W10 Resume from Sleep Issue w/Scan for Rootkits Setting

[exptuser2]

My Windows 10 Pro system recently began an issue upon resuming from sleep.  The system never recovers from sleep (blank display).  After a short time, the system shares the error "Driver Power State Failure" just before automatically rebooting.  After much troubleshooting it appears the issue is with selecting the "Scan for rootkits" in the Detection and Protection Settings.  Turn it on, the resume from sleep issue occurs.  Turn it off, issue goes away.  All other settings are checked in the Detection and Protection section.  The version of Malwarebytes is Home Premium 2.1.8.1057.

[daledoc1]

Hello and :
 
 
We're not seeing any reports of similar behavior here in the forum.
 
Did you temporarily uninstall MBAM before upgrading to Win 10?

 

Let's start here:

• Please carefully follow all the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x
• If that does not correct the issue, then please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)
• NOTE: More info about v2.1.8 HERE; User Guide ONLINE; User Guide PDF; FAQ: Common Questions, Issues, and their Solutions

Please let us know how it goes.

Thanks,

[exptuser2]

Okay.  I followed exactly the procedure of completely removing Malwarebytes from my system.  After reinstalling Malwarebytes, the "Scan for rootkits" setting was left checked.  After putting my system to sleep for about 8-9 hours, the same situation occurred.  System did not fully resume from sleep giving a blank display and requiring a reboot.  

 

So moved to the next suggestion of creating diagnostic logs.  Ran the mbam-check.exe and the results are attached.  Tried to run the "Farbar Recovery Scan tool"  but my Windows 10 system would not allow to run because of being a suspected virus.  From within the Windows 10 dialog box, I was able to tell it to ignore the issue.  However, my Norton Security immediately removed the application.   

 

So have not attached the "Frst.txt" or "Addition.txt" yet.  Is this program SAFE to use, as both Windows 10 and Norton see it as a virus.  

 

Thanks

CheckResults.txt

[daledoc1]

Hi:

 

 

Yes, FRST is perfectly safe.

The author, @farbar, is a well-known security expert and forum expert here.

The tool is run 100s of times a day here and at other security forums.

 

That detection by Norton is a false-positive.

Just temporarily pause Norton in order to download and run the tool.

Resume Norton protection after it runs.

 

Please post back here with both logs (FRST.txt and Addition.txt) attached to your next reply.

 

Thank you,

[exptuser2]

Here are the files.

Addition.txt

FRST.txt

[AdvancedSetup]

Well if you look at the list of TASKS in the Additions.txt log you'll see a few entries for items that deal with time and with Windows updates and installation and possibly rollback options for Windows 10 some that appear to have missing files or at least are not found during the scan process. Then the error events show a few issues as well. Unfortunately repairing all Windows issues is well beyond the scope of supporting our program. We can attempt to assist you with fixing some of it but you might need to visit a dedicated Microsoft Windows support site to see about correcting these errors.

 

Application errors:
==================
Error: (09/08/2015 06:20:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBMAX4PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/08/2015 02:01:54 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3e372e87-66d7-4cce-bf84-cf3288ced2ce}

Error: (09/08/2015 02:01:54 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
   Writer Name: MSMQ Writer (MSMQ)
   Writer Instance Name: MSMQ Writer (MSMQ)
   Writer Instance ID: {fd2ca5b7-d046-4c94-b594-1fa844ce26e5}

Error: (09/08/2015 01:56:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBMAX4PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/07/2015 07:57:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0"1".
Dependent Assembly Plug-ins\Common\TSStrider,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2015 07:29:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBMAX4PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/07/2015 07:29:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBMAX4PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/07/2015 11:13:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBMAX4PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/07/2015 11:11:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBMAX4PC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/07/2015 11:11:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBMAX4PC)
Description: Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2147417848 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (09/08/2015 06:37:02 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (09/08/2015 06:22:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (09/08/2015 06:20:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/08/2015 06:20:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/08/2015 06:20:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/08/2015 06:20:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/08/2015 06:20:32 PM) (Source: DCOM) (EventID: 10010) (User: ROBMAX4PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (09/08/2015 05:54:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147944153

Error: (09/08/2015 05:54:01 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000001a (0x0000000000041284, 0xffffb00114660000, 0x000000000001ef6c, 0xfffff79940000000)C:\WINDOWS\MEMORY.DMP090815-9703-01

Error: (09/08/2015 05:54:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:40:22 AM on ‎9/‎8/‎2015 was unexpected.