MKWest

October 24, 2016

No, everything seems to be working now. Even direct downloads from Dropbox which weren't working are working now. I really appreciate your help!

October 24, 2016

FYI, Malwarebytes is now running! Not sure if everything is fixed but that was the most important issue.

October 24, 2016

Done and files attached.

sfcdetails.txt

Fixlog.txt

October 21, 2016

OK, did that. When I ran the scan, I got the following:

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>

Ran the File Checker report script (sfcdetails.txt attached)

Ran FRST Search on opengl32.dll. (Search.txt attached)

sfcdetails.txt

Search.txt

October 21, 2016

OK, that's done. File attached.

CheckSUR.log

October 20, 2016

OK, ran the first one and it did not run. Got the following:

C:\Windows\system32>DISM.exe /Online /Cleanup-image /Restorehealth

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7601.18489

Error: 87

The restorehealth option is not recognized in this context.
For more information, refer to the help.

The DISM log file can be found at C:\Windows\Logs\DISM\dism.log

C:\Windows\system32>

Rebooted and ran the second and it would not run in regular mode. Had to do it from an elevated CP. dism.txt attached

dism.txt

October 20, 2016

Done. Results attached.

sfcdetails.txt

October 19, 2016

Same same. I can install but can't run. Get the same error. I'm still wondering if it is a permissions issue of some sort.

October 19, 2016

Done. Results attached.

Fixlog.txt

CheckResults.txt

October 18, 2016

OK, ran it twice in Safe Mode and did a new scan. Results are attached.

Addition.txt

FRST.txt

October 17, 2016

Sorry, for a couple days I couldn't post a reply for some reason.

Addition.txt

FRST.txt

October 13, 2016

Ran Windows Repair - All in One on request of tech support as the permissions and security descriptors appear to be all messed up. Helped some, was able to apply a couple Windows updates I couldn't before. However, Mbam still wouldn't run. Did the MBAM-Clean you suggested and reinstalled but same error as before with opengl32.dll.

October 12, 2016

OK, scan just finished. Files attached.

Addition.txt

FRST.txt

October 12, 2016

Still no joy. Get the same error.

For more background, we got hit with a ransomware virus about a week ago. I had a tech company I have used before come in to clean it up. The actual machine infected was a different machine but I had a couple of large shares on my machine which were encrypted.Fortunately, I had cloud backups of everything. However, I think when the "clean-up" was done it did something to my machine as a few things are not working right. Perhaps some important permissions were changed like the permissions for the event viewer which I fixed with a fix I found online. Mine was the only machine out of 5 that had any problems installing and running malwarebytes. Hope that helps.

October 12, 2016

OK, finally got it working and did another scan last night and here are the results:

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 10/11/2016 6:42:39 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Rick-PC
Description:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x15b9f.
Cleaning up instance tags for file 0x6fd78.
507648 file records processed.
File verification completed.
1580 large file records processed.
0 bad file records processed.
2 EA records processed.
107 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
619148 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
507648 file SDs/SIDs processed.
Cleaning up 622 unused index entries from index $SII of file 0x9.
Cleaning up 622 unused index entries from index $SDH of file 0x9.
Cleaning up 622 unused security descriptors.
Security descriptor verification completed.
55751 data files processed.
CHKDSK is verifying Usn Journal...
33863776 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
507632 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
85778334 free clusters processed.
Free space verification is complete.
Windows has made corrections to the file system.

488282111 KB total disk space.
144312480 KB in 418615 files.
231052 KB in 55752 indexes.
4 KB in bad sectors.
625235 KB in use by the system.
65536 KB occupied by the log file.
343113340 KB available on disk.

4096 bytes in each allocation unit.
122070527 total allocation units on disk.
85778335 allocation units available on disk.

Internal Info:
00 bf 07 00 0a 3d 07 00 d8 57 0d 00 00 00 00 00 .....=...W......
4c 04 00 00 6b 00 00 00 00 00 00 00 00 00 00 00 L...k...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-10-12T01:42:39.000000000Z" />
<EventRecordID>78829</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Rick-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x15b9f.
Cleaning up instance tags for file 0x6fd78.
507648 file records processed.
File verification completed.
1580 large file records processed.
0 bad file records processed.
2 EA records processed.
107 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
619148 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
507648 file SDs/SIDs processed.
Cleaning up 622 unused index entries from index $SII of file 0x9.
Cleaning up 622 unused index entries from index $SDH of file 0x9.
Cleaning up 622 unused security descriptors.
Security descriptor verification completed.
55751 data files processed.
CHKDSK is verifying Usn Journal...
33863776 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
507632 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
85778334 free clusters processed.
Free space verification is complete.
Windows has made corrections to the file system.

488282111 KB total disk space.
144312480 KB in 418615 files.
231052 KB in 55752 indexes.
4 KB in bad sectors.
625235 KB in use by the system.
65536 KB occupied by the log file.
343113340 KB available on disk.

4096 bytes in each allocation unit.
122070527 total allocation units on disk.
85778335 allocation units available on disk.

Internal Info:
00 bf 07 00 0a 3d 07 00 d8 57 0d 00 00 00 00 00 .....=...W......
4c 04 00 00 6b 00 00 00 00 00 00 00 00 00 00 00 L...k...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

October 11, 2016

OK, got it started. Let me try again but not sure if it recorder anything if it wasn't running.

October 11, 2016

Well, we might have started to narrow down this particular problem. When I do that I get an error: "Event Log service is unavailable. Verify that the service is running."

When i go to services and try and start it manually I get another error: "WIndows could not start the Windows Event Log service on Local Computer. Error 5: Access is denied"

I am logged in as an administrator.

October 11, 2016

If I bring up powershell in the menu and run as administrator I get the following:

PS C:\Windows\system32> get-winevent -FilterHashTable @{logname="Application"; i
d="1001"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-f
ile Desktop\CHKDSKResults.txt

Out-File : Could not find a part of the path 'C:\Windows\system32\Desktop\CHKDS
KResults.txt'.
At line:1 char:140
+ get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.provi
dername -match "wininit"} | fl timecreated, message | out-file <<<< Desktop\CH
KDSKResults.txt
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundExce
ption
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.Ou
tFileCommand

PS C:\Windows\system32>

October 11, 2016

PS C:\Users\Rick> get-winevent -FilterHashTable @{logname="Application"; id="100
1"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-file De
sktop\CHKDSKResults.txt

Results:

Get-WinEvent : The interface is unknown
At line:1 char:13
+ get-winevent <<<< -FilterHashTable @{logname="Application"; id="1001"}| ?{$_
.providername -match "wininit"} | fl timecreated, message | out-file Desktop\CH
KDSKResults.txt
+ CategoryInfo : NotSpecified: (:) [Get-WinEvent], EventLogExcept
ion
+ FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogExcep
tion,Microsoft.PowerShell.Commands.GetWinEventCommand

PS C:\Users\Rick>

October 10, 2016

I noticed a couple others having this problem and some common suggestions. BTW, I have scanned this machine with the installed McAfee as well as Stinger, Spy Bot Search & Destroy, and CCleaner. These found a few issues and cleaned them up. I still cannot start MalwareBytes. I noticed the Farbar Recovery Scan Tool is mentioned in all of these responses so I downloaded and run a scan. I have attached the First.txt and Addition.txt files. Let me know if you want me to actually post the text in the response.

Addition.txt

FRST.txt

October 10, 2016

Hello,

I have a two year subscription to Malwarebytes Premium. I have loaded it on other computers but one is having issues. After installing it will not run but throws a mbam.exe - Bad Image error. The error says: "OPENGL32.dll is either not designed to run on Windows or ir contains an error, etc., etc.". I tried grabbing the file from another computer and re-installing my video driver/software but no joy. I could use some help and direction on this.

Thanks!

Events

Profiles

Forums

Posts posted by MKWest

Important Information