PC freezes with new version of mbam

[kronckew]

latest mbam installed again yesterday. ran scans OK, all was well till a few minutes ago. was browseing with firefox nightly. it lost internet connection, slowed down & froze completely in a minute or so. had to do a warm reboot.

 

this repeats it's behavior from last week i noted on wilders. doesn't only happen in firefox from past experience.

 

after uninstalling mbam last week i had no problems at all.

 

poet at wilders reccommended i use your diagnostics and post the files here.

 

they are attrached in a zip file.

 

 

 

checkfiles.zip

[kronckew]

addendum

 

in above post: poet should be post, if my fingers were skinnier.

[1PW]

Hello kronckew and

 

I have PM'd a staffer and requested they look over your diagnostic logs.

 

Thank you.

[AdvancedSetup]

Observation found in the posted logs.

ITEM 1
The logs indicate that  you're running 2 products with antivirus components which may potentially conflict or potentially cause issues with other security software.
I would recommend that you uninstall the Microsoft Security Essentials and simply use your Outpost Security Suite Pro.

You're also actively running Spybot - Search & Destroy 2 as well as MBAM - between all these products its possible that there is some type of conflict

Outpost Security Suite Pro
Microsoft Security Essentials

ITEM 2
These two products should not directly have or cause an issue with MBAM but depending on settings its possible for EMET to be in conflict. Mozilla preview itself can be unstable from build to build regardless other programs or products on the computer. If  you're looking for stability I probably would not recommend that development track. Your computer so your decision just pointing it out is all. You also have a huge list of plugins that myself I've found can also add to a slow and unstable operation.
EMET 5.0
Mozilla Developer Preview

ITEM 3
The company behind these products were found to be stealing our database.
Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell or foist off their product.
Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.
I also find it odd that this is a Chinese company that for some reason has worked very hard to hide the fact that they're from China for some reason - that too just seems sneaky to me.

• IOBit Steals Malwarebytes' Intellectual Property
• IOBit's Denial of Theft Unconvincing
• IOBit Theft Conclusion
• IObit: Trusting Your Antivirus Vendor
• Malwarebytes: IObit Stole Our Signatures Database
• IObit accused of stealing from Malwarebytes

Advanced SystemCare 7
IObit Uninstaller
Smart Defrag 3
Surfing Protection

ITEM 4
Please review all of your taks and ensure that the files and task are still valid and operational. Remove, Edit, Adjust any task not valid or no longer needed.

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime No Task File <==== ATTENTION
Task: {05D81187-FA48-4E0D-8671-51CE7290B532} - \Microsoft\Windows\SideShow\SessionAgent No Task File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 No Task File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 No Task File <==== ATTENTION
Task: {0C8FD2E4-2CF6-4784-B501-27B2D7986F7A} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File <==== ATTENTION
Task: {2055091A-97DA-4C7C-82CD-6BF41F82C433} - System32\Tasks\My Backup(1) vbs(1) => c:\users\user\documents\reflect\My Backup(1).vbs [2013-09-10] ()
Task: {3012BBB1-9EE6-4455-8D41-A372F3468C4D} - \Microsoft\Windows\Offline Files\Background Synchronization No Task File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls No Task File <==== ATTENTION
Task: {633E51EB-04E7-413C-9342-AAA6F7CB8B79} - System32\Tasks\My Backup(1) vbs => c:\users\user\documents\reflect\My Backup(1).vbs [2013-09-10] ()
Task: {6AF629E4-9471-49BE-A8FE-33DD0DCEE72D} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {6F239FF6-4BBA-47AA-9FD7-9BA99DCDDAA1} - \Microsoft\Windows\SideShow\GadgetManager No Task File <==== ATTENTION
Task: {7EA9A5AB-7E6F-4183-A271-30C6DE1223B3} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector No Task File <==== ATTENTION
Task: {7EB832E1-99F0-440B-8E99-C21C30DF4B73} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver No Task File <==== ATTENTION
Task: {8769F794-6351-4784-BEA7-1EB248DC313F} - \Microsoft\Windows\MobilePC\HotStart No Task File <==== ATTENTION
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR No Task File <==== ATTENTION
Task: {9C9A080C-E285-472D-BC3A-85AAEF6456D4} - \Microsoft\Windows\SideShow\AutoWake No Task File <==== ATTENTION
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager No Task File <==== ATTENTION
Task: {B92685A1-2DC4-4DB3-878B-5BD12A8D158F} - System32\Tasks\Event Viewer Tasks\kill cumulus => C:\Windows\KillCum.cmd [2013-09-29] ()
Task: {C98A2FD2-38D2-4918-B5A9-DBB1992AC780} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup No Task File <==== ATTENTION
Task: {CD607760-F45D-4196-A9B8-8BA5AF16FA3F} - \Microsoft\Windows\Offline Files\Logon Synchronization No Task File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem No Task File <==== ATTENTION
Task: C:\Windows\Tasks\My Backup(1) vbs(1).job => ?
Task: C:\Windows\Tasks\My Backup(1) vbs.job => ?


ITEM 5
Please review ALL of the following programs and shortcuts and remove ALL compatibilty settings. As best as possible it is always better to run a program with no compatibility settings unless the program simply will not run without it.
If you simply just want to ensure a program runs with elevated Admin rights then create a shortcut for it and on the Advanced button enable it to run with Admin rights. That way it will run with Admin righhts without setting a compatibility setting on the program.
Once you checked and removed compatibility settings then reboot the computer and verify in the Registry that all items below are no longer listed.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

    C:\Program Files\Agnitum\Outpost Security Suite Pro\acs.exe
    C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe
    C:\Program Files\Start Menu X\SkinDesigner.exe
    C:\Program Files\Start Menu X\StartMenuX.exe
    C:\Program Files\Start Menu X\TidyStartMenu.exe
    C:\Program Files\TClock 2010\Clock.exe
    C:\Windows\atomic.exe
    D:\Asus P8Z77-I\Drivers\MEI\setup.exe
    D:\Program Files\Google Namebench\namebench.exe
    C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    C:\Windows\nircmd.exe
    C:\Windows\nircmdc.exe
    C:\Program Files (x86)\ASUS\IO\AsIoUnins.exe
    C:\Program Files\PCMeter\PCMeterV0.3.exe
    C:\Program Files (x86)\SE-SOFT.COM\SE-DesktopConstructor\SE-DesktopConstructor.exe
    C:\Program Files\RBTray\RBTray.exe
    C:\Program Files\Calibre2\calibre.exe
    D:\Windows\USBDeview.exe
    C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    C:\Program Files (x86)\EasyWeather\EasyWeather.exe
    C:\Sys Internals\pskill.exe
    C:\Cumulus\cumulus.exe
    C:\Cumulus\RT Data Grabber\Cumulus RealTime Data Grabber.exe
    C:\Program Files\CCleaner\CCleaner64.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Sandboxie\Start.exe
    C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
    C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\monitor.exe
    C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\LoaderRunOnce.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

    C:\Program Files\Agnitum\Outpost Security Suite Pro\clean.exe
    C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe
    C:\Program Files\Agnitum\Outpost Security Suite Pro\unins000.exe
    C:\Program Files\BluRip\BluRip.exe
    C:\Program Files\CCleaner\uninst.exe
    C:\Program Files\Start Menu X\unins000.exe
    D:\Asus P8Z77-I\Drivers\MEI\AsusSetup.exe
    D:\Asus P8Z77-I\Drivers\MEI\setup.exe
    C:\Program Files (x86)\Riot\Riot.exe
    C:\Program Files (x86)\DNS Bench\DNSBench.exe
    C:\Program Files (x86)\TweakPrefetch\TweakPrefetch.exe
    C:\Program Files (x86)\Appnimi\Appnimi All-In-One Password Unlocker\AppnimiAllInOnePasswordUnlocker.exe
    C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
    C:\Program Files\Rapid Environment Editor\RapidEE.exe
    C:\Program Files (x86)\Acrylic DNS Proxy\ADPMonitor.exe
    C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3Downloader.exe
    C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    C:\Program Files (x86)\MozBackup\MozBackup.exe
    C:\Program Files\CS6\PhotoshopPortable\PhotoshopCS6Portable.exe Not sure if you're aware but this program is illegal - you should remove it
    C:\Program Files (x86)\CS6\PhotoshopPortable\PhotoshopCS6Portable.exe
    C:\Windows\sidebar reset.cmd
    C:\Program Files\firefox\CommandExecuteHandler.exe
    C:\Program Files\firefox\plugin-container.exe
    C:\Program Files\firefox\plugin-hang-ui.exe
    C:\Program Files\firefox\updater.exe
    C:\Program Files\firefox\webapprt-stub.exe
    C:\Program Files\firefox\webapp-uninstaller.exe
    C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    C:\Program Files (x86)\ASUS\AI Suite II\MiscTool.exe
    C:\Program Files\Process Lasso\ParkControl.exe
    C:\Sys Internals\FindLinks.exe
    C:\Program Files (x86)\Deadwood\Purge.cmd
    C:\Program Files\r2 Studios\Startup Delayer\SDXmlUpgrader.exe
    C:\Program Files\r2 Studios\Startup Delayer\Startup Delayer Localizer.exe
    C:\Program Files\r2 Studios\Startup Delayer\Startup Delayer.exe
    C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe
    D:\ASUS P8Z77-I\Setup.exe
    D:\ASUS P8Z77-I\Software\AI_SuiteII\Setup.exe
    D:\ASUS P8Z77-I\Software\AI_SuiteII\AsusSetup.exe
    D:\ASUS P8Z77-I\Software\AI_SuiteII\FANXpert\AppSetup\Setup.exe
    D:\ASUS P8Z77-I\Software\AI_SuiteII\Ai Charger+\AppSetup\Setup.exe
    D:\ASUS P8Z77-I\Software\AI_SuiteII\USB 3.0 Boost\AppSetup\Setup.exe
    D:\ASUS P8Z77-I\Software\AI_SuiteII\USB Charger+\AppSetup\Setup.exe
    D:\ASUS P8Z77-I\Software\AI_SuiteII\FANXpert\AppSetup\AsusFanCtrlSvc\Setup.exe
    D:\ASUS P8Z77-I\Software\AI_SuiteII\FANXpert\AppSetup\AsusFanCtrlSvc\AsusFanControlService.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

    SeaToolsforWindows.exe
    C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
    C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\monitor.exe
    C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\LoaderRunOnce.exe


ITEM 6
You have Alternate Data Streams on some files which is potentially valid but rarely used by most people and is typically a tactic of an infection.
You should remove the ADS or verify that it is as expected.

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Windows\system.ini:c1_encryption_d
AlternateDataStreams: C:\Windows\win.ini:c1_encryption_d
AlternateDataStreams: C:\ProgramData\Reprise:yhuwxvwhfkxkcgmvjenbtlifh
AlternateDataStreams: C:\Users\User\Documents\Car Tax for the Rover.eml:OECustomProperty


ITEM 7
You have some services and drivers listed in the Event Logs that indicate that something is either wrong with them or missing or in conflict with other software. Could also possibly be due to damage caused by a previous or current infection.


ITEM 8
There appears to be a group policy on Chrome that should be removed
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION


Cleaning up and removing, fixing all of the above items may or may not correct the issues you're having with MBAM. I would suggest correcting all of the above as best you can and also running a Full Disk Check
Then I'd recommend having someone review your computer for any other possible infections just to make sure by following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue further.

 

Thank you

 

[kronckew]

thanks for the info. will impliment your suggestions.

 

will get rid of the iobit stuff & anything else dodgy in the lists. i try a lot of software, most gets uninstalled soon after, but may or may not leave leftovers. will need to go thru your list & have a good cleanup.

 

spybot s&d is only used offline as a check about once a month. prefer mbam will remove mse as it not all that good anyway. don't use chrome, tried and don't like it.must be a leftover. mse and outpost security suite are my only resident realtime anti-malware stuff at the moment (hopefully will only have mbam & oss shortly).

 

firefox nightly x64's seem fairly stable, so i'll stick with them. pc was freezing with mbam running and ff not running. i run it sandboxed anyway. don't use smart defrag anymore, will get rid of it and the others in that group.

 

this pc has gone thru a lot of hardware changes, it initially was a pentium D x64 2gb system about 6years ago, has since had a new asus z77 i-7 motherboard, changed to an ssd system disk, new peripherals, ad nauseum. had to do a win7 update install twice on the new motherboard to revive it after the change.

 

eventually i'll get tired of it, reformat the drives and start from scratch, but currently too lazy to go that far. if i replace the ssd with a bigger one i might be tempted.