MBAM2 freezes when performing a Threat Scan.

[rmgalley]

A new install of MBAM2. It freezes when performing the first Threat Scan and never finishes. I can't cancel the scan, the GUI becomes unresponsive and I have to force Windows7 SP1 32-bit to close the program down. The freeze occurs when 'File system Objects:' are being scanned, and after the total objects scanned has reached about 56448. The freeze occurs when any of objects 'C:\autoexec.bat' or 'C:\pagefile.sys' or 'C:\ hiberfil.sys' or 'C:\$Recycle.Bin\S-1-5-21- ...... -1000\desktop.ini' are being scanned about 2 minutes into the scan. On one occasion I left the scan running and it was still frozen, but consuming CPU cycles, over 5 hours later.

 

I have tried disabling 'scan inside archives' and' 'heuristics' without any improvement. I tried uninstalling using dedicated uninstaller 2.0.2.0 and was surprised after rebooting my Registration Details did not need to be re-entered. Subsequently I found the HKLM\Software\Malwarebytes entry had not been deleted by the uninstaller so this did an incomplete job. I've tried all these uninstall and reinstall operations with Avast antivirus disabled.

 

As others have been requested to attach diagnostic files I created these yesterday evening and they are attached. Also screenshots of the frozen program. Any idea from this information what is going on here? In the meantime I'm back to 1.75.0.1300. Any help would be much appreciated.

FRST.txt

Addition.txt

CheckResults.txt

[John L. Galt]

Have you disabled rootkit scanning?

 

And you really should leave heuristic scanning enabled.

[AdvancedSetup]

Yes, something is causing the mbamservice to crash.
You also have the following entry in your Event Logs that needs to be corrected.
 

Error: (03/26/2014 10:12:06 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

 
Please try the following steps and let's see if it corrects your issues or not.
 
 
STEP 1
 
Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.

On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit

How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 
That should take at least 10 minutes or more to run and could potentially take hours to run.  When done please open the Event Logs and post back the results of the disk check.
 
STEP 2
 
Go into your Control Panel, Add/Remove and uninstall ALL versions of Java. 
Then run the following
 
Please download JavaRa-1.16 and save it to your computer.

• Double click to open the zip file and then select all and choose Copy.
• Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
• Quit all browsers and other running applications.
• Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location and post it in your next reply.

STEP 3
 
Please run the following and restart the computer even if not asked to.
 
Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

STEP 4

 

Please do a clean removal and reinstall of MBAM using the directions from here

MBAM Clean Removal Process
 

 

STEP 5

 

Now run a new scan with MBAM and post back the log.

 

 

[rmgalley]

Firstly thank you AdvancedSetup for the quick and detailed reply.

 

I have carried out your checklist carefully but the issue remains. Currently I have a Threat Scan started which became frozen after about 2 minutes, 55384 objects and static on C:\hiberfil.sys.

 

Screenshots and repeat diagnostic files are attached, only this time created while the scan is still in progress.

 

ChkDsk didn't find any problems. Java was uninstalled and JavaRa run.  I don't think that JavaRa or TFC cleaned out very much and I didn't need to restart the computer. I repeated the MBAM Clean Removal Process before reinstalling. I was careful to shut down all other applications, Windows Firewall and set Avast Shields Control to disabled during both uninstall and reinstall.

 

I've had a look for any other MBAM log files and one I found is attached, but I don't think it is relevant.

 

Any other ideas? I'm about to install a 64-bit version of Win7 on this PC so I could check if I have the same issue with that. I'll be taking disk images of the 32-bit installation so I can revert back at any time - but that will be for tomorrow now. Best wishes and thank you for your help.

JavaRa-28-03-2014.log

Addition 28_03_14.txt

CheckResults 28_03_14.txt

FRST 28_03_14.txt

protection-log-2014-03-28.xml

[rmgalley]

John L. Galt - in Detection Options 'Scan for rootkits' is not ticked. I temporarily disabled Heuristic scanning and 'within archives' but it made no difference.

[AdvancedSetup]

Not really sure what's causing it as even your Nvidia video driver also crashed today.   If you're going to do a clean install of Windows 7 x64 then go ahead and let me know how that works out.  I would not expect any issues from a clean install but let me know. 

[rmgalley]

Many thanks Ron.

 

I think I'll go ahead with the 64-bit version and check whether the problem occurs after a standard clean install, and again after I've configured Win7 to my personal liking. It might be a while but I'll report back my findings. Strange about the nVidia driver crash as I don't remember this occuring and the current Win7 32-bit installation is only 3 weeks old and has been very stable.

[AdvancedSetup]

Okay sounds good, let us know what you find.

 

I'll go ahead and close this topic but  you can start a new one when ready and reference this one if you like.

 

Take care