser MBAM was NOT uninstalled.

How concerning is this?

Edited by moo4x
Link to post
Share on other sites

  • Root Admin

Hello @moo4x

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

Hello @moo4x:

Both of MBST-Grab's FRST reports seem truncated. Please follow the procedure below and post both FRST report files in your next reply to this thread.

Please do a Windows 10 restart and then:

Download and launch Farbar Recovery Scan Tool
  1. Do not click on any Ads.
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.
     
    image.png.1dc26a7ca36eb05bf3a802b83141ab8d.png
  4. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on the PC.
    Disable smart screen ONLY if it interferes with the software we may have to use:  What is SmartScreen and how can it help protect me?
     
         a.  Click More info.
     
    image.png.eec6f4a60527e75ef63d3ee8ff12d248.png
         b.  Click Run anyway.
     
    image.png.871fd6708758745802c18dd43fdde202.png
  5. When the User Account Control window appears, click Yes.
     
    image.png.605c171831e4a2e27820373f54365a4c.png
     
  6. To accept the Disclaimer of warranty, click Yes.
     
    image.png.238bd9b035162b1ac18d75e8cc08b50c.png
     
  7. Ensure only the boxes listed below are checked
     
    image.png.b37304e8ca1fd499f66b1f184186ac7f.png
    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt
     
    image.png.ef61aefe611d6c64bd1db62b54987b26.png
     
  8. Disable any Antivirus software you have installed ONLY if it stops the software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans
     
    Click Scan. The scan may take a few minutes to complete.
     
    image.png.16e5f075bd21b34e71e32aa0fe369e3f.png
  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:
  • Scan completed. FRST.txt is saved in the same directory FRST is located.
     
    image.png.a9fae1fd272dad8fc07e6ad22a26e125.png
  • Addition.txt is saved in the same directory FRST is located.
     
    image.png.f4a3b1c75b35261e4733ef912dcc0b6f.png
  • Click OK to close each message window
 
Please attach both of those logs to your next reply, DO NOT copy/paste the contents of the logs directly
image.jpeg.4bc0b96194d8513e62babbdd0387c0bf.jpeg
Thank you.
  • Like 1
Link to post
Share on other sites

  • Root Admin

Task: {6B3E5FCA-4EA0-4498-8BEB-AF6AD8E60BEC} - \Tweaking.com - Windows Repair Tray Icon -

 

In my opinion the best thing you can do is back up your personal data. Format the hard drive and do a CLEAN install of Windows.

By using the Tweaking Tool that is a very last resort because Windows won't run at all. It is a shotgun approach that modifies file, folder, and registry permissions.

If you want a well working, safe installation of Windows then I'd highly suggest you do the right thing and do a clean install of Windows.

 

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

 

  • Like 2
Link to post
Share on other sites

  • Root Admin

Tweaking.com modifies file, folder, and registry permissions.

At this point in my opinion anything you do on that computer is a waste of time. It is not setup correctly and never will be again until you do a Clean install of Windows.

You can continue piece meal fixes and tweaks but it is now in a broken state that cannot be fixed.

 

Link to post
Share on other sites

  • Root Admin

Again, it up to you. You own the computer. I'm simply telling you that you would have a much safer and better running computer that you can trust by doing a clean install of Windows.

I can have a broken window in my car and busted lights bald tires and still drive it but it doesn't mean it's working well

 

Link to post
Share on other sites

Thanks. For the moment, I'll keep a close eye on it & backup frequently. Just not looking forward to a re-set up. Probably at least a 24 hour job with everything I have set up the way I like it.

Did you see any Malware that would have forced Mbam to close? It hasn't repeated.

Link to post
Share on other sites

  • Root Admin

Nope, nothing seen in the logs

Please save the attached file FIXLIST.TXT to the same location as the Farbar program.

Then run Farbar with Admin rights and click on the FIX button

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

fixlist.txt

 

Thanks

 

Link to post
Share on other sites

FYI: The log said that Foxit pdf & Logitune web cam software were removed. They were not, but now are very slow to start up.. Firefox pretty much will not run (starts up & hangs), & Edge is much slower. The PC is general is MUCH slower. Should I do a restore?

Edited by moo4x
Link to post
Share on other sites

  • Root Admin

I did not remove any of this. I simply asked the system what has been uninstalled, looking to see if someone uninstall Malwarebytes.

MS Edge and other things will eventually rebuild cache and run faster. Do not do a restore. If you're going to do anything then do a CLEAN install of Windows.

 

 Index Time         EntryType   Source       InstanceID Message                                                                                                                                                                                                                            
 ----- ----         ---------   ------       ---------- -------                                                                                                                                                                                                                            
125688 Sep 14 10:24 Information MsiInstaller       1034 Windows Installer removed the product. Product Name: Microsoft .NET Host FX Resolver - 6.0.8 (x64). Product Version: 48.35.45462. Product Language: 1033. Manufacturer: Microsoft Corporation. Removal success or error status: 0.
125699 Sep 14 10:24 Information MsiInstaller       1034 Windows Installer removed the product. Product Name: Microsoft .NET Runtime - 6.0.8 (x64). Product Version: 48.35.45462. Product Language: 1033. Manufacturer: Microsoft Corporation. Removal success or error status: 0.          
116799 Jul 25 18:41 Information MsiInstaller       1034 Windows Installer removed the product. Product Name: Foxit PDF Editor. Product Version: 11.2.2.53575. Product Language: 1033. Manufacturer: Foxit Software Inc.. Removal success or error status: 0.                               
122263 Aug 23 19:33 Information MsiInstaller       1034 Windows Installer removed the product. Product Name: Logi Tune 2.213.314. Product Version: 2.213.314.0. Product Language: 1033. Manufacturer: Logitech. Removal success or error status: 0.                                        
128897 Sep 28 13:52 Information MsiInstaller       1034 Windows Installer removed the product. Product Name: Google Chrome. Product Version: 68.21.49235. Product Language: 1033. Manufacturer: Google LLC. Removal success or error status: 0.                                            
139079 Nov 08 13:20 Information MsiInstaller       1034 Windows Installer removed the product. Product Name: Microsoft .NET Host FX Resolver - 6.0.10 (x64). Product Version: 48.43.48869. Product Language: 1033. Manufacturer: Microsoft Corporation. Removal success or error status: 0.
139095 Nov 08 13:20 Information MsiInstaller       1034 Windows Installer removed the product. Product Name: Microsoft .NET Runtime - 6.0.10 (x64). Product Version: 48.43.48869. Product Language: 1033. Manufacturer: Microsoft Corporation. Removal success or error status: 0.         
131619 Oct 11 13:03 Information MsiInstaller       1034 Windows Installer removed the product. Product Name: Microsoft .NET Host FX Resolver - 6.0.9 (x64). Product Version: 48.39.47157. Product Language: 1033. Manufacturer: Microsoft Corporation. Removal success or error status: 0.
131626 Oct 11 13:03 Information MsiInstaller       1034 Windows Installer removed the product. Product Name: Microsoft .NET Runtime - 6.0.9 (x64). Product Version: 48.39.47157. Product Language: 1033. Manufacturer: Microsoft Corporation. Removal success or error status: 0.          

 

 

Link to post
Share on other sites

  • Root Admin

Happy Birthday

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

  • Solution

@AdvancedSetup Thanks again for your help! This is the best this machine has run in a couple months (since the original 22H2 update slowed it down).

My best guess based on what I saw over the weekend (I Didn't note every detail) is I suspect your Farbar & KPRM scripts in conjunction with the 22H2 quality preview update did it.

Edited by moo4x
Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.