Jump to content

Incompatibility with Firefox running on XP


Recommended Posts

  • Root Admin

Thanks, can you please attach the Fixlog.txt file from the fix using FRST.

We want to clean out Malwarebytes anyways so for now don't do anything to fix it. Please download the MB-Clean utility again and run that and reboot. Then run a new scan with FRST and include Additions.txt and we'll check and if needed do further removal of Malwarebytes.

When the MB-Clean utility asks to reinstall Malwarebytes, please do not allow it.

Thank you again

Ron

 

Edited by AdvancedSetup
Updated links
Link to post
Share on other sites

Thanks for your reply.

Is the fixlog.txt file produced by running the fix option in FRST.exe?  And would you like me to create the file before or after running the clean up tool?

Shall I run the clean up tool with mbam still running, or should I stop it somehow - I suppose by turning off self protection in safe mode - before doing so?

If I do not reply at some time tomorrow, it is because I shall be travelling then.

Link to post
Share on other sites
  • Root Admin

Run the fix file first. Just download it and make sure you save it in the same location as the FRST program and then click the FIX button. Let it reboot the computer.

Then run the MB-Clean utility. Then restart again.

Then run FRST again and make sure you click the Additions.txt check box too so that you get both new log files and attach them please.

I'll be up late here tonight, but no rush, you can post back when ready. I'm typically here almost every day at different times of the day.

Cheers

Ron

 

Link to post
Share on other sites

I am so sorry, but I am still not clear.  I don't have a fix file.  I think you mean me to run the FRST.exe file, which appears to be informed by a file named fixlist.txt.  Do you mean that I should run the FRST.exe file, and if so, do you mean that when I do so I should run the Scan function, or that I should run the Fix function?

Link to post
Share on other sites
  • Root Admin

No problem. Here is the repost.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Once that is done and the computer has restarted let me get new FRST logs please.

Make sure you place a checkmark on the Additions.txt check box and post back both new logs as an attachment.

Thanks

Ron

 

Link to post
Share on other sites

Thanks. My understanding is:

1. run FRST.exe, informed by the new fixlist.txt file, with additions selected, using the Fix option and then reboot;

2. run the cleanup tool and reboot;

3. run FRST.exe, informed by the same fixlist.txt file, with additions selected, using the Fix option, and reboot;

4. send the logs from FRST.txt and additions.txt from 1, and the same logs from 3.

Is that right?

Link to post
Share on other sites
  • Root Admin

Close, here is another writing that may prove more helpful.

1. Download the fixlist.txt file and make sure it is in the same location as FRST.EXE then click the FIX button. It should ask to reboot the computer.

2. After the reboot, then run the MB-Clean tool and reboot again and let it reinstall Malwarebytes.

If all is now working as expected then we should be about done. If there are still issues then please describe what issues you're currently still having.

Thank you

 

Link to post
Share on other sites

Thanks for your amended instructions.

I have followed them, but to no avail.  Anti exploit protection appeared to start and then stopped, not to be restarted.  The icon at first appeared in the system tray, but then disappeared, although mbamtray.exe appears in the windows taks manager.

I note that I had to go into safe mode to run the cleanup tool without the system hanging, and that to install mbam without the system hanging I had to boot windows with all of the startups and non-windows services stopped by msconfig.

 

Does this shed any light?

Link to post
Share on other sites

Herewith logs.  I might mention that I had to enter safe mode to run FRST.exe without a hang.  I notice that for some reason the fixlist.txt file has disappeared, which seems very odd.  Does it get deleted by running FRST.exe?

Fixlog.txt

Addition.txt

mb-cleanresult.txt

mb-clean-results.txt

Edited by tommytiko
Link to post
Share on other sites
  • Root Admin

Yes, the computer is still having issues according to the Event Logs.

Application errors:
==================
Error: (10/28/2017 01:40:11 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported. [0x8000ffff] [hr = 0x8000ffff].

Error: (10/28/2017 05:03:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dtindexerw.exe, version 7.89.8510.1, faulting module rtfhtml.dll, version 12.0.6658.5000, fault address 0x00011e94.
Processing media-specific event for [dtindexerw.exe!ws!]

Error: (10/28/2017 05:01:09 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported. [0x8000ffff] [hr = 0x8000ffff].

Error: (10/28/2017 03:35:32 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported. [0x8000ffff] [hr = 0x8000ffff].

Error: (10/27/2017 01:40:14 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported. [0x8000ffff] [hr = 0x8000ffff].

Error: (10/27/2017 05:00:58 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported. [0x8000ffff] [hr = 0x8000ffff].

Error: (10/27/2017 04:57:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dtindexerw.exe, version 7.89.8510.1, faulting module rtfhtml.dll, version 12.0.6658.5000, fault address 0x00011e94.
Processing media-specific event for [dtindexerw.exe!ws!]

Error: (10/27/2017 03:35:21 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported. [0x8000ffff] [hr = 0x8000ffff].

Error: (10/26/2017 01:40:15 PM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported. [0x8000ffff] [hr = 0x8000ffff].

Error: (10/26/2017 10:09:38 AM) (Source: VSS) (EventID: 12293) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine details Cannot ask provider {00000000-0000-0000-0000-000000000000} if volume is supported. [0x8000ffff] [hr = 0x8000ffff].


System errors:
=============
Error: (10/28/2017 02:46:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
inic1622
SASKUTIL

Error: (10/28/2017 02:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (10/28/2017 02:46:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

Error: (10/28/2017 02:46:57 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The BrPar service depends on the Parallel arbitrator group and no member of this group started.

Error: (10/28/2017 02:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/28/2017 02:44:19 PM) (Source: 0) (EventID: 4311) (User: )
Description: Event-ID 4311

Error: (10/28/2017 02:42:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ServiceProtector: wscsvc service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (10/28/2017 02:42:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the ServiceProtector: wscsvc service to connect.

Error: (10/28/2017 02:41:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Suite Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/28/2017 02:41:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Macrium Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Please make sure you have a good backup of your system and files. Then let me have you run the following.

 

 

 

Please visit this web page and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

Thanks

Ron

 

Link to post
Share on other sites

Thanks Ron.  I am afraid that combofix seemed to hang, and I left it running for ages in case it needed time - about 5hours.  So that failed.  The VSS errors you identified are probably due to VeraCrypt - the VSS does not work on files in mounted bins, and VeraCrypt cannot fix it because Microsoft will not provide the information needed - something to do with the API.

Link to post
Share on other sites
18 hours ago, tommytiko said:

Thanks Ron.  I am afraid that combofix seemed to hang, and I left it running for ages in case it needed time - about 5hours.  So that failed.  The VSS errors you identified are probably due to VeraCrypt - the VSS does not work on files in mounted bins, and VeraCrypt cannot fix it because Microsoft will not provide the information needed - something to do with the API.

@AdvancedSetup is on vacation this week, so you may have to wait for a reply from him on your issues above.

Link to post
Share on other sites

Thanks Ron, but I tried that, and I am afraid that the one persistent issue is that the anti-exploit protection does not work.  I have however suffered system damage from trying out the repair programs and therefore restored the system to a time prior to my installing version 3 of MWB and reinstalled all subsequent new programs and updates etc that I wanted to retain, and the system is working fine again.  I'd be happy to help to investigate this by restoring my current system to a spare drive and then working on that, however, and glad to discover any remediable problem on my system that is interfering with MWB Anti-exploit.  I used to run MWB Anti-Exploit together with MWB v2, but at some point Anti-exploit stopped working - as I recall, it would not run atall.  At the time (August 2016), I tried to analyse what was causing this by restoring my system to earlier states when MWB Anti-Exploit had been working, but with confusing results, and I never established what had caused it to stop working.  I suspected an update to some long ago installed product such as MS Office or Java, but never got to the bottom of it. 

Are you sure that the anti-exploit protection should work on XP?  I vaguely seem to recall reading in the MWB forum that anti-exploit protection would not be available in MWB v3 running on XP, but if I did I have not found where it was.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.