supertonk Posted February 7, 2017 ID:1099635 Share Posted February 7, 2017 Hi, The toolbar icon for m/b says that protection is disabled.. But when I open m/b up it says that I am protected and all the relevant settings are in place. Any suggestions.. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 7, 2017 Root Admin ID:1099640 Share Posted February 7, 2017 Hello @supertonk Not sure what's going on there, but if you get us some logs, we'll take a look Please read the following and post back the 3 requested logs as an attachment. Diagnostic Logs Thank you Ron Link to post Share on other sites More sharing options...
supertonk Posted February 7, 2017 Author ID:1099648 Share Posted February 7, 2017 Hi, I have downloaded FRST64(1) but it states that it may harm my computer. Whats the risk? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 7, 2017 Root Admin ID:1099652 Share Posted February 7, 2017 There is no risk. All it does is read information and create a log. Using a script it can be used to harm, but not by running as we've asked. Ten's of thousands of users have used it and it is a standard tool for use in malware detection and analysis. Link to post Share on other sites More sharing options...
supertonk Posted February 7, 2017 Author ID:1099653 Share Posted February 7, 2017 thx. I'm a novice so a bit green with putters. When I click to go to download how do I download it to desktop. It just says save or save as? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 7, 2017 Root Admin ID:1099655 Share Posted February 7, 2017 Save-As should give you the choice of where to save Link to post Share on other sites More sharing options...
supertonk Posted February 7, 2017 Author ID:1099660 Share Posted February 7, 2017 FRST.txt Addition.txt Link to post Share on other sites More sharing options...
supertonk Posted February 7, 2017 Author ID:1099666 Share Posted February 7, 2017 mb-checkResult.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 7, 2017 Root Admin ID:1099676 Share Posted February 7, 2017 The Event Logs are showing quite a few issues. Malwarebytes has also crashed, best to restar the computer. Should try to fix all of these errors if possible. Application errors: ================== Error: (02/07/2017 07:13:41 AM) (Source: ESENT) (EventID: 454) (User: ) Description: DllHost (6036) Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: Database recovery/restore failed with unexpected error -1216. Error: (02/07/2017 07:13:41 AM) (Source: ESENT) (EventID: 494) (User: ) Description: DllHost (6036) Microsoft.MicrosoftEdge_8wekyb3d8bbwe_NOEDP_EDGE_IDB: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\Owner\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AppData\User\Default\Indexed DB\IndexedDB.edb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (02/07/2017 06:46:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1 Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f Exception code: 0xc0000005 Fault offset: 0x0000000000035793 Faulting process ID: 0xe58 Faulting application start time: 0x01d2810d98d3122d Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report ID: 3bb51d54-3674-4b6d-895c-5c5669e8baff Faulting package full name: Faulting package-relative application ID: Error: (02/07/2017 06:44:25 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (02/07/2017 06:44:25 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (02/07/2017 06:44:25 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (02/07/2017 06:44:25 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (02/07/2017 06:44:25 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (02/07/2017 06:44:25 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (02/07/2017 06:44:25 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) System errors: ============= Error: (02/07/2017 08:12:28 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout. Error: (02/07/2017 06:47:47 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (02/07/2017 06:46:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/07/2017 06:44:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/07/2017 06:44:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (02/07/2017 06:44:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect. Error: (02/07/2017 06:44:39 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. Error: (02/07/2017 06:44:15 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. Error: (02/07/2017 06:44:07 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 22:02:47 on 06/02/2017 was unexpected. Error: (02/06/2017 10:38:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Link to post Share on other sites More sharing options...
supertonk Posted February 7, 2017 Author ID:1099679 Share Posted February 7, 2017 How do I fix it. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 7, 2017 Root Admin ID:1099682 Share Posted February 7, 2017 Basically have to track down each item one by one. Normally searching Google for proper fixes. I can attempt to help you but that's not our main focus here, malware removal is. Let's start out by doing a full disk check. Please click on the "Search the web and Windows" box. Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator" In the command prompt please type the following exactly. CHKDSK C: /R This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use. Press the Y key to tell it to run on the next restart of the computer. Quote Microsoft Windows [Version 10.0.10586] (c) 2015 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>CHKDSK C: /R The type of the file system is NTFS. Cannot lock current drive. Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N) Then restart the computer and let it run. Then find and copy the disk check entry from the Event Logs and paste back the results here. How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10 Link to post Share on other sites More sharing options...
supertonk Posted February 7, 2017 Author ID:1099683 Share Posted February 7, 2017 Hi, The toolbar icon is now as it should be after the restart and m/b says I'm protected. do I still need to do checks?. Link to post Share on other sites More sharing options...
supertonk Posted February 7, 2017 Author ID:1099685 Share Posted February 7, 2017 Tried to run dsk but message says I don't have enough privileges and it has to be run in elevated mode whatever that is Link to post Share on other sites More sharing options...
supertonk Posted February 7, 2017 Author ID:1099700 Share Posted February 7, 2017 Been running skndsk for couple hrs. It stuck on 10 percent for ever. Tried restart went to 10 percent then stuck again. Is that correct or summut up. Link to post Share on other sites More sharing options...
supertonk Posted February 7, 2017 Author ID:1099702 Share Posted February 7, 2017 Chkdsk Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 8, 2017 Root Admin ID:1099973 Share Posted February 8, 2017 In the beginning, I showed that you must run an elevated command prompt. Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator" How are things going now? Did the disk check complete? Link to post Share on other sites More sharing options...
supertonk Posted February 8, 2017 Author ID:1099990 Share Posted February 8, 2017 Hi. Scan ran for hours but stuck on 10 percent done. Later said need restart coz 1st restart faulty. So just went on puter and all looked ok. M/bytes up n runnin so hopefully it be alright. Fingers crossed thx for u help. Could not have got anywhere without it. Rgds Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 9, 2017 Root Admin ID:1100266 Share Posted February 9, 2017 Well doesn't sound good. Disk Check should complete unless something is wrong with the disk. Do you have any built-in hard drive diagnostic tools from the Manufacturer you can run? Link to post Share on other sites More sharing options...
supertonk Posted February 9, 2017 Author ID:1100286 Share Posted February 9, 2017 Morning will look into that shortly. Where might i find that? Link to post Share on other sites More sharing options...
supertonk Posted February 9, 2017 Author ID:1100291 Share Posted February 9, 2017 I spoke to a friend about my prob and he asked if i had dropped it recently. Well i did drop puter bout a month ago would that cause my prob only i didnt spot anything at time. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 9, 2017 Root Admin ID:1100310 Share Posted February 9, 2017 (edited) It's possible, but difficult to say for sure. What is the make and manufacturer and model? Edited February 9, 2017 by AdvancedSetup Link to post Share on other sites More sharing options...
supertonk Posted February 9, 2017 Author ID:1100317 Share Posted February 9, 2017 HP. Pavillion 64gig. I ran HP puter check on system but nout showed. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 10, 2017 Root Admin ID:1100639 Share Posted February 10, 2017 Please open Device Manager using one of these methods. https://technet.microsoft.com/en-us/library/cc754081(v=ws.11).aspx https://www.lifewire.com/how-to-open-device-manager-2626075 Then expand the Disk Drives and take a screen shot and post that back here please. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now