Jump to content
qwbo

Malwarebytes broken part 2

Recommended Posts

Believe me, I've been servicing many similar machines and if you put Avast, Zone Alarm and MalwareBytes, it will choke so badly. 

 

I see some other applications are failing too, so I need you to run Chkdsk.

Share this post


Link to post
Share on other sites

Error: (06/30/2015 00:20:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2015 00:20:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%3

Error: (06/30/2015 00:17:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2015 00:17:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2015 00:17:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The MBAMService service hung on starting.

Error: (06/30/2015 00:15:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%3

Error: (06/30/2015 11:47:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/30/2015 11:47:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%3

Error: (06/30/2015 11:18:24 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/30/2015 10:30:44 AM) (Source: DCOM) (EventID: 10005) (User: SPIKE)

Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""

in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Share this post


Link to post
Share on other sites

The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s). - NVIDIA DIsplay Driver Service is a utility that I installed then removed some time ago. I assume this is a leftover, so no real problem.

 

The Google Update Service.... Not something I installed - obviously packaged along with something else. I was pretty sure I'd got rid of it, so again, a leftover, so no real problem.

 

The MBAMService service terminated unexpectedly..... Terminated? It never started!

 

DCOM got error "%%1084"...........In the words of Microsoft - "Dcom Got Error 1084 and other critical errors can occur when your Windows operating system becomes corrupted. Opening programs will be slower and response times will lag. When you have multiple applications running, you may experience crashes and freezes. There can be numerous causes of this error including excessive startup entries, registry errors, hardware/RAM decline, fragmented files, unnecessary or redundant program installations and so on.

Share this post


Link to post
Share on other sites

Also, I can't see any sign of DCOM error in Event Viewer. The log goes back to 31/05/15 and the first error coming forward from there is on 28/06/15 - MBAMSERVICE. That coincides with the first failed update attempt. Most errors since then have been associated with further attempts at updating Malwarebytes.

 

So it would seem safe to assume that, as there were 28 days error free prior to the failed Malwarebytes update, Malwarebytes is the cause of the problem. The large number of postings on these forums and elsewhere with similar problems would seem to support that conclusion.

 

As you have made no progress in resolving the problem, please pass my case on to someone else.

Share this post


Link to post
Share on other sites

Please run the following and post back the log and we'll go from there.  Thanks

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Share this post


Link to post
Share on other sites

Hello AdvancedSetup. Thanks for your help.

 

I've run Combofix, but at the end of the scan (Completed Stage_50), I'm not getting a log. A message flashed at the bottom of the Completed stage_** list - too fast to read - and I then got a blue screen with the message

 

Bad_Pool_Header

 

Stop 0x00000019 (x00000020, 0x87E23A48, 0x87E23E60, 0x1A83008F).

 

I repeated the scan and got the same result.

Share this post


Link to post
Share on other sites

The issue with MBAM appears to be due to some changes made in the program. It looks like old single processor systems do not support a feature we added. I don't have all of the details but it seems that you will need to go back to an older 2.16 version to run MBAM as it ran before until we get this fixed in an upcoming update.

 

As for Combofix and other programs not running properly we can have you go to our BSOD forum and have one of the Experts there help you look into it further if you like. Please let me know what you'd like to do.

 

Thanks

 

Ron

Share this post


Link to post
Share on other sites

Ron

Thanks for the reply.

 

The plus is that you've confirmed my suspicion that the problem has been with the new version of Malwarebytes all along. But after I tried unsuccessfully to install the 2.18 version, I tried to install the 2.16 version after running the malwarebytes cleaning tool and 2.16 failed as well.

 

I'd like to get the PC back to "normal" so referral to a BSOD expert would be great thanks.

 

I've not made any changes to the PC since running Combofix. Should I go through the Combofix uninstall procedure or am I likely to need any backups created by Combofix? If I could get back to where I was before Combofix, it's a clearer starting point.

 

thanks

 

qwbo

Share this post


Link to post
Share on other sites

Let me send one of them a PM and check what's up. It's quite possible they may not support work on XP anymore. It is now over 15 years old and not supported by Microsoft either.

Share this post


Link to post
Share on other sites

We have a collection app for XP around somewhere, but I'd rather take a look at a kernel-dump if you have one.

 

Check C:\Windows for it, it'll be called MEMORY.DMP. Compress it and upload it to a drive site, like Onedrive or Google Drive, then paste the link in your reply.

Share this post


Link to post
Share on other sites

We have a collection app for XP around somewhere, but I'd rather take a look at a kernel-dump if you have one.

 

Check C:\Windows for it, it'll be called MEMORY.DMP. Compress it and upload it to a drive site, like Onedrive or Google Drive, then paste the link in your reply.

 

 

In the absence of a crash dump, the following might be useful: attach a zipped Autoruns.arn and a zipped MSInfo32.nfo, these will contain part of what would have been collected by the BSOD collection app.

 

 

Download Autoruns: https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

 

(This method of setting up/running Autoruns enables a number of checks and lists only the unsigned Windows entries plus all non-Windows entries and allows direct checking of any Virustotal 'positives'.)

Run Autoruns as Administrator, once it starts, hit Esc to stop the scanning, from the File > Options menu, select only the following:

Hide Empty Locations

Hide Windows Entries

From the File > Options > Scan Options menu:

Verify Code Signature

Check VirusTotal.com

Submit Unknown Images.

Click the Refresh icon or press F5 for the scan to restart and any uploading to VirusTotal to begin. Allow time for any VirusTotal results to be returned, check the VirusTotal column, right side of the main panel, for progress, each entry should contain a x/xx (eg. 0/57, number of positives/number of scanners used).

Once data checks are complete, File > Save As > Autoruns.ARN (the default file type), zip that saved file (Send to > Compressed folder from the mouse right-click menu) and then the Autoruns.zip can be uploaded and attached to a reply for checking.

 

 

For MSInfo32, Start > Run > type in msinfo32 and press Enter/OK. The collection can take some time, you might be able to accelerate the data collection by clicking each section/sub-section and waiting for it to populate, you should be able to tell by the Status Bar - but there are likely to be some sections that don't populate where there isn't any relevant data anyway. The Components and Software environment subsections are the most important.

 

Once you have the MSInfo32 fully populated, Save as > MSInfo32.NFO on your Desktop, right-click that and select Send to > Compressed folder - this will add an MSInfo32.zip to your Desktop, please attach that to your reply as well.

Share this post


Link to post
Share on other sites

Ok. I only found out my post had been moved 5 minutes ago. So can I have a bit of clarity as to what you want? And who am I responding to?

Share this post


Link to post
Share on other sites

Follow Patrick's instructions.

 

If you don't find any dumps to upload, continue with mine please.

Share this post


Link to post
Share on other sites

As there has been no follow up on further testing to see what is preventing other applications from running I will go ahead and close this topic now.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.