[SOLVED] malwarebytes flagged something i hadn't clicked on

Status
Not open for further replies.
Since you interrupted the scan, we know nothing about what happened.

Since it took so long, I suspect there are system corruptions, and I would like you to repeat the whole process. Be prepared that it will take so long, and of course, be patience.
 
hi not home right now but just to be sure so hopefully i don't mess up yet again.
-- I am redoing the online fix, cmd prompt DISM /Online /Cleanup-Image /RestoreHealth

then the SFC command -- is that right??

--- 2nd question, should I do anything about Malwarebytes while running these? Looking in Task Manager it seemed like malwarebytes was using a fair amount of resources while the scan was running. I hate to turn it off but if you think it is important then I will.

Thank you! and I will try not to mess up yet again. it is a small hard drive, i think 500gb and I couldn't believe how long it was taking.
 
1. Yes, first use DISM and then SFC.

2. Leave Malwarebytes as it is and do not use the computer while scanning, unless you have something important to do with it.
 
Hi!

As you can see, Windows Resource Protection found corrupt files and successfully repaired them. It took too long, but the important thing is that now everything is in its place.

Do you have any remaining issues/questions/concerns?
 
first, thank you!! I am so grateful for your help!
second, yes actually I am wondering, how might this have happened? The computer is not that old and behaved reasonably well, so I was really surprised that there were Windows problems.
What made you think Windows problems were likely?
Did the specific ones you could see mean anything special, about how they happened?
And, how do I prevent the same thing from happening again?

I have a Windows 10 desktop, should I run DISM on that just to see if there are issues?

Thanks so much!
 
and - could you point to directions for recommended steps for Windows 11 and Windows 10. Data backups I know, but what kind of system driver etc backups and how often should those be updated?
 
It's not unusual to have corrupted system files, and this has nothing to do with how old/new a computer is. These corruptions are commonly caused by memory corruption, Windows updating errors, power interruption, system crashes, or other errors with system processes that happen in the background.

You don't have to worry about it.

About backup, these two articles may help you get an idea of the ways you can make a backup. Personally, I prefer the easy way: every couple of months, save my personal files in an external disk.

File History for saving files and creating copies

Creating a system image
 
I have a Windows 10 desktop, should I run DISM on that just to see if there are issues?

Sure!

DISM command, followed by SFC command.
 
We are almost there. :)

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.
 
having a problem.

It downloaded to Downloads, I moved it the Desktop on Limited Account.
I right clicked to run as Administrator. I got a Microsoft warning, I clicked more info then Run Anyway.
Now it is (I think) running BUT -- it never asked me for the Admin password AND I never saw any screen with options.

I just have that little blue spinning circle.
Help? Do not know what is going on.

Screenshot of my Task Manager right now





1715520606336.png1715520606336.png
 
Run the tool using an account with admin privileges.
 
I was having trouble seeing the prompt to let me, it was hidden rather than popping up as usual - got it now. Running!
 
It ran, said Completed successfully.
A notepad file, the log I guess, opened.
But the entire rest of the screen was blacked out, I could not see any of my apps or Firefox or anything so at that moment I could not post.
I used Task Manager to sign out of the Limited account, then signed back in.
Now I cannot find the log?
Sorry, maybe there is somewhere else I can look?
 
You must understand that when a tool is running you just wait for it to finish. Do not do other jobs with the computer while a tool is running. Even the simplest ones.

Do you see the tools we use on your Desktop? FRST, Adwcleaner, KpRm, Eset Scanner, the logs... ?
 
What happened was, it had written the file to the LocalAdmin account that had given permission for it to run. So I copied it from the LocalAdmin desktop to the Limited account I use for almost everything. Those other tools, the ones we used (I don't think Adwcleaner?) everything on my Limited desktop is totally normal and FRST and KpRm are there, I don't see Eset? but I think I ran it online. The logs were there but I think maybe got cleaned up?




# Run at 5/12/2024 9:37:47 AM
# KpRm (Kernel-panik) version 2.17.0
# Website https://kernel-panik.me/tool/kprm/
# Run by localAdmin from C:\Users\lim1\Desktop
# Computer Name: HP2024
# OS: Windows 11 X64 (22631) (10.0.22631.3447)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\windows\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\localAdmin\NTUSER.dat backed up

[OK] Registry Backup: \KPRM\backup\2024-05-12-09-37-47

- Delete Tools -


## ESET Online Scanner
[OK] C:\Users\localAdmin\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\localAdmin\Downloads\esetonlinescanner.exe deleted
[OK] C:\Users\localAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
[OK] C:\Users\localAdmin\AppData\Local\ESET\ESETOnlineScanner deleted

## FRST
[OK] C:\Users\localAdmin\Desktop\Fixlog.txt deleted
[OK] C:\Users\localAdmin\Desktop\FRST64.exe deleted
[OK] \FRST deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Windows Update created at 04/24/2024 01:34:27 deleted
~ [OK] RP named Windows Update created at 05/07/2024 17:23:56 deleted
~ [OK] RP named Restore Point Created by FRST created at 05/07/2024 17:31:51 deleted
~ [OK] RP named Windows Modules Installer created at 05/07/2024 19:27:57 deleted
~ [OK] RP named Restore Point Created by FRST created at 05/08/2024 20:38:51 deleted
~ [OK] RP named Windows Update created at 05/12/2024 13:21:11 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 05/12/2024 13:38:43

-- KPRM finished in 86.63s --
 
Last edited:
everything on my Limited desktop is totally normal and FRST and KpRm are there, I don't see Eset?

You tend to confuse me, newbee_4! :oops:;)

"Does totally normal" mean that they are still there? Eset was on the Admin's Desktop and it was removed.

Run the tool once more on the Limited account's Desktop. Do not do anything while it is running and let me know what happens.
 
Status
Not open for further replies.
Back
Top