Resolving issues with MWB runing on Win 8.1 and 10

[Dan964]

@AdvancedSetup suggested I post here to request help in getting my ailing Windows machines back to health.  I will provide a brief synopsis of the issues I'm facing.

I have 4 Windows machines, 2 win 8.1 and 2 Win 10. Three are running in a degraded MWB state due to incompatibilities with (I assume) Win OS.  There are what may be good reasons.  The 2 Win 8.1 machines are old and haven't had a clean install in years as I use Media Center, which MS no longer supports.  I do not want to go through a clean install and have to download Media Center from somewhere on the net and hope my licenses work.  The Win 10 machine is a Surface Go which even MS did not have sorted out at first. Ironically, the latest Windows update (2004) noticeably enhanced performance, especially waking from sleep/hibernation, but this seemed to induce some kind of race condition on waking which locked the box up tight.  The work around is to disable Ransomware Protection in MWB.

Finally, My Win 10 HP desktop runs MWB without issue.

I posted the above comment in another forum as a response to a post asking if MWB was safe.  @AdvancedSetup responded I should post here if I wanted help in sorting out my less than functional machines.

Note that I am not having any apparent infestation and wouldn't have posted here if not for @AdvancedSetup suggestion.

Dan

[Maurice Naggar]

Hi,  Dan.  

My name is Maurice. I will be helping and guiding you, going forward on this case.

I have read your posts.  I would like to work with you.   Just let's first pick just one of your machines  and then we will go forth on that one.  The first step is to collect details.

On the following round, I will guide you to doing a clean re-inst6all using the same Support tool.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

Please only just attach   all report files, etc  that I ask for as we go along.

 

I would appreciate  getting some key details from this machine in order to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.

Download Malwarebytes Support Tool
    

    Once the file is downloaded, open your Downloads folder/location of the downloaded file

    Double-click mb-support-1.6.2.802.exe  to run the report

 

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next

Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

 

Please know I help here as a volunteer.  and that I am not on 24 x 7.

Help on this forum is one to one.   This specific topic-thread is only just for Dan964.

Thank you,

Sincerely.

 

[Dan964]

Thanks Maurice, I will get on this shortly with 8.1 machine that's not running MWB now.

Don't know why I wasn't notified of your response.

Dan

[Maurice Naggar]

OK.   Just glad you saw this.  You are on the Follow list for this topic.   You may want to check your Email app's  Junk or / & Spam folders.

[Dan964]

@Maurice Naggar - Before I could get to following your instructions, I got a reply on a support ticket from Daniel(support) I had submitted.  He's asking me to upload logs as well.  I replied to him that I had this thread working along same lines and asked for his advice on how to proceed, i.e., which thread to work on as it would be confusing and probably unproductive to work both simultaneously.  I also mentioned that I had 4 machines, 3 of which had problems and I need some direction as to which he would like to address first.

This was several days ago and I've yet to hear back from Daniel.  I thought I'd let you know what's going on and give you the same opportunity to offer some advice on where to go from here.  Maybe you can reach Daniel and decide which one of you would tackle this.

Here's a copy of the info I sent to Daniel.

"A. Win 10 HP desktop. Only issue since 2004 update is consistent warnings posted by ESENT of database incongruities.

B. Win 10 Surface Go. Currently has Ransomware Protection disabled due to hangs cased by System Interrupt service at 98% cpu after wake from sleep/hibernate.  Also reports ESENT issue.

C. Win 8.1 currently running with older version of mwb as recommended  by forum member.

D. Win 8.1 running without mwb due to some interaction  seemingly with Nvidia card that results in video card reboots. Note that this system has a configuration issue in that, after I updated bios to address Intel chip vulnerabilities, I could not get associated chipset driver to load due to error reportedly due to Unicode incompatibility.  I have been down the rabbit hole on this with no success.

 

Please advise on how you want me to proceed, i.e., in the case of B,C and D should I load the most current version of mwb before running support tool, or get reports from systems as they are."

Thanks for your help.

Dan

[Maurice Naggar]

Good morning Dan.

Know that I have no special means to reach the Support person.  and that in general, it is best to stick your MB Tech support.

My view had been for you to make a pick as to which machine that you wanted to work on first.   Just one.  Then on that one, run the Support tool to Gather logs.  Given overall situation, I would have you pick machine C   ( with the Windows 8.1  operating system)

Also, be very attuned to the Tech Support procedures with your ticket.  We do not want to have any overstepping when you are working on a particular machine.

Sincerely.

[Maurice Naggar]

Good morning, Dan.   I hope you are doing well.

Just simply wanted to see whether your Malwarebytes is on the very latest Beta with the Component 1.0.990

because that one has good benefits, including the fix for "resolving host" browser stall.

The latest Beta announcement is here https://forums.malwarebytes.com/topic/257042-malwarebytes-41-beta/?do=findComment&comment=1395736

 

Just know, that it helps all versions of Windows   ( not just 2004 )   & that it does fix the issue you had had.

To get on the Malwarebytes Beta,  do this in Malwarebytes.   

     1.  Settings > General > Beta updates and then toggle the switch so the setting is enabled.

     2.   Scroll  back up to    Application Updates and then click the Check for Updates button. 

Follow all prompts.  All the update to proceed  & when it completes,  while still in Settings / General,  look for & click the ABOUT tab.

See what the Version and Component  numbers are

 

Please let me know if you need any other help.

Sincerely,

Maurice

[Dan964]

Hi @Maurice Naggar ..

I tried the beta.  In my experience trouble seems to manifest itself when my Surface Go wakes from sleep/hibernate.  After I installed the beta, I put the Go to sleep for a good while.  When I woke it up, I wanted to use Firefox.  It wouldn't load pages.  I switched to Edge and same problem.  I tried turning off Ransomware Protection, no help.  I then unloaded mwb and things returned to normal.

I downloaded non-beta version, I cant tell you which component and turned off Ransomware Prot.  This morning I started up the Go and it wouldn't connect to wifi.  I proceeded to unload mwb and as uninstall proceeded, wifi came up.  This correlation may not be causal.  I will run without mwb for a few days to get a baseline and then try again.

 

Ciao,

Dan

 

[Maurice Naggar]

I would suggest that we hold off on any more tries on that Surface go machine.    ( pick a different another machine to try the latest MB4 program).

On this Surface machine,  do a cleanup run as follows.

• Open your Downloads folder. 

   Right-click   mb-support-1.6.2.802  & select Run as administrator    to start the tool   & reply YES to allow to go forward. 

• When prompted by Windows, reply YES to allow the tool to go forward. 

• You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!". 

• Click the Advanced Options link. This is important. Please ensure Advanced Options is clicked. 

• Click the Clean button followed by Yes to proceed. 

• Upon completion, click OK to reboot your computer. 

• After the reboot, please wait for the program to reopen. 

• You will be presented with the option to install Malwarebytes for Windows. Click NO

 

This run should remove all traces of the Malwarebytes for windows program.

 

If I recall properly,  Microsoft knows of some issues on selected Surface machines.

That is why I suggested picking another machine that is not a Surface.

 

One other thing, since I last wrote to you,  Malwarebytes did do a official Release on the latest Component 1.0.990  just yesterday

https://forums.malwarebytes.com/topic/257102-malwarebytes-41/?do=findComment&comment=1396220

 

Edited July 23, 2020 by AdvancedSetup
corrected font issue

[Dan964]

@Maurice Naggar,

 

Other machines with problems are 8.1.  Do you recommend I try latest release on these as well??  I am now using an older version of mwb recommended by another forum member (Porthos).

 

Thanks for help,

Dan

[Maurice Naggar]

6 hours ago, Dan964 said:

Other machines with problems are 8.1.  Do you recommend I try latest release on these as well??  I

Dan

Hi Dan.

Yes.    But only just do one machine   ( until after we get that one squared away).

 

before starting in, please close all open work. Also, lets please do a Windows Restart. 

 

I also want you to watch the whole process and keep a eye out for on screen prompts, especially later on during this first run. Keep a lookout for prompts during the later phases of the run. It may ask for a Restart of Windows. If so, it is critical to reply with YES 
 
Let's perform a clean re-installation of the latest Malwarebytes for Windows version using the Malwarebytes Support Tool. This is designed to automate the clean uninstallation of the program, along with installation and activation of Malwarebytes for Windows Premium (if applicable). 
 
Malwarebytes Support Tool (MBST) Clean Reinstall 

Get / download / save the support tool

Download Malwarebytes Support Tool

 

• Open your Downloads folder. 

   Right-click   mb-support-1.6.2.802  & select Run as administrator    to start the tool   & reply YES to allow to go forward. 

 

• When prompted by Windows, reply YES to allow the tool to go forward. 

• You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!". 

• Click the Advanced Options link. This is important. Please ensure Advanced Options is clicked. 

• Click the Clean button followed by Yes to proceed. 

• Upon completion, click OK to reboot your computer. 

• After the reboot, please wait for the program to reopen. 

• You will be presented with the option to install Malwarebytes for Windows. Click Yes.  

•  

• Do have lots of patience after the Restart.   It may take a few minutes for the 2nd phase of the program to show on-screen.

 

• Installation of Malwarebytes for Windows will commence shortly after. 

• Upon completion, Malwarebytes for Windows will automatically open. 

• Note: If installation of Malwarebytes for Windows does not commence, please let me know. 

 

Then, when all is done, please lets do one final Windows Restart. 

 

If you encounter any issues during the running of the tool, please let me know. 

Please keep me advised after all this. Thank you. 

 

Sincerely, 

[Maurice Naggar]

Hi Dan.   I hope you are doing well  & enjoying the weekend.   Do you have any sort of news  /  status update  ?

[Dan964]

Hi Maurice.  I loaded MWB on the 8.1 machine that did not work well with previous version (recommended by Porthos) that I had tried.  Before loading the new MWB I installed latest Nvidia drivers as the trouble I was experiencing on this machine surfaced as video card reboots.

I am happy to report that for the past 2 days, the machine hasn't posted any errors related to the video card, or exhibited any artifacts during game play.  I was sure to try waking from sleep and jumping into game ASAP as this is when MWB starts up scan.

One other thing I did was to delay scan by 180 seconds.

I will now do update on second 8.1 machine and see how it goes.  I will report back after a few days.

I have been running Surface Go without MWB during this time and making note of what happens during wake from sleep.  I did not observe any wifi problems, but I did notice that the Surface Go seems severely taxed during restarts when many processes (including updates and a/v scans) want to do their business.  The CPU is pegged at close to 100% for a while (I didn't track the time).  When I try MWB again I will make sure scan is delayed the max 180 secs so that all startup processing can subside before the scan starts.

I'll let you know how this all turns out.

Thanks for your help.  I appreciate your attentiveness.  It makes working through this feel less like I'm shoveling sand against the tide, alone.

Ciao,

Dan

[Maurice Naggar]

Hi Dan.

Just take your time  no rush needed.   Glad to read you are doing well with   the 8.1   machine.

Just so you know - - - - the 2 most recent updates to the Malwarebytes program do have a fix for the condition where the scheduled scan would be set to start right at the time of a wake/from sleep.   That is why I always suggest having the very most latest release version.

Cheers.

[Dan964]

Hi Maurice.  I loaded new version of MWB on second 8.1 machine that had been running version recommended by Porthos with no issues.  I used the support tool to get latest version.

After installation I lost ability to connect to internet.  This machine uses wifi which indicated it was connected.  I tried 2 browsers (Firefox and Edge) and 1 service (Epic).  I tried disabling web protection.  It seemed MWB client hung as button did not update, but displayed busy icon.  Tray app indicated web protection off.  I should say I installed MWB as admin and had switched to user account.  I tried logging off then back in.  My desktop icons did not update.  I then tried to restart, but shutdown hung.  I forced shutdown.

On restart, I logged into admin account and verified web protection was off.  I tested internet and it worked.  I then turned web protection back on.  Internet still worked. I then switched to user account which seems to function normally.

So things are a bit sketchy at this point.  We'll see how it goes.

Dan

 

 

[Maurice Naggar]

Hello Dan.   Good day to you.

On this last machine, lets make time and grab a set of reports for my review.   and if you do not mind, let's make up a virtual nickname for this machine & let me know  so we don't lose focus.  ( Just a fictitious nickname that we can use as a reference handle in our discussion.)

 

I would appreciate  getting some key details from this machine.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
  
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.6.2.802.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

[Dan964]

Hi Maurice.  Logs attached.  This machine is DenPC.  I should note that things have settled down after reboot. Also, if you look at Event Viewer posted warnings, you may see a warning stating " Intel(R) Ethernet Connection (2) I219-V  Network link is disconnected".  This occurrs every wake or reboot even without mwb.

I chose to try mwb on the Surface again, making sure to reboot after install.  This may be key in setting sequence necessary to get all ducks in a row as far as wifi is concerned.  Not sure I did that on 1st install (LivingRoomPC), but that machine doesn't use wifi.  So far Surface is happy, but time will tell.

enjoy!

Dan

 

DenPC-mbst-grab-results.zip

[Maurice Naggar]

Thanks Dan,  for the Denpc  report.

Please know that on some Windows machines, it is possible for it to lose a WIFI connection.  That most of the time, if one just goes into the Network connection settings in Windows, one can usually get it reconnected.

check your PC 's wireless network adapter  properties:

1. Select the Start  button, type device manager in the search box, and then select Device Manager.
2. Expand Network adapters.
3. Look for a network adapter that might have wireless in the name.
4. Drill thru its properties

 

I have a custom script for the DENPC   Windows 8.1 Pro with Media Center.

This will run the Windows System File Checker ( SFC )  and DISM  to check the operating system.

 

The system will be rebooted after the script has run.

.

This custom script is for  Dan964  only / for this  DENPC   machine only.

 
Close and save any open work files before starting this procedure. 

I am sending a    custom Fix script which is going to be used by the FRSTENGLISH  tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE  link AS and save it directly ( as is) to the  Downloads  folder

The tool named FRSTENGLISH .exe   tool    is already on the Downloads folder
Start the Windows Explorer and then, to the Downloads folder.

RIGHT click on  FRSTENGLISH     and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

IF you get a block message from Windows about this tool......
click line More info information on that screen
and click button Run anyway on next screen.

on the FRST window:
Click the Fix button just once, and wait.

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

Please know this will do a Windows Restart.   Just let it do its thing.  

Fixlist.txt

[Dan964]

Maurice,  Please see attached fixlog file.

Note: There was a bit of confusion here stemming from behavior of the support tool.  I had run the support tool from my user account.  Windows, as expected, asked for admin privilege. When it was done the logs weren't written to my user account desktop, but to the admin desktop. I think this is because when support tool restarts its follow up processing occurred after I logged in to admin account.  Nothing happened when I logged into user account.

When I went to follow your instructions above, I logged into the admin account hoping to avoid confusion.  However, I had to get support tool exe and FRSTenglish from the user download directory.

I mention this because I looked over the script and saw these lines:

FirewallRules: [TCP Query User{6F97F2D8-6D58-4815-9437-7EC601D24BD5}C:\users\dlpalumbo\appdata\local\temp\i1476719762\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\dlpalumbo\appdata\local\temp\i1476719762\windows\resource\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{572AE6E3-A1E3-4656-BDC4-DAB5AC8A4585}C:\users\dlpalumbo\appdata\local\temp\i1476719762\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\dlpalumbo\appdata\local\temp\i1476719762\windows\resource\jre\bin\javaw.exe => No File

Note that these changes are made on my user account path, dlpalumbo, not the admin account.  I'm not sure how this might have impacted the script's run.

Here's results of chkdsk.  Error report sometimes complains of bad blocks, but they seem to be masked as they should be.  Device is an ssd.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  948480 file records processed.                                                         File verification completed.
  21613 large file records processed.                                      0 bad file records processed.                                      
Stage 2: Examining file name linkage ...
  1132240 index entries processed.                                                        Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered.                                       
Stage 3: Examining security descriptors ...
Cleaning up 135 unused index entries from index $SII of file 0x9.
Cleaning up 135 unused index entries from index $SDH of file 0x9.
Cleaning up 135 unused security descriptors.
Security descriptor verification completed.
  91881 data files processed.                                            CHKDSK is verifying Usn Journal...
  40443696 USN bytes processed.                                                            Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 468747260 KB total disk space.
 388243196 KB in 725019 files.
    500596 KB in 91882 indexes.
         0 KB in bad sectors.
   1074568 KB in use by the system.
     65536 KB occupied by the log file.
  78928900 KB available on disk.

      4096 bytes in each allocation unit.
 117186815 total allocation units on disk.
  19732225 allocation units available on disk.

Internal Info:
00 79 0e 00 45 73 0c 00 31 02 17 00 00 00 00 00  .y..Es..1.......
e2 03 00 00 e1 2c 00 00 00 00 00 00 00 00 00 00  .....,..........

Windows has finished checking your disk.
Please wait while your computer restarts.

Good hunting,

Dan

Fixlog.txt

[Maurice Naggar]

Hi Dan.

As to what account to login with during your quest on all these machines,   I just need for you to be logged in with some account that does have Administrator-level privilege.

That is one important factor.

On this last run,  I am happy to see 

Quote

Windows Resource Protection did not find any integrity violations.

As t the CHKDSK run,  the bottom line result is good.

Quote

Windows has scanned the file system and found no problems.
No further action is required.

 

Tell me,  what is the current situation at this time, on this machine   DENPC    ?

What doe we need to do on it ?

Let me suggest just one adjustment.

There is one setting in Malwarebytes that should be adjusted.     The Premium ( or trial ) protections of Malwarebytes will still be on.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 

Click the Security Tab. Scroll down to 

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

[  set to Off  ]

Close Malwarebytes when done.

 

[Dan964]

 

That's good news Maurice.  Everything seems OK on DenPC.  I have set MWB on DenPC to NOT register with Security Center.

Could you explain why I should do this?  I assume then MWB will run alongside Defender, which is good, but is this why?

Also, should I change this registration setting on other 2 machines or do you want to look into these further before I do?

Thanks for help.  Things feel normal for a change.

Dan

[Maurice Naggar]

The Windows Defender A-V  and the Malwarebytes Premium do co-exist fine.  The MB4 Premium will still be protecting your system.  Turning off its "registration in the security center" just lets Windows Defender be the only "registered" security.  You may do this on your other machines  [  though there's no need to do when you have a 3rd party named brand other than Microsoft.....i.e.  like McAfee or BitDefender or other 3rd party ]

 

I am very gratified to read this great news.         

 

What about other machines ?   Are you needing more help ?

[Dan964]

Pretty sure everything's OK.  The other 8.1 machine has been doing fine. We use it every night and its run smoothly.  The Surface hasn't had a repeat of the wifi problem.  I'm on it often to do emails, etc.  One thing I've done is to close all programs when I'm done.  This also reduces load on startup which I think helps.

So I guess we're done.  You've been a great help providing a steady hand when the ship started rocking here.

Would you mind if I alerted you if something pops up?  Would posting to this thread get your attention?

Thanks again,

Dan

[Maurice Naggar]

Hello Dan !!   That is very great news.   I am very glad to have this good news.  It has been quite a long haul, but well worth your doing  all this.

If something should occur that is unexpected or some type of glitch in the program just post that back here.

I will try to ping you after 3 days if I do not hear back from you.   I will keep this thread-topic open for you for a few days.

 

Let me also suggest that you take some time soon  & insure to do backup on all these systems.

Bravo, Dan     😁    👍🤸‍♂️🍹

[Maurice Naggar]

Good afternoon Dan.

I hope you are doing well today.    This is just to do some housekeeping cleanup on each of the machines that I had you run tools on.   No rush needed though.

To remove the FRST  tool & its work files, do this.  Go to your Downloads folder.  Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

Delete the mb-support-1.6.2.802.exe 

Delete the mbst-grab-results.zip   on the Desktop

 

Let me know in case you need anything else.

Cheers.