Hardhead Posted June 8, 2014 ID:839061 Share Posted June 8, 2014 (edited) Just started getting this about a week ago.Not sure if it was because I updated to the latest version or not.I already tried the clean removal with no sucess. ProductMalwarebytes Anti-MalwareProblemStopped workingDate6/8/2014 2:00 AMStatusReport SentProblem signatureProblem Event Name: APPCRASHApplication Name: mbam.exeApplication Version: 1.0.0.532Application Timestamp: 53518532Fault Module Name: kernel32.dllFault Module Version: 6.0.6002.18881Fault Module Timestamp: 51da3e00Exception Code: c0000142Exception Offset: 0006f52fOS Version: 6.0.6002.2.2.0.256.1Locale ID: 1033Additional Information 1: 9d13Additional Information 2: 1abee00edb3fc1158f9ad6f44f0f6be8Additional Information 3: 9d13Additional Information 4: 1abee00edb3fc1158f9ad6f44f0f6be8Extra information about the problemBucket ID: 234715709 FRST.txt Addition.txt CheckResults.txt Sorry forgot to do this if it is the problem. https://forums.malwarebytes.org/index.php?showtopic=146032 Edited June 8, 2014 by Hardhead Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 8, 2014 ID:839094 Share Posted June 8, 2014 (edited) Hello Hardhead, Can you recall if there (perhaps) was a particular function was being used in MBAM when this happened? Please stick with me here. I will likely ask for more data from you.I'd like us to try a manual fix to see if we can overcome this issue.First, lets shutdown the realtime Malwarebytes Anti-Malware. Go to the desktop Taskbar. See the blue-color MBAM icon in the notification area.Do a Right-click on it with your mouse, and select EXIT.I've attached a file for Malwarebytes configuration named netconf.zipSave & then extract the content. You will see a net.conf file.Please see if replacing the existing net.conf with this one works or not.It needs to be copied to hereC:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\ConfigurationThat location is normally hidden in Windows so you will need to be able to see hidden files and folders.See here if you need instructionshttp://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/Before replacing your existing file, please copy it to another location and attach it when you reply.When you copy the one I have attached, Windows will prompt you that another file with that name already exists - select to replace it.When you have done the above, you will need to manually start the program to get it going.Right-click on the desktop icon for MBAM and select Run as Administrator.Please let me know if this helps to fix the issue.If that doesn't help, do you have another Windows user administrator account that you can log into and try the update from there?If you don't have another administrator account, try your normal account and right click the Malwarebytes desktop icon and select Run as Administrator.Thank younetconf.zip Edited June 8, 2014 by Maurice Naggar Link to post Share on other sites More sharing options...
Hardhead Posted June 8, 2014 Author ID:839240 Share Posted June 8, 2014 Hello Maurice, Before I start with your fix I think I may have narrowed down the issue of the crash.Not that this means anything but I have been with Malwarebytes since the very first alpha version and beta tested on a regular basis but in the later versions I just haven't had the time to do that anymore.I will tell you what I have done that has stopped the crash and we can go from there if that is OK with you. Just let me know please what you would like me to do please.I would get the crash when I rebooted or started my laptop up. I played around last night and removed all the Access Policies passwords and left all the other setting alone and presto no more crashes so far. Here are the scan results below. Regards,Tim Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 6/8/2014Scan Time: 4:21:29 PMLogfile:Administrator: YesVersion: 2.00.2.1012Malware Database: v2014.06.08.07Rootkit Database: v2014.06.02.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: EnabledOS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: Hardhead 5Scan Type: Threat ScanResult: CompletedObjects Scanned: 289195Time Elapsed: 12 min, 20 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 6/8/2014Scan Time: 4:17:06 PMLogfile:Administrator: YesVersion: 2.00.2.1012Malware Database: v2014.06.08.07Rootkit Database: v2014.06.02.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: EnabledOS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: Hardhead 5Scan Type: Hyper ScanResult: CompletedObjects Scanned: 241173Time Elapsed: 2 min, 21 secMemory: EnabledStartup: EnabledFilesystem: DisabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Malwarebytes Anti-Malwarewww.malwarebytes.orgProtection, 6/8/2014 1:34:52 AM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/8/2014 1:34:52 AM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/8/2014 1:34:52 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/8/2014 1:35:10 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/8/2014 1:36:40 AM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/8/2014 1:36:40 AM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/8/2014 1:36:40 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/8/2014 1:37:00 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Update, 6/8/2014 1:43:27 AM, SYSTEM, OWNER-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.6.2.1,Update, 6/8/2014 1:43:31 AM, SYSTEM, OWNER-PC, Manual, Malware Database, 2014.3.4.9, 2014.6.8.1,Protection, 6/8/2014 1:43:36 AM, SYSTEM, OWNER-PC, Protection, Refresh, Starting,Protection, 6/8/2014 1:43:36 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopping,Protection, 6/8/2014 1:43:36 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopped,Protection, 6/8/2014 1:43:42 AM, SYSTEM, OWNER-PC, Protection, Refresh, Success,Protection, 6/8/2014 1:43:42 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/8/2014 1:43:43 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/8/2014 1:59:51 AM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/8/2014 1:59:51 AM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/8/2014 1:59:51 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/8/2014 2:00:10 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/8/2014 2:32:32 AM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/8/2014 2:32:32 AM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/8/2014 2:32:32 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/8/2014 2:32:52 AM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/8/2014 3:59:56 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/8/2014 3:59:56 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/8/2014 3:59:56 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/8/2014 4:00:00 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Update, 6/8/2014 4:04:09 PM, SYSTEM, OWNER-PC, Scheduler, Malware Database, 2014.6.8.1, 2014.6.8.7,Protection, 6/8/2014 4:04:14 PM, SYSTEM, OWNER-PC, Protection, Refresh, Starting,Protection, 6/8/2014 4:04:14 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopping,Protection, 6/8/2014 4:04:15 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopped,Protection, 6/8/2014 4:04:21 PM, SYSTEM, OWNER-PC, Protection, Refresh, Success,Protection, 6/8/2014 4:04:21 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/8/2014 4:04:21 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/8/2014 4:14:18 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/8/2014 4:14:18 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/8/2014 4:14:18 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/8/2014 4:14:55 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/8/2014 4:45:19 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/8/2014 4:45:19 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/8/2014 4:45:19 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/8/2014 4:45:33 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 8, 2014 ID:839251 Share Posted June 8, 2014 Hi, By access policies, do you mean the password you set within MBAM itself ? ( which typically we dont suggest to home customers unless they have destructive kids that use the computer) or did you mean actual Windows policies? In any event, whatever was in place & in effect at this point today at or around 1:43 am --- the database update did get thru as can be seen in this lineUpdate, 6/8/2014 1:43:31 AM, SYSTEM, OWNER-PC, Manual, Malware Database, 2014.3.4.9, 2014.6.8.1, You can see it moved from the prior one and got all updated up to & including the 1st update for June 8th. Your system (obvisoulsy) good to go now. Thank you for your feedback.Let me know if you have other questions. Link to post Share on other sites More sharing options...
Hardhead Posted June 8, 2014 Author ID:839255 Share Posted June 8, 2014 Access policies set within MBAM itself. Link to post Share on other sites More sharing options...
Hardhead Posted June 8, 2014 Author ID:839269 Share Posted June 8, 2014 I spoke to soon.. it is back again but the mbam icon is still shown running in systray. ProductMalwarebytes Anti-MalwareProblemStopped workingDate6/8/2014 5:55 PMStatusReport SentProblem signatureProblem Event Name: APPCRASHApplication Name: mbam.exeApplication Version: 1.0.0.532Application Timestamp: 53518532Fault Module Name: kernel32.dllFault Module Version: 6.0.6002.18881Fault Module Timestamp: 51da3e00Exception Code: c0000142Exception Offset: 0006f52fOS Version: 6.0.6002.2.2.0.256.1Locale ID: 1033Additional Information 1: 9d13Additional Information 2: 1abee00edb3fc1158f9ad6f44f0f6be8Additional Information 3: 9d13Additional Information 4: 1abee00edb3fc1158f9ad6f44f0f6be8Extra information about the problemBucket ID: 234715709 Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 9, 2014 ID:839338 Share Posted June 9, 2014 If you can, remove the access policy. The appcrash is resolved in a majority of cases, by following this. First, lets shutdown the realtime Malwarebytes Anti-Malware. Go to the desktop Taskbar. See the blue-color MBAM icon in the notification area.Do a Right-click on it with your mouse, and select EXIT.I've attached a file for Malwarebytes configuration named netconf.zipSave it. Then extract the content. You would see a file named net.confPlease see if replacing the existing net.conf with this one works or not.It needs to be copied to hereC:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\ConfigurationThat location is normally hidden in Windows so you will need to be able to see hidden files and folders.See here if you need instructionshttp://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/Before replacing your existing file, please copy it to another location and attach it when you reply.When you copy the one I have attached, Windows will prompt you that another file with that name already exists - select to replace it.When you have done the above, you will need to manually start the program to get it going.Right-click on the desktop icon for MBAM and select Run as Administrator.Please let me know if this helps to fix the issue.If that doesn't help, do you have another Windows user administrator account that you can log into and try the update from there?If you don't have another administrator account, try your normal account and right click the Malwarebytes desktop icon and select Run as Administrator.Thank younetconf.zip Link to post Share on other sites More sharing options...
Hardhead Posted June 9, 2014 Author ID:839376 Share Posted June 9, 2014 Hello Maurice, I kept getting access denied to the folder so I booted into safe mode and replaced the netcong. file and as soon as I rebooted I got the crash again.Any other ideas? ProductMalwarebytes Anti-MalwareProblemStopped workingDate6/8/2014 11:41 PMStatusReport SentProblem signatureProblem Event Name: APPCRASHApplication Name: mbam.exeApplication Version: 1.0.0.532Application Timestamp: 53518532Fault Module Name: kernel32.dllFault Module Version: 6.0.6002.18881Fault Module Timestamp: 51da3e00Exception Code: c0000142Exception Offset: 0006f52fOS Version: 6.0.6002.2.2.0.256.1Locale ID: 1033Additional Information 1: 9d13Additional Information 2: 1abee00edb3fc1158f9ad6f44f0f6be8Additional Information 3: 9d13Additional Information 4: 1abee00edb3fc1158f9ad6f44f0f6be8Extra information about the problemBucket ID: 234715709 Link to post Share on other sites More sharing options...
Hardhead Posted June 9, 2014 Author ID:839380 Share Posted June 9, 2014 Just thinking, I may have an old image backup from True image and I can start from there if you think thats a good idea.Not sure when I made the last backup but I know I do have older ones with 1.75 on it.Let me know what you think.I also booted into another account and tried to run as admin and mbam would not load at all as admin. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 9, 2014 ID:839503 Share Posted June 9, 2014 Sorry to hear of this other abend. I'd like to have from you a fresh run of FRST and attach the frst.txt ( just as done before).Also we would like to have a zip file from you having the windows error-dump file. Relating to this system and this Anti-Malware, what was the install history? Did you have version 1.75 before then just an 'upgrade' to version 2.0.2 ?Did this ever have version 2.0.0 or 2.0.1 ? What I would suggest at this point for the Anti-Malware is that you do a full clean removal and a new install. Go to Control Panel >>All Control Panel items >> Programs and Features. Locate and select **Malwarebytes Anti-Malware** and (( if not there then skip this part )) do a Right click on it and select Uninstall.Allow the Uninstall to proceed.Close Control Panel when done.If the uninstall from Control Panel hiccups or does not work, please go forward. Now, using Windows Explorer, see if there is a folder C:\ProgramData\Malwarebytes\Malwarebytes Anti-MalwareIf there please delete all of it, including sub-folders.Close all opened windows/apps so you will have a clear view to the desktop.I would suggest, a new clean install as follows:Download and SAVE mbam-clean utility from http://downloads.malwarebytes.org/file/mbam_cleanthen run mbam-clean.exe: Double click the "mbam-clean-2.0.2.0.exe" file to run the clean tool. It runs quickly.It will ask to restart your computer, please allow it to do so very importantNext Download & SAVE the latest version of Malwarebytes' Anti-Malware fromhttp://downloads.malwarebytes.org/file/mbamRun the mbam-setup. IF your Windows is Vista / Windows 7 / 8, then do a Right-click on mbam-setup-2.0.2.1012.exe and select Run as Administrator and allow to run.Then after the setup has finished, on the Dashboard screen, press the Update now link.Let me know if the update succeeds.When all done, do a new (fresh) Windows Restart. At the end of that, we should expect a good installation. If it repeats again with a similar abend, I will be asking for a copy of the new error-dump. Thanks for your patience and co-operation. Note: the extensive uninstall steps are just to insure a fully new ( fresh) install. Link to post Share on other sites More sharing options...
Hardhead Posted June 9, 2014 Author ID:839677 Share Posted June 9, 2014 Sorry Maurice,I dont have the exe file anymore because I deleted because I thought the issue was fixed and to make things worse I ran ccleaner because I did some online banking and memory dump was checked.So sorry but I will follow the other directions and if something comes up again I will be all set. so here goes with another clean install.Also I had 1.75 and I used the clean tool to remove mbam and the same with version 2.0.1 when I updated to 2.0.2.0. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 9, 2014 ID:839679 Share Posted June 9, 2014 Ok. Let me know how it goes.All the best. Link to post Share on other sites More sharing options...
Hardhead Posted June 10, 2014 Author ID:839797 Share Posted June 10, 2014 Thanks Maurice! BTW, Your instructions with uninstalling mbam in the control panel first and running the clean .exe program is how I tried fixing the problem last time. The only thing I did not do was reboot after the update.I entered my ID key and licenses key and then setup my preferences and thats how I wanted mbam to be configure.This time I rebooted after getting the database update and then I entered ID key and licenses key and rebooted again. Then I set enabled self protection and rebooted.In Automated Treat scan which is set as default in schedule options I checked everything but Terminate program when no treat are found.I set updates to realtime. In Detection and Protection I checked all Detection options. The only one that wasn't checked was scan for roortkits. It's checked now.Then in Advanced Setting I checked Enable self protection mode and then I rebooted. Also in Scans I checked Hyper Scan as default because I see no reason to have Treat Scan checked twice as default which is the way everything is setup after clean install. So far no problems but usually it takes several days before I get crashes.Hopefully everything will go good this time. Fingers xd. Once again thanks for your excellent support. Regards,Tim Malwarebytes Anti-Malwarewww.malwarebytes.orgUpdate, 6/9/2014 5:09:48 PM, SYSTEM, OWNER-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.6.2.1,Update, 6/9/2014 5:09:53 PM, SYSTEM, OWNER-PC, Manual, Malware Database, 2014.3.4.9, 2014.6.9.8,Protection, 6/9/2014 5:14:35 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/9/2014 5:14:35 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/9/2014 5:14:36 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/9/2014 5:14:55 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/9/2014 5:16:22 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/9/2014 5:16:22 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/9/2014 5:16:22 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/9/2014 5:16:42 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/9/2014 5:26:38 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/9/2014 5:26:38 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/9/2014 5:26:38 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/9/2014 5:26:57 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Update, 6/9/2014 5:47:43 PM, SYSTEM, OWNER-PC, Scheduler, Malware Database, 2014.6.9.8, 2014.6.9.9,Protection, 6/9/2014 5:48:11 PM, SYSTEM, OWNER-PC, Protection, Refresh, Starting,Protection, 6/9/2014 5:48:11 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopping,Protection, 6/9/2014 5:48:11 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopped,Protection, 6/9/2014 5:48:30 PM, SYSTEM, OWNER-PC, Protection, Refresh, Success,Protection, 6/9/2014 5:48:30 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/9/2014 5:48:30 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/9/2014 5:49:55 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/9/2014 5:49:55 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/9/2014 5:49:55 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/9/2014 5:50:14 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/9/2014 6:24:42 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/9/2014 6:24:42 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/9/2014 6:24:42 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/9/2014 6:24:49 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/9/2014 9:34:45 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/9/2014 9:34:45 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/9/2014 9:34:45 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/9/2014 9:34:48 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Update, 6/9/2014 9:37:29 PM, SYSTEM, OWNER-PC, Scheduler, Malware Database, 2014.6.9.9, 2014.6.9.11,Protection, 6/9/2014 9:37:37 PM, SYSTEM, OWNER-PC, Protection, Refresh, Starting,Protection, 6/9/2014 9:37:37 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopping,Protection, 6/9/2014 9:37:37 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopped,Protection, 6/9/2014 9:37:43 PM, SYSTEM, OWNER-PC, Protection, Refresh, Success,Protection, 6/9/2014 9:37:44 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/9/2014 9:37:44 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/9/2014 11:27:23 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/9/2014 11:27:23 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/9/2014 11:27:23 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/9/2014 11:27:27 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,(end) Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 6/9/2014Scan Time: 5:52:29 PMLogfile:Administrator: YesVersion: 2.00.2.1012Malware Database: v2014.06.09.09Rootkit Database: v2014.06.02.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: EnabledOS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: Hardhead 5Scan Type: Hyper ScanResult: CompletedObjects Scanned: 241577Time Elapsed: 2 min, 21 secMemory: EnabledStartup: EnabledFilesystem: DisabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 6/9/2014Scan Time: 5:28:59 PMLogfile:Administrator: YesVersion: 2.00.2.1012Malware Database: v2014.06.09.08Rootkit Database: v2014.06.02.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: Hardhead 5Scan Type: Threat ScanResult: CompletedObjects Scanned: 288817Time Elapsed: 10 min, 6 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 10, 2014 ID:839935 Share Posted June 10, 2014 Very good, then. Your protection log shows normal, and does show that the updates are working.You should be all good to go. Link to post Share on other sites More sharing options...
Hardhead Posted June 11, 2014 Author ID:840206 Share Posted June 11, 2014 Hello Maurice,Well the crash happened once again on the 3rd startup of my laptop this evening.Sorry Now all I need is the tools you gave me before please. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 11, 2014 ID:840309 Share Posted June 11, 2014 Would you advise me, do you have MBAM self-protection on?Do you have early start self-protection on? We would very much like to have the last Windows error-dump file. Can you locate that and put into a zip file? Next also, This tool will collect some information on the installation of Malwarebytes and create a report I need to review:Download mbam-check.exe and save it to your desktop from http://downloads.malwarebytes.org/file/mbam_checkOn Vista/Windows 7, 8, Right-click on mbam-check.exe & select Run as Administrator & allow to Run.On XP,Double-click on mbam-check.exe to run it.It should then open a log file CheckResults.txtYou should attach the CheckResults.txt file located on your desktop so that I can review. Next, ( but only if the program is running) lets shutdown the realtime Malwarebytes Anti-Malware. Go to the desktop Taskbar. See the blue-color MBAM icon in the notification area.Do a Right-click on it with your mouse, and select EXIT.I have attached a zip file which you need to Save to your system.Once saved, unzip it to extract all contents. which will be 2 files.Next, double-click on **net_replacement.bat** file.It should run fairly quickly in a command-prompt window.Once that is done, restart the Anti-Malware and let me know if it works normally. Netconf-batch-file.zip Link to post Share on other sites More sharing options...
Hardhead Posted June 11, 2014 Author ID:840456 Share Posted June 11, 2014 MBAM self-protection is on.early start self-protection is not on. All of this is really weird because I get crash and mbam is still running and updating at the same time when I boot up.The is no minidump file because I checked and made a screenshot with all of this going on when I booted up.I will attach pic along with check file.I will follow the other directions after posting. CheckResults.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 12, 2014 ID:840534 Share Posted June 12, 2014 Lets turn off the self-protection {Settings >> Advanced Settings}. The last abend was there thru the Dashboard's Update now ? Try one more just to see what happens now. Your abend the time before --- you dont have any MBAM scheduled tasks running at odd times ? What is your setting for the frequency of Update runs in the Scheduler? Please attach these 2 protection logs listed belowprotection-log-2014-06-10.xml protection-log-2014-06-11.xml from this folder C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs Link to post Share on other sites More sharing options...
Hardhead Posted June 12, 2014 Author ID:840565 Share Posted June 12, 2014 (edited) self protection is turned off now.MBAM scheduled tasks running at odd times.Only one I found that was running at odd time and I changed it. Threat scan was running at 3:18am something and I changed that to 6;18pmI did not reboot when I did this Maurice. Also I know my system is clean from malware or anything that would cause this problem.Here are the 2 attached files that you asked for.May I ask one question please. Is this just a bug in Vista?Sorry that I could not provide minidump. Not sure why if the pagefile is to small or if I have disabled a service long ago and forgot about it. Also keep in mine I also have clean backups from true image if there is anything you would like me to do and help figure this out. Sorry I forgot to add that I have updates set at realtime starting time 5:17pm. protection-log-2014-06-10.xml protection-log-2014-06-11.xml Edited June 12, 2014 by Hardhead Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 12, 2014 ID:840664 Share Posted June 12, 2014 I'd like for you to have Process Explorer in place; when the mbam abend occurs leave error report open and then capture a full memory dump. Create a Full Crash Dump using Sysinternals Process Explorer:Please download Sysinternals Process Explorer from here and save it to your desktop. Note: If using Windows Vista or Windows 7 then you also need to do the following:Right-click on ProcExp.exe and select PropertiesClick on the Compatibility tabUnder Privilege Level check the box next to Run this program as an administratorClick on Apply then click OK Double-click ProcExp.exe to run it. Once the crash happens, leave the error window open and find mbam.exe in the process list in Process Explorer and right-click on it and hover your mouse over Create Dump and select Create Full Dump...Save the mbam.dmp file to your desktop and close Process ExplorerRight-click on the mbam.dmp file you just created and hover your mouse over Send To and select Compressed (zipped) FolderAttach the ZIP file you just created to your next reply if it is small enough. If it isn't then please upload it to RapidShare Your help and patience is appreciated. Link to post Share on other sites More sharing options...
Hardhead Posted June 13, 2014 Author ID:840985 Share Posted June 13, 2014 Hello Maurice, Just wanted to get back with you and let you know that there hasn't been any crashes today not to say that it will not happen later on.One thing I have noticed that is that self protection is disabled now and I haven't changed anything other than adding the batchfile that you told me to run which I did last night.I have also download Process Explorer to the desktop and should be ready to go when something happens.Also I going to post you the logs for today below and the scans I did where done manually.I really don't think I will get any crashes until i enable self protection again but I may be wrong and I will keep you updated day to day if something happens or just tell me what you would like me to do..Also I want you to know that I will be having surgery June 25th so I will be offline for a while but hopefully we can debug this issue before that date if not I will be able to help again sometime around June 30th. Regards,Tim Malwarebytes Anti-Malwarewww.malwarebytes.orgProtection, 6/12/2014 3:48:02 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/12/2014 3:48:02 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/12/2014 3:48:02 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/12/2014 3:48:10 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Update, 6/12/2014 3:52:40 PM, SYSTEM, OWNER-PC, Scheduler, Malware Database, 2014.6.12.3, 2014.6.12.11,Protection, 6/12/2014 3:52:44 PM, SYSTEM, OWNER-PC, Protection, Refresh, Starting,Protection, 6/12/2014 3:52:44 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopping,Protection, 6/12/2014 3:52:44 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopped,Protection, 6/12/2014 3:52:50 PM, SYSTEM, OWNER-PC, Protection, Refresh, Success,Protection, 6/12/2014 3:52:50 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/12/2014 3:52:50 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/12/2014 4:01:42 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopping,Protection, 6/12/2014 4:01:42 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopped,Protection, 6/12/2014 4:01:42 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Stopping,Protection, 6/12/2014 4:01:43 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Stopped,Protection, 6/12/2014 4:13:36 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/12/2014 4:13:36 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/12/2014 4:13:36 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/12/2014 4:13:39 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/12/2014 6:32:27 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/12/2014 6:32:28 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/12/2014 6:32:28 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/12/2014 6:32:32 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Update, 6/12/2014 6:37:25 PM, SYSTEM, OWNER-PC, Scheduler, Malware Database, 2014.6.12.11, 2014.6.12.13,Protection, 6/12/2014 6:37:39 PM, SYSTEM, OWNER-PC, Protection, Refresh, Starting,Protection, 6/12/2014 6:37:39 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopping,Protection, 6/12/2014 6:37:40 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopped,Protection, 6/12/2014 6:37:45 PM, SYSTEM, OWNER-PC, Protection, Refresh, Success,Protection, 6/12/2014 6:37:45 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/12/2014 6:37:45 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/12/2014 6:55:27 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/12/2014 6:55:27 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/12/2014 6:55:27 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/12/2014 6:55:39 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Protection, 6/12/2014 11:07:57 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Starting,Protection, 6/12/2014 11:07:57 PM, SYSTEM, OWNER-PC, Protection, Malware Protection, Started,Protection, 6/12/2014 11:07:57 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/12/2014 11:08:03 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,Update, 6/12/2014 11:12:22 PM, SYSTEM, OWNER-PC, Scheduler, Malware Database, 2014.6.12.13, 2014.6.13.1,Protection, 6/12/2014 11:12:26 PM, SYSTEM, OWNER-PC, Protection, Refresh, Starting,Protection, 6/12/2014 11:12:26 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopping,Protection, 6/12/2014 11:12:26 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Stopped,Protection, 6/12/2014 11:12:31 PM, SYSTEM, OWNER-PC, Protection, Refresh, Success,Protection, 6/12/2014 11:12:32 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Starting,Protection, 6/12/2014 11:12:32 PM, SYSTEM, OWNER-PC, Protection, Malicious Website Protection, Started,(end) Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 6/12/2014Scan Time: 7:12:12 PMLogfile:Administrator: YesVersion: 2.00.2.1012Malware Database: v2014.06.12.13Rootkit Database: v2014.06.02.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: Hardhead 5Scan Type: Hyper ScanResult: CompletedObjects Scanned: 242983Time Elapsed: 2 min, 11 secMemory: EnabledStartup: EnabledFilesystem: DisabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 6/12/2014Scan Time: 6:58:24 PMLogfile:Administrator: YesVersion: 2.00.2.1012Malware Database: v2014.06.12.13Rootkit Database: v2014.06.02.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: Hardhead 5Scan Type: Threat ScanResult: CompletedObjects Scanned: 291075Time Elapsed: 11 min, 47 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 13, 2014 ID:841081 Share Posted June 13, 2014 Your reports are normal. OK, let me now should the issue re-occur. My guess is that it won't.The other suggestion I would offer is to extend out the scheduled Update run from every 5 minutes to something more extended. Link to post Share on other sites More sharing options...
Hardhead Posted June 15, 2014 Author ID:841863 Share Posted June 15, 2014 Maurice, Two more question please. Would you like me to uninstall and run mbam clean and reinstall and then give you the full dump file for research and development team or do they already have the info that causes this crash on Vista Ultimate. I still have all the files that you gave me and I will reproduce the problem with self protection module enabled. Will there be a fix for this in the next version of malwarebytes? Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 15, 2014 ID:841980 Share Posted June 15, 2014 Hello, No need at this point for a re-install. And no call for a dump file, unless you would have a new ( same ) abend in the future.Yes, we expect a fix in a future release. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 15, 2014 ID:841985 Share Posted June 15, 2014 P.S. As to self-protection, if you now had it off, set it on now.Remind me what your Update run in the scheduler is set to. Link to post Share on other sites More sharing options...
Recommended Posts