Jump to content

Recommended Posts

Hello Hardhead:

 

Thank you for the CheckResults.txt file!
 
Yes - please do individually attach the minidump.dmp file along with the two output diagnostic text files (FRST.txt and Addition.txt) from running, as Administrator, the most recent release of FRST64.exe, downloaded and saved to your Administrator's desktop from  >>HERE<<. Please do not run FRST64.exe from your browser or a user account download folder.

 

Note - if the IP.Board forum software rejects attaching a .dmp file, please zip the file and attach it instead.

 

Please describe how you installed MBAM v2.0.3.1025 RC1. Did you upgrade/install over the top of a previous install of MBAM Pro or Premium? If so, what was the previous MBAM version number? Can you relate what the system was doing when the crash occurred?

Thank you for using this version and devoting your valuable time. :)

Link to post
Share on other sites

FRST.txt

 

 

Addition.txt

 

 

Thanks for your quick reply and may I note that the crash is sporadic and doesn't happen all the time. This is the first time and I rebooted everything loaded fine.

 

Also the crash is identical to the first one I had a good while back.

 

app crash.txt

 

Sorry I'm not permitted to add minidump file to forum post.

I know theres a way but I forgot. Need directions on what site to use>

LOL forgot to zip it..

 

mbam.zip

 

Link to post
Share on other sites

Hello Hardhead:

 

1. Thank you for the files! However, I submitted the .dmp file to osronline.com for analysis and it rejected the mbam.dmp file for unclear reasons. The FRST output files are quite perfect!

 

If you have a different minidump.dmp file, please zip it and attach. If you only have the one viable .dmp file, please re-zip it and attach again.

 

2. Please describe how you installed MBAM v2.0.3.1025 RC1. Did you upgrade/install over the top of a previous install of MBAM Pro or Premium? If so, what was the previous MBAM version number? Can you relate what the system was doing when the crash occurred?

 

3. Rather than suggest you do a clean re-install of MBAM v2.0.3.1025 RC1, let's wait for a Malwarebytes staffer to weigh in on your issue.

 

Thank you again! :)

Link to post
Share on other sites

All I know to do is rename the minidump file. I used procexp to save the minidump so I all I have is that same file when it happened. 

I did a clean install of MBAM v2.0.3.1025 RC1. So I uninstalled old version of MBAM with clean.exe and it wasn't a beta. It was Version: 2.0.2 Premium.

This has only happened one time and that was when I booted up the laptop.

 

Heres the minidump file again.

 

mini.zip

Link to post
Share on other sites

Hello Hardhead,

 

Looking thru your report logs, I see a number of entries that show these entries ( repeatedly)

Date: 2014-10-12 01:28:23.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-12 01:28:23.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 

 

There possibly could be something amiss on this Vista or some other type of interference.

For your consideration, I would suggest a new clean install with the Version 2.0.5.1023

but first, do 2 runs ( yes, 2 ) of mbam-clean beforehand.

 

Please advise afterwards.

Link to post
Share on other sites

  • Root Admin

So many current errors in those logs not sure if it's simply do to the reimage or if they're real. If real then the computer needs some fixing.

I would first start off with a full disk check. From an elevated admin command prompt run the following.


CHKDSK C: /R

 

It should take at least 10 minutes to run but could take hours to complete. Just let it run please.

Then find the entry for the disk check in the Event Logs and copy/paste the results back here.

 

After that then fully disable your antivirus and run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs please.

 

Thanks

Link to post
Share on other sites

Hello Ron,

I went back to the previous image before the beta test. 

I ran scandisk and everything came back clean.

Then I uninstalled MBAM with the clean tool twice.

Then I did a clean install of MBAM and followed all directions listed in the forum and what you said to do.

I have not installed todays MS updates yet.

The laptop is running fine and no slow issues but still have the codeIntegrity errors. Im clueless.

 

Addition.txt

 

 

CheckResults.txt

 

 

FRST.txt

Link to post
Share on other sites

  • Root Admin

I would open REGEDIT.EXE and remove the entries below in brown. You can check on the Advanced button to set "Run as administrator" on a shortcut without setting any compatibility settings. If at all possible no program should be run in compatibility mode unless they really need to.


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
   C:\Users\Hardhead 5\Desktop\procexp.exe

HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
   C:\Users\Hardhead 5\Desktop\procexp.exe

 

 

Then temporarily for testing purposes. Please fully uninstall Outpost Security Suite Pro (disconnect your network connection) and then restart the computer and run the scan again and see if the hash issue is still there or not and let us know please.Once done then make sure to reinstall Outpost Security Suite Pro and connect back your network connection.

Link to post
Share on other sites

  • Root Admin

Actually the code integrity hash file issue appears to be gone. These logs don't show that it's been there since 2014-10-16

There are some other DCOM errors that are not really malware related that could probably be cleaned up but in general probably not too much of an issue on a home computer.

Are you currently having any more obvious or known issues? Make sure you put back your antivirus and then reboot and scan again to make sure the code hash issue has not returned.

Link to post
Share on other sites

Actually the code integrity hash file issue appears to be gone. These logs don't show that it's been there since 2014-10-16

There are some other DCOM errors that are not really malware related that could probably be cleaned up but in general probably not too much of an issue on a home computer.

Are you currently having any more obvious or known issues? Make sure you put back your antivirus and then reboot and scan again to make sure the code hash issue has not returned.

 

 

Hello Ron,

 

In post 18 I uninstalled Outpost and followed your directions.

Im just confused about the the intergrity hash issues. In additional .txt it listed  CodeIntegrity Errors:

 

 

Date: 2014-10-16 18:04:15.909

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 18:04:15.816

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 18:04:15.707

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 18:04:15.613

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 17:58:55.515

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 17:58:55.359

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 17:56:53.578

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 17:56:53.469

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 17:56:53.375

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 17:56:53.266

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

Malwarebytes closed down when I uninstalled Outpost. I rebooted and Malwarebyes loaded just fine.

 

In post 19 I reinstalled Outpost and also scanned with Malwarebytes and in additional .txt it list below.

 

 

CodeIntegrity Errors:

===================================

Date: 2014-10-16 19:02:39.618

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 19:02:39.524

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 19:02:39.431

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 19:02:39.321

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 19:01:29.496

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 19:01:29.402

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 19:01:29.309

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 19:01:29.231

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 19:01:29.028

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-16 19:01:28.934

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

Sorry Im confused from your reply that the issue is gone. Malwarebytes scan came up clean

Link to post
Share on other sites

<kibbit>

 

Hi Tim,

How you doin'?

Have you had a chance today to do a Update run?   Then a new scan run?

Please advise.

Merci.

Hello Maurice,

 

I have updated the database and everything comes up clean and no crashes.

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/17/2014

Scan Time: 4:59:42 PM

Logfile:

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.10.17.09

Rootkit Database: v2014.10.17.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

OS: Windows Vista Service Pack 2

CPU: x64

File System: NTFS

User: Hardhead 5

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 338843

Time Elapsed: 16 min, 37 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.