Unable to open Malwarebytes (Premium)

[jamesharr]

Hello

 

Based upon the advice given by Firefox in my first thread [found here], I am creating this thread to seek help in identifying and removing any infections that might be present on my computer. The issues with my system started abruptly several weeks or maybe a month ago. Firefox could not be forced to quit, fully uninstalled, or deleted. After renaming those files that would not close and restarting the computer, I was able to remove them and reinstall firefox. After re-installation I was able to open and close the browsers, but Taskmanager listed multiple firefox.exe's and some could not be closed. I disabled Sophos antivirus and this problem went away. I then uninstalled Sophos and replaced it with Avast. For a short time I had minimal problems. However, I have begun having issues with MBAM below are my current symptoms.

 

Symptoms:

1) Malwarebytes will not open

2) MBAM Chameleon successfully opens but encounters the following error:

 

     Updating MBAM. . .

     Response from update :

     Failed to start the update

     Killing known malicious processes, please wait. . .

 

     Mbam-killer timeout set to 1800 seconds.

     Mbam-killer is scanning - Please C to cancel. . .

     Mbam-killer scan is complete.

     Mbam-killer is exiting.

 

     The system is then able to open MBAM and complete a scan with no detections.

    

3) The system is running slower than is appropriate

 

Logs

1) CheckResults.txt

2) FRST.txt

3) Addition.txt

 

 

Please note, based on the policy described by Root Admin, I have fully uninstalled utorrent and bitTorrent. There should be no other Peer 2 Peer programs on my system with my consent. Neither program was ever used to pirate copyrighted content.

 

Thank you very much for your time.

[AdvancedSetup]

Not seeing much of anything that should be stopping MBAM but the computer does appear to be having issues writing to the registry and that may have something to do with it.

 

Please try doing a full disk check and reinstall of MBAM and see if that helps.

 

Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.


On Windows 8 the disk check log is in the Event Logs under Application with a heading source of  Chkdsk


How to Check a Drive for Errors with "chkdsk" in Windows 8

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 

 

Do the full disk check and repair sectors for recovery and post back the results of the scan.

 

After the disk check run the following fix.

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

[jamesharr]

I ran a chkdsk on drive C (the OS drive) and drive D (a small SSD cache drive). Neither scan detected any corrupted areas.

 

chkdsk logs:

C: chkdsk log - C(OS).txt

D: chkdsk log - D.txt

 

After restarting the machine to complete uninstalling MBAM, the computer hung on the restart screen. After about 20 minutes of hanging and no progress, I forced shutoff and, after restarting, ran a second set of chkdsks. Neither found any errors. However, when I opened process hacker (which I used to observe what processes are running) it showed a message that some of its files were corrupted and required resetting, which I permitted. I believe process hacker was open when I chose to restart, so perhaps it is the program that was causing the hang up. But I described what happened in case it was relevant to you.

 

I reinstalled MBAM and it opens when selected. After I post this I will attempt another restart to double check the function. It's a little hard to tell, but the system still seems sluggish.

[jamesharr]

I ran the FRST fixlist, it completed, and did not request a restart. I decided to restart anyway to see the boot speed. Seemed sluggish.

 

Fixlog: Fixlog.txt

 

Still able to open MBAM without a problem.

[AdvancedSetup]

Okay, let me have you run the following just in case, but at this point it's not looking like you're infected.

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 

[jamesharr]

tdskiller log: TDSSKiller.3.0.0.44_01.03.2015_22.54.51_log.txt

[AdvancedSetup]

Let me have you try to reset all your browsers.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer

How to reset Internet Explorer settings

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

Start by disabling Sync

How To Delete Your Google Chrome Browser Sync Data

Chrome - Reset browser settings

If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

Next,

Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

[jamesharr]

I reset IE and Firefox and uninstalled chrome.

I ran TFC. Here's a short log

TFC log.txt

 

 

[AdvancedSetup]

Okay please try a new MBAM CLEAN removal and reinstall with the latest beta build and let me know if you continue to have any issues or not.

https://forums.malwarebytes.org/index.php?/topic/165570-malwarebytes-anti-malware-210-beta/

MBAM Clean Removal Process 2x

Thanks

[jamesharr]

Clean removed MBAM 2.0 and replaced it with the beta (which looks great, by the way!). No problems. MBAM starts up in the same manner as before and completes a scan in about the same time MBAM2.1report.txt. However, the system is slow to boot, slow restarting, and slow to process system related tasks. This doesn't seem infection related. All of these symptoms have appeared to change overtime. For example, several weeks ago the system speed was find, the problem was browsers being blocked by MBAM. This was resolved, for some reason, after removing Sophos, but was followed by MBAM no longer opening and the system slowing down.

 

I went ahead and ran the system file checker. It detected some file errors that it could not resolve [results:CBS.log I don't know if that would explain any of the symptoms.

 

It also appears that Lenovo brand laptops have had problems with windows 8.1. Specifically, some have had problems with the Intel Dynamic Platform and Thermal Framework excessively throttling the CPU, which some people are disabling until Microsoft offers a solution. I hesitate doing this since the effects are untested and it is not necessarily the cause. If it is system related, I am ok being patient to figure out exactly what is going on. But perhaps I should seek out advice on Lenovo or Microsoft forums?

 

Dunno. What do you think?

[jamesharr]

Sorry, here is the CBS log: CBS.log

[AdvancedSetup]

I think you should check the hard drive itself.

 

The time to scan on what I would expect to be a reasonably new computer within the past couple of years seems a little long.

 

Check in device manager which hard drive you have. Google search for the number can help if needed. Then get a tool from the MFG link and test the hard drive out. I'd do both quick and long tests and see what they say.

 

 

Please see the following link which has all sorts of links and topics for hard drive diagnostics
Hard Drive Diagnostics Tools and Utilities
 

[jamesharr]

Here: CBS log.txt

[jamesharr]

HDD: st10000lm024 hn-m101mbb (Samsung)

SSD: liteonit lss-24l6g

 

 

The HDD is a Samsung drive, but the link redirects to a page for Samsung that does not provide any diagnostic/utility tools. I know Samsung HDD's department was taken over by Seagate, so I would think Seagate is maintaining some support for Samsung drives, but I wasn't sure which utility to use.

[AdvancedSetup]

The Seagate tools should support testing your drive.

 

How to use SeaTools for Windows
http://knowledge.seagate.com/articles/en_US/FAQ/202435en

Download the SeaTools for Windows software
http://www.seagate.com/support/downloads/seatools/seatools-win-master/

 

 

FAQ

http://www.seagate.com/support/internal-hard-drives/laptop-hard-drives/spinpoint-m-series/

 

Thanks

[jamesharr]

The preliminary on just the short test is hard drive damage. It will take me a little time before I can report back with the rest of the results. I need to partition out a hard drive and create file backups and a system image backup before I do anything else. Certain symptoms have become more pronounced. Slower and more glitchy, possibly some network adapter driver corruption. Once I have everything backed up I will report back with the logs from the diagnostics to see if the damage is repairable. Thanks for your help in reaching this point! I really appreciate it. You guys are offering an awesome service.

 

I hope to have a bit more guidance once I have those logs, but any tips for handling HDD damage? For example, is a system image of a damaged drive useful?

[AdvancedSetup]

Best thing to do is stop where you're at with anything else except Backing up any and all important files before the drive gets to a level that you cannot copy or backup files anymore.

 

Once all your files are backed up then look at replacing the drive and reinstalling Windows.

[jamesharr]

Is there a good way to validate the viability of a system image backup?

[AdvancedSetup]

You can do an MD5 hash check to verify it is the same as it was created but you can't tell if the contents inside are corrupt or not very easily. You can make the image, copy it to the new hard drive, fire it up and see if it works though.

[jamesharr]

I have some interesting results.

 

--------------- SeaTools for Windows v1.2.0.10 ---------------
3/3/2015 11:37:35 PM
Model: ST1000LM024 HN-M101MBB
Serial Number: S2SMJ9FF201000
Firmware Revision: 2AR20002
Short Generic - Started 3/3/2015 11:37:35 PM
Short Generic - FAIL 3/3/2015 11:37:38 PM
SeaTools Test Code: 6C9AC2A4
Short DST - Started 3/4/2015 11:26:23 PM
Short DST - Pass 3/4/2015 11:28:13 PM
SMART - Pass 3/4/2015 11:29:01 PM
Short Generic - Started 3/4/2015 11:30:32 PM
Short Generic - FAIL 3/4/2015 11:31:08 PM
SeaTools Test Code: 6C9AC2A4
Long Generic - Started 3/4/2015 11:33:52 PM
Long Generic - FAIL 3/4/2015 11:33:55 PM
SeaTools Test Code: 6C9AC2A4
Long Generic - Started 3/4/2015 11:34:36 PM
Long Generic - Pass 3/5/2015 5:12:33 AM
 

As you can see both short generic tests I ran failed. The one long generic test I ran that failed I believe was due to a failure to initialize. I had a browser open and I believe it interfered with the program accessing the hard-drive since it failed in under 5 seconds (this was accidental, all other tests were run with no other applications open). Once I closed the browser and re-ran the long test, it completed and passed. I have ran any fix functions yet since I wanted to try to validate my system image first. The test results seem kind of confusing.

[AdvancedSetup]

More difficult to setup but scanning the drive from a bootable CD would be more accurate. Of if the computer has built-in hard drive diagnostics that run from the BIOS

 

Everything so far sure points to a bad drive though

[jamesharr]

So I decided to clean install windows 8 onto my new hard drive, rather than importing the clone of my old drive. The computer works great of course, esp going from a hdd to a ssd. I really appreciate the help I received! If you are interested I did have a couple more questions. Primarily, I need to get my licensed software from my old drive to the new one. What would be the best way? I could pop the old drive in and deactive programs, but is there a better way?

[AdvancedSetup]

Pretty easy to do. Basically download the program and install it and then activate it.

 

http://downloads.malwarebytes.org/file/mbam/

 

Thanks

 

[jamesharr]

Thanks for all the help, I should be all set now. Feel free to close this thread.

 

Results: MBAM_log.txt

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!