Hardhead Posted October 12, 2014 ID:888849 Share Posted October 12, 2014 CheckResults.txt I have minidump if needed. Ran fine for a couple of days on Vista Ultimate 64bit. Link to post Share on other sites More sharing options...
1PW Posted October 12, 2014 ID:888854 Share Posted October 12, 2014 Hello Hardhead: Thank you for the CheckResults.txt file! Yes - please do individually attach the minidump.dmp file along with the two output diagnostic text files (FRST.txt and Addition.txt) from running, as Administrator, the most recent release of FRST64.exe, downloaded and saved to your Administrator's desktop from >>HERE<<. Please do not run FRST64.exe from your browser or a user account download folder. Note - if the IP.Board forum software rejects attaching a .dmp file, please zip the file and attach it instead. Please describe how you installed MBAM v2.0.3.1025 RC1. Did you upgrade/install over the top of a previous install of MBAM Pro or Premium? If so, what was the previous MBAM version number? Can you relate what the system was doing when the crash occurred?Thank you for using this version and devoting your valuable time. Link to post Share on other sites More sharing options...
Hardhead Posted October 12, 2014 Author ID:888855 Share Posted October 12, 2014 FRST.txt Addition.txt Thanks for your quick reply and may I note that the crash is sporadic and doesn't happen all the time. This is the first time and I rebooted everything loaded fine. Also the crash is identical to the first one I had a good while back. app crash.txt Sorry I'm not permitted to add minidump file to forum post.I know theres a way but I forgot. Need directions on what site to use>LOL forgot to zip it.. mbam.zip Link to post Share on other sites More sharing options...
1PW Posted October 12, 2014 ID:888861 Share Posted October 12, 2014 Hello Hardhead: 1. Thank you for the files! However, I submitted the .dmp file to osronline.com for analysis and it rejected the mbam.dmp file for unclear reasons. The FRST output files are quite perfect! If you have a different minidump.dmp file, please zip it and attach. If you only have the one viable .dmp file, please re-zip it and attach again. 2. Please describe how you installed MBAM v2.0.3.1025 RC1. Did you upgrade/install over the top of a previous install of MBAM Pro or Premium? If so, what was the previous MBAM version number? Can you relate what the system was doing when the crash occurred? 3. Rather than suggest you do a clean re-install of MBAM v2.0.3.1025 RC1, let's wait for a Malwarebytes staffer to weigh in on your issue. Thank you again! Link to post Share on other sites More sharing options...
Hardhead Posted October 12, 2014 Author ID:888930 Share Posted October 12, 2014 All I know to do is rename the minidump file. I used procexp to save the minidump so I all I have is that same file when it happened. I did a clean install of MBAM v2.0.3.1025 RC1. So I uninstalled old version of MBAM with clean.exe and it wasn't a beta. It was Version: 2.0.2 Premium.This has only happened one time and that was when I booted up the laptop. Heres the minidump file again. mini.zip Link to post Share on other sites More sharing options...
Hardhead Posted October 12, 2014 Author ID:888933 Share Posted October 12, 2014 This is the very first minidump below. mbam.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 13, 2014 ID:889131 Share Posted October 13, 2014 Hello Hardhead, Looking thru your report logs, I see a number of entries that show these entries ( repeatedly)Date: 2014-10-12 01:28:23.622 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-12 01:28:23.528 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. There possibly could be something amiss on this Vista or some other type of interference.For your consideration, I would suggest a new clean install with the Version 2.0.5.1023but first, do 2 runs ( yes, 2 ) of mbam-clean beforehand. Please advise afterwards. Link to post Share on other sites More sharing options...
Hardhead Posted October 13, 2014 Author ID:889133 Share Posted October 13, 2014 Thanks Maurice!Will do and I check for missing hashes afterwards. Link to post Share on other sites More sharing options...
Hardhead Posted October 14, 2014 Author ID:889313 Share Posted October 14, 2014 I didn't see this until now since it was moved so I sent you a PM Maurice. Thanks for your support and help. :-)Tim Link to post Share on other sites More sharing options...
Hardhead Posted October 15, 2014 Author ID:890260 Share Posted October 15, 2014 OK I followed the directions and still no luck. Still getting errors in hash.So I went back to a previous image using True Image. Still got the same hash errors. Now I went back to the very first image and still getting hash errors.I know there is no MS Updates yet. FRST.txt Addition.txt CheckResults.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 15, 2014 Root Admin ID:890333 Share Posted October 15, 2014 So many current errors in those logs not sure if it's simply do to the reimage or if they're real. If real then the computer needs some fixing.I would first start off with a full disk check. From an elevated admin command prompt run the following.CHKDSK C: /R It should take at least 10 minutes to run but could take hours to complete. Just let it run please.Then find the entry for the disk check in the Event Logs and copy/paste the results back here. After that then fully disable your antivirus and run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs please. Thanks Link to post Share on other sites More sharing options...
Hardhead Posted October 15, 2014 Author ID:890622 Share Posted October 15, 2014 Hello Ron,I went back to the previous image before the beta test. I ran scandisk and everything came back clean.Then I uninstalled MBAM with the clean tool twice.Then I did a clean install of MBAM and followed all directions listed in the forum and what you said to do.I have not installed todays MS updates yet.The laptop is running fine and no slow issues but still have the codeIntegrity errors. Im clueless. Addition.txt CheckResults.txt FRST.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 15, 2014 ID:890629 Share Posted October 15, 2014 <Kibbitz> Congratulations on the new install. Now the proof of the pudding. Start the program and kick the tires. Get Updates do some threat scans. Link to post Share on other sites More sharing options...
Hardhead Posted October 15, 2014 Author ID:890649 Share Posted October 15, 2014 Hello Maurice,I ran threat scans twice and nothing found.I still have not installed todays MS updates and I know my flashplayer is out of date but I haven't been to any flash sites.The flash player had an update on the 14th which was yesterday. Mbam scan.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 15, 2014 ID:890651 Share Posted October 15, 2014 <kibbitz>So long as there has not been any "appcrash" plus it completed Scan runs without any sort of "hiccup" then I am doing a Happy Dance on your behalf. Link to post Share on other sites More sharing options...
Hardhead Posted October 15, 2014 Author ID:890659 Share Posted October 15, 2014 No crashes yet and everything is running just fine but what concerns is the the codeIntegrity errors in Addition.txt.I'm curious to here what Ron says about that. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 16, 2014 Root Admin ID:890921 Share Posted October 16, 2014 I would open REGEDIT.EXE and remove the entries below in brown. You can check on the Advanced button to set "Run as administrator" on a shortcut without setting any compatibility settings. If at all possible no program should be run in compatibility mode unless they really need to.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Users\Hardhead 5\Desktop\procexp.exeHKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Users\Hardhead 5\Desktop\procexp.exe Then temporarily for testing purposes. Please fully uninstall Outpost Security Suite Pro (disconnect your network connection) and then restart the computer and run the scan again and see if the hash issue is still there or not and let us know please.Once done then make sure to reinstall Outpost Security Suite Pro and connect back your network connection. Link to post Share on other sites More sharing options...
Hardhead Posted October 16, 2014 Author ID:891174 Share Posted October 16, 2014 Okie dokie Ron, Below is what I have when I uninstalled Outpost SS. After I post these logs I will scan again post with clean install of Outpost SS next.I'm doing a threat scan now. Addition.txt FRST.txt CheckResults.txt Link to post Share on other sites More sharing options...
Hardhead Posted October 16, 2014 Author ID:891181 Share Posted October 16, 2014 Addition.txt CheckResults.txt FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 17, 2014 Root Admin ID:891241 Share Posted October 17, 2014 Actually the code integrity hash file issue appears to be gone. These logs don't show that it's been there since 2014-10-16 There are some other DCOM errors that are not really malware related that could probably be cleaned up but in general probably not too much of an issue on a home computer. Are you currently having any more obvious or known issues? Make sure you put back your antivirus and then reboot and scan again to make sure the code hash issue has not returned. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 17, 2014 ID:891531 Share Posted October 17, 2014 <kibbit> Hi Tim,How you doin'?Have you had a chance today to do a Update run? Then a new scan run?Please advise.Merci. Link to post Share on other sites More sharing options...
Hardhead Posted October 17, 2014 Author ID:891641 Share Posted October 17, 2014 Actually the code integrity hash file issue appears to be gone. These logs don't show that it's been there since 2014-10-16There are some other DCOM errors that are not really malware related that could probably be cleaned up but in general probably not too much of an issue on a home computer.Are you currently having any more obvious or known issues? Make sure you put back your antivirus and then reboot and scan again to make sure the code hash issue has not returned. Hello Ron, In post 18 I uninstalled Outpost and followed your directions.Im just confused about the the intergrity hash issues. In additional .txt it listed CodeIntegrity Errors: Date: 2014-10-16 18:04:15.909Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 18:04:15.816Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 18:04:15.707Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 18:04:15.613Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 17:58:55.515Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 17:58:55.359Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 17:56:53.578Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 17:56:53.469Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 17:56:53.375Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 17:56:53.266Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Malwarebytes closed down when I uninstalled Outpost. I rebooted and Malwarebyes loaded just fine. In post 19 I reinstalled Outpost and also scanned with Malwarebytes and in additional .txt it list below. CodeIntegrity Errors:===================================Date: 2014-10-16 19:02:39.618Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 19:02:39.524Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 19:02:39.431Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 19:02:39.321Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 19:01:29.496Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 19:01:29.402Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 19:01:29.309Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 19:01:29.231Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 19:01:29.028Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.Date: 2014-10-16 19:01:28.934Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Sorry Im confused from your reply that the issue is gone. Malwarebytes scan came up clean Link to post Share on other sites More sharing options...
Hardhead Posted October 17, 2014 Author ID:891645 Share Posted October 17, 2014 <kibbit> Hi Tim,How you doin'?Have you had a chance today to do a Update run? Then a new scan run?Please advise.Merci.Hello Maurice, I have updated the database and everything comes up clean and no crashes. Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 10/17/2014Scan Time: 4:59:42 PMLogfile:Administrator: YesVersion: 2.00.3.1025Malware Database: v2014.10.17.09Rootkit Database: v2014.10.17.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: EnabledOS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: Hardhead 5Scan Type: Threat ScanResult: CompletedObjects Scanned: 338843Time Elapsed: 16 min, 37 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 18, 2014 ID:891807 Share Posted October 18, 2014 Hi Tim, Glad to know the good news about the clean scan run finish. Link to post Share on other sites More sharing options...
KenW Posted October 18, 2014 ID:891873 Share Posted October 18, 2014 I run Outpost Security Suite and MB on 5 machines, 2 with ram disks, without any problems. What and where are these errors..3 Win 8 and 2 Win 7 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now