Jump to content

Recommended Posts

Hello

 

I just purchased the premium MBAM software to take advantage of the realtime protection, but now it seems scanning does not work and continually crashes the program - see example screenshot.

 

What other information do you need to help resolve this?  It appears to crash when scanning the same file - at least more than once in any case (I did not capture every occasion it has crashed).

 

Thanks

 

post-181516-0-92435500-1420926151_thumb.

post-181516-0-43178400-1420926685_thumb.

Link to post
Share on other sites

Hello and :welcome: :


Let's start here, please:

  • Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x
  • If that does not correct the issue, then please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)
  • NOTE: There is an FAQ section with valuable information located here - Common Questions, Issues, and their Solutions

>>If the problem recurs after a clean reinstall, we might need to collect some crash dumps, as well as the diagnostic logs already mentioned. We will provide instructions for posting the crash dumps, if needed.

 

>>Also, you might want to check out this pinned topic (it originally referred to MBAM 1.x, but many of the concepts are still valid): >>HERE<<

 

Please let us know how it goes.

Thanks,

Link to post
Share on other sites

I am having a problem here in that the restart has seemed to completely hang my computer (I am posting from a different machine now) which is running windows 8.1 but has been stuck on "Configuring Windows features 100% complete" for over 2 hours now.  It runs off SSDs so I cannot seem to hard restart the machine to try and force it into booting e.g. into safe mode.

Link to post
Share on other sites

Hi:

 

UGH. :(

 

I am only a home user and forum volunteer, but I've never heard of a similar problem on a machine that wasn't infected or somehow "broken" (e.g. failing hard drive, OS corruption, etc.)

(I'm not suggesting that is necessarily the case for your system. It's just that the uninstall process with the removal tool is quite robust and normally proceeds without incident.)

 

You said you were restarting: was this after uninstalling MBAM using the removal tool, when it asked for a reboot? or were you rebooting after malware removal? or something else?

 

I'm not personally familiar with Windows 8.1, so I'm afraid we will need to wait for a staff member or someone more expert to advise you.

It is the weekend, but someone is bound to stop by.

 

Thanks very much for your patience and understanding.

Link to post
Share on other sites

Thanks for the clarification.

 

As I mentioned, I wasn't implying that you were infected.

It's just that I've never seen a system not restart after running mbam-clean.

 

I have located a couple of links at reputable computer support forums that deal with Windows 8 Safe Mode.

However, providing specific advice on that would be above my pay grade.

 

I will escalate your topic to the forum staff, as this is a highly unusual occurrence.

Please be patient -- it is the weekend.

 

I will do my best to get you some expert help as soon as possible.

 

Thanks again,

Link to post
Share on other sites

Thanks - that was primarily intended to be feedback.  I left it on overnight, and when I woke up, it was miraculously back at the lock/login screen, so I guess it wasn't hung, just exceedingly slow!  I can't guarentee it was MBAM's uninstall rather than anything else (e.g. if other things were queued up waiting for a reboot like windows updates or some other software) but nonetheless hours of waiting is a bit tedious.

 

I will now attempt the re-install and see if that works, if not I will provide the logs as requested

Link to post
Share on other sites

Hi there, I ran a new scan on the clean install, and it seemed to run fine, however I noticed that the settings I had run it on weren't the same as those I ran it on originally - the new scan was run without 'search for rootkits' checked, and that finished no problem. 

 

So I re-ran it with the search for rootkits option selected, and it seemed again to crash on the same file - screenshot attached (though it looks pretty similar to the original 2).  I have now attached the three log results as requested. 

 

In the interim I will keep the rootkits option deselected so at least I can still run the software, but it's not ideal obviously!

 

post-181516-0-40270300-1420966396_thumb.

CheckResults.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

Hi:
 
That's good news.
 
We'll need to wait for the staff to formally review your logs.
However, at least 2 things jump out.
 
First, this:
 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

 
You are running many AV/AM applications: (EAM and  Avast) (plus the OEM Windows Defender installed, but disabled), as well as Spybot S&D (which is no longer a recommended program, at least by mvps.org), AND Comodo Defense AND Comodo Firewall, AND MBAM.
Running more than one antivirus (AV) with multiple real-time anti-malware (AM) programs, PLUS multiple firewalls is pretty much a guarantee for system problems: slowdowns, clashes, conflicts, hangups, instability and REDUCED protection.
"MORE" security programs -- especially antivirus applications -- does NOT equate to more protection.

I expect that the excess number of security programs may have contributed to the problem with restarting the system.
I'm also quite certain that the staff members will advise cleanly uninstalling the redundant programs (using the vendor's removal tool, if available), so that you only have ONE AV (fully disable the OEM Windows Defender) and ONE realtime AM (MBAM Premium) and ONE firewall (fully disable Windows Firewall, if using a 3rd party product).
(Simply disabling the extra AV programs and firewalls is not sufficient, as the drivers would still be installed and can cause problems.)
 
Second: You appear to be running "Axcrypt"?
There are known issues with anti-rootkit (ARK) scanning on some encrypted drives, with some encryption products.
There are technical reasons for that relating to the encryption process.
The fact that disabling ARK scanning resolves your issue suggests that this might be the case on your system.
The workaround is what you already devised -- disabling ARK scanning. :)

 

 

I expect that the staff and experts will have some additional recommendations for you when they review the logs.

 

Thanks again for your patience,

Link to post
Share on other sites

Thanks, I'm not intentionally running multiple AVs so would be happy to go Avast + MBAM + Comodo firewall, but will await someone to further analyse the logs to give further direction.  I'm also not intentionally running Axcrypt (I don't know what that is, I wonder if it came with one of my external HDDs that did ask if I wanted to encrypt the data on it), but the scan appears to be failing on a file that isn't on an external drive but on the c:\.

 

Thanks for your help so far, hopefully someone will take a log at the logs and come back to me shortly!

Link to post
Share on other sites

  • Root Admin

Not certain if the computer is infected or if possibly damaged from something but it does have many errors going on. I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Basically copy your same log files to a new topic as described and wait for further assistance.

Thanks

System errors:

=============

Error: (01/11/2015 07:44:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:

%%1053

Error: (01/11/2015 07:44:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

Error: (01/11/2015 07:41:47 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Type with the following error:

%%5

Error: (01/11/2015 07:40:22 AM) (Source: DCOM) (EventID: 10010) (User: SCHENKER)

Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/11/2015 06:17:15 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (01/11/2015 06:15:15 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (01/11/2015 04:24:36 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)

Description: CBS Client initialisation failed. Last error: 0x80080005

Error: (01/11/2015 04:24:36 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (01/11/2015 04:22:35 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Type with the following error:

%%5

Error: (01/11/2015 04:22:01 AM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: The Windows Modules Installer service did not shut down properly after receiving a pre-shutdown control.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.