Jump to content

Recommended Posts

I am having the same problem since 2 days now. SDK Scanning error: 20025. Says it can't load the anti-rootkit upon boot, and would I like to run the scan without it. This is a brand new purchase of MBAM on this system 2 days ago. I've always had the free version until now. I uninstalled MBAM using the mbam-clean.exe tool, then reinstalled MBAM - no difference. On every reboot, when I go into the administrator account, it happens. I have 3 other non-admin accounts on the machine, if that  makes any difference.

W10Home v1511 (10586.494) i7, 8GB RAM, integrated graphics, Avast, CryptoPrevent. Everything is up-to-date, including the Avast update which just came out today.

mbam-error.PNG

mbam-error01.PNG

Link to post
Share on other sites

Hi, @simrick

That error is usually resolved on an unifected system by a clean reinstall of MBAM.

If you already followed the instructions HERE for a clean reinstall from an Admin account, then we will need a bit more information in order to better assist you.

Please follow the advice here and then please ATTACH all 3 logs to your next post: Diagnostic Logs.  The 3 logs will be FRST. txt, Addition.txt and Checkresults.txt.

Thanks,

P.S. As each computer is unique, it would probably be less confusing if we can assist you in your own, separate thread. As such, the forum mod team might split off your post and the subsequent replies to a new topic. No worries, though.;)

Edited by daledoc1
Link to post
Share on other sites

1 hour ago, daledoc1 said:

Hi, @simrick

That error is usually resolved on an unifected system by a clean reinstall of MBAM.

If you already followed the instructions HERE for a clean reinstall from an Admin account, then we will need a bit more information in order to better assist you.

Please follow the advice here and then please ATTACH all 3 logs to your next post: Diagnostic Logs.  The 3 logs will be FRST. txt, Addition.txt and Checkresults.txt.

Thanks,

P.S. As each computer is unique, it would probably be less confusing if we can assist you in your own, separate thread. As such, the forum mod team might split off your post and the subsequent replies to a new topic. No worries, though.;)

Hi and thanks for your response.

No problem if I get split off to a separate thread, just let me know where to find it.

I am attaching the logs as requested. Please note that the Group Policy entries are a result of CryptoPrevent (also the Hosts entries). Oh, and it's a W10Pro OS (not Home).

Thanks for your help.

Addition.txt

CheckResults.txt

FRST.txt

Link to post
Share on other sites

Hi:

Thanks for the logs and the status update.

I do not see anything obvious to account for the behavior you reported.  It may have been a hiccup, but I have asked the forum staff to review your logs, in case I have missed something.

One proactive step you might consider would be to set mutual exclusions between MBAM and Avast.
The attached screen shot shows how to add the AV folder to MBAM exclusions (it's for Kaspersky, but the principle is the same; ignore the Carbonite entry).
And the MBAM files to exclude in Avast are listed below.

Thanks again,

---------------------------

Please exclude the following files from your Antivirus Software for your version of Windows:


For 32-bit versions of Windows XP, Windows Vista, Windows 7 & Windows 8 & Windows 10:

  • C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamdor.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbampt.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe
  • C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

For 64-bit versions of Windows Vista, Windows 7 & Windows 8 & Windows 10:

  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamdor.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes Anti-Malware \mbamscheduler.exe


Note: If you are using a software firewall besides the built in Windows Firewall, you'll need to exclude MBAM.EXE, MBAMSERVICE.EXE and MBAMRESEARCH.EXE from it, as well.
 
Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

 

221-Exclusions-2016-03-31_6-14-39.png

Edited by daledoc1
Forgot the screen shot
Link to post
Share on other sites

Hi. Thanks for the suggestions. I've gone ahead and set the mutual exclusions, even though the problem seems to have resolved itself. I did notice, after setting them, the Avast taskbar icon appeared and began animating much faster that before the exclusions were in place.

So, thanks very much for your help, and please let me know if anyone from forum staff see anything in my logs. For now I'll consider this resolved. ^_^

Cheers!

Link to post
Share on other sites

  • Root Admin

Are you running any type of Drive or File encryption on this system?

You have some issues on the system, but they don't appear to be related to this issue, but should be corrected.

Error: (07/30/2016 11:27:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the APC Data Service service to connect.

Error: (07/30/2016 11:26:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Let's try a full disk check and some clean up and see if that corrects it.

Open an Elevated Admin command prompt and type in the following.

CHKDSK   C:   /R

Then press the Y key if asked to run the disk check on reboot, then restart the computer and let it run.

Then after that please run the following.

 

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and selectRun As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

 

 

Link to post
Share on other sites

Hi.

No encryption of any kind on this system.

Not sure what I can do about the APC Software - it's working (I just checked it).

Net Tcp port sharing is disabled in services. I believe this is the standard setting(?)

I ran a chkdsk scan from within the OS and it said no further action necessary. I will run the boot chkdsk after replying to the rest of your items.

I had run ADWCleaner on 7-28. I've run it again today and attached both the logs for you.

Sorry it's taken me so long to reply, but I did not get an email when you posted, and I only checked in here today, because the issue popped up again.

Thanks.

 

AdwCleaner[S3].txt

AdwCleaner[S4].txt

error-back-again.PNG

Link to post
Share on other sites

Here is the chkdsk info

 

Chkdsk was executed in scan mode on a volume snapshot.  

Checking file system on C:
Volume label is Win7.

Stage 1: Examining basic file system structure ...
                                                                                       
  400640 file records processed.                                                         File verification completed.
                                                                                       
  6921 large file records processed.                                                                                                                           
  0 bad file records processed.                                      
Stage 2: Examining file name linkage ...
                                                                                       
  480488 index entries processed.                                                        Index verification completed.
                                                                                                                                                                                
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
                                                                                       
  39925 data files processed.                                            CHKDSK is verifying Usn Journal...
                                                                                       
  34062512 USN bytes processed.                                                            Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

 390704127 KB total disk space.
 161535576 KB in 177838 files.
    126640 KB in 39926 indexes.
    517487 KB in use by the system.
     65536 KB occupied by the log file.
 228524424 KB available on disk.

      4096 bytes in each allocation unit.
  97676031 total allocation units on disk.
  57131106 allocation units available on disk.

----------------------------------------------------------------------


Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...

Stage 3: Examining security descriptors ...

Windows has scanned the file system and found no problems.
No further action is required.

 

Link to post
Share on other sites

Hi.

Here are the results of the chkdsk at boot. I will now uninstall Avast. Just so you know: I have had this problem ever since activating MBAM Pro and enabling the Rootkit feature.

 

 

Checking file system on C:
The type of the file system is NTFS.
Volume label is Win7.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  400640 file records processed.                                                         File verification completed.
  6921 large file records processed.                                      0 bad file records processed.                                      
Stage 2: Examining file name linkage ...
  480248 index entries processed.                                                        Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered to lost and found.                     
Stage 3: Examining security descriptors ...
Cleaning up 3168 unused index entries from index $SII of file 0x9.
Cleaning up 3168 unused index entries from index $SDH of file 0x9.
Cleaning up 3168 unused security descriptors.
Security descriptor verification completed.
  39805 data files processed.                                            CHKDSK is verifying Usn Journal...
  37513440 USN bytes processed.                                                            Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  400624 files processed.                                                                File data verification completed.

Stage 5: Looking for bad, free clusters ...
  57262758 free clusters processed.                                                        Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

 390704127 KB total disk space.
 161005848 KB in 177390 files.
    126368 KB in 39806 indexes.
         0 KB in bad sectors.
    520875 KB in use by the system.
     65536 KB occupied by the log file.
 229051036 KB available on disk.

      4096 bytes in each allocation unit.
  97676031 total allocation units on disk.
  57262759 allocation units available on disk.

Internal Info:
00 1d 06 00 85 4f 03 00 eb 32 06 00 00 00 00 00  .....O...2......
16 08 00 00 fb 08 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

 

Link to post
Share on other sites

Yes, I appreciate that. Also, it seems to be intermittent, so difficult to put my finger on. Avast is now uninstalled; I have rebooted, and I have not had the error pop up. I've put MBAM Pro on 2 systems, both W10 upgraded from W7 (one Home, one Pro). Aside from Avast, I have CryptoPrevent and SuperAntiSpyware Free on both systems. This system is an ASUS, while the other is an HP. The HP system does not display this error, and the MBAM settings are the same. Very strange indeed! Both are W10 v1511; I have not put the Anniversary Update on them yet.

Link to post
Share on other sites

I've rebooted a few times, run an MBAM scan with Rootkit box checked, rebooted again; now I'm running a Defender scan. The error has not popped up, but it didn't pop up with Avast installed either today. But again, it's so intermittent it's difficult to tell if the problem is resolved.

Link to post
Share on other sites

Back again. Something was found by Defender that Avast didn't flag, even though I have it set to run daily quick scans and weekly full scans. It appears to be a trojan downloader.

https://www.virustotal.com/en/file/93e7947d185780656aee136a4e2e1365bd438a482794ed8c67c4116fd3a69a5a/analysis/1470630475/

This must have been the cause. It was in a limited user account, sitting on the desktop, still zipped up.

Thank you for your help. I am shocked that Defender has outdone Avast (smile). I think we will be okay now. I'll be back if the error pops up again. :D

Link to post
Share on other sites

18 minutes ago, AdvancedSetup said:

Another potential issue seems to be an update to the CryptoPrevent tool you might want to look into further.

 

Interesting, although my situation is a bit different. These 2 computers have both had MBAM free on them since W7 days, upgraded through to W10, and are still on the November update, v1511. I only activated a subscription to MBAM recently and began to have problems after activation, with the Rootkit feature. So, if the Anniversary Update (v1607) is where the problem is showing up, it doesn't apply to these 2 systems, as they are both still on v1511. I have not rebooted since my last post, and am running an ESET Online Scan at the moment, so I will reboot a few times after it completes, and see if the problem is still there (although it's intermittent, so who knows when it may show up). But, if both computers are setup the same, why do I see this issue only on one system? It doesn't make sense to me, except perhaps for that zipped file I found on one user desktop.

Thank you for thinking of me and passing along the link to that thread.

Link to post
Share on other sites

Hi. Just an update. ESET scan came up clean. I rebooted a few times, reinstalled Avast, rebooted again, switched to a couple accounts; the error has not returned. I have not put back the exceptions for MBAM into Avast yet either. Will be back if it appears. Thanks. ;)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.