Redgiant Posted July 20, 2018 ID:1257662 Share Posted July 20, 2018 [reposting from Malwarebytes 3 Support Forum, summary below followed by the info you requested] I had issues with my WIn7 Pro SP1 64-bit laptop (an HP Envy 15 Notebook, i7-4720HQ) suddenly having the network stop working and the entries in DeviceMgr seem corrupt, so ... 1. Booted into Safe Mode (no networking) 2. Tried to run MWB 2.2.0.124 (last version I had on this older laptop), it failed with Couldn't open proc 406:120 3. Tried MWB uninstall, also failed with similar error 4. Copied mbam 3.5 install, and various clean/support/check utils from a USB stick (I downloaded them on another PC that is fine) 5. Ran both mbam-clean-2.3.0.1001 and mb-clean-3.1.0.1035, both completed fine. 6. Checked certmgr.msc, no MWB-related Untrusted Certificates present 6. Tried to install mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.5889 7. Got similar error (attached setup #001 log and error details dialog contents). mbam-35-setup-error.txt Setup Log 2018-07-17 #001.txt ------------------------------------------------------------------------- [Trusted Advisor FIrefox suggested I run Malwarebytes Support Tool] In Win7 Safe Mode (with no networking or command prompt) ... I tried to run mbam-support-1.1.2.471.exe, it crashes with this error: mbstub.exe has stopped working Details: Problem signature: Problem Event Name: APPCRASH Application Name: mbstub.exe Application Version: 1.1.2.471 Application Timestamp: 5b1acb3c Fault Module Name: mbstub.exe Fault Module Version: 1.1.2.471 Fault Module Timestamp: 5b1acb3c Exception Code: 40000015 Exception Offset: 001247b7 OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional Information 1: 6ac4 Additional Information 2: 6ac4267233eb42f9537fb9cbe95bc2b4 Additional Information 3: e5b8 Additional Information 4: e5b8dd6588014878a76d6275082685f0 [Expert exile360 then suggested I run Malwarebytes Anti-Rootkit Tool, and AdwCleaner if issues persist] In Win7 Safe Mode with Networking ... I ran the .zip version of mbar.1.10.3.1001.exe, after running it on another Win7 64-bit computer with network access to update databases to v2018.07.20.1 and copying the whole mbar folder onto USB to get it onto the affected Win7 laptop. Scan Finished: No malware found! Then, in the same Safe Mode with Networking (even though my network access is messed up) ... I ran adw_7.2.2.exe , but got another error: AdwCleaner has stopped working Details: Problem signature: Problem Event Name: APPCRASH Application Name: adwcleaner_7.2.2.exe Application Version: 7.2.2.0 Application Timestamp: 5b4dec42 Fault Module Name: adwcleaner_7.2.2.exe Fault Module Version: 7.2.2.0 Fault Module Timestamp: 5b4dec42 Exception Code: 40000015 Exception Offset: 008f3377 OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional Information 1: a08f Additional Information 2: a08f23b5c2d65e2c49b9eb088389e4b5 Additional Information 3: f84d Additional Information 4: f84d5274b666029d48327d47d6020d72 ----------------------------------------------------------------- [Here is what you requested, after the preceding results from before I posted into the Windows malware removal forum] When I try to run mbam-support-1.1.2.471.exe, it crashes with this error: mbstub.exe has stopped working Details: Problem signature: Problem Event Name: APPCRASH Application Name: mbstub.exe Application Version: 1.1.2.471 Application Timestamp: 5b1acb3c Fault Module Name: mbstub.exe Fault Module Version: 1.1.2.471 Fault Module Timestamp: 5b1acb3c Exception Code: 40000015 Exception Offset: 001247b7 OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional Information 1: 6ac4 Additional Information 2: 6ac4267233eb42f9537fb9cbe95bc2b4 Additional Information 3: e5b8 Additional Information 4: e5b8dd6588014878a76d6275082685f0 I copied FRST64.exe via USB, after running it once on another Win7 64-bit computer just in case it updated itself (which it seemed to). It gets a 'Failed to update(1)' message on startup due to no network I am assuming, but the Scan seems to run to completion. Files attached. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 21, 2018 Root Admin ID:1257921 Share Posted July 21, 2018 Hello @Redgiant Please run the following for me. If needed copy it from another computer onto this one via USB Please visit this web page and read the ComboFix User's Guide: Once you've read the article and are ready to use the program you can download it directly from the link below. Important! - Please make sure you save combofix to your desktop and do not run it from your browser Direct download link for: ComboFix.exe Please make sure you disable your security applications before running ComboFix. Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load. Please attach that log file to your next reply. If needed the file can be located here: C:\combofix.txt NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Thanks Ron Link to post Share on other sites More sharing options...
Redgiant Posted July 24, 2018 Author ID:1258463 Share Posted July 24, 2018 (edited) Fyi, before I run combofix.exe, I use Microsoft Security Essentials, and no matter what I do combofix.exe reports: ComboFix has detected the following real time scanner(s) to be active: antivirus: Microsoft Security Essentials antispyware: Microsoft Security Essentials This is despite these steps I took: boot into Win7 Safe Mode I presume the mssecs.exe client doesn't autostart in Safe Mode, so no tray icon - I started it manually to turn off real-time protection ensure that "Turn on real-time protection" is unchecked (it was off anyhow saying it isn't enabled in Safe Mode, but I unchecked it anyhow and then I rebooted into Safe Mode again just to be sure) even then, MsMpEng.exe and the associated MsMpSvc.exe were still running after rebooting yet again, so I killed MsMpEng (and the MsMpSvc stopped also) So is this an innocuous idiosyncrasy or is there still something I have to do before I run combofix.exe? As long as I ensure that both MsMpEng.exe and MsMpSvc.exe are not running, can I proceed anyhow? Edited July 24, 2018 by Redgiant Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 24, 2018 Root Admin ID:1258474 Share Posted July 24, 2018 Go ahead and tell it to proceed. Security Essentials should not affect it unless Microsoft has added new functionality to it. Link to post Share on other sites More sharing options...
Redgiant Posted July 24, 2018 Author ID:1258529 Share Posted July 24, 2018 Attached is the output from ComboFix.exe. ComboFix.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 25, 2018 Root Admin ID:1258755 Share Posted July 25, 2018 Thanks @Redgiant Please follow the directions from this topic and post back the logs Thanks Ron Link to post Share on other sites More sharing options...
Redgiant Posted July 25, 2018 Author ID:1258781 Share Posted July 25, 2018 I ran the .zip, using 7/20/18 database versions since I cannot use the network on the affected laptop (I updated on my desktop a few days ago, then copied that directly to USB stick to use on the laptop). Scan worked as-is fine, no DDA or other issues running it. No infected files found. Logs attached. mbar-log-2018-07-25 (01-48-09).txt system-log.txt Link to post Share on other sites More sharing options...
Redgiant Posted July 25, 2018 Author ID:1258784 Share Posted July 25, 2018 Btw, sfc/scannow /verifyonly found nothing unusual. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 25, 2018 Root Admin ID:1258963 Share Posted July 25, 2018 Please create a new user account with Admin rights. Then try to install and run Malwarebytes from that account and let me know how it goes https://downloads.malwarebytes.com/file/mb3/ Link to post Share on other sites More sharing options...
Redgiant Posted July 26, 2018 Author ID:1259129 Share Posted July 26, 2018 From Safe Mode I made a new administrator account and tried to install mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.5889.exe from a USB stick. Got this error: Runtime error (at 406:120) Could not call proc. Problem signature: Problem Event Name: BEX Application Name: mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.5889.tmp Application Version: 51.1052.0.0 Application Timestamp: 5698ac5a Fault Module Name: suhlpr.dll_unloaded Fault Module Version: 0.0.0.0 Fault Module Timestamp: 5b043429 Exception Offset: 7488e6bb Exception Code: c0000005 Exception Data: 00000008 OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional Information 1: 0a9e Additional Information 2: 0a9e372d3b4ad19135b953a78882e789 Additional Information 3: 0a9e Additional Information 4: 0a9e372d3b4ad19135b953a78882e789 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 26, 2018 Root Admin ID:1259155 Share Posted July 26, 2018 It really sounds like the best option would be to back up your personal data to an external drive. Then format the hard drive and reinstall Windows. Pretty hard to recover from corruption I'd also recommend you try running a hard drive testing program from Seagate or Western Digital or whomever the main hard drive is from to verify that the hardware is not failing. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2018 Root Admin ID:1260704 Share Posted August 1, 2018 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts