Argh. I need help.
I am typing this from safe mode. My computer is messed up after trying to update my MBAM PRO to the new 2.0 version.
I followed your instructions, Corinne, in this topic:
http://www.landzdown.com/computer-problems-questions-and-solutions!/malwarebytes-pro-question/
Here's the sequence:
-- downloaded MBAM 2 installer
-- downloaded the MBAM cleaner.exe recommended
-- uninstalled MBAM from the add/remove programs panel
--remembered I was to make a restore point. made one. (should have done that first, but figured I was ok because I had a system generated restore point from the previous day)
-- restarted computer. Encountered first problem. Desktop loaded, but taskbar links never became available (hourglass icon only)
--restarted again. This time everything came back but very slowly. But since I could access the internet, I checked the topics to make sure I had followed instructions and then ran the MBAM cleaner and rebooted, hoping it would clear up any issues caused by the uninstall.
--rebooted after running the cleaner. Disaster. Desktop loaded but never became useable.
--shut down using the button on the tower. No change.
--decided to do a system restore via Safe Mode to yesterday.
--system restore failed. Resolved to a blank blue screen with a cursor.
--tried system restore again. when safe mode opened, there was a system restore message stating that the system could not be restored to that date. Trying again, I chose the restore point set up today. Same result.
-- brought up Safe Mode again and ran system with "last known good settings"
this brought me to the desktop right after uninstalling MBAM. However, although I could call up programs, nothing was connecting to the internet.
--rebooted a couple times via the start button to see if that would resolve. It did not.
--I reinstalled MBAM 1.75 in hopes that that might rectify things. It did not.
--restarted in Safe Mode with Networking. This time, I can access the internet. This is my current configuration. As far as I can tell, everything is functional in safe mode.
I guess I was greedy that I wanted the extra protection from the new MBAM version. I am now very sorry I tried the update. I need help to know what to do next to at least get my system back to working condition again. (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fz4.ifrm.com%2F12415%2F42%2F0%2Fp1072668%2FhelpgreenbubbleGray.gif&hash=6bf384dcaa1eb3055ad8b180511cfe13c1a9e462)
I've been meaning to ask about running disk check, as I don't believe its been done on this machine for a couple of years, but I didn't want to do that until I checked in with you guys and got your wisdom on how to fix this.
I will be awaiting your reply. I do have my little Nexus7 that I can use to access this message board if I lose the ability on my regular machine. Specs in my signature are up to date.
As I mentioned in one of the other MBAM v2 topics, a very experienced forum friend from another site tried twice on two different Windows XP computers without success.
With having to recently replace one computer in the family, I know you need to hold off on a new computer for yourself so let's see what we can do. Let's see if you can find an earlier full restore point rather than a "Scheduled Checkpoint" that works by booting to safe mode with the command prompt. Before doing anything, create a restore point, naming it something SafeMode Networking, so if all else fails, you'll be able to get to this point again.
To start System Restore using the Command prompt, follow these steps:
- Restart your computer, and then press and hold F8 during the initial startup to start your computer in safe mode with a Command prompt.
- Use the arrow keys to select the Safe mode with a Command prompt option.
- If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER.
- Log on as an administrator or with an account that has administrator credentials.
- At the command prompt, type %systemroot%\system32\restore\rstrui.exe, and then press ENTER.
- Click "Choose a different restore point" and click "Next".
- When the restore points load, look for a full restore point that is before the changes were made to your computer.
- Click "Yes" in the confirmation message that appears.
- Do not interfere with your computer during the operation. Your computer will automatically restart to complete the restore
I cannot create a system restore point in safe mode. I am not given the option.
I'm sorry if I read your post wrong, but it seemed like you said I could try the upgrade if I had the installation file for 1.75 that I could use if it didn't work. I didn't interpret it to mean it was a bad idea to try. :(
I seem to remember that I had a failure the last time I tried a system restore. I don't know if it could be related or not. It was quite a while ago.
Since I can't create a point, shall I proceed anyway?
(I may be asking for help to install Linux next!)
Hmmm, well, a previous failure of using SR could be why you had a problem this time. Yes, see if you can get to a full restore point prior prior to uninstalling 1.75. (Fingers crossed.)
I did the reboot to safe mode with command prompt and tried a restore point that I had created myself on April 8.
It was not successful. I got the same blank blue screen with only a cursor after windows loaded (right after you get the error message that some tasks in the task scheduler have not completed).
However, I was able to return to Safe Mode with Networking and am typing from my computer.
What is the next step?
The thing you need to keep in mind with Check Disk is that any repairs made using Check Disk cannot be undone. It would be better to run System File Checker (sfc /scannow) but, unlike the newer operating systems, with Windows XP, it generally prompts for the Windows XP CD. See Windows XP: Using the System File Checker Tool - HelpWithWindows.com (http://www.helpwithwindows.com/WindowsXP/howto-24.html).
If you cannot get SFC to to work, it is advisable to back up critical data before you begin Check Disk. Since you said it has been a while since you ran Check Disk, you may find this helpful: CHKDSK - How to run in Windows XP - Windows Made Easy - XP (http://forums.whatthetech.com/index.php?showtopic=102348).
Alternatively, as a licensed customer, you could also submit a ticket. Use the "Contact Us" link from http://www.malwarebytes.org/support/consumer/. Include a link to this thread to show what you have done thus far.
I do have a copy of the Windows XP Pro disk that the tech that installed it gave me.
Should I go ahead and try the System File Checker? There are no numbers on the CD, just that it is Win XP Pro. What will happen if I run System file checker and it doesn't like the CD I was provided? (It took me like a year to finally get it from him. It better be good.... ^_^ )
Also, so you know---for some reason, my tablet is not connecting to the wifi network for some reason, so if I lose access to my safe mode connections, it could be tomorrow before I can get back on. (After pastywhiteguy figures out whats wrong with it. )
If you can try SFC first, it would be a good start. If it doesn't work, you'll need to decide on running chkdsk.
Take your time. It is getting late now anyway and you want to be fresh. You may need to connect rather than using WiFi.
I'll be out much of the morning tomorrow.
Just tried to run sfc. I was able to type the command in the Run box, but when I clicked OK, the box disappeared and nothing else came up.
Maybe you can't do that in safe mode?
If not, I guess I will move on to chkdsk.
I remember that it took like 5 hours to run the last time. Is it something you have to be around to answer prompts for? I can't remember if I had to do anything or not.
I read up on chkdsk and plan to run it in the morning. I was thinking about things, and I remember that I tried to delete a folder from an old drive the last time I could not access windows. Running checkdisk did fix it.the problem with Windows. The tech told me that my action had nothing to do with the glitch/// it was just coincidental. It seems this might be similar in that removing MBAM might not be the reason for the malfunction.
This is just about the removal. I never got to the part where I tried to install the new version.
Yes, it indeed could be a coincidence and has nothing to do with MBAM. It could be bad sectors in the hard drive that chkdsk may be able to repair or it could be hardware failure. Have you run chkdsk yet? If that or a Repair Install Windows (Windows XP) (http://www.sysnative.com/forums/windows-xp-tutorials/3914-repair-install-windows-windows-windows-xp.html) aren't successful, you could try a Linux Live CD. Here's a list of Linux LiveCDs (http://en.wikipedia.org/wiki/Comparison_of_Linux_distributions#Live_media). Linux Mint and Puppy Linux are popular choices.
Removed MBAM via safe mode. Ran chkdsk. Result was Volume C was clean. Reboot produced a partial desktop and a frozen task bar with no Start menu function.
Restarted via power button.
Frozen again. On second restart, had desktop back. Was able to run system file checker from START menu. It ran but seemed that the requested XP disc just spun multiple times. The progress bar never showed any progress. After about 30min of cycling, the popup disappeared.
MSE said it was off . So I opened the console & turned it on. Was fine until I asked it to update definitions. Froze mid update.
This makes me think that MSE may have gotten corrupted when I uninstalled MBAM the first time.
I have my desktop use able at the moment. MSE is on.
I do have the installer for MSE. What should I do next?
It could also be related to an MSE update that Winchester73 pointed me to for a different reason. However, the timing seems to fit since you also had a BSOD: Microsoft Security Essentials error stutters Windows XP systems (http://www.techienews.co.uk/979984/microsoft-security-essentials-error-stutters-windows-xp-systems/).
This MSE issue arose on the 16th, same date as your problem :rolleyes:
You might wish to review this: http://support.microsoft.com/kb/971606
On the XP computer I was fixing, I had to boot into safe mode with networking, then manually type http://go.microsoft.com/fwlink/?LinkID=87342 into the address bar to download the 32-bit definition file. Things were normal upon reboot.
Things seem to be loading, but very slowly.
Monitor went to sleep. When I woke it, taskbar was only displaying in slices. On next wake up was normal again. I haven't tried to use internet yet. Awaiting instructions.
Sorry for terseness. Using tablet to post here.
(I am reading the above two responses, but I don't understand what I should do yet...
If you can right-click on the red MSE icon at the lower right of your screen, and then "open", go to the update date and click on the update button. The computer I was working on wouldn't respond to commands, so we had to do it via the method I posted above ...
Your issue may be unrelated but it is certainly worth making sure MSE is updated to the latest 1.171.148.0 definition file.
Winchester, I love you! (And I love you Corinne for consulting with him about it! haha)
When I rebooted after trying to update MSE and having it freeze everything, I find that the update did indeed process.
MSE is showing my defnitions version as 1.71.148.0
Do I understand this to mean that includes the fix?
I'm typing from my real machine now, btw....yay!
Yes, that includes the fix. (We all love Winchester73! He was my first mentor and is always there when needed. :wub: )
The fix was actually put in a couple updates earlier, but "yes" you should now be fixed and OK.
I'd recommend a complete shut down of your computer, then power it back up (not a re-start, you want the POST provided by a cold boot). Don't touch any keys (even to close the MSE nag screen about XP) until after the hard drive stops doing its thing and the light goes out. Then click away, open things, close things, see if everything works "normally" again ...
Quote from: Corrine on April 17, 2014, 07:57:01 PM
(We all love Winchester73! He was my first mentor and is always there when needed. :wub: )
:hallo:
The pupil has become the master :rose:
You guys are brilliant.
I've just done the cold restart of the computer, and everything seems fine so far. I'm going to surf around a while and use stuff before trying to reinstall MBAM again.
This is one of those "things are not as they seem" situations. So it turns out the problem wasn't the MBAM uninstall at all...it was the MSE messed up update that installed on the reboot AFTER the MBAM uninstall that showed up the problem.
Great detective work, guys!
I guess I am not going to try to upgrade MBAM now. This was SO stressful! I will just reinstall version 1.75 and be happy.
I was all gearing up to start figuring out how to move to Linux immediately. Now I can take my time.
My last questions related to this thread; Is my problem with system restore something to check out? Is it normal that dskcheck said volume is clean (after several years of not being run), and system file checker produced no report?
I do use CC cleaner nearly everyday to clean up temporary files and such.
I went looking for logs from your computer to find out when the system was installed and see it was almost 6 years ago:
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2008 6:38:09 PM
I see it was in that thread (http://www.landzdown.com/analysis-and-malware-removal/malware-has-hijacked-my-home-page-help-please/15/) in December that you had a problem with System Restore. I'm afraid it is a symptom of the age of the computer. A Repair Install may fix it but no guarantee. It may help to reinstall SR. Instructions are available at How to reinstall System Restore in Windows XP? (http://windowsxp.mvps.org/repairsr.htm). Do note the caution at the top that indicates that the procedure will remove all the existing System Restore points, and resets the System Restore drive monitoring options to defaults.
Please don't use the registry cleaner portion of CCleaner --just temp files and unwanted cookies.
Quote from: pastywhitegurl on April 17, 2014, 08:29:20 PM
Is it normal that dskcheck said volume is clean (after several years of not being run), and system file checker produced no report?
I do use CC cleaner nearly everyday to clean up temporary files and such.
If you have the Windows Log Files button ticked in Windows/System, CCleaner is removing the SFC log when it cleans.
The only thing I have CC cleaner remove from windows system are:
Temporary Files
Memory dumps
Old Prefetch data
Should any of those be left unremoved?
Nothing is checked on the Registry cleaner options.
QuoteA Repair Install may fix it but no guarantee. It may help to reinstall SR.
Is that two different things? (repair install < > reinstall SR )
Yes, two different things. I posted the link with the instructions for a Repair Install prior to learning about the MSE issue from Winchester73. The reinstall of System Restore from my last reply is just that alone.
At this point, it is up to you if you want to try the reinstall of SR. It "might" solve the problem but it might not. The instructions are "legitimate", posted by Ramesh Srinivasan, a former Microsoft MVP.
Until you are in a position to replace it, keep in mind that you are nursing this old computer. Keep the browser and Flash Player updated. Avoid installing any new programs -- if really needed, see if your husband will install on his computer. :)
I might try The system Restore reinstall. It seems pretty major not to have restore capability. There is a version that is one line you paste into the Run console, so that seems pretty stupid proof to me, and something I can't mess up easily.
The only program I wish to add is to re-install MBAM Pro. I won't try the new version.
As I recall, I didn't turn MSE off to install MBAM before, but I will turn MSE off this time just to be safe. Or are you recommending against even adding that back?
No, reinstall MBAM Pro 1.75. Why would you need to turn off MSE when you reinstall it? The problem wasn't that MSE was running, rather that the reboot took place after the bad MSE update. If the MSE definitions had updated to the new/good update before you restarted, you wouldn't have run into the problems you had.
Ok. Will do. :)
Thanks.
I find it interesting that MS bothered to fix this problem actually. Maybe the fact that they are selling support to the IRS and to the UK means us peon users will get some peripheral fixes here and there as well.
MBAM PRO 1.75 installation successful and updated. First scan run successfully.
Strangely, even though I used the removal tool after uninstalling it the first time, it has remembered my license credentials and settings. The quarantine list was still there too. I just had to turn the real protection back on. So that seemed rather weird. I was expecting to have to re-enter everything.
I may wait until next week to try the system restore re-install when I will have more time to deal with it if something goes wrong.
o, on the last reboot, WinPatrol said this program wants to run at startup now:
dumpprep 0 -u
DH looked it up on bleeping computer and found something that said it was a windows function so I allowed it.
I checked the extra plus info, but there was no information on it from WinPatrol.
Could someone please confirm its innocuousness to me? If it is an ok file, can you tell me if it needs to be in the start up or not?
I don't want to do any restarts on my computer until I find out for sure.
Screenshot attached:
Just a reminder to make sure you have the necessary exclusions set as MSE and Mbam 1.75 can cause system freezes on XP
Follow instructions here post no9 = https://forums.malwarebytes.org/index.php?showtopic=10138&page=1&#entry181018
Quotedumpprep 0 -u
I'm assuming you meant dumprep, which is XP's built-in fault logging software. If a serious error is encountered, Dumprep.exe writes the details to a text file and prompts you to send the error information to Microsoft.
The -u indicates it is a user fault check.
It is started automatically via Run, RunOnce, RunServices, or RunServicesOnce entries.
You might re-start your computer and see if it clears out.
You also might wish to give your system a day or so to sort itself out before updating, installing, deleting, etc ...
ah. ok. thanks for that information on the start up file.
So, it seems likely I don't need that program at all, since MS is no longer supporting XP?
On the exclusions for MBAM and MSE... I've been running them both for a long time and had no problems with freezes. Although I just started using the MBAM PRO version a week ago, so maybe the problem doesn't show up right away. I'll get those exclusions set up. Thanks. I had read about that but since I wasn't having a problem, hadn't done it yet.
Your correct in that it is only a problem with the pro version
Quote from: pastywhitegurl on April 18, 2014, 03:30:46 PM
So, it seems likely I don't need that program at all, since MS is no longer supporting XP?
Well, MS might not be interested in the dump, but it might be useful for someone else looking to diagnosis a problem. It is not a required program, and the choice is yours whether to disable it or not (I presume you are not asking about removing, deleting, uninstalling, etc).
Should you choose to, you can disable it ... right click on My Computer, select Properties and then Advanced. Startup and Recovery has a settings button, click on it and find "Write debugging information". Click on the down arrow and select "None", then "OK" your way out.
No, not looking to uninstall it. Basically, just try to keep unnecessary programs out of the start up list so that boot times are not extended. But if this only runs when there is a crash or failure, then its probably not any kind of issue for startup.
I've also removed the memory dumps from the clean list on CC Cleaner, now that I know what they are for. I'm now only removing temporary files and unneeded cookies.
Microsoft explanation on what happened: Antimalware Engine 1.1.10502.0 was released to customers on 17 April 2014 - Antimalware Engine Notifications - Site Home - TechNet Blogs (http://blogs.technet.com/b/enginenotifications/archive/2014/04/17/antimalware-engine-1-1-10502-0-was-released-to-customers-on-17-april-2014.aspx)