Jump to content

Event ID 5 Kernel-General error in Event Viewer


Recommended Posts

Welcome,
I have a problem. Every day I have this error in event viewer, system log:
 

{Registry Hive Recovered} Registry hive (file):\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-4089430802-3287748835-2730757419-1001-0-ntuser.dat was corrupted and it has been recovered. Some data might have been lost.
 

This error repeats every day at about 3:00AM.

 

I did system integrity check and hard drive check (CHKDSK) - no errors.

Maybe someone could help me? Thanks in advance.

Link to post
Share on other sites

Hello and :welcome: , @Coroner:
 
I saw your thread over at tenforums.com here: Event ID 5 Kernel-General error in Event Viewer
 
Thanks for coming over here.
 
Normally, the first step would be to suggest a clean MBAM reinstall, especially since you upgraded to Win10 with MBAM installed.

However, given the nature of the Error Code 5 events which appear to be related to your scheduled Threat scans, I thought that the QA team might want to collect some basic logs first.  To my knowledge as just a home user and forum volunteer, this is the first report of such errors.
 
So, let's try this, please:
 
First, please follow the steps in this pinned topic to generate a total of 3 logs from 2 basic scanners: Diagnostic Logs
 
AND, please read the steps below for posting a few of your recent PROTECTION logs.
 
Please attach all 3 diagnostic logs (FRST.txt, Addition.txt and CheckResults.txt) log AND at least one or two PROTECTION logs to your next reply here.
 
Thanks!
------------------

How to get SCAN logs or PROTECTION logs:
(Export log to save as a txt file for posting in the forum when requested)

  • Open MBAM.
  • Click on the HISTORY tab > APPLICATION LOGS.
  • Double-click on the SCAN LOG which shows the date and time of the scan just performed (or the one you are asked to post), OR on the PROTECTION LOG showing the detection you are reporting (or the one that you are asked to post).
  • Click EXPORT.
  • Click TEXT FILE (*.txt)
  • In the "Save File" dialog box which appears, click on DESKTOP.
  • In the FILE NAME box, type a name for your saved scan or protection log.
  • A message box named "File Saved" should appear, stating that "Your file has been successfully exported".
  • Click OK.
  • Please attach the saved log to your next reply here in this thread.
Link to post
Share on other sites


MBAM Protection log


Malwarebytes Anti-Malware

www.malwarebytes.org

 

Data skanowania: 11.10.2015

Czas skanowania: 04:42

Raport: mbam log.txt

Administrator: Tak

 

Wersja: 2.1.8.1057

Baza szkodliwego oprogramowania: v2015.10.11.01

Baza danych rootkitów: v2015.10.06.01

Licencja: Premium

Ochrona przed złośliwym oprogramowaniem: Włączony

Ochrona przed szkodliwymi stronami: Włączony

Samoobrona: Wyłączony

 

System operacyjny: Windows 10

Procesor: x64

System plików: NTFS

Użytkownik: Coroner

 

Typ skanowania: Dokładne skanowanie

Wynik: Zakończono

Obiekty przeskanowane: 436313

Czas, który upłynął: 7 min, 52 s

 

Pamięć: Włączony

Autostart: Włączony

System plików: Włączony

Archiwa: Włączony

Rootkity: Wyłączony

Heurystyka: Włączony

PUP: Włączony

PUM: Włączony

 

Procesy: 0

(Nie wykryto zagrożeń)

 

Moduły: 0

(Nie wykryto zagrożeń)

 

Klucze rejestru: 0

(Nie wykryto zagrożeń)

 

Wartości rejestru: 0

(Nie wykryto zagrożeń)

 

Dane rejestru: 0

(Nie wykryto zagrożeń)

 

Foldery: 0

(Nie wykryto zagrożeń)

 

Pliki: 0

(Nie wykryto zagrożeń)

 

Sektory fizyczne: 0

(Nie wykryto zagrożeń)

 

 

(end)


Addition.txt

FRST.txt

Link to post
Share on other sites

Hello, @Coroner:
 
Thanks for the FRST logs and for the MBAM scan log. :)
 
It would also help to see the others that were requested in my previous reply here
 
If you could, please also provide the CheckResults.txt log from mbam-check ("Log Set 2"), as explained here.
And, it would help to see not just the scan log that you posted, but also the PROTECTION log from the day you were seeing the error in the Windows event log.
 
I will ask a member of the MBAM Product team to review all of them and to advise you further.
 
Thanks for your patience.
 
-----------------

How to get SCAN logs or PROTECTION logs:
(Export log to save as a txt file for posting in the forum when requested)

  • Open MBAM.
  • Click on the HISTORY tab > APPLICATION LOGS.
  • Double-click on the SCAN LOG which shows the date and time of the scan just performed (or the one you are asked to post), OR on the PROTECTION LOG showing the detection you are reporting (or the one that you are asked to post).
  • Click EXPORT.
  • Click TEXT FILE (*.txt)
  • In the "Save File" dialog box which appears, click on DESKTOP.
  • In the FILE NAME box, type a name for your saved scan or protection log.
  • A message box named "File Saved" should appear, stating that "Your file has been successfully exported".
  • Click OK.
  • Please attach the saved log to your next reply here in this thread.
Link to post
Share on other sites

Thanks for that new log.

 

It would also be nice to see a PROTECTION log or two, as previously requested. :unsure:

 

But your mbam-check log does confirm your earlier report that MBAM was NOT cleanly reinstalled after your Win10 upgrade.

There are also several PUPs and other items in quarantine.

 

Under the circumstances, we would normally recommend a clean reinstall -- the process for that is explained here: MBAM Clean Removal Process 2x.

That would probably resolve your errors.

 

But, given the fact that your post is the first to mention these Windows error events, I would prefer to wait until a Malwarebytes staff member has a chance to review your current logs, first.

 

As long as MBAM seems to be working OK, I think it might be prudent to wait.

 

Thanks again for your patience,

Link to post
Share on other sites

Hi, Coroner:
 
OK, the MBAM devs have reviewed your logs. :)
 
Here is what they said:
 

On Error Code 5 issue it seems as those the offline registry hives aren't getting cleaned up after a scan for some reason.  We suspected a registry monitor and I see he has Wise Registry Cleaner installed, so could be because of this.  
 
But for now, he should be fine doing a clean reinstall and clearing some things out.  That may help, and if not, could be a conflict with the registry tool.

 
So, since your MBAM installation long predates your Windows upgrade and since you also have a bunch of PUPs in quarantine, it is suggested that you please proceed with a clean reinstall.  That may resolve the errors you reported.
 
To do that, please follow all of the steps in this pinned topic: MBAM Clean Removal Process 2x
It's important to:

  • Have your license info handy before you start (you will need to re-activate the Premium features);
  • To reboot when prompted by the removal tool; and, for good measure,
  • To reboot again after the reinstall.

 

ALSO, as noted, it appears that you are running a "Registry Cleaner" (Wise Registry Cleaner).
Such programs are not recommended, as they can cause more harm than good.
More information here: Do I need a Windows Registry Cleaner? and here: Microsoft does not support use of Registry Cleaners in Windows

While it's up to you, we would suggest uninstalling that program.

 

Please post back and let us know how it goes.

 

Thanks for your patience,

Link to post
Share on other sites

I'm afraid I should reinstall windows from scratch. :angry:

 

That seems a bit drastic at this point in time. :unsure:

 

If MBAM is otherwise working OK, if it were my computer, I would wait to hear from the developers.

 

But it's certainly up to you.  It's possible that the "Registry Cleaner" might have damaged the Windows registry.

If you do reload Windows, it might be advisable to cleanly UNinstall MBAM first, using the removal tool, and then to cleanly reinstall it from a fresh copy of the installer after reinstalling Windows.

 

Thanks again for your patience,

Link to post
Share on other sites

Hi Coroner,

I'm gonna help you with this particular case but we'll go through it with our support system

Please submit a ticket using this link:

https://support.malwarebytes.org/customer/portal/emails/new?b_id=6400

This may require some further investigation. Place my name (Radek) in the beginning and your ticket will go to me.

Regards,

Radek

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.