Jump to content

Malwarebytes incompability with comodo CIS 6


Recommended Posts

I've gotten Malwarebytes PRO and Comodo CIS around the same time. CIS 5 never had problems with MBAM, but after their 6.0 update, MBAM caused delayed execution of CIS and many other problems with the software. I reinstalled CIS many times, but the problem persists. I also had problems logging in or displaying the desktop. After I disabled MBAM Update, many of those problems were resolved. After I disabled MBAM, everything seems a lot better now. No more delayed start/logon problems. 

 

Link to post
Share on other sites

Hi, cydrobolt: :)

 

Let's get some basic logs from the system to see what might be going on.

Please follow the instructions below and post back with the following logs as attachments to your next reply:

  • Checkresults.txt from mbam-check
  • A couple of protection logs, if you have them
  • DDS.txt from DDS
  • Attach.txt from DDS

These will provide the MBAM staff with a bit of information that will help them to pinpoint the cause and the solution for you.

Thanks!

daledoc1

-----------------------------

Step 1 -- Create an mbam-check log:

Download mbam-check.exe from HERE and save it to your desktop.
Double-click on mbam-check.exe to run it, it should then open a log file.
Please attach to your next reply the CheckResults.txt file which should now be located on your desktop.

Then, if you can, please also upload your 3 most recent Protection module logs:

In Windows XP, these logs are located in: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
In Windows Vista/7/8, these logs are located in: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs



Step 2 -- Run DDS and create 2 logs:

Download DDS from one of the locations below and save it to your Desktop:
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once it is downloaded, you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please attach both of the following logs to your next reply: DDS.txt and Attach.txt
    --->You can ignore the note about zipping the Attach.txt file in most cases.
Link to post
Share on other sites

A protection log

 

 

2013/12/20 15:23:12 -0500 FAMILY Chaoyi MESSAGE Executing scheduled update:  On Reboot
2013/12/20 15:23:24 -0500 FAMILY Chaoyi MESSAGE Starting protection
2013/12/20 15:23:24 -0500 FAMILY Chaoyi MESSAGE Protection started successfully
2013/12/20 15:23:24 -0500 FAMILY Chaoyi MESSAGE Starting IP protection
2013/12/20 15:23:44 -0500 FAMILY Chaoyi MESSAGE IP Protection started successfully
2013/12/20 15:26:43 -0500 FAMILY Chaoyi MESSAGE Executing scheduled update:  On Reboot
2013/12/20 15:26:58 -0500 FAMILY Chaoyi MESSAGE Starting protection
2013/12/20 15:26:58 -0500 FAMILY Chaoyi MESSAGE Protection started successfully
2013/12/20 15:26:58 -0500 FAMILY Chaoyi MESSAGE Starting IP protection
2013/12/20 15:27:14 -0500 FAMILY Chaoyi MESSAGE IP Protection started successfully
2013/12/20 15:31:16 -0500 FAMILY Chaoyi MESSAGE Executing scheduled update:  On Reboot
2013/12/20 15:31:29 -0500 FAMILY Chaoyi MESSAGE Starting protection
2013/12/20 15:31:29 -0500 FAMILY Chaoyi MESSAGE Protection started successfully
2013/12/20 15:31:29 -0500 FAMILY Chaoyi MESSAGE Starting IP protection
2013/12/20 15:31:48 -0500 FAMILY Chaoyi MESSAGE IP Protection started successfully
2013/12/20 15:33:35 -0500 FAMILY Chaoyi MESSAGE Starting database refresh
2013/12/20 15:33:35 -0500 FAMILY Chaoyi MESSAGE Stopping IP protection
2013/12/20 15:33:35 -0500 FAMILY Chaoyi MESSAGE Scheduled update executed successfully:  database updated from version v2013.12.19.11 to version v2013.12.20.07
2013/12/20 15:33:36 -0500 FAMILY Chaoyi MESSAGE IP Protection stopped successfully
2013/12/20 15:33:44 -0500 FAMILY Chaoyi MESSAGE Database refreshed successfully
2013/12/20 15:33:44 -0500 FAMILY Chaoyi MESSAGE Starting IP protection
2013/12/20 15:33:57 -0500 FAMILY Chaoyi MESSAGE IP Protection started successfully
 
another log
 
2013/07/17 08:18:00 -0400 FAMILY Chaoyi MESSAGE Starting protection
2013/07/17 08:18:00 -0400 FAMILY Chaoyi MESSAGE Protection started successfully
2013/07/17 08:18:00 -0400 FAMILY Chaoyi MESSAGE Starting IP protection
2013/07/17 08:18:25 -0400 FAMILY Chaoyi MESSAGE IP Protection started successfully
2013/07/17 08:45:23 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:23 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:23 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:23 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:39 -0400 FAMILY Chaoyi IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:39 -0400 FAMILY Chaoyi IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:39 -0400 FAMILY Chaoyi IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 08:45:49 -0400 FAMILY Chaoyi IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 62983, Process: hl2.exe)
2013/07/17 09:02:50 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.27 (Type: outgoing, Port: 64618, Process: hl2.exe)
2013/07/17 09:02:50 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.129 (Type: outgoing, Port: 64618, Process: hl2.exe)
2013/07/17 09:02:50 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 64618, Process: hl2.exe)
2013/07/17 09:02:50 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.33 (Type: outgoing, Port: 64618, Process: hl2.exe)
2013/07/17 09:02:50 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 64618, Process: hl2.exe)
2013/07/17 09:10:39 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.27 (Type: outgoing, Port: 62918, Process: hl2.exe)
2013/07/17 09:10:39 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.129 (Type: outgoing, Port: 62918, Process: hl2.exe)
2013/07/17 09:10:39 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62918, Process: hl2.exe)
2013/07/17 09:10:39 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.33 (Type: outgoing, Port: 62918, Process: hl2.exe)
2013/07/17 09:10:39 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62918, Process: hl2.exe)
2013/07/17 09:20:38 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 09:21:41 -0400 FAMILY Chaoyi MESSAGE Scheduled update executed successfully:  database updated from version v2013.07.16.08 to version v2013.07.17.04
2013/07/17 09:21:42 -0400 FAMILY Chaoyi MESSAGE Starting database refresh
2013/07/17 09:21:42 -0400 FAMILY Chaoyi MESSAGE Stopping IP protection
2013/07/17 09:21:43 -0400 FAMILY Chaoyi MESSAGE IP Protection stopped successfully
2013/07/17 09:22:25 -0400 FAMILY Chaoyi MESSAGE Database refreshed successfully
2013/07/17 09:22:25 -0400 FAMILY Chaoyi MESSAGE Starting IP protection
2013/07/17 09:24:00 -0400 FAMILY Chaoyi MESSAGE IP Protection started successfully
2013/07/17 09:32:00 -0400 FAMILY Chaoyi MESSAGE Executing scheduled scan:  Flash Scan | Daily | Silent | -remove | -terminate | -log
2013/07/17 09:32:02 -0400 FAMILY Chaoyi MESSAGE Scheduled scan executed successfully
2013/07/17 10:16:27 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 10:16:35 -0400 FAMILY Chaoyi MESSAGE Database already up-to-date
2013/07/17 11:04:30 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 11:04:50 -0400 FAMILY Chaoyi MESSAGE Starting database refresh
2013/07/17 11:04:50 -0400 FAMILY Chaoyi MESSAGE Stopping IP protection
2013/07/17 11:04:50 -0400 FAMILY Chaoyi MESSAGE Scheduled update executed successfully:  database updated from version v2013.07.17.04 to version v2013.07.17.05
2013/07/17 11:04:51 -0400 FAMILY Chaoyi MESSAGE IP Protection stopped successfully
2013/07/17 11:05:00 -0400 FAMILY Chaoyi MESSAGE Database refreshed successfully
2013/07/17 11:05:00 -0400 FAMILY Chaoyi MESSAGE Starting IP protection
2013/07/17 11:05:15 -0400 FAMILY Chaoyi MESSAGE IP Protection started successfully
2013/07/17 12:05:23 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 12:05:31 -0400 FAMILY Chaoyi MESSAGE Database already up-to-date
2013/07/17 12:06:05 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.129 (Type: outgoing, Port: 49954, Process: hl2.exe)
2013/07/17 12:06:05 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 49954, Process: hl2.exe)
2013/07/17 12:06:05 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 49954, Process: hl2.exe)
2013/07/17 12:06:05 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.59 (Type: outgoing, Port: 49954, Process: hl2.exe)
2013/07/17 12:06:06 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 49954, Process: hl2.exe)
2013/07/17 12:06:06 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 49954, Process: hl2.exe)
2013/07/17 12:25:19 -0400 FAMILY Chaoyi IP-BLOCK 117.21.224.24 (Type: outgoing, Port: 56813, Process: avastsvc.exe)
2013/07/17 12:25:19 -0400 FAMILY Chaoyi IP-BLOCK 117.21.224.24 (Type: outgoing, Port: 56814, Process: avastsvc.exe)
2013/07/17 12:27:22 -0400 FAMILY Chaoyi IP-BLOCK 117.21.224.24 (Type: outgoing, Port: 56871, Process: avastsvc.exe)
2013/07/17 12:27:22 -0400 FAMILY Chaoyi IP-BLOCK 117.21.224.24 (Type: outgoing, Port: 56872, Process: avastsvc.exe)
2013/07/17 12:58:32 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 12:59:07 -0400 FAMILY Chaoyi MESSAGE Starting database refresh
2013/07/17 12:59:07 -0400 FAMILY Chaoyi MESSAGE Stopping IP protection
2013/07/17 12:59:07 -0400 FAMILY Chaoyi MESSAGE Scheduled update executed successfully:  database updated from version v2013.07.17.05 to version v2013.07.17.06
2013/07/17 12:59:08 -0400 FAMILY Chaoyi MESSAGE IP Protection stopped successfully
2013/07/17 12:59:37 -0400 FAMILY Chaoyi MESSAGE Database refreshed successfully
2013/07/17 12:59:37 -0400 FAMILY Chaoyi MESSAGE Starting IP protection
2013/07/17 13:00:03 -0400 FAMILY Chaoyi MESSAGE IP Protection started successfully
2013/07/17 13:57:39 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 13:57:45 -0400 FAMILY Chaoyi MESSAGE Database already up-to-date
2013/07/17 15:19:22 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 15:19:52 -0400 FAMILY Chaoyi MESSAGE Scheduled update executed successfully:  database updated from version v2013.07.17.06 to version v2013.07.17.07
2013/07/17 15:19:52 -0400 FAMILY Chaoyi MESSAGE Starting database refresh
2013/07/17 15:19:52 -0400 FAMILY Chaoyi MESSAGE Stopping IP protection
2013/07/17 15:19:52 -0400 FAMILY Chaoyi MESSAGE IP Protection stopped successfully
2013/07/17 15:20:03 -0400 FAMILY Chaoyi MESSAGE Database refreshed successfully
2013/07/17 15:20:03 -0400 FAMILY Chaoyi MESSAGE Starting IP protection
2013/07/17 15:20:18 -0400 FAMILY Chaoyi MESSAGE IP Protection started successfully
2013/07/17 16:05:06 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 16:05:09 -0400 FAMILY Chaoyi MESSAGE Database already up-to-date
2013/07/17 18:24:54 -0400 FAMILY (null) MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 19:30:24 -0400 FAMILY (null) MESSAGE Starting database refresh
2013/07/17 19:30:24 -0400 FAMILY (null) MESSAGE Stopping IP protection
2013/07/17 19:30:24 -0400 FAMILY (null) MESSAGE Scheduled update executed successfully:  database updated from version v2013.07.17.07 to version v2013.07.17.08
2013/07/17 19:30:25 -0400 FAMILY (null) MESSAGE IP Protection stopped successfully
2013/07/17 19:30:42 -0400 FAMILY Jun MESSAGE Database refreshed successfully
2013/07/17 19:30:42 -0400 FAMILY Jun MESSAGE Starting IP protection
2013/07/17 19:31:50 -0400 FAMILY Jun MESSAGE IP Protection started successfully
2013/07/17 20:15:57 -0400 FAMILY Jun MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 20:17:24 -0400 FAMILY Jun MESSAGE Scheduled update executed successfully:  database updated from version v2013.07.17.08 to version v2013.07.17.09
2013/07/17 20:17:24 -0400 FAMILY Jun MESSAGE Starting database refresh
2013/07/17 20:17:24 -0400 FAMILY Jun MESSAGE Stopping IP protection
2013/07/17 20:17:25 -0400 FAMILY Jun MESSAGE IP Protection stopped successfully
2013/07/17 20:17:37 -0400 FAMILY Jun MESSAGE Database refreshed successfully
2013/07/17 20:17:37 -0400 FAMILY Jun MESSAGE Starting IP protection
2013/07/17 20:17:53 -0400 FAMILY Jun MESSAGE IP Protection started successfully
2013/07/17 22:16:27 -0400 FAMILY Jun MESSAGE Executing scheduled update:  Hourly | Silent
2013/07/17 22:16:32 -0400 FAMILY Jun MESSAGE Database already up-to-date
 
 

attach.txt

CheckResults.txt

dds.txt

Link to post
Share on other sites

  • Root Admin

Though none of these should directly affect our program if at all possible its best to run programs without compatibility settings enabled unless you just can't get them to run as wanted.
I would recommend backing up the registry and then removing these entries and only put them back if an issues arises.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    SIGN.MEDIA=1D7CC13 MKUSB.exe
    C:\Windows\SysWOW64\Samsung_USB_Drivers\3\SSCDUninstall.exe
    C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
    C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Users\Chaoyi\Downloads\VirtualBox-4.1.20-80170-Win.exe
    SIGN.MEDIA=2AFA8 Setup.exe
    C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
    SIGN.MEDIA=1F0DCE54 Setup\setup.exe
    C:\SWSetup\SP52212\Install.exe
    C:\Program Files (x86)\Java\NetBeans 7.0.1\uninstall.exe
    C:\Users\Chaoyi\Downloads\vcredist_x64.exe
    C:\Users\Chaoyi\Downloads\tor-browser-2.3.25-10_en-US.exe
    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
    C:\Users\Chaoyi\Downloads\VirtualBox-4.2.18-88781-Win.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\TZPCache\~DAT\ZongWen\zhongwen09B.exe
    C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 Beta\LaunchPad.exe
    C:\Users\Chaoyi\Downloads\GTA\GTA - Vice City Deluxe\install\gta-vc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Program Files (x86)\Unity\Editor\Unity.exe


Then in your Event Logs it's showing that the system is having some issues which could be due to a software conflict or an infection.
It would require further analysis to see what's really going on.
 

==== Event Viewer Messages From Past Week ========.12/24/2013 9:02:37 AM, Error: Service Control Manager [7022]  - The Cron Service for Prey service hung on starting.12/24/2013 9:01:06 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 12612/23/2013 4:10:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.12/23/2013 10:11:04 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.12/23/2013 10:11:04 AM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.12/22/2013 9:59:49 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.12/22/2013 9:59:49 AM, Error: Service Control Manager [7000]  - The HP Wireless Assistant Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.12/22/2013 9:59:18 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.12/22/2013 9:59:18 AM, Error: Service Control Manager [7000]  - The HP Support Assistant Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.12/21/2013 4:14:38 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.12/20/2013 10:03:44 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}12/20/2013 10:03:42 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.12/20/2013 10:03:42 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.12/20/2013 10:03:42 PM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion..==== End Of File ===========================

You also have some OLD Java.  I would higly recommend that you uninstall ALL versions of Java.

The logs also show that you appear to have some newer and older files from MBAM installed so I would recommend the following
MBAM Clean Removal Process


To ensure the system is not infected and so that they can review it deeper with you I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks
 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.