Jump to content

Recommended Posts

Hi

the NEWEST version of MALWAREBYTES is not stable enough due to more problem just like system slowdown and CPU hogging and this is the first blue screen of death that I’ve been received so far which is caused by MB program ! so , not sure what is farflt.sys.sys refers to (maybe this is a WINDOW file or a MB file) and this is an issue with either RANSOM-protection in MALWAREBYTES or with my virus-protection ? anyway , been trying to use my FIREFOX web-browser but it get hang and "not responding" message and the MB software itself isn’t responding even on the startup area ! and a lot of the same blue screen of the death when I’m right-clicking on any program’s icon / startup program which lead to crashed my system in this way ! well, I had to wipe out my hard drive and then a format and this is a newly windows installation (newly window formatting) almost from 3 day only ! I have also to install other security software’s on this laptop such ZEMANA-anti malware and HITMANpro and superantispyware free edition and KASPERSKY cloud free (which is free-antivirus:rolleyes:) and MALWAREBYTES trial version 3.5.1.2522-1.0.421-1.0.6407 right there!

my MB setup is mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6407 and the first blue screen of the death was on

Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dumps are enabled on your computer. This system is not configured for complete or automatic crash dumps. For best results, configure your system to write out complete or automatic crash dumps. Select Tools->Crash Dump Configuration from the main menu to configure your system to write out complete memory dumps. 

Crash dump directories: 
C:\Windows
C:\Windows\Minidump

On Tue 8/21/2018 11:41:27 AM your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\082118-25350-01.dmp
This was probably caused by the following module: farflt.sys.sys (0xFFFFF88007A77380) 
Bugcheck code: 0xD4 (0xFFFFF88007A77380, 0x2, 0x1, 0xFFFFF80002CAAF5F)
Error: SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD
Bug check description: This indicates that a driver did not cancel pending operations before unloading. 
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out. 
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: farflt.sys.sys . 
Google query: farflt.sys.sys SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD

 

Edited by Gt-truth
update my info by adding the full security software’s names
Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link

    welcome mbst.png
     
  • Click the Gather Logs button

    gatherlogs.png
     
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  


    Click "Reveal Hidden Contents" below for details on how to attach a file:
     
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    mb_attach.jpg.220985d559e943927cbe3c078b
     

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

23 hours ago, dcollins said:

Can you see if you have a memory.dmp file at C:\Windows\memory.dmp and if so, zip it up and send it to me? Otherwise, please zip up the minidump at C:\Windows\Minidump\082118-25350-01.dmp and send that to me instead. This will let us know what's going on.

@dcollins I can’t find it ! type that in search bar and nothing is come up ! do I need to do anything else to do it or anything to looking for ?

Edited by Gt-truth
Link to post
Share on other sites

42 minutes ago, dcollins said:

Thanks, it looks like this is the only file that exists: C:\Windows\Minidump\082118-30856-01.dmp. You'll need to use file explorer to find it rather than search for it most likely. 

I have follow-up this video on this YouTube https://www.youtube.com/watch?v=D0k3J-G93lA and however I still unable to find the Minidump files on my hard drive ! when I search for it , it only show within FRST.log

 

Link to post
Share on other sites

15 minutes ago, dcollins said:

@Gt-truth you need to open explorer, and then click on Local Disk (C:) on the left side. Then double-click on the Windows folder that shows up on the right side, and you should see the minidump file in that folder.

thanks ! this one is work for me but after I get a permission window message to access to this folder ! I have send this file to you !

Edited by Gt-truth
Link to post
Share on other sites

Thanks for the file. Unfortunately because it's a minidump it doesn't really tell us what happened, this is what I expected. There is something strange that jumps out from your post though, most notably the filename being farflt.sys.sys, as this isn't our driver. Our driver is just farflt.sys. Did you make any changes to your filesystem?

Link to post
Share on other sites

no I didn’t make any changes to anything on this new fresh window system ! and when I have search on this query at Google I got a lot of topic in both MLAWAREBYTES  forum and MICROSOFT forum which both said the cause is MALWAREBYTES software ! here the Google query link

https://www.google.com/search?q=farflt.sys.sys+SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD&safe=active&gws_rd=ssl

more info from the whocrached tool is blow

On Tue 8/21/2018 11:35:49 AM your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\082118-25116-01.dmp
This was probably caused by the following module: farflt.sys.sys (0xFFFFF88007BC2380)
Bugcheck code: 0xD4 (0xFFFFF88007BC2380, 0x2, 0x1, 0xFFFFF80002AB9F5F)
Error: SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD
Bug check description: This indicates that a driver did not cancel pending operations before unloading.
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: farflt.sys.sys .
Google query: farflt.sys.sys SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD


and the driver is show within the MB-clean which is blow

2018-08-21 11:53:44.732   mb-clean:3.1.0.1035  @ Malwarebytes. All rights reserved.
2018-08-21 11:53:48.772   No Malwarebytes software installed.
2018-08-21 11:53:51.352   Trying to delete REG key: HKCU\SOFTWARE\Malwarebytes
2018-08-21 11:53:51.352   HKLM\SYSTEM\CurrentControlSet\Services\ESProtectionDriver does not exist.
2018-08-21 11:53:51.352   HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon does not exist.
2018-08-21 11:53:51.382   Trying to delete REG key: HKLM\SYSTEM\CurrentControlSet\Services\MBAMFarflt
2018-08-21 11:53:51.382   HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtection does not exist.
2018-08-21 11:53:51.382   HKLM\SYSTEM\CurrentControlSet\Services\MBAMService does not exist.
2018-08-21 11:53:51.382   HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy does not exist.
2018-08-21 11:53:51.382   Trying to delete REG key: HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebProtection
2018-08-21 11:53:53.232   Trying to delete path C:\ProgramData\Malwarebytes\
2018-08-21 11:53:53.242   Cannot delete path C:\ProgramData\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2018-08-21 11:53:53.332   Trying to delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\
2018-08-21 11:53:53.332   Cannot delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\, reason:(The system cannot find the path specified.(error=3))
2018-08-21 11:53:53.332   Trying to delete path C:\Program Files\Malwarebytes\Anti-Malware\
2018-08-21 11:53:53.332   Cannot delete path C:\Program Files\Malwarebytes\Anti-Malware\, reason:(The system cannot find the path specified.(error=3))
2018-08-21 11:53:53.332   Trying to delete REG key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService
2018-08-21 11:53:53.332   Trying to delete REG key: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService
2018-08-21 11:53:53.332   --------END OF LOG FILE ----------

 

Edited by Gt-truth
Link to post
Share on other sites

  • 2 weeks later...

and also , MALWAREBYTES is causing an unexpected shutdown of the windows system upon windows just to startup on desktop and bluing screening all over again and again and non-stop to BSOD . here more info which may be helpful

Problem signature:
  Problem Event Name:	BlueScreen
  OS Version:	6.1.7601.2.1.0.256.1
  Locale ID:	1033

Additional information about the problem:
  BCCode:	d4
  BCP1:	FFFFF88006F37380
  BCP2:	0000000000000002
  BCP3:	0000000000000001
  BCP4:	FFFFF800030BCF5F
  OS Version:	6_1_7601
  Service Pack:	1_0
  Product:	256_1

Files that help describe the problem:
  C:\Windows\Minidump\090418-16801-01.dmp
  C:\Users\\AppData\Local\Temp\WER-41714-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

@dcollins do you need for other logs like minidump or WER-41714-0.sysdata.xml ?

Edited by Gt-truth
Link to post
Share on other sites

33 minutes ago, dcollins said:

@Gt-truth unfortunately minidumps don't help much. What we really need is a complete dump. Here's how you can enable these: https://success.trendmicro.com/solution/1059775-generating-a-full-memory-dump-on-windows-server-2008-r2-and-windows-7

the file is more then 1 GB I think so where to upload it and where to send it to ?

Link to post
Share on other sites

4 minutes ago, dcollins said:

You can use wetransfer.com to upload the file and generate a download link

enable the full memory dump and then I had to reboot my system and it get crashed yet again on before MALWAREBYTES fully load its files

and not sure if this one is correct MEMORY.dump file but anyway I will send to you right now ~ !

Link to post
Share on other sites

29 minutes ago, dcollins said:

The dump file you sent is a Kernel Memory Dump file, we need a Complete Memory Dump. The instructions linked above will show how to enable that

that why I had to pick-up this option because I do not see such option . so do I need to play with the registry  ?

here s screenshot

CpWz_624.png

Link to post
Share on other sites

On 9/4/2018 at 9:54 PM, dcollins said:

Yep, please see the option that says "Using the Registry Editor". You'll need to follow those instructions.

done ! and the complete / full memory dump file is almost 4 GB! it may took some quite time to upload it!

Edited by Gt-truth
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.