Jump to content

PC stalling and problems with Malwarebytes (won't uninstall won't start won't install)


Recommended Posts

Until a few days ago my PC was working just fine. I did notice that malwarebytes wouldn't run and wouldn't start. The anti-exploit seemed to run ok.

I did look up some stuff on the Lenovo Tech support and I think the only thing I installed was some helper programme with the word bridge in it - I have since uninstalled again. Anyways, the PC went downhill all of a sudden, wouldn't start up properly, if it did start up it would take up to ten minutes to load the screen, then it wouldn't let me do anything or any function would take several minutes, I couldn't shut it down properly so had to use the on/off switch a lot. I kept getting error messages about malwarebytes not loading. I tried to start in safe mode and that wouldn't work either. Eventually after shutting down and restarting, removing all external hardware and doing this I don't know how many times I managed to get it working ok. So I put everything on external hard drive in case I need to reinstall windows 10. I tried to uninstall malwarebytes and only succeeded after installing the special uninstaller software. Now I can't re-install it, it keeps telling me it can't proc. I've removed exploit also.

I wonder do I have anything else going on on this PC as it went from completely normal to super slow and unresponsive (but not always, right now it works fine!) and stalling... Attached the two scans as requested.

Many thanks for your help!



Link to post
Share on other sites

  • Replies 139
  • Created
  • Last Reply

Top Posters In This Topic



Hello MissT and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Uninstall Spybot Search and Destroy, it may interfere with programs we try to run :- https://www.safer-networking.org/faq/how-to-uninstall-2/
Re-boot when complete...


Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.


Download & install the newset MBAM version.

Please download user posted imageMalwarebytes Anti-Malware
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Let me see those logs in your next reply....

Thank you,




Edited by kevinf80
Link to post
Share on other sites

Hi Kevin,

I did exactly as you asked. The trouble started the minute I downloaded the MAM exe. It took a few minutes to open, then I ran it and got as far as the install button. Then after 20 minutes of stalling I got the same error message again Runtime Error (at 92:100): Could not call proc

Then after another 15 minutes of PC being extremely unresponsive it completely froze and I hit the power button.

Seems my PC goes into anaphylactic shock when it encounters anything MAM related!

I'm also trying to upload the fixlog file and it won't let me - keeps telling me t there was an error processing the uploaded file -200

Many thanks!

Link to post
Share on other sites

Ah it worked now, here the fixlog



While I was at it I also ran an AdwCleaner since I saw it recommended in other threads. See log below - should I hit the clean button?

# AdwCleaner v6.030 - Logfile created 30/10/2016 at 14:04:55
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-30.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Christina - LENOVO-PC
# Running from : C:\Users\Christina\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found:  C:\ProgramData\pokki
Folder Found:  C:\ProgramData\Pokki
Folder Found:  C:\ProgramData\Application Data\pokki
Folder Found:  C:\ProgramData\Application Data\Pokki

***** [ Files ] *****

File Found:  C:\Users\Christina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PC App Store.lnk
File Found:  C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

Task Found:  SweetLabs App Platform

***** [ Registry ] *****

Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Key Found:  HKU\S-1-5-21-3649100770-1298150491-2331396094-1001\Software\SweetLabs App Platform
Key Found:  HKU\S-1-5-21-3649100770-1298150491-2331396094-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found:  HKU\S-1-5-21-3649100770-1298150491-2331396094-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found:  HKCU\Software\SweetLabs App Platform
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}
Key Found:  [x64] HKCU\Software\SweetLabs App Platform
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.c
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ask.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.ask.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.co
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ask.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.ask.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.co
Value Found:  HKU\S-1-5-21-3649100770-1298150491-2331396094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
Key Found:  HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found:  HKCU\Software\Classes\Directory\shell\pokki
Key Found:  HKCU\Software\Classes\Drive\shell\pokki
Key Found:  HKCU\Software\Classes\lnkfile\shell\pokki
Key Found:  HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pbjikboenpfhbbejgkoklgkhjpfogcam


C:\AdwCleaner\AdwCleaner[S0].txt - [9447 Bytes] - [30/10/2016 14:04:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9520 Bytes] ##########

Link to post
Share on other sites

Yes run AdwCleaner again and use the clean function...


Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.

Post those logs in your reply...

Thank you,

Link to post
Share on other sites

Thanks Kevin, here's the Rkill log (Zemana is running):


Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:

Program started at: 10/30/2016 02:59:18 PM in x64 mode.
Windows Version: Windows 10 Home 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\UMonit64.exe (PID: 5904) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity: 

 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * agp440 [Missing ImagePath]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:    www.007guard.com    007guard.com    008i.com    www.008k.com    008k.com    www.00hq.com    00hq.com    010402.com    www.032439.com    032439.com    www.0scan.com    0scan.com    1000gratisproben.com    www.1000gratisproben.com    1001namen.com    www.1001namen.com    100888290cs.com    www.100888290cs.com    www.100sexlinks.com    100sexlinks.com

  20 out of 15492 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 10/30/2016 02:59:42 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)




Link to post
Share on other sites

Lets try to install Malwarebytes via Chameleon....

Download the Chameleon zip file from https://downloads.malwarebytes.org/file/chameleon and extract it to a new folder on your desktop.

user posted image

Make certain that your PC is connected to the internet and then open the new folder.

Inside the folder expand each sub folder until you have windows folder open with list of entries of renamed Malwarebytes executable files....

user posted image

Double click on each in turn until one will work...

If successful follow the prompts to install and update.

When the update completes amend these settings :-
  • Select Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab,
  • When complete post the log..

and run a threat scan......

Post that log...
Link to post
Share on other sites

Are you ok to use the registry, can you try the following:
Select Windows key and R key together. Into the run box type regedit tap enter, Registry Editor will open.....

Expand the following key :-
HKEY_LOCAL_MACHINE >SOFTWARE > Policies > Microsoft > Windows > safer > codeidentifiers > 0
Do not expand the folder 0 Right click on that folder and choose "Export"

user posted image

A new widow will open, make sure to change "saved in" to Desktop.

user posted image

From the desktop right click on the reg file > select > send to > compressed (zipped) folder....
Attach to next reply,
Link to post
Share on other sites

Thats ok, the 0 folder is not always present, Is only present when reg changes have been made, Can be good or bad changes...

I want to run one scan...

user posted image
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)
  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
    user posted image
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats

    user posted image
  • Press start scan
  • The scan will now commence

    user posted image

  • Once the scan has finished click open report <<<--- Do not miss this step

    user posted image

  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

This log will be excessive, Please attach it to your next reply…


Link to post
Share on other sites

The cureit logs show many remnants of Malwarebytes installation files in temp directories, lets clear those out and try MB again....

Download and install CCleaner from here:


Make sure to go for the slim version it should have no unwanted extras that some free software may carry... 

Run CCleaner, from the main GUI Select > Cleaner > Run Cleaner > all temp files and caches will be deleted/emptied 


Select > Registry > "Scan for Issues" > with all found entries checked select > "Fix Selected Issues" follow prompts to make back up and remove all entries...

When CCleaner is finished reboot - See if malwarebytes will now install
Link to post
Share on other sites

Nothing to gain with the pro version of CCleaner, free version is adequate for personal use... Run the following repair tool..

Download Portable Windows Repair (all in one) from one of the following:




Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

From the main GUI do the following:

Select Tab 5 to make Registry backup, use the recommended option...

user posted image

When complete select "Repairs" tab, from there select "Open Repairs" tab..

From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab....

user posted image

When complete re-boot your system, see if there is any improvement...

Logs are saved to the Tweaking.com folder on your Desktop
Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.