Jump to content

XP system slow when MBAM installed


Recommended Posts

Hello, I own a small computer shop and have sold hundreds of MBAM boxed copies and had very little issues until now. When mbam is installed the user log on is very slow. Especially when switching users. On all the systems we work on we also install microsoft security essentials. So far I have tries adding mbam directory and process to ignore list in mse. I have tried disabling website blocking. The only thing that makes this machine run right is uninstalling mbam but that is not a solution. I have done my regular forum searching and googling to no avail. Hopefully someone here can help.

Thanks.

Link to post
Share on other sites

Hello and welcome, zstray: :)

Sorry you're having issues with this one XP rig.

Your MBAM reseller's license entitles you to direct assistance from the corporate support team. :)

Please contact them HERE and they will help you fix this.

Please make sure you have malwarebytes.org and salesforce.com in your Safe Sender list in your email program.

Thank you very much,

daledoc1

Link to post
Share on other sites

  • Root Admin

Hi zstray

Please go ahead and do the following and we'll take a look to see what we can find.

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please DO NOT copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

Then next run this scanner as well and attach back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Thank you

Link to post
Share on other sites

  • Root Admin

Well you have a couple of issues that need to be cleaned up here.

You appear to be running the SVCHOST and SERVICES under a compatibility mode which is not good as it can affect everything on the box.

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\services.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\Program Files\AVG\AVG10\Notification\XobniMiniAVGSetup.exe

The Event Logs also show that Microsoft MSE is having issues updating.

The logs also show an AVG entry yet no other real signs of AVG you also appear to have a Lavasoft Ad-Aware driver loaded but no sign of the softwware installed.

==== Event Viewer Messages From Past Week ========

.

1/4/2013 6:13:13 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

1/4/2013 5:55:34 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2908.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

.

==== End Of File ===========================

Please do the following.

STEP 1

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected.

    [*]Click on OK

    [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 2

Please create a new System Restore Point for your computer.

You can see the following article if you need assistance on how to do that.

How to set a system restore point in Windows XP

STEP 3

Click on START - RUN and type in REGEDIT.EXE and browse to this key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

Locate these 2 entries and then right click on each and choose DELETE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\services.exe

Then browse to this key

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

Locate this entry and right click and choose DELETE

C:\Program Files\AVG\AVG10\Notification\XobniMiniAVGSetup.exe

STEP 4

Click on START - RUN and type in CMD.EXE and click OK

Then in the DOS console type the following and press the Enter key.

You should get a success message, if not let me know.

SC DELETE Lbd

STEP 5

Please download this removal tool from AVG and save it to your ocmputer.

Then close all applications and browsers and run the tool and reboot the computer when done.

STEP 6

Please make sure you have your license activation key for Malwarebytes before running this process as it will remove your license from the computer.

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
      You can also look up your ID and Key from the Registry and copy and paste it to a Notepad document before running the mbam-clean utility.
      Location for Windows x86

      HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

      Location for Windows x64

      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

      If you cannot locate your registration in the Registry and no longer have access to your order number you can contact Cleverbridge to obtain information about your order and registration information.
      Cleverbridge customer service
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

STEP 7

After restarting the computer again with the MBAM CLEAN process and the updating Malwarebytes please reboot the computer one more time and check for updates in MBAM again.

Then run a Quick Scan and post back that log file.

STEP 8

Let us know how the computer is running now.

Thanks

Link to post
Share on other sites

  • Root Admin

Please run MBAM CHECK tool again with MBAM installed and send back the new log.

Then run this tool as well.

Please download MiniToolBox, save it to your desktop and run it.

http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Checkmark the following checkboxes:

Flush DNS

Report IE Proxy Settings

Reset IE Proxy Settings

Report FF Proxy Settings

Reset FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices

List Users, Partitions and Memory size.

List Minidump Files

Click Go and attch back the Result.txt.

A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.