told to come here

[tacua]

I have been testing mbarw beta 6 and have through some of the previous versions that I have tested, have occasional crashes of the anti-ransom-ware program.  I have submitted files in that forum, and they would like for you to take a look at my files to make sure my computer is not suffering a virus.  The last time I tried to have my files analyzed I had mis-abbreviated  MBARW and my post was redirected back to the mbarw forum.  The MBARW gurus would like you to check my submitted files.  I have also enclosed a jpeg of Nir Soft's showing the software MBARW's crash.

 

 

 

 

 

 

 

 

Addition.txt

FRST.txt

[tacua]

>>I have not gotten any replies.  I thought I'd add this extra  info.   This is the post I had in the MBARW forum:

"I have use beta 3, 4, 5, and each has had software crashes which slow the computer to a crawl.  They would last about 20 minutes before clearing itself and the computer returning to normal.  I had to uninstall the previous versions and am now using the  Beta 6 version.  I have noticed that it to has suffered a software crash a couple of times.  Each time has been when using Chrome 64 and having multiple tabs open (over 10).  The MBARW crash now seems to last less than a minute before recovery.  Hasn't happened nearly as often and don't last nearly as long.  I am enclosing the log, mbarw zips and am also including a jpeg of Last Activity View.  Hope this helps."

>>And this was the reply I received from 1PW (a forum moderator at the MBARW forum), and this is the reason I posted in this forum to make sure my machine is clean.  

"Hello tacua:

In the past, when you reported system slowness, it was recommended that the Windows 7SP1x64 computer in question be analyzed by the Malware Removal Experts in the Malware Removal Help sub-forum.  If the system has not undergone a recent and thorough analysis, with appropriate corrections, the slowness that is experienced is likely to continue.

Non-authoritatively it is not suspected that malware has infected the computer at this time.  However, that sub-forum, and experts mentioned above are very qualified to assist with most computer issues.  Please reconsider having the computer analyzed/cleaned.

Also, it is critical that the computer has unimpeded access to the mwbsys.com domain, and that C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe be fully regarded as Trusted by all the system's client security applications.

Thank you for beta testing MBARW and your valued feedback."

 

>>>Please let me know if you need any other info or anything else from me.

Tacua

 

[AdvancedSetup]

Sorry for the delay @tacua  Let me see if I can get one of the support people to take a look here.

 

[AdvancedSetup]

Okay let's take a look and see what's running on the computer. Let me get new FRST logs. Make sure you place a check mark in the Additions.txt check box to get that new log too.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

[tacua]

I had enclosed them in my first post here, but I have re-downloaded  the tool and re-scanned and here are the results.  I might add that I have no signs of infection on the computer, the only reason I am here is because of MBARW's sometimes slowdowns.  

When I tried to drag the made files here it failed, so I made zips which I included, let me know if you got them OK.  Waiting to hear back from you.

Addition.zip

FRST.zip

[AdvancedSetup]

The logs show that you appear to probably have some type of software conflict going on. Multiple issues with crashing programs in the Event Logs including difficult with the disk IO

Quote

 

Error: (04/11/2016 06:12:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (04/11/2016 06:12:32 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (04/10/2016 06:58:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.0.0.523, time stamp: 0x56d4af91
Faulting module name: MBAMService.exe, version: 3.0.0.523, time stamp: 0x56d4af91
Exception code: 0x40000015
Fault offset: 0x00000000001683f6
Faulting process id: 0x66c
Faulting application start time: 0xMBAMService.exe0
Faulting application path: MBAMService.exe1
Faulting module path: MBAMService.exe2
Report Id: MBAMService.exe3

Error: (04/10/2016 06:16:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (04/10/2016 06:16:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (04/10/2016 06:10:53 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2016 06:10:53 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2016 06:10:53 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/10/2016 06:10:53 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/10/2016 06:10:52 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (04/11/2016 06:09:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/11/2016 06:09:41 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/10/2016 06:58:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MB3Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/10/2016 06:12:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/10/2016 06:12:53 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/10/2016 06:10:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/10/2016 06:10:53 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (04/09/2016 06:53:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MB3Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/09/2016 06:11:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (04/09/2016 06:11:11 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1326

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

CodeIntegrity:
===================================
  Date: 2015-12-08 10:31:11.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-08 10:25:19.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-08 10:22:53.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-08 07:37:08.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-08 07:22:00.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-08 07:13:52.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-08 05:57:55.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-07 20:56:39.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-07 17:13:38.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-07 16:32:45.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.

 

 

 

Let me have you try running the following and see if we can get the computer cleaned up a bit in general.

Click on START and type in CMD.EXE and when it shows on the menu right click over it and select "Run as administrator" then type in the following.

CHKDSK  C:  /R

It will say it cannot lock the drive. Press the Y key and the Enter key to have it run on restart. Then restart the computer and let it run.

After the disk check please run the following fix from Microsoft.

Please visit the following site and run the fixit tool from Microsoft.
Fix Windows Desktop Search when it crashes or not showing results

After that repair please run the following.

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

Then restart the computer 2 more times and let me know if you're still having issues with MBARW or not.

 

 

 

 

Edited April 11, 2016 by AdvancedSetup

[tacua]

Did as you directed.  No problems, I'll let you know if that cures MBARW's hiccups, THANKS!

[AdvancedSetup]

Great, please do.

Cheers

Ron

[exile360]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!