Jump to content

Recommended Posts

I am also having the exact same problem. I have already done all the trouble shooting steps, using mbcleanup,  rebooted, reinstalled latest version. Every step listed here to fix the problem.

Created new user account, which it opened the first time, but not after a restart, even with a clean boot. I disabled and uninstalled MSE, rebooted, still wouldn't start.  The whole thing.  However, I have a bit of information that isn't here. I had older version, 3.0.6, which I installed after using mbcleanup.  It has no problem starting up ,but the "Real Time Protection" shuts down shortly afterward. I updated, and it wouldn't start again.

Malwarebytes is running in the background, as I get alerts, but it won't open, unless I boot in safe mode.

Link to post
Share on other sites

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Hi Nowonmai :)

Can you follow the instructions below?

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;

Once done, follow the instructions to run mb-check.exe below.

https://forums.malwarebytes.com/topic/196955-malwarebytes-support-tools/?do=findComment&comment=1104959

 

Link to post
Share on other sites

  • Root Admin

Please back up the Registry and the then can you look in the Registry at the following location

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

Then in that list of programs you should find the following.

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Please remove the entire entry for
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

 

Then I'd like you to uninstall Malwarebytes one more time using our clean removal tool as before, but do not reinstall Malwarebytes at this time. I want you to reboot the computer and then run a new FRST scan and post back both new logs

I want to make sure all of our software and settings are removed. This entry you have is for a very old version of the program that should not be on your machine after a clean removal.

Thanks

 

Link to post
Share on other sites

Not being argumentative,  but as I used the mbclean.exe the 1st, 2nd, 3rd, 4th time, shouldn't it have removed all those old entries from the registration?  I will do as above, but it's getting irksome to do the same thing over and over with same result.   Here's hoping.. but if it doesn't work, I will have to uninstall 3.1.2, reboot, reinstall 3.0.6, just so I can enter license/ID and get my settings set up.... again.

 

 

Link to post
Share on other sites

  • Root Admin

In theory, yes it would have removed all. However it certainly found that in the Registry and why I want to verify that all is being removed as a single bad file could cause issues.

I'm not saying this is going to fix it, but something unexpected is going on with your computer.

The complexity of finding, preventing, and cleanup from malware

 


We have double digit millions of users and a handful of users such as yourself that do experience issues such as yourself. Finding that specific issue is not always easy.

Thank you for your understanding

Ron

 

Edited by AdvancedSetup
Link to post
Share on other sites

I think you misunderstand. I am grateful for the time and effort of your assistance.  I Just find it odd that v3.0.6 launches normally, no problem other than Real Time Layers shuts itself off and won't turn back on. On my husbands computer, MWB 3.1.2 launches without a problem but WEB protection won't turn on. Two different computers, one is a pre-built from computer store, mine is custom built, two different version of OS, both having issues with MWBs.

Link to post
Share on other sites

  • Root Admin

Something wrong with the logs.

This is all that is in the FRST log

 


LastRegBack: 2017-08-01 00:48

==================== End of FRST.txt ============================

 

Please restart the computer one more time and try running FRST again.

I'll check back on you again  sometime tomorrow.

Thank you again

Ron

 

Link to post
Share on other sites

  • Root Admin

Thanks.

Curious why you're using this software? This is like a last ditch effort to try a fix a computer that when all else fails and you're about ready to format and reinstall Windows.

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

 

The logs show that you're using Microsoft Security Essentials as an antivirus but this log entry shows you're also using another not so well known antivirus engine.

(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe

Are you ware it's installed?

 

Also, so that you're aware. This computer is actively being used to pirate and steal software which is illegal in almost all industrialized countries, as well as opening your computer up to a greatly increased risk of infection.

Please read the following article concerning the use of MSCONFIG
Msconfig Is Not A Startup Manager
 

There are some ongoing errors in your Event Logs as well.

Application errors:
==================
Error: (08/11/2017 04:22:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzStats.Manager.exe, version: 1.2.16.0, time stamp: 0x587327cf
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23864, time stamp: 0x595fa536
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x2940
Faulting application start time: 0x01d3127ad0fe17fd
Faulting application path: C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 32822df0-7e6e-11e7-b0c2-08626648cd5d

Error: (08/11/2017 04:22:19 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.File.InternalCopy(System.String, System.String, Boolean, Boolean)
   at System.IO.File.Copy(System.String, System.String, Boolean)
   at Razer.DataTracking.Common.Utils.XDocumentSafe.SafeSave(System.Xml.Linq.XDocument, System.String)
   at RzDataTrackingManager.DataHistoryManager.InitStatsHistory(System.String)
   at RzDataTrackingManager.DataHistoryManager.GetStatsFromStorage()
   at RzDataTrackingManager.Form1..ctor()
   at RzDataTrackingManager.Program.Main()

Error: (08/11/2017 04:19:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x59242cd9
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23864, time stamp: 0x595fa536
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x1364
Faulting application start time: 0x01d3127a6cf53268
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: c6fd30be-7e6d-11e7-b0c2-08626648cd5d

Error: (08/11/2017 04:19:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
   at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/11/2017 11:01:29 AM) (Source: CryptoPreventEmail) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (08/11/2017 11:01:29 AM) (Source: CryptoPreventFolderWatch) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (08/11/2017 11:01:29 AM) (Source: CryptoPreventMonSvc) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (08/11/2017 10:49:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzStats.Manager.exe, version: 1.2.16.0, time stamp: 0x587327cf
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23864, time stamp: 0x595fa536
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x1124
Faulting application start time: 0x01d3124c1655291f
Faulting application path: C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: bc47f2d5-7e3f-11e7-a1a0-08626648cd5d

Error: (08/11/2017 10:49:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.File.InternalCopy(System.String, System.String, Boolean, Boolean)
   at System.IO.File.Copy(System.String, System.String, Boolean)
   at Razer.DataTracking.Common.Utils.XDocumentSafe.SafeSave(System.Xml.Linq.XDocument, System.String)
   at RzDataTrackingManager.DataHistoryManager.InitStatsHistory(System.String)
   at RzDataTrackingManager.DataHistoryManager.GetStatsFromStorage()
   at RzDataTrackingManager.Form1..ctor()
   at RzDataTrackingManager.Program.Main()

Error: (08/11/2017 10:14:42 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: The_Beast)
Description: Windows cannot delete the profile directory C:\Users\Sandra_Chung.The_Beast. This error may be caused by files in this directory being used by another program. 

 DETAIL - The directory is not empty.


System errors:
=============
Error: (08/11/2017 04:23:49 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Error: (08/11/2017 04:23:49 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/1434899335/!S!'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Error: (08/11/2017 04:23:49 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Error: (08/11/2017 04:23:49 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/1434899335/!S!'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

Error: (08/11/2017 04:22:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (08/11/2017 04:20:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/11/2017 04:20:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
BTHidMgr

Error: (08/11/2017 04:20:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec SymSnap VSS Provider service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (08/11/2017 04:20:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Symantec SymSnap VSS Provider service to connect.

Error: (08/11/2017 04:19:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The regi service failed to start due to the following error: 
The system cannot find the file specified.

 

 

Let me have you run the following please. Once it's done and the computer has rebooted, please run a new FRST scan and make sure you place a checkmark in the Additions.txt check box and post back both new logs as an attachment.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

Link to post
Share on other sites

  • Root Admin

Please follow the directions here and uninstall Malwarebytes. Do not allow the removal tool to install the latest version. Cancel it if it download or tries to install.

Once you've uninstalled Malwarebytes with the removal tool then run the following clean up script.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Thanks

Ron

 

Link to post
Share on other sites

  • Root Admin

Okay, please go ahead and download the following 3.2 beta and install it. Even though it probably will not ask you to reboot, please do reboot.

Then see if you can open it and run a Threat Scan and post back that log.

I'll check back on you again sometime tomorrow

Thanks

Ron

 

Link to post
Share on other sites

Now, I don't even get the MWB systemtray icon, even though Task Manager says it's running.  Going to reboot in safe mode to at least get the protection up and running. Also going to uninstall, rather than just disable, MSE. 

mwb 03.jpg

Edited by Nowonmai
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.