Jump to content

Total Win 10 1709 32 bit Pro Crash & Reboot During MBAM Scan


Recommended Posts

I have 2 identical cheap refurb Dell Win 10 pc's. One has had no issues. The other, which has had a lot of Win Update issues (which I THINK I finally resolved today) Is now crashing on every MBAM scan, doing some sort of an auto repair in a type of hibernation mode that it has also gone into with the Win update issues in the past & than rebooting ever since I allowed install of the most recent 3.45 update (2467). Mbam never caused issues on this machine previously. I have Defender shut off (I wish there was a way to permanently uninstall that piece of Garbage).

Ironically, this same version runs perfectly on all my other boxes, including the 2 XP machines that had so many issues (+ 1 vista & the other Win 10 box).

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

The pc crashed again in exactly the same manner in less than a minute after MB Check completed. I will paste the file when it finally repairs itself  & reboots. Though it is tuned off, my intuition seems to be pointed at Windows Defender (which I despise).

Edited by moo4x
Link to post
Share on other sites

While you await a reply from a member of Support you might give version 3.5 Beta a try to see if it resolves the issue.  You could also test to see if Malwarebytes Anti-Rootkit is able to complete a scan of the system.  That should help in isolating the cause depending on how it goes because there are certain features shared between Malwarebytes 3 and Malwarebytes Anti-Rootkit but also some differences so depending on whether it works or crashes, that can help them narrow down the root cause of the issue to find a fix more quickly.

Link to post
Share on other sites

8 hours ago, moo4x said:

I have 2 identical cheap refurb Dell Win 10 pc's. One has had no issues.

It may be worth noting that since these are cheap refurb Dell's you need to inspect the inside of the computer (assuming its a desktop) to make sure you don't have a faulty mother board, memory etc. as well.  Check for blown capacitors.

If these are identical, you can swap the memory on the computers to see if the other one starts having issues.

Link to post
Share on other sites

I'm wondering if you could share some specifics of what you saw in the logs re: hardware? Here's a bit more info:

Again, I have 2 identical pc's. The only difference I am aware of (including software) is the dvd drive is bad on the one with the issues (the drive is currently plugged in if that info makes a difference. I could unplug it if that would be useful). I don't want to spend the $20 to replace it if I'm just going to  toss the thing.

This pc has also had a lot of issues with Windows update (the other identical pc does not). I discovered since my last post that if I uninstall MBAM & Greatis Reg Run, the issues all seem to go away. Again, the 2 programs do not cause issues on the other identical pc with the working dvd drive. I just successfully updated to 1803. I then reinstalled MBAM (Reg Run has not been reinstalled yet). Ran a scan & the pc crashed as before.

Again, if you could share any specifics from your interpretation of the logs, it would be helpful to me regarding what decision to make. The pc in ? isn't worth a lot; in fact my main pc's still run XP; I just bought these a couple years ago to first learn Win 7 & then Win 10. It's not worth it to me to spend hours troubleshooting hardware on this specific machine; but I want to make sure that hardware is really the issue before I recycle the pc.

 

Thanks!

 

 

 

Link to post
Share on other sites

The big thing that jumps out at me are the errors in the FRST Additions.txt file. I'll list them below, but the large majority of them are for windows applications and services that are failing to start or crashing. If it's not hardware, it could be some type of software configuration that you've applied to these two machines. Did you use any of the utilities that are available to disable Windows telemetry or things like that?

Link to post
Share on other sites

3 hours ago, dcollins said:

The big thing that jumps out at me are the errors in the FRST Additions.txt file. I'll list them below, but the large majority of them are for windows applications and services that are failing to start or crashing. If it's not hardware, it could be some type of software configuration that you've applied to these two machines. Did you use any of the utilities that are available to disable Windows telemetry or things like that?

Hi Doug, Thanks! I don't see the list you're referring to?

I haven't done anything significant with utilities on either box with one exception: On Win 7, both machines had TONS of issues with Windows update. On Win 10, it's mostly been this one machine. So I've run a ton of WU troubleshooters & repair utilities from both MS & 3rd parties.

The other machine  usually takes updates ok these days; sometimes I have to kill MBAM & Reg Run first. This one is a nightmare with updates. One other thing I forgot to mention: I'm not 100% sure yet; but though MBAM doesn't prompt for a reboot upon reinstall; it so far seems that many of the crashes are if I run a scan after install before reboot.

I basically bought these machines to learn Win 7 & then 10; so I really haven't used them much beyond the monthly security updates. I've had them a couple years.

Link to post
Share on other sites

On 4/24/2018 at 10:22 PM, moo4x said:

I have 2 identical cheap refurb Dell Win 10 pc's. One has had no issues. The other, which has had a lot of Win Update issues (which I THINK I finally resolved today) Is now crashing on every MBAM scan, doing some sort of an auto repair in a type of hibernation mode that it has also gone into with the Win update issues in the past & than rebooting ever since I allowed install of the most recent 3.45 update (2467). Mbam never caused issues on this machine previously. I have Defender shut off (I wish there was a way to permanently uninstall that piece of Garbage).

Ironically, this same version runs perfectly on all my other boxes, including the 2 XP machines that had so many issues (+ 1 vista & the other Win 10 box).

In case you haven't ran a disk check yet, that might go a long ways for helping. command window: sfc /scannow

Link to post
Share on other sites

Thanks for confirming that... on the computer having issues, have you opened the computer up and checked all the hardware to make sure nothing looks damaged?  Pay particular attention to the capacitors to make sure none of them are leaking, blown or bulging...

Link to post
Share on other sites

Sorry, I meant to attach all these in my reply.  Every error here looks to be from a windows executable, or from a system crash possibly. This is why I'm leaning towards hardware or a corrupt OS install
 

Application errors:
==================
Error: (04/24/2018 08:57:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: OPTI1)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.402_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (04/24/2018 02:24:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.16299.98, time stamp: 0x5d31f27b
Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0x1d27c592
Exception code: 0xc0000374
Fault offset: 0x000ebefb
Faulting process id: 0x1dcc
Faulting application start time: 0x01d3dc129b4366f6
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 64c4a5ab-3b91-4c83-9601-e508ae7b0b59
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/24/2018 12:23:16 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (548,P,0) {7A82CE17-FD57-4E74-9CF9-5DB5386B2F18}: An attempt to open the file "C:\Users\Geff\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/24/2018 11:24:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 10.0.16299.15, time stamp: 0x17283b89
Faulting module name: sysmain.dll, version: 10.0.16299.15, time stamp: 0xbba37f9d
Exception code: 0xc0000305
Fault offset: 0x000363ca
Faulting process id: 0x500
Faulting application start time: 0x01d3dbafedf92f64
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: ef26a9d9-d26b-4283-b9a0-90d0459fe1c4
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/24/2018 11:00:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/24/2018 02:44:40 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (04/24/2018 02:41:21 AM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (3364,R,0) TILEREPOSITORYS-1-0-0: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/24/2018 02:40:56 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A


System errors:
=============
Error: (04/24/2018 10:09:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error: 
An attempt was made to reference a token that does not exist.

Error: (04/24/2018 10:09:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetMsmqActivator service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/24/2018 10:09:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.

Error: (04/24/2018 10:09:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/24/2018 10:09:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetTcpPortSharing service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/24/2018 10:09:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetTcpPortSharing service to connect.

Error: (04/24/2018 10:08:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:38:36 PM on ‎4/‎24/‎2018 was unexpected.

Error: (04/24/2018 09:39:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMPNetworkSvc service terminated with the following error: 
An attempt was made to reference a token that does not exist.

 

Link to post
Share on other sites

Thank you!

I was also guessing Windows got corrupted, but then when I shut down all security the problems went away; which is why I reached out here. I'm still suspecting a corrupt OS; but this is getting somewhat over my head (months ago, for the first time in my life I paid a shop a small amount to diagnose it, & they couldn't figure it out either!). I will also try to do a quick visual of the hardware; but it will be quick.

I was hoping that getting 1803 fully installed would fix the issue (yeah, right!)

I guess one option would be replace the bad dvd drive, boot with a Linux iso & then run scans & see if there are any crashes. Does that make sense to you?

Edited by moo4x
Link to post
Share on other sites

Oops.............

I hope it's on your radar; I've been procrastinating about switching from MS to Linux for several years. I do not like Win 10 at all; & my understanding is that soon it will be a cloud subscription program.

I have really found MBAM to be useful.

Will MBAM run with Wine (Windows Emulator) on Linux?

Edited by moo4x
Link to post
Share on other sites

43 minutes ago, moo4x said:

I was hoping that getting 1803 fully installed would fix the issue (yeah, right!)

If you upgrade for one OS to another, it will most likely take the issues with it, unless you format and install a fresh copy of the OS...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.