mbam.exe misbehaviour

[hake]

I recently upgraded to Malwarebytes Pro and the realtime detection module works without a hitch.  However, the GUI, which I presume is what mbam.exe is, does a couple of peculiar things: -

 

1. If I click the EXIT button, the GUI closes with an error message box which says : -

"The instruction at "0x100032df" referenced memory at "0x00000000". The memory could not be "read".
Click on OK to terminate the program"

but not when I close the window by clicking the X button on the title bar.

 

2. Using mbam.exe to do on demand scans usually results in the file scan slowing to what seems like a halt with no CPU time being consumed.  This also often happens when 'additional items' are scanned.  Scans run in safe mode always run properly.

 

I run Windows XP Pro SP3.

 

The trouble existed with Malwarebytes Free.  I have no idea what system change caused this.  You change or add something and then after a few days you notice that something is amiss but it is impossible to identify the cause since time has elapsed and it could be any of a number of things.

[daledoc1]

Hello, hake:
 
Until one of the staff arrives, it would probably help to obtain some basic system info.

Please follow the instructions below and post back with the following logs as attachments to your next reply:

• Checkresults.txt from mbam-check
• A couple of protection logs, if you have them
• DDS.txt from DDS
• Attach.txt from DDS

These will provide the MBAM staff with a bit of information that will help them to pinpoint the cause and the solution for you.

 

In the interim, you might want to try a clean uninstall/reinstall by following the advice for Option 1 here: MBAM Clean Removal Process.  (Be sure to reboot when prompted after running the clean-up tool and before reinstalling.)

Thanks!

daledoc1

-----------------------------

Step 1 -- Create an mbam-check log:

Download mbam-check.exe from HERE and save it to your desktop.
Double-click on mbam-check.exe to run it, it should then open a log file.
Please attach to your next reply the CheckResults.txt file which should now be located on your desktop.

Then, if you can, please also upload your 3 most recent Protection module logs:

In Windows XP, these logs are located in: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
In Windows Vista/7/8, these logs are located in: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs



Step 2 -- Run DDS and create 2 logs:

Download DDS from one of the locations below and save it to your Desktop:
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once it is downloaded, you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

•  
• When done, DDS will open two (2) logs:
• • DDS.txt
  • Attach.txt

• Save both reports to your desktop
• Please attach both of the following logs to your next reply: DDS.txt and Attach.txt
  --->You can ignore the note about zipping the Attach.txt file in most cases.

[hake]

I have run mbam-clean-1.60.2.0003.exe, reinstalled Malwarebytes Pro and find that the on-demand scanner now works properly, i.e. the filescanning .

 

The behaviour on closing the GUI persists.  I am puzzled why the EXIT button and the window CLOSE button do not initiate identical behaviour.  As I said previously, using the window CLOSE button does not result in the error message box and using the EXIT button does.

 

However, this anomaly is only an irritant and I now seem to have the full functionality of the mbam GUI at my disposal.

 

Please let me what is needed from me now.

[daledoc1]

Hello, hake:

 

Sorry a clean reinstall has not completely resolved your issues.

 

I would suggest that you please follow the advice in my earlier reply either to post back with mbam-check log, both DDS logs & a few protection logs, or to contact the help desk.

The information in those logs will assist the experts/staff with determining what the cause and solution might be.

 

Thanks,

 

daledoc1

[hake]

Requested files attached in a zip.  I will send the protection logs in a couple of days (I had wiped them ).

logs.zip

[hake]

Oh dearie me!  Thought it was too good to last.  Ran a quick scan and it suddenly slowed during the file system objects scan.  Funny thing is that the counter then jumps up in steps of seven.  I have a hunch that the problem does not arise immediately with a fresh install but after a couple of days instead.  I seem to remember this behaviour with the free version late last year and every time I have tried a clean install since.

 

[AdvancedSetup]

The computer has a proxy set on it which can often be a sign of an infection but there are certainly legitimate reasons for a proxy and some users do use them but it is not the norm for most home user computers.

The Event Logs show the computer is having multiple issues that should be addressed which may be why you're having issues with the program as well.


I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.




==== Event Viewer Messages From Past Week ========
.
09/12/2013 11:32:59, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TRAVELMATE that believes that it is the master browser for the domain on transport NwlnkNb. The master browser is stopping or an election is being forced.
08/12/2013 13:46:47, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
08/12/2013 13:46:47, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/12/2013 12:49:21, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHX Lbd ViaIde
08/12/2013 12:47:35, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
07/12/2013 19:03:56, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MBAMScheduler service to connect.
07/12/2013 19:03:56, error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/12/2013 18:49:28, error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The system cannot find the path specified.
04/12/2013 09:15:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
03/12/2013 11:29:57, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHX Lbd
03/12/2013 10:52:33, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
03/12/2013 10:51:48, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
03/12/2013 10:51:48, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
03/12/2013 08:26:03, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the acssrv service.
02/12/2013 20:52:44, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
02/12/2013 20:52:44, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/12/2013 20:24:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TabletService service to connect.
02/12/2013 20:24:41, error: Service Control Manager [7000] - The TabletService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/12/2013 20:16:47, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
02/12/2013 18:57:57, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COMODO Dragon Update Service service to connect.
02/12/2013 18:57:57, error: Service Control Manager [7000] - The COMODO Dragon Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/12/2013 18:20:32, error: Service Control Manager [7034] - The PDEngine service terminated unexpectedly. It has done this 1 time(s).
02/12/2013 18:20:26, error: Service Control Manager [7034] - The PDAgent service terminated unexpectedly. It has done this 1 time(s).
02/12/2013 16:47:04, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/12/2013 16:46:38, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
02/12/2013 16:35:29, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm AVGIDSHX BufferShield Fips IPSec Lbd MRxSmb NetBIOS NetBT pxrts RasAcd Rdbss SandBox SASDIFSV SASKUTIL Tcpip UimBus Uim_IM
02/12/2013 16:35:29, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
02/12/2013 16:35:29, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02/12/2013 16:35:29, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
02/12/2013 16:31:06, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

[hake]

It is my system that is the cause of this difficulty.  However, the situation is still distinctly better than before and I have little to grumble about (which makes a change).  The list of issues in the Event Viewer Messages is not a problem for me.  I am fairly confident that there is no malware problem on the basis of results of scans by Malwarebytes, Avast and AVG Rescue disk.

 

This may sound reckless but I have yet to experience a malware infestation after 15 years of using the Internet.  I'm not especially careful but must be doing something right.  Someday I will find out what that is.

 

I particularly like the malicious web site defence.

[AdvancedSetup]

Well it's your computer and up to you what you'd like to do with it or not but there is nothing we can at this point in this part of the forum.  This would require using scanning tools to locate any issues that we only allow their used by trained users in the Removal forum.

 

Thank you