Bethyboo Posted December 2, 2023 ID:1602796 Share Posted December 2, 2023 Hi, Folks. I left my laptop in a full scan, not on any websites. I came back to it hours later (screen was black like normal), nudged it on, and had notification that Mwb. had found 2 threats, which I immediately allowed to be quarantined, then the restart of my laptop. They are both Malware.AI.2186252439, found in 2 different locations (BLESS MY MWBTS!!!). Since about 1/2 hr ago, when I did this stuff, my Mwbts. 4.6.6. isn't updating properly. It goes on a slow update, which always asks for a restart of Mwbts. This one is not asking for a restart, nor does it seem to be updating its finalization. When I go to update it again (to check that it updated all the way), it does the same thing all over again. Something isn't right. Please advise. Thank you. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 2, 2023 Root Admin ID:1602798 Share Posted December 2, 2023 Hello @Bethyboo Please get me some logs so that I can check on your system for you. To begin, please do the following so that we may take a closer look at your installation for troubleshooting: NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply Thank you Link to post Share on other sites More sharing options...
Bethyboo Posted December 2, 2023 Author ID:1602800 Share Posted December 2, 2023 Thank you! I always love your Kirk's "what?". mbst-grab-results.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 2, 2023 Root Admin ID:1602804 Share Posted December 2, 2023 Thank you. Yes, Star Trek was one heck of a franchise Please follow the steps below [ 1 ] Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following Adobe AIR (Adobe dropped support for this product years ago) CCleaner (computer experts no longer recommend this product) [ 2 ] Your current DNS Servers: 192.168.1.254 Please consider changing your default DNS server settings. Please choose one provider only DNS is what lets users connect to websites using domain names instead of IP addresses Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6 Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001 OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53 DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b The Ultimate Guide to Changing Your DNS Server https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/ Here is a YouTube video on Changing DNS settings if needed [ 3 ] Application errors: ================== Error: (12/01/2023 06:34:55 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (4468,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. See if the following post helps to correct this error Fix Tilerepository error https://answers.microsoft.com/en-us/windows/forum/all/event-viewer-erro-esent-455-since-update-1903/624a2548-06e5-47f4-bb99-76d6412895a0 [ 4 ] Error: (12/01/2023 06:09:00 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2813573738-3828652003-1143853048-1000}/">. The following posts should help to resolve this issue How to Reset Windows Search in Windows 10 https://www.tenforums.com/tutorials/165810-how-reset-windows-search-windows-10-a.html Fix problems in Windows Search https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/fix-problems-in-windows-search [ 5 ] This are much more critical for your system. The Intel(R) Rapid Storage Technology helps to manage how files are read and written to the computer and needs to work well. We'll do a generic clean up of the computer but if that does not help, then we'll need to dig in deeper to try to fix this BIOS: Dell Inc. A26 06/13/2019 Motherboard: Dell Inc. 0CF0TC System errors: ============= Error: (12/01/2023 06:01:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Error: (12/01/2023 06:01:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Microsoft Update Health Service service failed to start due to the following error: The system cannot find the file specified. Error: (12/01/2023 06:01:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Solutions Framework Service service failed to start due to the following error: The system cannot find the file specified. Error: (12/01/2023 06:01:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Dell Client Management Service service failed to start due to the following error: The system cannot find the file specified. Error: (12/01/2023 06:01:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Dell Hardware Support service failed to start due to the following error: The system cannot find the file specified. Error: (12/01/2023 05:59:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The MozillaMaintenance service terminated with the following error: Incorrect function. Error: (12/01/2023 02:05:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0xc19001e2: Feature update to Windows 10, version 21H2. Error: (12/01/2023 08:22:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). [ 6 ] Please double-check what these files are from. No files should be saved in the root of the parent folders like that. 2019-12-13 17:06 - 2019-12-13 17:06 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\01844566e1ea464899fc8b43f8ee4704 2019-12-13 17:06 - 2019-12-13 17:06 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\01844566e1ea464899fc8b43f8ee4704thumb 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\074777ff3bfa42b79a23e155401db39d 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\074777ff3bfa42b79a23e155401db39dthumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\0bc18da66360477bac807282815361a1 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\0bc18da66360477bac807282815361a1thumb 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\0d3d5332f5c54e63a5d56b3599203008 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\0d3d5332f5c54e63a5d56b3599203008thumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\119e2cce4a1a4582807eea67dfa93947 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\119e2cce4a1a4582807eea67dfa93947thumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\1ac7808d7ed743e899fc1e39e32236e0 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\1ac7808d7ed743e899fc1e39e32236e0thumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\213c00b7888449348a369a29a4295d96 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\213c00b7888449348a369a29a4295d96thumb 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\2750a20cbdf14828ab541058f8fd9ef1 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\2750a20cbdf14828ab541058f8fd9ef1thumb 2019-12-13 17:06 - 2019-12-13 17:06 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\2e385a6151144c6dbf3ce9b47037a1eb 2019-12-13 17:06 - 2019-12-13 17:06 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\2e385a6151144c6dbf3ce9b47037a1ebthumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\33362a26ed34442ab453406769b97c53 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\33362a26ed34442ab453406769b97c53thumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\4581c067b7364532bf2994abc3eee60d 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\4581c067b7364532bf2994abc3eee60dthumb 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\47e693a2746040ed809b551dab5bc682 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\47e693a2746040ed809b551dab5bc682thumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\56a507ae62f646e8a25d5e35280cfe3d 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\56a507ae62f646e8a25d5e35280cfe3dthumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\6620323f92874d12ac54cbb162446994 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\6620323f92874d12ac54cbb162446994thumb 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\6648cd8d037649b3a510b38b73db45b3 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\6648cd8d037649b3a510b38b73db45b3thumb 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\6b816424adc1453d9a93e857aa138c30 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\6b816424adc1453d9a93e857aa138c30thumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\6c1580ff1541428fa0e3fadb4667e8f0 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\6c1580ff1541428fa0e3fadb4667e8f0thumb 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\75966f9feaf244b0b64dfdf2d841ce3b 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\75966f9feaf244b0b64dfdf2d841ce3bthumb 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\93839fd327c2400c94a0ecdd8d8f50df 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\93839fd327c2400c94a0ecdd8d8f50dfthumb 2019-12-13 17:06 - 2019-12-13 17:06 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\a44e73ac60ec4ecbab6bcea932d0d4bd 2019-12-13 17:06 - 2019-12-13 17:06 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\a44e73ac60ec4ecbab6bcea932d0d4bdthumb 2019-12-13 17:06 - 2019-12-13 17:06 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\a610a0e59b3b446695ed24fcd46f4507 2019-12-13 17:06 - 2019-12-13 17:06 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\a610a0e59b3b446695ed24fcd46f4507thumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000116576 _____ () C:\Users\Admin\AppData\Roaming\b519ab3d6e5140f084bc41189ced4151 2019-12-13 17:07 - 2019-12-13 17:07 - 000034820 _____ () C:\Users\Admin\AppData\Roaming\b519ab3d6e5140f084bc41189ced4151thumb 2019-12-13 17:06 - 2019-12-13 17:06 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\bd538d651347495e9caeb2ec855b161a 2019-12-13 17:06 - 2019-12-13 17:06 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\bd538d651347495e9caeb2ec855b161athumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\bd711578efca493a81dfa53e56c60b93 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\bd711578efca493a81dfa53e56c60b93thumb 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\c613cecd07614db195a806c1ec95248c 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\c613cecd07614db195a806c1ec95248cthumb 2019-12-13 17:06 - 2019-12-13 17:06 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\d8710bbd968d490fb3f83c1496f4462d 2019-12-13 17:06 - 2019-12-13 17:06 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\d8710bbd968d490fb3f83c1496f4462dthumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\dbf8d4432b4c447baab452385901c41c 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\dbf8d4432b4c447baab452385901c41cthumb 2019-12-13 17:06 - 2019-12-13 17:06 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\dbfa349b957e49dba5f1a714198eee51 2019-12-13 17:06 - 2019-12-13 17:06 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\dbfa349b957e49dba5f1a714198eee51thumb 2019-12-13 17:05 - 2019-12-13 17:05 - 000095085 _____ () C:\Users\Admin\AppData\Roaming\DefaultAlbumArt.png 2019-12-13 17:05 - 2019-12-13 17:05 - 000165847 _____ () C:\Users\Admin\AppData\Roaming\DefaultArtistArt.png 2019-12-13 17:05 - 2019-12-13 17:05 - 000164313 _____ () C:\Users\Admin\AppData\Roaming\DefaultPlaylistArt.png 2019-12-13 17:05 - 2019-12-13 17:05 - 000095085 _____ () C:\Users\Admin\AppData\Roaming\DefaultTrackArt.png 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\e97ef139c3a64d759cca53c03b388e9b 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\e97ef139c3a64d759cca53c03b388e9bthumb 2019-12-13 17:07 - 2019-12-13 17:07 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\ec1e5b4fa60243828140332d1fbcc8c4 2019-12-13 17:07 - 2019-12-13 17:07 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\ec1e5b4fa60243828140332d1fbcc8c4thumb 2019-12-13 17:08 - 2019-12-13 17:08 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\ef41d1e1b9024ed3829742f89223b1c9 2019-12-13 17:08 - 2019-12-13 17:08 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\ef41d1e1b9024ed3829742f89223b1c9thumb 2019-12-13 17:06 - 2019-12-13 17:06 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\f22d90610a4a4ce292693c323b143ef4 2019-12-13 17:06 - 2019-12-13 17:06 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\f22d90610a4a4ce292693c323b143ef4thumb 2019-12-13 17:06 - 2019-12-13 17:06 - 000058288 _____ () C:\Users\Admin\AppData\Roaming\f952db7863d24f1c8f620f2a44146ce3 2019-12-13 17:06 - 2019-12-13 17:06 - 000017410 _____ () C:\Users\Admin\AppData\Roaming\f952db7863d24f1c8f620f2a44146ce3thumb [ 7 ] Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\Admin\Downloads\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks Link to post Share on other sites More sharing options...
Bethyboo Posted December 2, 2023 Author ID:1602867 Share Posted December 2, 2023 Thank you so much! 1. I uninstalled the Adobe Air and the CCleaner. 2. Which DNS server do/would you use? 3. I received this error code when following the instructions: 4. To fix the problems in Windows Search, I was following the instructions, and didn't get the Windows search box shown, I got this Wordpad page: # Copyright © 2019, Microsoft Corporation. All rights reserved. function T-R { [CmdletBinding()] Param( [String] $n ) $o = Get-Item -LiteralPath $n -ErrorAction SilentlyContinue return ($o -ne $null) } function R-R { [CmdletBinding()] Param( [String] $l ) $m = T-R $l if ($m) { Remove-Item -Path $l -Recurse -ErrorAction SilentlyContinue } } function S-D { R-R "HKLM:\SOFTWARE\Microsoft\Cortana\Testability" R-R "HKLM:\SOFTWARE\Microsoft\Search\Testability" } function K-P { [CmdletBinding()] Param( [String] $g ) $h = Get-Process $g -ErrorAction SilentlyContinue $i = $(get-date).AddSeconds(2) $k = $(get-date) while ((($i - $k) -gt 0) -and $h) { $k = $(get-date) $h = Get-Process $g -ErrorAction SilentlyContinue if ($h) { $h.CloseMainWindow() | Out-Null Stop-Process -Id $h.Id -Force } $h = Get-Process $g -ErrorAction SilentlyContinue } } function D-FF { [CmdletBinding()] Param( [string[]] $e ) foreach ($f in $e) { if (Test-Path -Path $f) { Remove-Item -Recurse -Force $f -ErrorAction SilentlyContinue } } } function D-W { $d = @("$Env:localappdata\Packages\Microsoft.Cortana_8wekyb3d8bbwe\AC\AppCache", "$Env:localappdata\Packages\Microsoft.Cortana_8wekyb3d8bbwe\AC\INetCache", "$Env:localappdata\Packages\Microsoft.Cortana_8wekyb3d8bbwe\AC\INetCookies", "$Env:localappdata\Packages\Microsoft.Cortana_8wekyb3d8bbwe\AC\INetHistory", "$Env:localappdata\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\AppCache", "$Env:localappdata\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache", "$Env:localappdata\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies", "$Env:localappdata\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetHistory", "$Env:localappdata\Packages\Microsoft.Search_8wekyb3d8bbwe\AC\AppCache", "$Env:localappdata\Packages\Microsoft.Search_8wekyb3d8bbwe\AC\INetCache", "$Env:localappdata\Packages\Microsoft.Search_8wekyb3d8bbwe\AC\INetCookies", "$Env:localappdata\Packages\Microsoft.Search_8wekyb3d8bbwe\AC\INetHistory", "$Env:localappdata\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache", "$Env:localappdata\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache", "$Env:localappdata\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCookies", "$Env:localappdata\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetHistory") D-FF $d } function R-L { [CmdletBinding()] Param( [String] $c ) K-P $c 2>&1 | out-null D-W # 2>&1 | out-null K-P $c 2>&1 | out-null Start-Sleep -s 5 } function D-E { Write-Host "Press any key to continue..." $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyUp") > $null } Write-Output "Verifying that the script is running elevated" if (-Not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] 'Administrator')) { if ([int](Get-CimInstance -Class Win32_OperatingSystem | Select-Object -ExpandProperty BuildNumber) -ge 6000) { $Cx = "-File `"" + $MyInvocation.MyCommand.Path + "`" " + $MyInvocation.UnboundArguments Start-Process -FilePath PowerShell.exe -Verb Runas -ArgumentList "-noexit",$Cx Exit } } $a = "searchui" $b = "$Env:localappdata\Packages\Microsoft.Windows.Search_cw5n1h2txyewy" if (Test-Path -Path $b) { $a = "searchapp" } Write-Output "Resetting Windows Search Box" S-D 2>&1 | out-null R-L $a Write-Output "Done..." D-E 5. I'll wait for your instructions as to how to go about this one. 6. I have no idea what those folders are about, and I tried searching for them (just the 1st one in the list) and came up with nothing. I'd gladly delete them if I could find them! 7. I'm guessing I don't run the Farbar Fix until the rest of this is done? An FYI: I have no idea why the Internet Explorer is still on my laptop. I do not use it. I only use Firefox. I don't use Google to search, either, as I only use DDGo. I do not use Edge or Cortana or any of those Microsoft programs, and I use Libre Office for writing. I use as few of the Microsoft products as I can. I don't own a cellphone so I have no need for the bluetooth or smartphone products or connections, either, so I stay away from all of that, too. I am logged in as Administrator, btw. I hope I am giving you enough info...if not please let me know. Thank you for your patience! Link to post Share on other sites More sharing options...
Bethyboo Posted December 2, 2023 Author ID:1602896 Share Posted December 2, 2023 My Mwbts seems to be updating properly, now! I don't know what did it, but whatever you told me to do (that I was able to complete) seems to have helped. It kinda scares me having that long list of stuff in my roots, so shouldn't I be able to delete them? I'm thinking I still need to do everything else on your list still, correct? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 2, 2023 Root Admin ID:1602911 Share Posted December 2, 2023 Yes, please run the FIX above and post back the FIXLOG.txt when done and we'll continue Link to post Share on other sites More sharing options...
Bethyboo Posted December 3, 2023 Author ID:1602984 Share Posted December 3, 2023 Good Morning! I was never asked to run as Admin. or anything else...thought you should know? I hope I did this correctly... Log-Clear-BrowserCache.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 3, 2023 Root Admin ID:1603011 Share Posted December 3, 2023 Please locate the FIXLOG.TXT file and post that back here as an attachment @Bethyboo Once I review that log we'll proceed to any other steps needed Thanks Link to post Share on other sites More sharing options...
Bethyboo Posted December 3, 2023 Author ID:1603059 Share Posted December 3, 2023 Found it! Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 3, 2023 Root Admin ID:1603088 Share Posted December 3, 2023 Thank you. The log shows it ran pretty well. It found and repaired some other issues as well Windows Resource Protection found corrupt files and successfully repaired them. Let me have you run through these steps one more time now. Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process [ 1 ] Please make the following system changes. Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed. Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions [ 2 ] Malwarebytes AdwCleaner Let's do a special run of Malwarebytes AdwCleaner to help prepare the computer to be able to run other scanning software that may be blocked Please read all the information below before starting so that you have a good understanding of the process. Take your time and be careful. Make sure you select all of the listed items below - before- pressing the scan button. Please download Malwarebytes AdwCleaner and save the file to your Desktop or Downloads folder. Here is another link to download if the link above does not work: Malwarebytes AdwCleaner alternative link Locate the program where you downloaded it. Double-click to start AdwCleaner. Do not rush. There are a few choices to set as listed below. Malwarebytes AdwCleaner guide Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt. Accept the End User License Agreement. Wait until the database is updated. Do Not click on anything yet. When AdwCleaner starts, on the left side panel of the window, click on Settings and enable these repair actions on the Application tab Clicking their button to the far-right will enable the ON status Delete IFEO keys Delete tracing keys Delete Prefetch files Reset Proxy Reset Chrome policies Reset IE Policies Reset Winsock Reset Hosts file (If you're not having any issues accessing security or other websites you can uncheck this item) ONLY after you have set the selections above ....only after that ..... Now On the left side of the AdwCleaner window, click on the Dashboard panel and then click the Scan button to perform a computer scan. DO NOT uninstall or remove the Preinstalled software if found. Uncheck any items listed for Preinstalled When finished, if items are found please click Quarantine to finish the cleaning process. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach that log to your next reply. You can also open the Log Files panel to locate. This can take several minutes to complete, please be patient. When the AdwCleaner scan is completed it will display all of the items it has found. Click on the Quarantine button To remove what it found. AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean. Click on the Continue button to finish the removal process. If No Detections are found, Click the Basic Repair button to have it reset the checked items above. [ 3 ] Malwarebytes for Windows If you already have Malwarebytes installed then open Malwarebytes and click on the small gear icon, then click on the "Check for updates" button on the General tab. After any updates, click the middle Scan button from the main page. It will automatically run a Threat Scan. If you don't have Malwarebytes installed yet, please download it from here or alternative link and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed, make sure you have it quarantine any detections it finds. If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let us know in your next reply that the scanner would not run. View Reports and History in Malwarebytes for Windows v4 https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows Malwarebytes for Windows v4 guide https://support.malwarebytes.com/hc/en-us/articles/360038984693-Malwarebytes-for-Windows-v4-guide RESTART THE COMPUTER Before running Step 4 [ 4 ] Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe After renaming the file right-click over FRSTEnglish.exe and select "Run as administrator" When the tool opens click Yes to the disclaimer Make sure there is a check mark in the Addition.txt check box Press the Scan button. It will make a log FRST.txt and Addition.txt in the same directory the tool is run from. Please attach both logs to your next reply. Thank you Example image of where to click to attach files when posting your reply Link to post Share on other sites More sharing options...
Bethyboo Posted December 3, 2023 Author ID:1603090 Share Posted December 3, 2023 Please delete the other 2 files I attached, if you don't need them. They were saved to my desktop, so I just figured I'd add them as well. Thank you! Addition.txt FRST.txt MWB.txt AdwCleaner[C2291].txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 4, 2023 Root Admin ID:1603106 Share Posted December 4, 2023 Thank you. The Intel Rapid Storage is still faulting. Error: (12/03/2023 01:59:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.16.1063, time stamp: 0x58eb8338 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x048710a5 Faulting process id: 0x3174 Faulting application start time: 0x01da2633fd2a9552 Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: unknown Report Id: bd0a85da-8d12-4401-bea1-b379f4382c9f Faulting package full name: Faulting package-relative application ID: Please set the following Please make the following change in Malwarebytes if you're using the Premium or Trial version Please open Malwarebytes. Click on the small gear icon to open the Settings and go to the Security tab. Then turn off "Always register Malwarebytes in the Windows Security Center" Restart the computer It is highly unlikely that you need to setup exclusions for Windows Defender, however if you experience any issues, please see the following article and setup exclusions between Malwarebytes and Windows Defender Malwarebytes for Windows antivirus exclusions list https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list Next Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\Admin\Downloads\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks Link to post Share on other sites More sharing options...
Bethyboo Posted December 4, 2023 Author ID:1603201 Share Posted December 4, 2023 Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 4, 2023 Root Admin ID:1603249 Share Posted December 4, 2023 (edited) Great, that looks good @Bethyboo Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process [ 1 ] Please make the following system changes. Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed. Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions [ 2 ] I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on the Scan Options & select the FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run. The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan. This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.) The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. Then it writes into the log on your computer what it found. Thank you Edited December 5, 2023 by AdvancedSetup Updated information Link to post Share on other sites More sharing options...
Bethyboo Posted December 5, 2023 Author ID:1603479 Share Posted December 5, 2023 Good Morning. I'm running the scan now. Should I have closed my email, the Microsoft page and this page (all I have on) before starting the scan? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 5, 2023 Root Admin ID:1603520 Share Posted December 5, 2023 It's okay. Normally you'd close all but it should be fine Link to post Share on other sites More sharing options...
Bethyboo Posted December 6, 2023 Author ID:1603698 Share Posted December 6, 2023 Good Morning. The scan is almost 1/4 of the way done. As of this moment, it states that it has found ***145*** infected files! Will it be quarantining (is that even a word?) them so they can be noted and then deleted? This scan is very slow. Normally with my Mwbts. Premium full scan, it takes a little over 1 hr. I thought maybe it was going slower due to the laptop going to sleep when I'm not on it, so I switched it to sleep off...but I don't think it's made any difference. Is this normal? Also, since I can't use CCleaner anymore, is there another type of freeware that will erase downloads, all internet search, sneaky cookies which come aboard even though I purposely don't use those apps (Edge, IE, etc.)? Also, is there a way to uninstall/delete IE from my laptop completely? I have wanted to do so for decades, but have always been told that if I do, I can screw up my computer because it is somehow entwined into the workings...since it is being dropped by Microsoft, shouldn't I delete it? Thank you for all of your patient help! ~Bethyboo Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 6, 2023 Root Admin ID:1603731 Share Posted December 6, 2023 We'll look at some options for maintenance once we're done. Just remind me, thanks Link to post Share on other sites More sharing options...
Bethyboo Posted December 8, 2023 Author ID:1604071 Share Posted December 8, 2023 Good Morning. Just sending you an update, and letting you know I am still here :o) So far, it looks like the scan is about 2/3rds of the way through. This is amazing. 370 infected files??? I'm just floored and can't wait to get rid of them and all the dirty files found. Thank you so much for your help! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 8, 2023 Root Admin ID:1604074 Share Posted December 8, 2023 It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. Then it writes into the log on your computer what it found. Link to post Share on other sites More sharing options...
Bethyboo Posted December 8, 2023 Author ID:1604075 Share Posted December 8, 2023 Thank you! I don't mean to be putting the cart before the horse (as it were)...just find this all fascinating, in my humble ignorance. Link to post Share on other sites More sharing options...
Bethyboo Posted December 10, 2023 Author ID:1604429 Share Posted December 10, 2023 Hi. I just noticed that the scan had finished and it stated that no problems were found, and for me to click "finish" which I did. Last time I looked at it going this morning, there were more than 500...weird. I clicked on the finish spot, and now see no evidence of the scan having even been performed. Is this standard operative procedure? Thank you! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 11, 2023 Root Admin ID:1604491 Share Posted December 11, 2023 Hello @Bethyboo The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Link to post Share on other sites More sharing options...
Bethyboo Posted December 11, 2023 Author ID:1604570 Share Posted December 11, 2023 Good Morning--& Thank you! msert.log Link to post Share on other sites More sharing options...
Recommended Posts