Jump to content

Win7 SafeMode MWB3.5 setup fails 406:120 couldn't open proc


Recommended Posts

[reposting from Malwarebytes 3 Support Forum, summary below followed by the info you requested]

I had issues with my WIn7 Pro SP1 64-bit laptop (an HP Envy 15 Notebook, i7-4720HQ) suddenly having the network stop working and the entries in DeviceMgr seem corrupt, so ...

1. Booted into Safe Mode (no networking)

2. Tried to run MWB 2.2.0.124 (last version I had on this older laptop), it failed with Couldn't open proc 406:120

3. Tried MWB uninstall, also failed with similar error

4. Copied mbam 3.5 install, and various clean/support/check utils from a USB stick (I downloaded them on another PC that is fine)

5. Ran both mbam-clean-2.3.0.1001 and mb-clean-3.1.0.1035, both completed fine.

6. Checked certmgr.msc, no MWB-related Untrusted Certificates present

6. Tried to install mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.5889

7. Got similar error (attached setup #001 log and error details dialog contents).

mbam-35-setup-error.txt

Setup Log 2018-07-17 #001.txt

-------------------------------------------------------------------------

[Trusted Advisor FIrefox suggested I run Malwarebytes Support Tool]

In Win7 Safe Mode (with no networking or command prompt) ... I tried to run mbam-support-1.1.2.471.exe, it crashes with this error:

 

mbstub.exe has stopped working

Details:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    mbstub.exe
  Application Version:    1.1.2.471
  Application Timestamp:    5b1acb3c
  Fault Module Name:    mbstub.exe
  Fault Module Version:    1.1.2.471
  Fault Module Timestamp:    5b1acb3c
  Exception Code:    40000015
  Exception Offset:    001247b7
  OS Version:    6.1.7601.2.1.0.256.48
  Locale ID:    1033
  Additional Information 1:    6ac4
  Additional Information 2:    6ac4267233eb42f9537fb9cbe95bc2b4
  Additional Information 3:    e5b8
  Additional Information 4:    e5b8dd6588014878a76d6275082685f0

[Expert exile360 then suggested I run Malwarebytes Anti-Rootkit Tool, and AdwCleaner if issues persist]

In Win7 Safe Mode with Networking ... I ran the .zip version of mbar.1.10.3.1001.exe, after running it on another Win7 64-bit computer with network access to update databases to v2018.07.20.1 and copying the whole mbar folder onto USB to get it onto the affected Win7 laptop.

Scan Finished: No malware found!

Then, in the same Safe Mode with Networking (even though my network access is messed up) ... I ran adw_7.2.2.exe , but got another error:

AdwCleaner has stopped working

Details:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    adwcleaner_7.2.2.exe
  Application Version:    7.2.2.0
  Application Timestamp:    5b4dec42
  Fault Module Name:    adwcleaner_7.2.2.exe
  Fault Module Version:    7.2.2.0
  Fault Module Timestamp:    5b4dec42
  Exception Code:    40000015
  Exception Offset:    008f3377
  OS Version:    6.1.7601.2.1.0.256.48
  Locale ID:    1033
  Additional Information 1:    a08f
  Additional Information 2:    a08f23b5c2d65e2c49b9eb088389e4b5
  Additional Information 3:    f84d
  Additional Information 4:    f84d5274b666029d48327d47d6020d72

-----------------------------------------------------------------

[Here is what you requested, after the preceding results from before I posted into the Windows malware removal forum]

When I try to run mbam-support-1.1.2.471.exe, it crashes with this error:

mbstub.exe has stopped working

Details:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    mbstub.exe
  Application Version:    1.1.2.471
  Application Timestamp:    5b1acb3c
  Fault Module Name:    mbstub.exe
  Fault Module Version:    1.1.2.471
  Fault Module Timestamp:    5b1acb3c
  Exception Code:    40000015
  Exception Offset:    001247b7
  OS Version:    6.1.7601.2.1.0.256.48
  Locale ID:    1033
  Additional Information 1:    6ac4
  Additional Information 2:    6ac4267233eb42f9537fb9cbe95bc2b4
  Additional Information 3:    e5b8
  Additional Information 4:    e5b8dd6588014878a76d6275082685f0

I copied FRST64.exe via USB, after running it once on another Win7 64-bit computer just in case it updated itself (which it seemed to). It gets a 'Failed to update(1)' message on startup due to no network I am assuming, but the Scan seems to run to completion. Files attached.

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello @Redgiant

Please run the following for me. If needed copy it from another computer onto this one via USB

 

Please visit this web page and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Thanks

Ron

 

Link to post
Share on other sites

Fyi, before I run combofix.exe, I use Microsoft Security Essentials, and no matter what I do combofix.exe reports:

    ComboFix has detected the following real time scanner(s) to be active:

    antivirus:       Microsoft Security Essentials
    antispyware: Microsoft Security Essentials

This is despite these steps I took:

  • boot into Win7 Safe Mode
  • I presume the mssecs.exe  client doesn't autostart in Safe Mode, so no tray icon - I started it manually to turn off real-time protection
  • ensure that "Turn on real-time protection" is unchecked (it was off anyhow saying it isn't enabled in Safe Mode, but I unchecked it anyhow and then I rebooted into Safe Mode again just to be sure)
  • even then, MsMpEng.exe and the associated MsMpSvc.exe were still running after rebooting yet again, so I killed MsMpEng (and the MsMpSvc stopped also)

So is this an innocuous idiosyncrasy or is there still something I have to do before I run combofix.exe?

As long as I ensure that both MsMpEng.exe and MsMpSvc.exe are not running, can I proceed anyhow?

Edited by Redgiant
Link to post
Share on other sites

I ran the .zip, using 7/20/18 database versions since I cannot use the network on the affected laptop (I updated on my desktop a few days ago, then copied that directly to USB stick to use on the laptop).

Scan worked as-is fine, no DDA or other issues running it.

No infected files found.

Logs attached.

mbar-log-2018-07-25 (01-48-09).txt

system-log.txt

Link to post
Share on other sites

From Safe Mode I made a new administrator account and tried to install mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.5889.exe from a USB stick.

 

Got this error:


Runtime error (at 406:120)

Could not call proc.

Problem signature:
  Problem Event Name:    BEX
  Application Name:    mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.5889.tmp
  Application Version:    51.1052.0.0
  Application Timestamp:    5698ac5a
  Fault Module Name:    suhlpr.dll_unloaded
  Fault Module Version:    0.0.0.0
  Fault Module Timestamp:    5b043429
  Exception Offset:    7488e6bb
  Exception Code:    c0000005
  Exception Data:    00000008
  OS Version:    6.1.7601.2.1.0.256.48
  Locale ID:    1033
  Additional Information 1:    0a9e
  Additional Information 2:    0a9e372d3b4ad19135b953a78882e789
  Additional Information 3:    0a9e
  Additional Information 4:    0a9e372d3b4ad19135b953a78882e789

 

Link to post
Share on other sites

  • Root Admin

It really sounds like the best option would be to back up your personal data to an external drive. Then format the hard drive and reinstall Windows.

Pretty hard to recover from corruption

I'd also recommend you try running a hard drive testing program from Seagate or Western Digital or whomever the main hard drive is from to verify that the hardware is not failing.

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.