Conflict with ESET Smart Security 6

[Blue_Yoshi]

Hello!

I am having an issue with ESET Smart Security 6 (6.0.316.0) and Malwarebytes PRO (1.75.0.1300). I am running Windows 7 Ultimate x64.

I have purchased 3 licenses for Malwarebytes PRO a few days ago and today I finally got the chance to install and activate my license but only to be disappointed.

My problem is whenever I startup my computer my computer locks up at "Welcome" and I am forced to hold the power button and force it to shut down.

I tried adding exclusions on both programs and no go. This is a clean install of Windows 7 Ultimate x64, only thing installed other than Windows is both ESET and Malwarebytes.

I have tried several things to try and troubleshoot the problem but it locks up every time, however, I only found one solution for them to play nice and not cause my computer to lock up which is to set the MBAMService to (Automatic Delayed Start).

When I do this, the computer loads up just fine followed by Malwarebytes a few minutes later. The issue is I would love Malwarebytes to start up along with ESET so this is kind of disappointing to me, and it is an obvious conflict between the two.

I have experienced this same issue on my other laptop as well, so that counts out the idea of being just this computer.

Sorry for my huge post, I love both Malwarebytes PRO and ESET and I don't want to drop any of them, is there anyway this issue can be looked into?

I can live with the Delayed Start with Malwarebytes, but, having it load at startup with ESET would be nice though.

I figured I would post and hope maybe the developers can look into it. Thank you very much for your time, you guys make a great product!

[DarkSnakeKobra]

Here's the exclusions list in case you missed anything.

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\drivers\mbam.sys

[Firefox]

Lets go with these to make sure....

For 64 bit versions of Windows Vista or Windows 7 & 8:

• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
  

[Blue_Yoshi]

Thanks for the responses guys!

I told both ESET and Malwarebytes to ignore the entire folder of each other, however, DarkSnakeKobra, I didn't know about the mbam.sys file so I will try that now, I just hope it works and it doesn't lock up again, I am going to put Malwarebytes service back on Auto again to test it.

I will report back with the results.

[Blue_Yoshi]

Hi again, reporting back.

I have added everything you guys suggested to ESET's exclusion list, restarted, and it all was in vain, it locked up.

There is something going on somewhere between ESET and Malwarebytes, and exclusions are not helping at all. Only way to overcome this is keeping Malwarebytes on Delayed Start.

There is absolutely nothing else in the startup list other then ESET and my mousepad drivers. I even tried turning off the mousepad drivers and it still locks up, with ESET and Malwarebytes being the only two programs starting at startup.

Hopefully someday, in a later build, this will be resolved, as for the time being, like I said, I will live with it being on delayed start.

I just hope this issue doesn't extend longer than that, what I mean by that is like if one of them finds a threat in the future and the computer crashes because they are conflicting behind the scenes somewhere.

Malwarebytes was always there as a on demand scanner in the past but I decided to go PRO and now I am running into issues.

Thanks DarkSnakeKobra and Firefox for your help, it is appreciated.

[ilija10]

Hi Blue_Yoshi. Yes problem with eset start on release of 6 version. Eset told us i think on they forums that they will look in to problem but they didn't do nothing on fix problem unfortunately. Some of guys on forum told that you can use malwarebytes but free version without "protection", or your "Automatic Delayed Start", or delete malwarebytes but that sucks if you have paid version both of them. What i did i uninstall eset antivirus 6 and install last good version that is eset antivirus 5.2.15.1 and it works great with malwarebytes no lock up or forced to delaye startup.

Ilija

[DarkSnakeKobra]

There must be something going on early into the starting process. Even if it's on Delayed Start you won't have any decrease in protection it just will start up later once most processes are started and other routines finished. This was the default setting in the past so it shouldn't cause any issues.

You're welcome! Hopefully this gets resolved in the future.

[Blue_Yoshi]

Other than the start up issue, everything else is running smooth. It only takes about a minute or so after everything else loads before Malwarebytes loads up but hey thats fine by me. As long as I can still use the PRO version that is fine, but, hopefully someday, the start up issue will be resolved.

I just figured I would post something here about it and thought maybe it could be looked into, I am not blaming ESET or Malwarebytes as I know stuff happens and it is what it is.

Both are great security software and I intend on keeping both.

Thanks very much everyone for all the help, I appreciate it.

[exile360]

Thanks for reporting this. I've asked our Quality Assurance team to look into it. Hopefully we can replicate it and then get it corrected if there's anything that we can do on our end to do so. Otherwise, if a fix is needed from ESET, then I hope they're speedy to find and fix it.

[Blue_Yoshi]

Thank you very much exile360!

Wow you guys are awesome here! Not only do you guys respond quick but you guys also act quick!

If it helps exile360, I have some settings cranked up in ESET, I have "Runtime Packers" checked and "Advanced Heuristics" checked and everything set to "Strict Cleaning". Also have all the extra stuff checked like "Detection of potentially unwanted applications".

I don't know if that will help or not, but, just incase you can't reproduce it on default settings, knowing my luck.

Thanks again!

[exile360]

It may help, thanks for the additional info .

Also, in a future release (ETA unknown at this time) we actually plan to implement an option allowing users to set a delay for the startup of the protection module in Malwarebytes Anti-Malware, thus enabling users to configure it to startup with a delay when needed for compatibility. It's also adjustable so the delay may be shorter or longer depending on what's needed for compatibility.

That being said, the goal is always to simply eliminate these compatibility issues when they emerge so that no additional steps are needed on the part of the user, so hopefully that will be the case with this issue.

[Blue_Yoshi]

Thanks again exile360!

Oh nice! I will keep an eye out for that in a future release.

Thats why I wanted to say something here about it, there may be others out there that use ESET also and are having similar issues but the only way it can get resolved is to let the developers for both ESET and Malwarebytes know.

I thought maybe there was a setting off somewhere but I tried everything with no luck, I understand things happen so I can live with a delayed start.

Like I said though, other than the startup issue, everything is peachy keen between the two after Malwarebytes loads in.

Thanks a million exile360 for passing this along and helping out a happy customer, I appreciate it!

[malicide]

Hello Blue_Yoshi, thank you for bringing this to our attention. Unfortunately I haven't been able to recreate the issue.

Did you update windows after you installed your OS or did you immediately install ESET and Malwarebytes?

Could you please download DDS from Here or Here and save it to your desktop.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt

Attach.txt

Post both logs here.

[Blue_Yoshi]

Hello malicide!

I first installed a fresh clean install of Windows 7 Ultimate x64. After that I first install all necessary drivers example, Video driver, Sound driver, etc.

I then download all updates before installing any extra software such as Malwarebytes, ESET, iTunes etc.

I download all security updates and well as regular Windows updates. I don't download or install the language packs or extra stuff like Bing Desktop.

After this post I will go get you the logs and post back. Thank you malicide!

[Blue_Yoshi]

Here are my Logs.

DDS LOG

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer:

Run by Adam Michael Speck at 16:47:10 on 2013-06-06

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4044.2424 [GMT -4:00]

.

AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\KeePass Password Safe\KeePass.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

uPolicies-Explorer: NoLogoff = dword:1

uPolicies-Explorer: NoPublishingWizard = dword:1

uPolicies-Explorer: NoWebServices = dword:1

uPolicies-Explorer: NoOnlinePrintsWizard = dword:1

uPolicies-Explorer: DontSetAutoplayCheckbox = dword:1

uPolicies-Explorer: NoAutorun = dword:1

uPolicies-Explorer: NoInplaceSharing = dword:1

uPolicies-Explorer: ClearRecentProgForNewUserInStartMenu = dword:1

uPolicies-Explorer: NoResolveTrack = dword:1

uPolicies-Explorer: NoSearchCommInStartMenu = dword:1

uPolicies-Explorer: NoSearchFilesInStartMenu = dword:1

uPolicies-Explorer: NoSearchInternetInStartMenu = dword:1

uPolicies-Explorer: NoSearchProgramsInStartMenu = dword:1

uPolicies-Explorer: MaxRecentDocs = dword:0

uPolicies-Explorer: NoThumbnailCache = dword:1

uPolicies-System: DisableChangePassword = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoPublishingWizard = dword:1

mPolicies-Explorer: NoWebServices = dword:1

mPolicies-Explorer: NoOnlinePrintsWizard = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: DontSetAutoplayCheckbox = dword:1

mPolicies-Explorer: NoAutorun = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:1

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: dontdisplaylastusername = dword:1

mPolicies-System: FilterAdministratorToken = dword:1

mPolicies-System: DontDisplayLockedUserId = dword:3

mPolicies-System: DisableShutdownNamedPipe = dword:1

TCP: NameServer = 8.8.8.8 8.8.4.4 208.67.222.222 192.168.139.207

TCP: Interfaces\{377BC5EB-60B5-4B29-B879-A9CACF96FB08} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{377BC5EB-60B5-4B29-B879-A9CACF96FB08} : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222 192.168.139.207

TCP: Interfaces\{BA211EFB-3DDF-4A13-AB89-DD8383CD6494} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{BA211EFB-3DDF-4A13-AB89-DD8383CD6494} : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222 192.168.139.207

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe

x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-2-20 58416]

R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-1-10 59440]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-3 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-3 701512]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-3 25928]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-6-3 340072]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2013-6-3 12032]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-3 19456]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-3 425064]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-6-3 29696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-3 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-3 30208]

S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-3 1255736]

S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-6-3 13336]

S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-6-3 2429544]

S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-3 2656280]

.

=============== File Associations ===============

.

FileExt: .txt: soffice.StarWriterDocument.6="C:\Program Files (x86)\LibreOffice 4.0\program\swriter.exe" -o "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-06-06 19:48:56 -------- d-----w- C:\Program Files\iPod

2013-06-06 19:48:55 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-06-06 19:48:55 -------- d-----w- C:\Program Files\iTunes

2013-06-06 19:48:55 -------- d-----w- C:\Program Files (x86)\iTunes

2013-06-03 22:08:02 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Roaming\ESET

2013-06-03 22:08:02 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Local\ESET

2013-06-03 22:05:53 -------- d-----w- C:\Program Files\ESET

2013-06-03 21:54:12 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Roaming\Malwarebytes

2013-06-03 21:54:10 -------- d-----w- C:\ProgramData\Malwarebytes

2013-06-03 21:54:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-03 21:54:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-03 21:50:47 -------- d-----w- C:\Program Files\CCleaner

2013-06-03 21:46:13 -------- d-----w- C:\Program Files\Defraggler

2013-06-03 21:40:44 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-06-03 21:07:59 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Local\Apple Computer

2013-06-03 21:07:52 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-06-03 21:06:59 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Local\Apple

2013-06-03 21:06:41 -------- d-----w- C:\Program Files\Bonjour

2013-06-03 21:06:41 -------- d-----w- C:\Program Files (x86)\Bonjour

2013-06-03 21:02:42 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Roaming\KeePass

2013-06-03 20:54:50 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe

2013-06-03 20:54:40 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Local\Programs

2013-06-03 20:49:59 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Roaming\LibreOffice

2013-06-03 20:48:45 -------- d-----w- C:\Program Files (x86)\LibreOffice 4.0

2013-06-03 20:32:08 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Local\Google

2013-06-03 20:31:50 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Local\Deployment

2013-06-03 20:31:50 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Local\Apps

2013-06-03 20:19:53 -------- d-----w- C:\Windows\Panther

2013-06-03 19:17:37 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-06-03 19:17:37 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-06-03 19:17:37 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-06-03 19:17:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-06-03 19:17:37 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-06-03 19:17:37 100864 ----a-w- C:\Windows\System32\fontsub.dll

2013-06-03 19:15:12 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-06-03 19:15:12 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-06-03 19:15:12 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-06-03 19:15:12 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-06-03 19:15:12 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-06-03 19:09:28 -------- d-----w- C:\Windows\SysWow64\Wat

2013-06-03 19:09:26 -------- d-----w- C:\Windows\System32\Wat

2013-06-03 18:14:55 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-06-03 18:13:14 478208 ----a-w- C:\Windows\System32\dpnet.dll

2013-06-03 18:13:14 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2013-06-03 18:12:52 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-06-03 18:12:52 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-06-03 18:12:40 220160 ----a-w- C:\Windows\System32\wintrust.dll

2013-06-03 18:12:40 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-06-03 18:12:39 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-06-03 18:12:39 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-06-03 18:12:39 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-06-03 18:12:39 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-06-03 18:12:39 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-06-03 18:12:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-06-03 18:12:36 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2013-06-03 18:09:44 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-06-03 18:08:57 95744 ----a-w- C:\Windows\System32\synceng.dll

2013-06-03 18:08:57 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2013-06-03 18:05:21 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-06-03 18:05:21 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-06-03 18:05:21 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-06-03 18:05:21 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-06-03 18:03:43 642944 ----a-w- C:\Windows\System32\winload.efi

2013-06-03 18:03:43 605552 ----a-w- C:\Windows\System32\winload.exe

2013-06-03 18:03:43 566208 ----a-w- C:\Windows\System32\winresume.efi

2013-06-03 18:03:43 518672 ----a-w- C:\Windows\System32\winresume.exe

2013-06-03 18:03:43 20352 ----a-w- C:\Windows\System32\kdusb.dll

2013-06-03 18:03:43 19328 ----a-w- C:\Windows\System32\kd1394.dll

2013-06-03 18:03:43 17792 ----a-w- C:\Windows\System32\kdcom.dll

2013-06-03 18:01:56 723456 ----a-w- C:\Windows\System32\EncDec.dll

2013-06-03 17:51:22 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-06-03 17:50:00 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-06-03 17:50:00 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-06-03 17:50:00 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-06-03 17:50:00 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-06-03 17:50:00 31232 ----a-w- C:\Windows\System32\lsass.exe

2013-06-03 17:50:00 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2013-06-03 17:50:00 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-06-03 17:50:00 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-06-03 17:50:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-06-03 17:50:00 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-06-03 17:50:00 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2013-06-03 17:50:00 136192 ----a-w- C:\Windows\System32\sspicli.dll

2013-06-03 17:49:39 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2013-06-03 17:49:39 366592 ----a-w- C:\Windows\System32\qdvd.dll

2013-06-03 17:49:20 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-06-03 17:49:20 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-06-03 17:49:20 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-06-03 17:45:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-06-03 17:45:36 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-06-03 17:45:28 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-06-03 17:45:28 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2013-06-03 17:45:08 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Local\WindowsUpdate

2013-06-03 17:23:04 77824 ----a-w- C:\Windows\SysWow64\EBAPI.dll

2013-06-03 17:23:04 65536 ----a-w- C:\Windows\SysWow64\EEBUtil.dll

2013-06-03 17:23:04 55808 ----a-w- C:\Windows\SysWow64\EEBSDKIF.dll

2013-06-03 17:23:04 135168 ----a-w- C:\Windows\SysWow64\EEBAPI.dll

2013-06-03 17:23:04 110592 ----a-w- C:\Windows\SysWow64\EEBDSCVR.dll

2013-06-03 17:23:03 -------- d-----w- C:\Program Files\Common Files\EPSON

2013-06-03 17:22:16 -------- d-----w- C:\Program Files (x86)\EpsonNet

2013-06-03 17:16:20 -------- d-----w- C:\Program Files\Common Files\Intel

2013-06-03 17:16:20 -------- d-----w- C:\Program Files (x86)\Common Files\Intel

2013-06-03 17:14:02 -------- d-----w- C:\Program Files\CONEXANT

2013-06-03 17:11:49 2753536 ----a-w- C:\Windows\System32\drivers\athrx.sys

2013-06-03 17:11:49 2753536 ----a-w- C:\Windows\System32\athrx.sys

2013-06-03 17:11:49 -------- d-----w- C:\Program Files (x86)\Atheros WiFi Driver Installation

2013-06-03 17:11:18 -------- d-sh--w- C:\Windows\Installer

2013-06-03 17:10:48 -------- d-----w- C:\ProgramData\Atheros

2013-06-03 17:08:58 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2013-06-03 17:08:58 425064 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2013-06-03 17:08:58 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2013-06-03 17:07:39 -------- d-----w- C:\Program Files\Apoint

2013-06-03 17:06:01 -------- d-----w- C:\Windows\SysWow64\sda

2013-06-03 17:05:39 9888872 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll

2013-06-03 17:05:39 340072 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys

2013-06-03 17:05:39 -------- d-----w- C:\Program Files (x86)\Realtek

2013-06-03 17:05:36 -------- d-----w- C:\ProgramData\Sony Corporation

2013-06-03 17:04:10 12032 ----a-w- C:\Windows\System32\drivers\SFEP.sys

2013-06-03 17:02:43 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll

2013-06-03 17:02:40 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent

2013-06-03 17:02:35 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys

2013-06-03 17:00:58 -------- d-----w- C:\Users\Adam Michael Speck\AppData\Roaming\Intel Corporation

2013-06-03 16:59:41 437272 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2013-06-03 16:33:22 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2013-06-03 16:33:19 -------- d-----w- C:\Intel

.

==================== Find3M ====================

.

2013-06-03 18:15:38 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-05-03 09:34:40 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll

2013-05-03 09:34:40 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 16:48:24.13 ===============

[Blue_Yoshi]

ATTACH LOG

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 6/3/2013 12:27:22 PM

System Uptime: 6/6/2013 3:59:33 PM (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Pentium® CPU B940 @ 2.00GHz | N/A | 2000/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 427.12 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek PCIe GBE Family Controller

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_908B104D&REV_06\4&A60F36E&0&00E5

Manufacturer: Realtek

Name: Realtek PCIe GBE Family Controller

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_908B104D&REV_06\4&A60F36E&0&00E5

Service: RTL8167

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Alps Pointing-device for VAIO

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros WiFi Driver Installation

Bonjour

CCleaner

Conexant HD Audio

Defraggler

Epson Event Manager

Epson FAX Utility

EPSON Scan

EPSON WorkForce 630 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.3

ESET Smart Security

Google Chrome

Google Update Helper

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

iTunes

KeePass Password Safe 1.25

LibreOffice 4.0.3.3

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Realtek PCIE Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 2.0.6

Windows Driver Package - Realtek (RTL8167) Net (01/26/2011 7.040.0126.2011)

Windows Driver Package - Sony Corporation (SFEP) HIDClass (11/27/2009 8.0.1.2)

.

==== Event Viewer Messages From Past Week ========

.

6/6/2013 4:44:00 PM, Error: Schannel [36887] - The following fatal alert was received: 48.

6/6/2013 4:14:01 PM, Error: Schannel [36870] - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

6/6/2013 3:59:35 PM, Error: volmgr [46] - Crash dump initialization failed!

6/4/2013 1:53:17 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

6/4/2013 1:53:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

6/4/2013 1:53:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

6/4/2013 1:53:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/4/2013 1:53:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/4/2013 1:52:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eamonm ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

6/4/2013 1:52:53 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

6/4/2013 1:52:53 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/4/2013 1:52:52 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

6/3/2013 7:34:51 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

6/3/2013 7:17:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/3/2013 7:17:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/3/2013 7:17:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/3/2013 7:17:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

6/3/2013 7:17:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

6/3/2013 7:17:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/3/2013 7:17:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/3/2013 7:17:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/3/2013 7:17:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/3/2013 6:13:31 PM, Error: Service Control Manager [7000] - The IconMan_R service failed to start due to the following error: The pipe has been ended.

6/3/2013 6:06:09 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

6/3/2013 3:23:37 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

6/3/2013 2:30:58 PM, Error: Service Control Manager [7023] -

6/3/2013 2:21:27 PM, Error: Service Control Manager [7034] - The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

6/3/2013 2:21:27 PM, Error: Service Control Manager [7031] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

6/3/2013 2:21:22 PM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).

6/3/2013 2:21:21 PM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/3/2013 10:12:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

6/3/2013 10:12:29 PM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

[Blue_Yoshi]

One more thing I want to add, before I did any configuration to Windows or any programs, it started locking up right from the get go.

After installing the Drivers and Windows updates and my programs like iTunes, I installed Malwarebytes PRO first, then ESET next, it started getting stuck at "Welcome" on the next restart. I did disable Malwarebytes PRO protection before installing ESET.

Hope this helps.

[malicide]

Thank you for the logs Blue_Yoshi, I have been able to recreate the issue. However it would only freeze after windows had finished booting and not at the welcome screen. I'll keep trying to recreate this issue.

[Blue_Yoshi]

malicide, I'm sorry I should have said this sooner, it sometimes, on occasion, would boot into Windows and do exactly what you have experienced.

It would be completely random with no pattern or anything, so you are in the same ball park from what I was experiencing.

I would said 4 out of 10 times it would say "Welcome" other times it would boot into Windows, I would see ESET load up and then freeze.

Thank you malicide for your time and patience for looking into this.

[malicide]

malicide, I'm sorry I should have said this sooner, it sometimes, on occasion, would boot into Windows and do exactly what you have experienced.

It would be completely random with no pattern or anything, so you are in the same ball park from what I was experiencing.

I would said 4 out of 10 times it would say "Welcome" other times it would boot into Windows, I would see ESET load up and then freeze.

Thank you malicide for your time and patience for looking into this.

In that case, the issue is reproduced consistently. =P Thank you for your feed back Blue_Yoshi

[Blue_Yoshi]

Your Welcome!

Thank you for looking into this conflict.

[Zidamon]

Hi,

This was exactly the topic I was looking for. I experience the same problem on my Windows 7 Home Premium 64-bits PC, with Eset Smart Security 6 en the latest Malwarebyte's Anti-Malware Pro. Windows will startup, but desktop and taskbar are empty, or all icons are visible but when moving my mouse over the taskbar it gives me the busy sign.

Sometimes it all will startup correctly, but I figure that's more a case of sheer luck then anything else.

Thanks for adressing this issue anyway. Won't surprise me if it's more of a Eset problem then a MBAM one.

Will be following the devellopments.

[tzuwu]

Hello guys,

I have the exact same problem on my pc and laptop. PC runs Windows 7 Ultimate 32 and laptop runs Windows 7 Home Edition 64.

 

I have Eset 6 and Malwarebytes Pro on both of them and experienced the same problem described by Blue_Yosi. The machine would get stuck on Welcome screen or it will freeze after loading desktop sometimes not even showing the icons on desktop, only the taskbar and when I hover the mouse over it, it will show the busy cursor (mopuse pointer).

 

The workaround I found for this was to uncheck "Start real-time file system protection automatically" in Eset advanced setup under Computer -> Antivirus and Antispyware -> Real-time file system protection. After the desktop is loaded I start the real-time file system protection manually from the Eset interface (open Eset from icon try and click the notification link from Eset main window (Home)) and everything runs smooth.

 

I hope this helps, cheers!

[jolt]

I have the same issue here with Eset SS ver6 and Anti-Malwarebytes Pro hanging my system at the "Welcome" screen on Windows 7 64bit system.  I have added the delay at startup to Anti-Malwarebytes Pro which is a work around.  I found that my system would hang about 90% of the time but what would get it going when stuck at the "Welcome" screen was to kill the power, boot into windows "save mode", restart windows from "save mode", and the sytem would then start like normal.  Support here can send you a bat file to run that will add the start delay to Anti-Malwarbytes.

 

I also have Eset SS ver5 and Anti-Malwarebytes Pro on a Windows 7 32-bit system and have startup problems.  The differance being Eset SS ver5 and Windows 7 32-bit.

[jolt]

I have the same issue here with Eset SS ver6 and Anti-Malwarebytes Pro hanging my system at the "Welcome" screen on Windows 7 64bit system.  I have added the delay at startup to Anti-Malwarebytes Pro which is a work around.  I found that my system would hang about 90% of the time but what would get it going when stuck at the "Welcome" screen was to kill the power, boot into windows "save mode", restart windows from "save mode", and the sytem would then start like normal.  Support here can send you a bat file to run that will add the start delay to Anti-Malwarbytes.

 

I also have Eset SS ver5 and Anti-Malwarebytes Pro on a Windows 7 32-bit system and have NO startup problems.  The differance being Eset SS ver5 and Windows 7 32-bit.

Sorry about that, I missed the NO startup problems with Eset SS ver5 and Windows 7 32-bit and I did not see a edit button to correct my above post.