Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MSE mysteriously stopped; Malwarebytes won't run either [Solved]


  • This topic is locked This topic is locked

#1
FrustratedScott

FrustratedScott

    Member

  • Member
  • PipPip
  • 16 posts

Hello community!  I discovered this morning MicroSoft Essentials is no longer running and the icon was removed.  I tried running Malwarebytes and in the middle of running, it disappeared.  Please help.  Thank you!


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, first I will need to take a look at your system

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs
THEN

Download aswMBR.exe ( 4.9mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
If Avast is not your AV it will ask to download virus definitions, allow this

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
FrustratedScott

FrustratedScott

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thank you for helping me.  Here are the posts.

 

 

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets start the removal process :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-3259559039-2231235213-3042515664-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPCC169658-09D0-4211-AA8A-F68449E5784A&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-3259559039-2231235213-3042515664-1000\..\SearchScopes\{DCCE059C-9593-402B-A280-18E63B8EFCCF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=DE489241-DEC3-4A79-A52F-B1DBB427D9FF&apn_sauid=9DA921BA-75E8-4F68-910D-83F11D870594
IE - HKU\S-1-5-21-3259559039-2231235213-3042515664-1000\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
[2013/11/22 08:12:34 | 000,001,449 | ---- | M] () -- C:\Users\Maxwell\AppData\Roaming\Mozilla\Firefox\Profiles\s9fpqa9e.default-1361625995253\searchplugins\100-search-engines.xml
[2014/01/12 20:20:10 | 000,000,975 | ---- | M] () -- C:\Users\Maxwell\AppData\Roaming\Mozilla\Firefox\Profiles\s9fpqa9e.default-1361625995253\searchplugins\conduit-search.xml
[2013/11/22 08:11:30 | 000,002,492 | ---- | M] () -- C:\Users\Maxwell\AppData\Roaming\Mozilla\Firefox\Profiles\s9fpqa9e.default-1361625995253\searchplugins\ixquick-https.xml
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (no name) - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - No CLSID value found.
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3259559039-2231235213-3042515664-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [{45068476-562d-e319-cb2f-de91457e2232}] C:\ProgramData\Microsoft\{45068476-562d-e319-cb2f-de91457e2232}\{45068476-562d-e319-cb2f-de91457e2232}.exe ()
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {45068476-562d-e319-cb2f-de91457e2232} = "C:\ProgramData\Microsoft\{45068476-562d-e319-cb2f-de91457e2232}\{45068476-562d-e319-cb2f-de91457e2232}.exe" ()

:Files
C:\Users\Maxwell\Desktop\From old computer\Kathy's Folder\RADTools.exe
C:\ProgramData\Microsoft\{45068476-562d-e319-cb2f-de91457e2232}
C:\$Recycle.Bin\S-1-5-21-3259559039-2231235213-3042515664-1000\$596cab13ea850690f5e9f2697e76d4c2

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@="ShellFolder for CD Burning"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Location"="@shell32.dll,-12591"
"Attributes"="0x0"
"AttributeMask"="0xffffffff"
"ConflictOverlayIcon"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,\
6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,69,00,6d,00,61,00,67,00,65,00,72,00,65,00,73,00,2e,00,64,00,6c,00,\
6c,00,2c,00,2d,00,31,00,36,00,39,00,00,00


:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here NSIS_extraction.png
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    http://img.photobuck...claimer_ENG.png
    • When finished, it shall produce a log for you.
    • Please include the C:\ComboFix.txt in your next reply.
    • Notes:
      1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

      3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


      Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#5
FrustratedScott

FrustratedScott

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thanks very much for your help.  It seems to be running quite well now.  I attached the logs as instructed.  Please let me know if there are more steps required.

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nearly done I feel :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:
 

File::
c:\windows\system32\drivers\tiafclbz.sys

Driver::
tiafclbz


Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#7
FrustratedScott

FrustratedScott

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Okay.....I followed your instructions.  Here are the logs.

Attached Files


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now for the big question.......... How is the computer behaving, any problems ?
  • 0

#9
FrustratedScott

FrustratedScott

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Much better!!!  Thanks much for the help.  Everything seems to be working fine now.  Are there any more steps I need to take?


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just this :)


Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP