Jump to content

Malwarebytes Pro: Can't enable real-time protection at startup on a Vista limited user account


Recommended Posts

I have an Acer Aspire M5100 desktop computer running Windows Vista Home Premium SP2 32-bit. I'm running Malwarebytes Pro version 1.61.0.1400 (database v2012.04.22.04) and Microsoft Security Essentials.

If I run MBAM from the administrator account, it works perfectly.

If I use a limited user account, MBAM's real-time protection will not run at startup. After a several minute delay, I receive the error message "[OpenEvent] Failed to perform desired action. Error code: 2". I can restart the protection module manually (via "run as administrator") after starting the computer, but it will be disabled again the next time I reboot as the limited user.

I have uninstalled MBAM, rebooted, run mbam-clean.exe, rebooted, re-installed the most recent version (with AV software disabled), excluded MBAM from MSE and vice versa, then tried to re-able the protection module, but this sequence has not solved the issue.

Any other suggestions? I have Malwarebytes running happily on several other computers, so I know it's possible.

Link to post
Share on other sites

  • Staff

Greetings and welcome :)

I apologize that we missed your post and failed to reply sooner.

To fix this problem, please log into your administrative user account and reinstall Malwarebytes Anti-Malware, then enable the protection module and make certain that it is configured to start with Windows.

Once that's done, reboot and log back into your administrative user account and verify that it did start up normally as it is supposed to.

If it did, then restart your computer once more and log into your limited user account and verify that it is now running as it should be.

If that does not resolve the issue then please do the following:

Create and mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please copy and paste the entire contents of the log into your next post, or, if you prefer, you may attach the CheckResults.txt file which should now be located on your desktop to your next post instead

Thanks :)

Link to post
Share on other sites

I think I've stopped getting the error message, but MBAM still doesn't start at startup for one of the limited user accounts. "Enable protection module" always starts unchecked even after specifically enabling it and "start with windows." It's always worked fine as the administrator, and, mysteriously, seems to work on the second of two limited user accounts, but not the first.

Here's the info for the limited account that's having problems. CheckResults.txt

Link to post
Share on other sites

  • Staff

Please reboot your computer and immediately log into the limited user account that's having the problem and then do the following:

Create a Batch File:

  • Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
    @echo off
    tasklist>"%userprofile%\desktop\Tasks.txt"
    start "log" "%userprofile%\desktop\Tasks.txt"
    del /f /q %0

    Once you've done that click on File and select Save As...

  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file TaskList.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it finishes it will open the file it created in notepad, please copy and paste the file's contents into your next reply.

Link to post
Share on other sites

Image Name PID Session Name Session# Mem Usage

========================= ======== ================ =========== ============

System Idle Process 0 Services 0 24 K

System 4 Services 0 16,436 K

smss.exe 440 Services 0 608 K

csrss.exe 572 Services 0 4,484 K

wininit.exe 632 Services 0 3,028 K

csrss.exe 644 Console 1 12,168 K

services.exe 676 Services 0 6,120 K

lsass.exe 688 Services 0 4,120 K

lsm.exe 696 Services 0 3,464 K

winlogon.exe 804 Console 1 4,716 K

svchost.exe 872 Services 0 5,900 K

svchost.exe 932 Services 0 6,276 K

MsMpEng.exe 992 Services 0 31,432 K

Ati2evxx.exe 1024 Services 0 3,700 K

svchost.exe 1040 Services 0 10,928 K

svchost.exe 1076 Services 0 64,776 K

svchost.exe 1116 Services 0 50,396 K

audiodg.exe 1216 Services 0 12,656 K

svchost.exe 1268 Services 0 5,232 K

SLsvc.exe 1284 Services 0 3,776 K

svchost.exe 1324 Services 0 9,552 K

svchost.exe 1512 Services 0 11,084 K

Ati2evxx.exe 1616 Console 1 5,432 K

spoolsv.exe 1824 Services 0 7,424 K

svchost.exe 1848 Services 0 8,696 K

armsvc.exe 1368 Services 0 2,696 K

AppleMobileDeviceService. 1768 Services 0 8,600 K

mDNSResponder.exe 2036 Services 0 3,896 K

FlipShareService.exe 624 Services 0 5,368 K

dwm.exe 2124 Console 1 3,140 K

taskeng.exe 2140 Services 0 5,188 K

taskeng.exe 2188 Console 1 8,844 K

explorer.exe 2228 Console 1 38,448 K

sm56hlpr.exe 2376 Console 1 4,068 K

msseces.exe 2388 Console 1 6,672 K

iTunesHelper.exe 2408 Console 1 7,592 K

fsui.exe 2420 Console 1 12,160 K

AirPlusCFG.exe 2472 Console 1 5,120 K

WZCSLDR2.exe 2484 Console 1 6,232 K

FlipShareServer.exe 2552 Services 0 4,316 K

ehtray.exe 2560 Console 1 1,332 K

wmpnscfg.exe 2620 Console 1 4,120 K

Dropbox.exe 2668 Console 1 17,896 K

fsssvc.exe 2816 Services 0 15,592 K

LSSrvc.exe 2872 Services 0 2,604 K

mdm.exe 2980 Services 0 3,480 K

ehmsas.exe 2988 Console 1 3,328 K

svchost.exe 3024 Services 0 4,028 K

ReflectService.exe 3040 Services 0 3,640 K

svchost.exe 3088 Services 0 4,308 K

svchost.exe 3136 Services 0 1,956 K

WLIDSVC.EXE 3184 Services 0 9,988 K

SearchIndexer.exe 3248 Services 0 14,156 K

eRecoveryService.exe 3324 Services 0 6,188 K

WLIDSVCM.EXE 3372 Services 0 2,156 K

WUDFHost.exe 3644 Services 0 3,524 K

WmiPrvSE.exe 3888 Services 0 13,844 K

mobsync.exe 1360 Console 1 4,948 K

unsecapp.exe 1492 Services 0 3,388 K

wmpnetwk.exe 4012 Services 0 13,204 K

iPodService.exe 4080 Services 0 4,456 K

alg.exe 160 Services 0 2,652 K

svchost.exe 3096 Services 0 8,184 K

mbamservice.exe 280 Services 0 41,512 K

firefox.exe 3352 Console 1 149,740 K

plugin-container.exe 4060 Console 1 17,364 K

SearchProtocolHost.exe 4868 Services 0 8,312 K

SearchFilterHost.exe 2972 Services 0 5,080 K

cmd.exe 2108 Console 1 2,280 K

tasklist.exe 560 Console 1 4,896 K

Link to post
Share on other sites

  • Staff

Great, thanks :)

It looks like our service is running, however, the tray module (mbamgui.exe) is not.

From within the limited user account having the problem, please go to C:\Program Files\Malwarebytes' Anti-Malware and right-click on mbamgui.exe and select Properties.

Click on the Compatibility tab and make certain that none of the boxes are checked. If any of the boxes are checked, uncheck them and then click on Apply and then click OK.

Reboot once more to see if that corrected the issue. If it did not, then please do the following:

  • Open Malwarebytes Anti-Malware and click on the Logs tab
  • Open the most recent protection log and copy/paste its contents into your next reply

If the log is too long, you may zip and attach it instead.

Thanks :)

Link to post
Share on other sites

There was nothing checked in the compatibility tab.

The protection log says:

2012/05/06 05:32:02 -0500 COMPUTER hamcat MESSAGE Executing scheduled update: Daily

2012/05/06 05:32:13 -0500 COMPUTER hamcat MESSAGE Starting database refresh

2012/05/06 05:32:13 -0500 COMPUTER hamcat MESSAGE Scheduled update executed successfully: database updated from version v2012.05.05.04 to version v2012.05.06.03

2012/05/06 05:32:13 -0500 COMPUTER hamcat MESSAGE Stopping IP protection

2012/05/06 05:32:19 -0500 COMPUTER hamcat MESSAGE IP Protection stopped

2012/05/06 05:32:41 -0500 COMPUTER hamcat MESSAGE Database refreshed successfully

2012/05/06 05:32:41 -0500 COMPUTER hamcat MESSAGE Starting IP protection

2012/05/06 05:32:47 -0500 COMPUTER hamcat MESSAGE IP Protection started successfully

Link to post
Share on other sites

  • Staff

Please do the following:

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here and save it to your desktop.
    • Note: If using Windows Vista or Windows 7 then you also need to do the following:
      1. Right-click on Autoruns.exe and select Properties
      2. Click on the Compatibility tab
      3. Under Privilege Level check the box next to Run this program as an administrator
      4. Click on Apply then click OK

    [*]Double-click Autoruns.exe to run it.

    [*]Once it starts, please press the Esc key on your keyboard.

    [*]Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...

    [*]In the Autoruns Filter Options dialoge, verify that the following are unchecked, if they are checked, uncheck them:

    • Include empty locations
    • Hide Microsoft entries
    • Hide Windows entries

    [*]Verify that the following is checked, if it is unchecked, check it:

    • Verify code signatures

    [*]Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.

    [*]When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.

    [*]Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder

    [*]Attach the Autoruns.zip folder you just created to your next reply

List Services:

  • Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
    @color 48 
    @echo off
    net start>"%userprofile%\desktop\Services.txt"
    sc query type= service state= all>>"%userprofile%\desktop\Services.txt"
    "%userprofile%\desktop\Services.txt"
    del /f /q "%userprofile%\desktop\Services.txt"
    del /f /q %0

    Once you've done that click on File and select Save As...

  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file ServInfo.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it finishes it will open the file it created in notepad, please copy and paste the file's contents into your next reply.

Link to post
Share on other sites

  • Staff

Thanks. Unfortunately I can't see any reason why the protection module wouldn't be loading. It should be according to everything in your logs.

I'm going to have to ask that you contact Consumer Support directly. When you do, please provide them with a link to this topic for their reference so they may see the information you've already provided as well as the things we've already tried.

Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.