Malwarebytes sudden disappearance

[marvic_aaron]

It's Malwarebytes, ever since the update the program just disappeared 

[AdvancedSetup]

Please try creating a new user account with Admin rights. Then see if you can install and run it and let me know.

Ron

 

[marvic_aaron]

It doesn't run, i does the same thing where it prompts this

even if I did comply and restart, it does nothing

 

[AdvancedSetup]

Okay, let me get some new fresh logs then so I can check it out deeper.

Make sure you include the Additions.txt log file and attach both new logs.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Thanks

Ron

 

[marvic_aaron]

Addition.txt

FRST.txt

 

Here are the logs.

[AdvancedSetup]

Please fully disable uTorrent or uninstall it. Once that's  done then temporarily disable your antivirus and run the following.

 

Please visit this web page and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

Ron

 

[AdvancedSetup]

Hello @marvic_aaron

Are you still with us? Please post a status update

Thanks

Ron

 

[marvic_aaron]

Sorry for the late reply, I still here.
Got a little preoccupied with School.

Here's the result of the scan

ComboFix.txt
 

[AdvancedSetup]

Please try the following. If this does not work an you're still unable to get Malwarebytes installed and running please let @kevinf80 know and hopefully he can step back in and help again. I'm leaving for vacation, otherwise I'd continue to help you.

 

Please download the Malwarebytes Support Tool and use it to do a Clean Removal and reinstall of Malwarebytes

• Download Malwarebytes Support Tool
• Once the file is downloaded, open your Downloads folder/location of the downloaded file
• Double-click mb-support-X.X.X.XXXX.exe to run the program
  • You may be prompted by the User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
• Place a check-mark next to Accept License Agreement and click Next
• You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
• Click the Advanced Options link - do not click Get Started
  
  
   
• Click the CLEAN button
  
  |
   
• A progress bar will appear and the program will proceed to remove Malwarebytes from your computer
• Upon completion, click OK
• Follow the onscreen prompts to reboot and reinstall Malwarebytes

 

Then let me know if you're still having issues getting Malwarebytes to start.

Thanks

Ron

 

[marvic_aaron]

It seems to not work for me

[AdvancedSetup]

Okay, please wait for @kevinf80 or @Aura and one of them hopefully can find a solution for you while I'm away

Ron

 

[kevinf80]

Hello marvic_aaron, Can you please post a fresh set of FRST logs.... Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Thank you, Kevin...

[marvic_aaron]

Sorry @kevinf80, I got a little preoccupied at school. 

Here's the Frst and the Addition Files.

 

FRST.txt

Addition.txt

[kevinf80]

Why are the following settings being blocked in your Firewall:

FirewallRules: [TCP Query User{90D4ACF8-F295-43A0-A075-24AF3978D88B}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{14DB531F-1F37-4BC9-9386-5CAE2A33CEB6}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe

[marvic_aaron]

I wouldn't have any idea about that

[kevinf80]

Continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Malwarebytes version 3 from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ Save that installer to your desktop or a place that you prefer.. Next, Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135 Next, With your system in clean boot mode see if Malwarebytes will now install... Thank you, Kevin..

 

 

 

 

fixlist.txt

[marvic_aaron]

Fixlog.txt

@kevinf80 

Here's the Fixlog.

I tried to install it even with the Clean Boot, It prompted the same restart.

I did restart it to see if it would even work but it didn't do anything 

[kevinf80]

This sooooooh frustrating.... can you run the following for me and post the produced log, that will show latest events from event viewer logs...

Please download VEW by Vino Rosso from HERE and save it to your Desktop.   Double-click VEW.exe. to start, Vista and Windows 7/8/10 users Right Click and select "Run as Administrator" Under 'Select log to query...check the boxes for both Application and System. Under 'Select type to list... select both Error and Critical. Click the radio button for 'Number of events...Type 15 in the 1 to 20 box. Then click the Run button. Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient. Please post the Output log in your next reply.

 

[marvic_aaron]

@kevinf80 Here's the result of the scan.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/08/2018 10:47:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/08/2018 10:30:14 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 10/08/2018 10:27:45 AM
Type: Error Category: 0
Event: 0 Source: MBAMIService
The event description cannot be found.

Log: 'Application' Date/Time: 10/08/2018 10:27:12 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 10/08/2018 10:08:22 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 10/08/2018 10:06:41 AM
Type: Error Category: 16
Event: 16388 Source: ATIeRecord
ATI EEU Client event error

Log: 'Application' Date/Time: 10/08/2018 10:04:57 AM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. 

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b3accdaf-9339-497f-8357-3e0e168266a8}

Log: 'Application' Date/Time: 10/08/2018 9:32:51 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 10/08/2018 9:31:11 AM
Type: Error Category: 16
Event: 16388 Source: ATIeRecord
ATI EEU Client event error

Log: 'Application' Date/Time: 09/08/2018 3:45:39 PM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error

Log: 'Application' Date/Time: 09/08/2018 3:45:32 PM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error

Log: 'Application' Date/Time: 09/08/2018 3:39:15 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program starbound.exe version 0.9.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.  Process ID: 151c  Start Time: 01d42ff4de7f2367  Termination Time: 1166  Application Path: C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe  Report Id: 39c15e0b-9bea-11e8-9070-d017c298ce9e 

Log: 'Application' Date/Time: 09/08/2018 6:58:58 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 09/08/2018 6:57:18 AM
Type: Error Category: 16
Event: 16388 Source: ATIeRecord
ATI EEU Client event error

Log: 'Application' Date/Time: 08/08/2018 4:22:13 PM
Type: Error Category: 16
Event: 16387 Source: ATIeRecord
ATI EEU Service event error

Log: 'Application' Date/Time: 08/08/2018 2:12:01 PM
Type: Error Category: 0
Event: 3006 Source: Microsoft-Windows-LoadPerf
Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/08/2018 12:10:00 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/08/2018 1:38:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/08/2018 2:50:39 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/07/2018 4:28:14 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/07/2018 3:50:43 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device MTP USB Device (location Port_#0005.Hub_#0002) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 5 more times.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 25/07/2018 3:50:43 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 15/07/2018 6:39:22 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/06/2018 2:44:12 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/06/2018 2:35:52 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2018 10:51:18 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/06/2018 4:37:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/05/2018 1:01:06 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/05/2018 3:34:48 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/04/2018 1:51:52 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 11/04/2018 5:02:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/08/2018 10:31:11 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The IOMap service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 10/08/2018 10:28:31 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 10/08/2018 10:28:26 AM
Type: Error Category: 0
Event: 15021 Source: Microsoft-Windows-HttpEvent
An error occured while using SSL configuration for socket address 0.0.0.0:44312.  The error status code is contained within the returned data.

Log: 'System' Date/Time: 10/08/2018 10:25:30 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 10/08/2018 10:25:24 AM
Type: Error Category: 0
Event: 15021 Source: Microsoft-Windows-HttpEvent
An error occured while using SSL configuration for socket address 0.0.0.0:44312.  The error status code is contained within the returned data.

Log: 'System' Date/Time: 10/08/2018 10:11:18 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The IOMap service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 10/08/2018 10:06:44 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 10/08/2018 10:06:41 AM
Type: Error Category: 0
Event: 15021 Source: Microsoft-Windows-HttpEvent
An error occured while using SSL configuration for socket address 0.0.0.0:44312.  The error status code is contained within the returned data.

Log: 'System' Date/Time: 10/08/2018 10:05:23 AM
Type: Error Category: 0
Event: 7032 Source: Service Control Manager
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.

Log: 'System' Date/Time: 10/08/2018 10:04:53 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 10/08/2018 10:04:53 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 10/08/2018 10:04:53 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 10/08/2018 10:04:53 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Disc Soft Lite Bus Service service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 10/08/2018 10:04:53 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 10/08/2018 10:04:53 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

[kevinf80]

Download Portable Windows Repair (all in one) from one of the following: www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html https://www.bleepingcomputer.com/download/windows-repair-all-in-one/ Unzip the contents into a newly created folder on your desktop. Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator" From the main GUI do the following: Select Tab 5 to make Registry backup, use the recommended option... When complete select "Repairs" tab, from there select "Open Repairs" tab.. From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab.... When complete re-boot your system, see if Malwarebytes will install... Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt

[marvic_aaron]

@kevinf80

The program suddenly stopped working midway at the repairs, I don't know what to do now.

I do I load back a back up? 

[marvic_aaron]

Here's what happened, I stopped at the start repairs since it began to load and did it's thing.

So I left it alone for a moment, then it says there was an error and the program closed leaving me with this.
It seems that there are files erased prior to the repairs.

I don't know what to do next since I fear restarting it may make the lost files permanent.

[marvic_aaron]

I just shut it down and opened it again

All my files still seems to be present, though I am scared that something important may have been deleted.

[kevinf80]

Tweaking tool does not remove your personal files, folders, pictures, music, videos etc etc... After you booted to Safe mode a registry back up was the first step, that back up can be used if you believe your system is damaged in any way...

See if you can install Malwarebytes via Chameleon..

Download the Chameleon zip file from https://downloads.malwarebytes.org/file/chameleon and extract it to a new folder on your desktop. Make certain that your PC is connected to the internet and then open the new folder. Inside the folder expand each sub folder until you have windows folder open with list of entries of renamed Malwarebytes executable files.... Double click on each in turn until one will work... If successful follow the prompts to install and update. When the update completes amend these settings :-   Select Settings > Protection tab, Scan Options, Select "Scan for rootkits" Click on the Scan tab, Then Threat Scan When complete post the log.. Post that log...

 

[marvic_aaron]

@kevinf80

I simply run all the programs until I find what works?

What if it asks me to reboot like this?