Jump to content

Update Issue?


Recommended Posts

Hello toadstew2016:

Quote

Error installing update for Msrt in windows 10.Caused by Mbarw beta 8?

Would it be possible to document the above?  Where the error messages from Windows 10, MBARW Beta8, or other?  Can you please approximate the date/time of the last error?

Using only the native Windows built-in zip utility, please create separate .zip archive files of the following directories for MBARW developer team analysis:

                              "%ProgramData%\Malwarebytes\Malwarebytes Anti-Ransomware\"
                              "%ProgramData%\Malwarebytes\MBAMService\logs\"
                              "%ProgramData%\MalwarebytesARW\"

Please attach the .zip archives to your next reply.  Thank you again for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback.

Link to post
Share on other sites

Hello toadstew2016:

Although quite well suited for troubleshooting issues with other Malwarebytes' products, it would be appreciated if you would attach the two output diagnostic text files from FRST64.exe.  FARBAR's diagnostic utility is best run from the system's Administrator desktop as well as "Run as administrator".

Please read Diagnostic Logs and individually attach the 2 requested logs only from Log Set 1 in a reply to this thread.

Those diagnostic output text logs to be attached only are FRST.txt and Addition.txt.  Thank you again.

Link to post
Share on other sites

Anything found in the FRST logs.Hope you did not blacklist me because of those registry cleaners.Just making sure Revo is doing its job.In regards to Msrt I think something is stopping it from scanning when the updates are being installed.If anyone has any ideas let me know.Before all the changes to Windows Defender Msrt would scan automatically in the background.My theory is because limited periodic scan is off it is causing Msrt not to work.

Link to post
Share on other sites

  • Root Admin

No blacklisting. We're checking other resources to see if it's something that changes on Microsoft's end or our end. If it's happened with the previous builds too but not resolved then it's possible we've just not update on our end. Let me see what I can find out and get back to you.

Thanks

 

Link to post
Share on other sites

  • Root Admin

Okay, so no from support is seeing this that was available. I've looked at the logs and you've got quite a bit going on. I'd like to move this topic to the Malware Removal forum and let's clean a few things on the box first and go from there if that's okay with you.

 

Link to post
Share on other sites

  • Root Admin

Let's do some scans to make sure no obvious infections. Then we'll look at correcting some other issues going on that show in your logs.

 

STEP 01
Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below, please see the following:
MBAM Clean Removal Process 2x
When reinstalling the program, please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 02
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 03
Let's clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed.
  • Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look at the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up, click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore.

STEP 04
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 05
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

  • Root Admin

Please look at the Event Logs section of the FRST logs and you'll see quite a few errors. If the computer were running correctly there would zero errors. All of those errors need to be corrected. In my opinion you have too much security software and some that was not designed to be run on Windows 10 that you should investigate to ensure it does support Windows 10 and if you really think you need it. 

Link to post
Share on other sites

  • Root Admin

The Glary Utilities are okay but please don't use any Registry Cleaning tools.
RegSeeker
Wise Registry Cleaner
Registry Cleaning tools are Snake Oil

Do I need a Windows Registry Cleaner?

Then look at the following products. All are designed to either scan after or protect live. In most cases, any live protection tools need scrutiny to make sure they don't conflict with other security software doing the same or similar tasks.

Certainly up to you what you run but if a thorough scanning of the system returns no malware then aside from your main antivirus and MBAM you may not need further live protection. You don't run Torrent software, and I don't see signs your visiting and downloading risky material. You're using AdBlock Plus and Ghostery which is good. Myself I might suggest using NoScript with Firefox for even stronger protection from scripting on the Web.

Having good, solid backups of your data on an external drive that does not stay connected is almost mandatory nowadays if you value your data. If you're not backing up your data often then sooner or later your very likely to become a victim of data loss.

Backup Software

 


Any programs that have an active or auto starting component I'd personally disable and use them on-demand, assuming you follow the NoScript recommendation and keep good backups.

herdProtect Anti-Malware Scanner
HitmanPro 3.7
Intel Security True Key
Spybot - Search & Destroy
SpyShelter Free Anti-keylogger
SUPERAntiSpyware
Zemana AntiMalware

These would appear to be your main security programs, and I'd ensure they are always up to date and running. Then scan maybe once a week just to make sure nothing slipped in somewhere, but unlikely.
The live protection of the two should stop the vast majority of threats, then NoScript on Firefox would help there quite a bit as well.

McAfee Anti-Virus and Anti-Spyware
Malwarebytes Anti-Exploit
Malwarebytes Anti-Malware
Malwarebytes Anti-Ransomware

 

You have the following errors being written to the logs that need review and fixing.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2016 04:47:28 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (10/11/2016 06:50:10 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (10/11/2016 02:41:23 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-UFPH9NN)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/11/2016 02:32:05 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (10/11/2016 02:32:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/11/2016 02:23:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pabeSvc64.exe, version: 2.0.87.0, time stamp: 0x5656433d
Faulting module name: iha64.dll_unloaded, version: 4.0.68.0, time stamp: 0x54b6efd2
Exception code: 0xc0000005
Fault offset: 0x000000000000a5d5
Faulting process id: 0x8a4
Faulting application start time: 0x01d223ec27fe5bad
Faulting application path: C:\Program Files\Intel\BCA\pabeSvc64.exe
Faulting module path: iha64.dll
Report Id: c1bf8b89-eba7-49cc-964b-c968ef743791
Faulting package full name:
Faulting package-relative application ID:

Error: (10/11/2016 02:01:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.281.0, time stamp: 0x551d930f
Faulting module name: ntdll.dll, version: 10.0.14393.206, time stamp: 0x57dac931
Exception code: 0xc0000005
Fault offset: 0x0000000000049a7d
Faulting process id: 0xf08
Faulting application start time: 0x01d223e9063a8aa0
Faulting application path: C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: fe677807-b961-43a9-90bc-503d7f02de47
Faulting package full name:
Faulting package-relative application ID:

Error: (10/11/2016 09:14:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-UFPH9NN)
Description: Package microsoft.windowscommunicationsapps_17.7369.40737.0_x64__8wekyb3d8bbwe+microsoft.windowslive.mail was terminated because it took too long to suspend.

Error: (10/11/2016 05:34:56 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (10/10/2016 07:21:17 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR

DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]


System errors:
=============
Error: (10/11/2016 08:45:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/11/2016 05:52:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/11/2016 02:24:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Biometric and Context Agent Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/11/2016 02:24:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UFPH9NN)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-UFPH9NN\Mario SID (S-1-5-21-2260693271-183851513-1559263687-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/11/2016 02:24:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UFPH9NN)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-UFPH9NN\Mario SID (S-1-5-21-2260693271-183851513-1559263687-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/11/2016 02:24:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UFPH9NN)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-UFPH9NN\Mario SID (S-1-5-21-2260693271-183851513-1559263687-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/11/2016 02:24:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UFPH9NN)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-UFPH9NN\Mario SID (S-1-5-21-2260693271-183851513-1559263687-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/11/2016 02:23:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UFPH9NN)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user DESKTOP-UFPH9NN\Mario SID (S-1-5-21-2260693271-183851513-1559263687-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/11/2016 02:22:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (10/11/2016 02:21:36 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-UFPH9NN)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user DESKTOP-UFPH9NN\Mario SID (S-1-5-21-2260693271-183851513-1559263687-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Edited by AdvancedSetup
Link to post
Share on other sites

  • Root Admin

I thought so too about Process Lasso and bought it years ago but after playing with it a while decided I really did not need it and there were reports of odd behaviors here and there. You may find otherwise and decide you like it. Reminder though, there is no good reason for automated registry cleaning period. If there is something wrong, manually fix it and move on. Automated cleaning is going to cause odd unexplainable errors on Windows that you'll think is due to something else.

If there is nothing else then I'll go ahead and close the topic soon.

Thank you again

Ron

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.