Jump to content

MBAM boot-up scan?


Recommended Posts

Intel i3, 4GB RAM, Win7x64, MBAM Pro regularly updated

 

These past few weeks I have noticed the laptop HDD light starts full-on activity at boot-up and doesn't stop for over 5 minutes.  Although the logon has been completed nothing is ready to run for a long time.

 

During this frantic HDD activity Task Manager usually eventually starts, if asked for, and shows mbamservice.exe *32 racking up CPU time as the first or second most active consumer of CPU time.  The MBAM screen comes up and shows a scan getting ready but no files scanned for several minutes.  Then after more time waiting for 'normal' programs to start files are scanned, up to 100,000+ that I have seen, until a 'No threats' panel is displayed.

 

I cannot find any setting in MBAM to shut off boot-up scanning.  What have I missed?

 

Or, is the extrordinary wait due to something else?

 

Thank you.

Link to post
Share on other sites

  • Root Admin

Please run the following and we'll see if we can see what is going on.

 

Please create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post


 

Link to post
Share on other sites

  • Root Admin

Well the scheduler does not show any type of bootup scan but you are loading it with compatibility which it should not be.

 

Please do a clean removal and then reset your schedule as it's also set wrong.  Then clear out the registry settings as shown below.

 

MBAM Clean Removal Process
 

 

After the reinstall of MBAM do the following.

 

Click on START and type in CMD.EXE and when it shows on the menu right click over it and choose "Run as administrator"

Then on the very top left of that window if you click it you'll get a short menu, click on the Properties, then the Options tab and place a check mark in the "Quick Edit Mode" and then click OK.   Then you should be able to copy each line and then using the mouse right click on that console window and it will paste that entry into the console where you can then press the Enter key and have it run the command.

 

Wait about 15 seconds between each entry before doing the next one.
 

mbam.exe /unschedule /allmbam.exe /schedule /update /silent /hourly /every 4 /starting 01/08/2014 13:00:00 /recover 2mbam.exe /schedule /scan -quick -log -silent -remove -reboot /silent /daily /every 1 /starting 01/08/2014 14:00:00 /recover 23

This will remove all current scheduled updates and scans and then create 2 new ones.
The database will update every 4 hours around the clock
The scan will do a Quick Scan once a day every day around 2:00PM but you can adjust to any other time you like.

After that then double-click on the tray icon for Malwarebytes and click on the Protection tab and then click the Scheduler button and it should now look similar to the image below.
Please note though that both the database update and the scan will be silent and will not show on the screen. You can look at your Task Manager to verify it's running and when done read the log file.


scheduler_setting.png

 

 

 

You also have the following registry entries set for one type or another of compatibility.  In my opinion you should not be running these in compatibility mode and if at all possible you should try to run all of these applications without it.  Only set a compatibility setting if you have to to get the program to run.  Most of those entries are up to you but our program below in red must be removed from there or it will not work properly period.

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

    C:\!!!! PFO Data\Energy\Solar\RESOL Datalogger\Downloads\USB-VBus\PL-2303 Win7 driver\_IO Cable_PL-2303_Drivers - Generic_Windows_allinone_PL2303_Prolific_DriverInstaller_v1.5.0\PL2303_Prolific_DriverInstaller_v1.5.0.exe
    SIGN.MEDIA=42C3D02B setup.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\Photoshop Elements 7.0.exe
    C:\ProgramUtilities\msicuu2.exe


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

    SIGN.MEDIA=3F98C autorun.exe
    C:\Program Files (x86)\RESOL\ServiceCenterFull\eclipse\eclipse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\CCleaner\CCleaner64.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsOrganizer.exe
    C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe
    C:\Program Files (x86)\Audacity\audacity.exe
    C:\Program Files (x86)\Calibre2\calibre.exe
    C:\Program Files (x86)\Calibre2\calibre-complete.exe
    C:\Program Files (x86)\Calibre2\calibre-customize.exe
    C:\Program Files (x86)\Calibre2\ebook-device.exe
    C:\Program Files (x86)\Calibre2\calibredb.exe
    C:\Program Files (x86)\Calibre2\calibre-debug.exe
    C:\Program Files (x86)\Calibre2\calibre-parallel.exe
    C:\Program Files (x86)\Calibre2\calibre-server.exe
    C:\Program Files (x86)\Calibre2\calibre-smtp.exe
    C:\Program Files (x86)\Calibre2\ebook-convert.exe
    C:\Program Files (x86)\Calibre2\ebook-meta.exe
    C:\Program Files (x86)\Calibre2\ebook-viewer.exe
    C:\Program Files (x86)\Calibre2\epub-fix.exe
    C:\Program Files (x86)\Calibre2\fetch-ebook-metadata.exe
    C:\Program Files (x86)\Calibre2\lrf2lrs.exe
    C:\Program Files (x86)\Calibre2\lrfviewer.exe
    C:\Program Files (x86)\Calibre2\lrs2lrf.exe
    C:\Program Files (x86)\Calibre2\markdown-calibre.exe
    C:\Program Files (x86)\Calibre2\pdfmanipulate.exe
    C:\Program Files (x86)\Calibre2\pdftohtml.exe
    C:\Program Files (x86)\Calibre2\web2disk.exe
    C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
    C:\Program Files (x86)\jAlbum\jAlbum.exe
    C:\Program Files (x86)\Nitro PDF\PrimoPDF\PrimoPDF.exe
    C:\Program Files (x86)\Pale Moon\palemoon.exe
    C:\Program Files (x86)\PhotomatixPro3\PhotomatixPro.exe
    C:\Program Files (x86)\PieChartDisk\Scanner.exe
    C:\Program Files (x86)\Winamp\winamp.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsEditor.exe
 

 

 

You can use this program to backup the Registry before doing the removal just in case you make a mistake.

 

Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

 

 

I will be away on vacation starting tonight but if you continue to have issues please open a ticket with our help desk.

 

Thanks

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.