Jump to content

Malwarebytes 3.0 locking up my computer


Recommended Posts

Every time I start my PC, about 15 minutes later, my computer completely freezes and locks up for about 2 minutes. After this, I can see that Malwarebytes Service's CPU usage is at 100%. I'm at the point where I've had to reinstall many times in the hope of fixing it. It's done this ever since I updated it to 3.0. I have no idea what I can do to fix this, and I'm close to just uninstalling for good. I don't want anyone hijacking my thread. I am looking for a response from a qualified Malwarebytes staff member who has had a look at my logs.

logs.rar

FRST.txt

Addition.txt

MB-CheckResult.txt

Link to post
Share on other sites

Can you go into your Scheduled Scans, open up any that you have, and under teh Advanced options, uncheck the box that says "Recover missed tasks". Then see if that helps. Most likely a scheduled scan is getting missed and then trying to run as soon as you startup the computer. We are looking into a better long term solution for this.

Link to post
Share on other sites

6 minutes ago, dcollins said:

Can you go into your Scheduled Scans, open up any that you have, and under teh Advanced options, uncheck the box that says "Recover missed tasks". Then see if that helps. Most likely a scheduled scan is getting missed and then trying to run as soon as you startup the computer. We are looking into a better long term solution for this.

It's already unchecked. 

Link to post
Share on other sites

  • Root Admin

Hello @simmehchan

The computer Event Logs show a few errors going on, including code integrity from the hard drive. Let's try the following and see if we can get things working a bit better.

 

==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2017 10:14:47 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-HUOLET5)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (04/28/2017 10:11:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.

Error: (04/28/2017 10:06:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.37, time stamp: 0x582449b8
Faulting module name: NDA.dll_unloaded, version: 1.0.0.15, time stamp: 0x581aa4cc
Exception code: 0xc0000005
Fault offset: 0x000f650e
Faulting process id: 0x994
Faulting application start time: 0x01d2bffea87cde1c
Faulting application path: C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
Faulting module path: NDA.dll
Report Id: 2fb5421a-3af2-489b-9c0b-80947b3282ca
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/28/2017 10:06:04 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> AH00015: Unable to open logs     .

Error: (04/28/2017 10:06:04 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> AH00451: no listening sockets available, shutting down     .

Error: (04/28/2017 10:06:04 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> (OS 10049)The requested address is not valid in its context.  : AH00072: make_sock: could not bind to address 192.168.0.9:888     .

Error: (04/28/2017 10:06:04 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named  reported the following error:
>>> [Fri Apr 28 10:06:04.422795 2017] [mpm_winnt:warn] [pid 2584:tid 788] (OS 2)The system cannot find the file specified.  : AH00435: No installed ConfigArgs for the service "ews-httpserver", using Apache defaults.     .

Error: (04/27/2017 11:06:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(38:ca:da:70:86:61@fe80::3aca:daff:fe70:8661._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (04/27/2017 10:54:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (04/27/2017 06:58:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094


System errors:
=============
Error: (04/28/2017 10:12:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/28/2017 10:06:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSI Live Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/28/2017 10:06:04 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The ews-httpserver service terminated with the following service-specific error: 
Incorrect function.

Error: (04/28/2017 10:06:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The USER_ESRV_SVC_QUEENCREEK service terminated with the following error: 
%%497

Error: (04/28/2017 10:06:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WsAppService service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/28/2017 10:06:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WsDrvInst service failed to start due to the following error: 
The system cannot find the file specified.

Error: (04/28/2017 01:39:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/27/2017 06:58:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/27/2017 05:45:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSI Live Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/27/2017 05:45:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-04-03 21:38:49.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-03 21:38:49.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-03 21:38:48.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-03 21:38:48.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-03 21:38:48.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-03 21:38:48.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-03 21:38:47.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-03 21:38:47.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-03 21:38:40.353
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-03 21:38:40.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll because the set of per-page image hashes could not be found on the system.

 

 

1. Open a CMD Window as an Administrator on the Computer and enter the following commands:

 

  • cd %windir%\system32\
  • lodctr /R
  • cd %windir%\sysWOW64\
  • lodctr /R

 

    Note: This should not negatively affect performance on the machine. This command resyncs the counter values.

 

2. Open up Regedit and navigate to the following registry key:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc\Performance

 

3. Make sure that the value (if it exists) for the Disable Performance Counters is not 1.  If the entry does exist and the entry is 1, change it to 0 or delete that entry within the key.  ** PLEASE NOTE ** make sure you contact your system administrator before making changes to the registry, and make sure that you back it up before you delete it.

 

4. Restart the Windows Management service.

Note: After completing the instructions, a reboot is required.

 

 

Before you restart though, let's do a Full disk check to ensure any hard disk issues are corrected too.


Please click on the "Search the web and Windows" box.

win10search.jpg.ab49407705b2ffa8728339ae


Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator"

 

cmd_prompt_run_as_administrator.jpg.252a

 

In the command prompt please type the following exactly.

CHKDSK  C:  /R

This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use.

Press the Y key to tell it to run on the next restart of the computer.

 

Quote

Microsoft Windows [Version 10.0.10586]


(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>CHKDSK C: /R
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

 

Then restart the computer and let it run.
Then find and copy the disk check entry from the Event Logs and paste back the results here.

How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10

 

Link to post
Share on other sites

TimeCreated : 29/04/2017 09:12:54
Message     : 
              
              Checking file system on C:
              The type of the file system is NTFS.
              
              A disk check has been scheduled.
              Windows will now check the disk.                         
              
              Stage 1: Examining basic file system structure ...
                385536 file records processed.                                                        
              File verification completed.
                13208 large file records processed.                                   
                0 bad file records processed.                                     
              
              Stage 2: Examining file name linkage ...
                486312 index entries processed.                                                       
              Index verification completed.
                0 unindexed files scanned.                                        
                0 unindexed files recovered to lost and found.                    
              
              Stage 3: Examining security descriptors ...
              Cleaning up 234 unused index entries from index $SII of file 0x9.
              Cleaning up 234 unused index entries from index $SDH of file 0x9.
              Cleaning up 234 unused security descriptors.
              Security descriptor verification completed.
                50389 data files processed.                                           
              CHKDSK is verifying Usn Journal...
                40874688 USN bytes processed.                                                           
              Usn Journal verification completed.
              
              Stage 4: Looking for bad clusters in user file data ...
                385520 files processed.                                                               
              File data verification completed.
              
              Stage 5: Looking for bad, free clusters ...
                20045894 free clusters processed.                                                       
              Free space verification is complete.
              
              Windows has scanned the file system and found no problems.
              No further action is required.
              
               243617791 KB total disk space.
               162764048 KB in 256644 files.
                  166092 KB in 50390 indexes.
                       0 KB in bad sectors.
                  504075 KB in use by the system.
                   65536 KB occupied by the log file.
                80183576 KB available on disk.
              
                    4096 bytes in each allocation unit.
                60904447 total allocation units on disk.
                20045894 allocation units available on disk.
              
              Internal Info:
              00 e2 05 00 a5 ae 04 00 49 8c 08 00 00 00 00 00  ........I.......
              83 02 00 00 9d 00 00 00 00 00 00 00 00 00 00 00  ................
              
              Windows has finished checking your disk.
              Please wait while your computer restarts.
              
That's what I got. Drive seems healthy to me - checked in SSDLife as well and it's at 100% health.

Link to post
Share on other sites

1 minute ago, AdvancedSetup said:

Bonjour is having issues. Please uninstall it and if you want to keep it download an updated version from Adobe and reinstall it.

Then after the removal, check on the computer and see if it's still locking up or not and let me know.

Thanks

Ron

 

I've uninstalled it. Thanks a lot for your help!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.