Jump to content

Recommended Posts

Malwarebytes Premium user also had free Anti Exploit. Upgraded to 3.0 when doing updates. Worked fine day or 2. Then Malware protection wouldn't start. Would say starting...... if turned on manually. 

Windows 8.1 64 bit  AVG Internet Security Paid Version

Reinstalled once worked again after a few hours. Then uninstalled and ran the clean tool that support supplied. Reinstalled and entered ID and Key now at 3.0.6. Worked again so asked to have ticket closed. Now couple days later same thing. Even tried adjusting the delay start time for protection.

logs.zip

Link to post
Share on other sites

  • Root Admin

The Event Logs show a few errors that are certainly going to cause issues with other programs, including ours.

My initial guess is that you may have a corrupted installation of AVG

Can you please try uninstalling AVG completely and reboot. Then do the clean removal for Malwarebytes again and reinstall Malwarebytes, then before you reinstall AVG restart the computer 2 times.

Then run FRST again and make sure you place a check mark in the Additions.txt check box and post back both new logs. Then go ahead and reinstall your AVG antivirus please.

 

 

==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2017 03:46:57 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (02/05/2017 10:18:42 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (02/02/2017 09:17:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
Exception code: 0xc0000008
Fault offset: 0x00000000000925fa
Faulting process id: 0x5f0
Faulting application start time: 0x01d27dc2a3833967
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: efdff0f3-e9b6-11e6-82ae-6cf049e7867a
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/02/2017 09:17:35 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\DELL\drivers\V313\drivers\win_xp2k\x64\DLEAsm64.dll".Error in manifest or policy file "C:\DELL\drivers\V313\drivers\win_xp2k\x64\DLEAsm64.dll" on line 9.
Invalid Xml syntax.

Error: (02/02/2017 09:17:35 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\DELL\drivers\V313\drivers\win_xp2k\i386\DLEAsm.dll".Error in manifest or policy file "C:\DELL\drivers\V313\drivers\win_xp2k\i386\DLEAsm.dll" on line 9.
Invalid Xml syntax.

Error: (02/02/2017 09:17:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\DELL\drivers\V313\Apps\HRS\DLEAHiResScan.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/02/2017 09:13:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\DELL\drivers\V313\drivers\win_xp2k\x64\DLEAsm64.dll".Error in manifest or policy file "C:\DELL\drivers\V313\drivers\win_xp2k\x64\DLEAsm64.dll" on line 9.
Invalid Xml syntax.

Error: (02/02/2017 09:13:17 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\DELL\drivers\V313\drivers\win_xp2k\i386\DLEAsm.dll".Error in manifest or policy file "C:\DELL\drivers\V313\drivers\win_xp2k\i386\DLEAsm.dll" on line 9.
Invalid Xml syntax.

Error: (02/02/2017 09:13:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\DELL\drivers\V313\Apps\HRS\DLEAHiResScan.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/31/2017 12:00:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15641


System errors:
=============
Error: (02/06/2017 06:05:01 PM) (Source: DCOM) (EventID: 10010) (User: D)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (02/06/2017 06:04:31 PM) (Source: DCOM) (EventID: 10010) (User: D)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (02/06/2017 05:30:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.

Error: (02/06/2017 05:30:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dleaCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (02/06/2017 05:30:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.

Error: (02/06/2017 05:30:09 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.

Error: (02/06/2017 05:28:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.

Error: (02/06/2017 05:21:53 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Error: (02/06/2017 05:20:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
Access is denied.

Error: (02/06/2017 05:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dleaCATSCustConnectService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2017-02-07 10:57:59.675
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 10:57:59.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 10:57:24.002
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 10:51:53.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 10:47:12.814
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 10:47:12.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 10:47:12.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 10:47:12.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 10:47:11.751
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 10:47:11.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Link to post
Share on other sites

OK. First thing. I disabled the Trend M Antirootkit service and rebooted. No issue with MBAM malware protection starting afterwards.

Was it blocking a needed hook for MBAM to work correctly?

I  think I followed the steps correctly up until FRST scan. AVG zen automatically popped up on the second reboot. Wanted to reinstall AVG so FRST scan was afterwards. Had an AVG false positive in the middle of scan so had to run it again. After restoring FRST64 from Virus Vault.

Logs attached.

I apologize for the mistake. Hope the info above is helpful

Addition2.txt

FRST2.txt

Edited by fzr416
Removed duplicate word
Link to post
Share on other sites

  • 1 month later...
  • Root Admin

More than likely I'm assuming your computer still has ongoing issues that still need to be fixed.

When you have time please attach new FRST logs and I'll take a look.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


Thanks

 

Link to post
Share on other sites

  • Root Admin

Can you try uninstalling Bonjour. Then run a full disk check on the system drive.

From an elevated admin command prompt you can type in

CHKDSK C: /R

Then press the Y key to allow it to run on restart. Then restart and let the disk check run.

Please try that and see how things go and let me know.

 

Link to post
Share on other sites

  • Root Admin

Great, looks like things are back working well for you. As for Bonjour it has very little to do with iTunes and is a discovery method. If you don't use your computer that way in the home then it sucks up a bit of resources for no real value. Up to you if you want to keep it or not, it had errors and can cause networking issues so why I suggested it's removal. 

https://developer.apple.com/library/content/documentation/Cocoa/Conceptual/NetServices/Articles/faq.html

We should be done here then unless there is something else I can assist you with.

Thank you again

Ron

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.