MKWest
-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by MKWest
-
-
FYI, Malwarebytes is now running! Not sure if everything is fixed but that was the most important issue.
-
-
OK, did that. When I ran the scan, I got the following:
C:\Windows\system32>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.logC:\Windows\system32>
Ran the File Checker report script (sfcdetails.txt attached)
Ran FRST Search on opengl32.dll. (Search.txt attached)
-
OK, that's done. File attached.
-
OK, ran the first one and it did not run. Got the following:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\Windows\system32>DISM.exe /Online /Cleanup-image /Restorehealth
Deployment Image Servicing and Management tool
Version: 6.1.7600.16385Image Version: 6.1.7601.18489
Error: 87The restorehealth option is not recognized in this context.
For more information, refer to the help.The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
C:\Windows\system32>
Rebooted and ran the second and it would not run in regular mode. Had to do it from an elevated CP. dism.txt attached
-
Done. Results attached.
-
Same same. I can install but can't run. Get the same error. I'm still wondering if it is a permissions issue of some sort.
-
-
-
-
Ran Windows Repair - All in One on request of tech support as the permissions and security descriptors appear to be all messed up. Helped some, was able to apply a couple Windows updates I couldn't before. However, Mbam still wouldn't run. Did the MBAM-Clean you suggested and reinstalled but same error as before with opengl32.dll.
-
-
Still no joy. Get the same error.
For more background, we got hit with a ransomware virus about a week ago. I had a tech company I have used before come in to clean it up. The actual machine infected was a different machine but I had a couple of large shares on my machine which were encrypted.Fortunately, I had cloud backups of everything. However, I think when the "clean-up" was done it did something to my machine as a few things are not working right. Perhaps some important permissions were changed like the permissions for the event viewer which I fixed with a fix I found online. Mine was the only machine out of 5 that had any problems installing and running malwarebytes. Hope that helps.
-
OK, finally got it working and did another scan last night and here are the results:
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 10/11/2016 6:42:39 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Rick-PC
Description:
Checking file system on C:
The type of the file system is NTFS.A disk check has been scheduled.
Windows will now check the disk.CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x15b9f.
Cleaning up instance tags for file 0x6fd78.
507648 file records processed.
File verification completed.
1580 large file records processed.
0 bad file records processed.
2 EA records processed.
107 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
619148 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
507648 file SDs/SIDs processed.
Cleaning up 622 unused index entries from index $SII of file 0x9.
Cleaning up 622 unused index entries from index $SDH of file 0x9.
Cleaning up 622 unused security descriptors.
Security descriptor verification completed.
55751 data files processed.
CHKDSK is verifying Usn Journal...
33863776 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
507632 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
85778334 free clusters processed.
Free space verification is complete.
Windows has made corrections to the file system.488282111 KB total disk space.
144312480 KB in 418615 files.
231052 KB in 55752 indexes.
4 KB in bad sectors.
625235 KB in use by the system.
65536 KB occupied by the log file.
343113340 KB available on disk.4096 bytes in each allocation unit.
122070527 total allocation units on disk.
85778335 allocation units available on disk.Internal Info:
00 bf 07 00 0a 3d 07 00 d8 57 0d 00 00 00 00 00 .....=...W......
4c 04 00 00 6b 00 00 00 00 00 00 00 00 00 00 00 L...k...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................Windows has finished checking your disk.
Please wait while your computer restarts.Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-10-12T01:42:39.000000000Z" />
<EventRecordID>78829</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Rick-PC</Computer>
<Security />
</System>
<EventData>
<Data>Checking file system on C:
The type of the file system is NTFS.A disk check has been scheduled.
Windows will now check the disk.CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x15b9f.
Cleaning up instance tags for file 0x6fd78.
507648 file records processed.
File verification completed.
1580 large file records processed.
0 bad file records processed.
2 EA records processed.
107 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
619148 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
507648 file SDs/SIDs processed.
Cleaning up 622 unused index entries from index $SII of file 0x9.
Cleaning up 622 unused index entries from index $SDH of file 0x9.
Cleaning up 622 unused security descriptors.
Security descriptor verification completed.
55751 data files processed.
CHKDSK is verifying Usn Journal...
33863776 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
507632 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
85778334 free clusters processed.
Free space verification is complete.
Windows has made corrections to the file system.488282111 KB total disk space.
144312480 KB in 418615 files.
231052 KB in 55752 indexes.
4 KB in bad sectors.
625235 KB in use by the system.
65536 KB occupied by the log file.
343113340 KB available on disk.4096 bytes in each allocation unit.
122070527 total allocation units on disk.
85778335 allocation units available on disk.Internal Info:
00 bf 07 00 0a 3d 07 00 d8 57 0d 00 00 00 00 00 .....=...W......
4c 04 00 00 6b 00 00 00 00 00 00 00 00 00 00 00 L...k...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event> -
OK, got it started. Let me try again but not sure if it recorder anything if it wasn't running.
-
Well, we might have started to narrow down this particular problem. When I do that I get an error: "Event Log service is unavailable. Verify that the service is running."
When i go to services and try and start it manually I get another error: "WIndows could not start the Windows Event Log service on Local Computer. Error 5: Access is denied"
I am logged in as an administrator.
-
If I bring up powershell in the menu and run as administrator I get the following:
Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.PS C:\Windows\system32> get-winevent -FilterHashTable @{logname="Application"; i
d="1001"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-f
ile Desktop\CHKDSKResults.txt
Out-File : Could not find a part of the path 'C:\Windows\system32\Desktop\CHKDS
KResults.txt'.
At line:1 char:140
+ get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.provi
dername -match "wininit"} | fl timecreated, message | out-file <<<< Desktop\CH
KDSKResults.txt
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundExce
ption
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.Ou
tFileCommandPS C:\Windows\system32>
-
Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.PS C:\Users\Rick> get-winevent -FilterHashTable @{logname="Application"; id="100
1"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-file De
sktop\CHKDSKResults.txtResults:
Get-WinEvent : The interface is unknown
At line:1 char:13
+ get-winevent <<<< -FilterHashTable @{logname="Application"; id="1001"}| ?{$_
.providername -match "wininit"} | fl timecreated, message | out-file Desktop\CH
KDSKResults.txt
+ CategoryInfo : NotSpecified: (:) [Get-WinEvent], EventLogExcept
ion
+ FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogExcep
tion,Microsoft.PowerShell.Commands.GetWinEventCommandPS C:\Users\Rick>
-
I noticed a couple others having this problem and some common suggestions. BTW, I have scanned this machine with the installed McAfee as well as Stinger, Spy Bot Search & Destroy, and CCleaner. These found a few issues and cleaned them up. I still cannot start MalwareBytes. I noticed the Farbar Recovery Scan Tool is mentioned in all of these responses so I downloaded and run a scan. I have attached the First.txt and Addition.txt files. Let me know if you want me to actually post the text in the response.
-
Hello,
I have a two year subscription to Malwarebytes Premium. I have loaded it on other computers but one is having issues. After installing it will not run but throws a mbam.exe - Bad Image error. The error says: "OPENGL32.dll is either not designed to run on Windows or ir contains an error, etc., etc.". I tried grabbing the file from another computer and re-installing my video driver/software but no joy. I could use some help and direction on this.
Thanks!
mbam.exe - Bad Image - after installation , opengl32.dll
in Resolved Malware Removal Logs
Posted
No, everything seems to be working now. Even direct downloads from Dropbox which weren't working are working now. I really appreciate your help!