Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mmc.exe no longer works ...


  • Please log in to reply
11 replies to this topic

#1 cestpadubidon

cestpadubidon

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:belgium bxl
  • Local time:03:41 AM

Posted 24 May 2017 - 11:45 AM

Unable to run mmc.exe and all its dependent processes.
All restore points are lost
Chkdsk problem on c: solved
Chkdsk problem on d: resolved
Sfc / scannow stops at 37%
Dism / Online / Cleanup-Image / ScanHealth does not work either dont work error 193
Problems since the maj winupdate of May 9, 2017 (coincidences?)

 

thank you for your help,

 

john



BC AdBot (Login to Remove)

 


#2 unopie

unopie

  • Malware Study Hall Senior
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:09:41 PM

Posted 24 May 2017 - 12:10 PM

Describe the problem in more detail please, does it try to run at all? Error messages, hourglass, etc.

 

If you open task manager, try to run mmc.exe or other dependent program, such as regedit, does it begin to run and then stop, or just run and continue running without actually doing anything? ( Such as low memory usage or low disk usage, without bringing up anything. Think of it running dormant )

 

You describe it happened after a windows update, did you check for any other updates that might be a fix for this very problem? I know the creators update just came out.



#3 cestpadubidon

cestpadubidon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:belgium bxl
  • Local time:03:41 AM

Posted 24 May 2017 - 12:41 PM

when i run mmc.exe i receice the message error:

 

mmc.exe - image incorrect ... c:\windows\system32\mmcbase.dll n'est pas concu pour s'exécuter

sous windows ou il contient une erreur.installer a nouveau le programme...

i clic ok in the box and it is all.

 

the same occur for "gestion de disque" for event viewer..., "gestionnaire de peripheric"...

 

there is a list here of this tasks:

 

    • comexp.msc
    • certmgr.msc
    • ciadv.msc
    • compmgmt.msc
    • devmgmt.msc
    • dfrg.msc
    • diskmgmt.msc
    • eventvwr.msc
    • fsmgmt.msc
  • lusrmgr.msc
  • ntmsmgr.msc
  • ntmsoprq.msc
  • perfmon.msc
  • rsop.msc
  • secpol.msc
  • services.msc
  • wmimgmt.msc
  • gpedit.msc

MMC.exe is a core administrative process of Windows that should only be running when a related Component Obect Model – aka “snap-in” – is running.  This process is built-in to every modern version of Windows and shouldn’t be causing any problems. However, if you are not running a snap-in and see this process in the Task Manager there is a chance that it is a virus disguising itself as an otherwise legitimate service.

 

i have try also to repare win 10 pro whith a usb iso of windows!(in open windows)

it stop too after about 30%

 

at boot it is not possible to reinstall windows with my files and applic

 

then I arm myself with patience and expect a new inspiration.

 

thank

 

john



#4 cestpadubidon

cestpadubidon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:belgium bxl
  • Local time:03:41 AM

Posted 24 May 2017 - 12:58 PM

see some details in my settings also about my computer.



#5 cestpadubidon

cestpadubidon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:belgium bxl
  • Local time:03:41 AM

Posted 24 May 2017 - 01:00 PM

regedit works



#6 unopie

unopie

  • Malware Study Hall Senior
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:09:41 PM

Posted 24 May 2017 - 01:16 PM

I believe that your mmcbase.dll is corrupted.

 

You said previously that sfc /scannow wasn't working and that it stuck at 37% correct? How long did you let it run? If it is able to run it will automatically correct the corrupted file with a new copy from the dllcache already on your computer. 

 

Please try running "sfc /scannow" again with an administrator elevated command prompt (See below if you need instruction on how to elevate your command prompt) and see if it gets stuck on 37% again. If it does get stuck, wait a while as it may just be working with a larger file.

 

Following the "sfc /scannow" steps may prevent the need to manually replace the dll.

 

 

Instructions for elevating command prompt:

 

1. Find CMD in the search box on the taskbar.   97c72773b562a9adab61fc307d54a931.png

2. After searching for CMD, command prompt will pop up, right click and press "Run as Administrator"

 

 

3. You might need to confirm with UAC. Press "Yes" uac-dialogue-box1-1.png

4. Proceed with running "sfc /scannow"



#7 cestpadubidon

cestpadubidon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:belgium bxl
  • Local time:03:41 AM

Posted 24 May 2017 - 01:35 PM

Ok here is the result of sfc / scannow ,duration 10 min

 

Microsoft Windows [version 10.0.14393]
© 2016 Microsoft Corporation. Tous droits réservés.

C:\WINDOWS\system32>sfc /scannow

Début de l’analyse du système. Cette opération peut nécessiter un certain temps.

Démarrage de la phase de vérification de l’analyse du système.
La vérification 37% est terminée.

La protection des ressources Windows n’a pas réussi à effectuer l’opération demandée.


C:\WINDOWS\system32>

 

 

Beginning of system analysis. This may take some time.

Start of the system analysis verification phase.
The 37% verification is complete.

Windows resource protection failed to perform the requested operation.

C:\WINDOWS\system32>



#8 unopie

unopie

  • Malware Study Hall Senior
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:09:41 PM

Posted 24 May 2017 - 02:05 PM

Right now you are in the " Am I infected? " forums. I don't believe this is a malware problem, so this thread should be transferred to the windows 10 support forums. You will find more suited help there. ( https://www.bleepingcomputer.com/forums/f/229/windows-10-support/ )

 

Before you go however, if you wish to complete some malware scans to be completely sure, follow the steps below.

 

Malwarebytes Anti-malware scan:

 

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Reply with log copied in.

 

 

ESET online scan:   ( Warning: Takes a while)

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Press that you120o0zm.png the terms and conditions.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following, if not checkmarked already:
  • "Enable detection of potentially unsafe applications"
  • "Enable detection of suspicious applications"
  • "Scan archives"
  • "Enable Anti-Stealth technology"
Your settings should look like this picture:
cacd087c854a7a30dbaaa0373d1e260a.png
  • Click Scan to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
 
I hope you find a solution to your problem John  :thumbup2:

 



#9 cestpadubidon

cestpadubidon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:belgium bxl
  • Local time:03:41 AM

Posted 24 May 2017 - 03:34 PM

mbm.log here

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 24/05/2017
Heure de l'analyse: 21:33
Fichier journal: mbm.txt
Administrateur: Oui

-Informations du logiciel-
Version: 3.1.2.1733
Version de composants: 1.0.122
Version de pack de mise à jour: 1.0.2013
Licence: Essai

-Informations système-
Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: AZERTY\nne

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 553799
Menaces détectées: 16
Menaces mises en quarantaine: 0
(Aucun élément malveillant détecté)
Temps écoulé: 33 min, 35 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 7
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{26754596-76F0-4516-9816-AA796AEC2CF0}, Aucune action de l'utilisateur, [2094], [366056],1.0.2013
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9D34805A-2685-4D5F-8ADD-735BCE20E4E1}, Aucune action de l'utilisateur, [2094], [366056],1.0.2013
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Health Advisor, Aucune action de l'utilisateur, [2094], [366055],1.0.2013
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Health Advisor Defrag, Aucune action de l'utilisateur, [2094], [366055],1.0.2013
PUP.Optional.ParetoLogic, HKU\S-1-5-21-1315751904-1439911886-537610384-1001\SOFTWARE\PARETOLOGIC\PC Health Advisor, Aucune action de l'utilisateur, [2094], [366347],1.0.2013
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\WOW6432NODE\BDSERVICES\APPS\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}, Aucune action de l'utilisateur, [2094], [366345],1.0.2013
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\WOW6432NODE\PARETOLOGIC\PC Health Advisor, Aucune action de l'utilisateur, [2094], [366346],1.0.2013

Valeur du registre: 2
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{26754596-76F0-4516-9816-AA796AEC2CF0}|PATH, Aucune action de l'utilisateur, [2094], [366056],1.0.2013
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9D34805A-2685-4D5F-8ADD-735BCE20E4E1}|PATH, Aucune action de l'utilisateur, [2094], [366056],1.0.2013

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 1
PUP.Optional.ParetoLogic, C:\USERS\NNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PARETOLOGIC\PC HEALTH ADVISOR, Aucune action de l'utilisateur, [2094], [366051],1.0.2013

Fichier: 6
PUP.Optional.ParetoLogic, C:\USERS\NNE\DESKTOP\PARETOLOGIC PC HEALTH ADVISOR_FR.EXE, Aucune action de l'utilisateur, [2094], [366058],1.0.2013
PUP.Optional.ParetoLogic, C:\WINDOWS\TASKS\PC HEALTH ADVISOR DEFRAG.JOB, Aucune action de l'utilisateur, [2094], [366053],1.0.2013
PUP.Optional.ParetoLogic, C:\WINDOWS\TASKS\PC HEALTH ADVISOR.JOB, Aucune action de l'utilisateur, [2094], [366053],1.0.2013
PUP.Optional.ParetoLogic, C:\WINDOWS\SYSTEM32\TASKS\PC HEALTH ADVISOR, Aucune action de l'utilisateur, [2094], [366054],1.0.2013
PUP.Optional.ParetoLogic, C:\WINDOWS\SYSTEM32\TASKS\PC HEALTH ADVISOR DEFRAG, Aucune action de l'utilisateur, [2094], [366054],1.0.2013
PUP.Optional.ParetoLogic, C:\Users\nne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic\PC Health Advisor\ParetoLogic PC Health Advisor.lnk, Aucune action de l'utilisateur, [2094], [366051],1.0.2013

Secteur physique: 0
(Aucun élément malveillant détecté)


(end)

 

and i am busy with eset

 

thank you Unopie



#10 cestpadubidon

cestpadubidon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:belgium bxl
  • Local time:03:41 AM

Posted 25 May 2017 - 06:33 AM

here is for eset online

C:\Documents and Settings\nne\AppData\Local\Mozilla\Firefox\Profiles\lhr2ywym.default-1478603572400\cache2\entries\BB6BA7A654BECBB4488D868083832C0CA387F960    JS/Adware.Imali.A application
C:\Users\nne\AppData\Local\Mozilla\Firefox\Profiles\lhr2ywym.default-1478603572400\cache2\entries\BB6BA7A654BECBB4488D868083832C0CA387F960    JS/Adware.Imali.A application
 

and there is others on external disk.

 

great thank

 

john



#11 unopie

unopie

  • Malware Study Hall Senior
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:09:41 PM

Posted 25 May 2017 - 10:04 AM

Yep, nothing picked up that signals a serious malware infection, however one of the pups it picked up, Pc-Health-Advisor, is a registry cleaner. 

 

Please read this post on why not to use registry cleaners: https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2853053

 

Did you happen to make any backups to the registry before cleaning with this tool?



#12 cestpadubidon

cestpadubidon
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:belgium bxl
  • Local time:03:41 AM

Posted 25 May 2017 - 01:08 PM

i have a all.reg by winutilities from 18/05/2017

i have also a great number of little *.reg but not for ParetoLogic

i think i had always restore points!...

sorry ...

but no stress

 

again thank... i prepare (i try) a usb or iso with the good windows version

 

john


i have a all.reg by winutilities from 18/05/2017

i have also a great number of little *.reg but not for ParetoLogic

i think i had always restore points!...

sorry ...

but no stress

 

again thank... i prepare (i try) a usb or iso with the good windows version

 

john






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users