Jump to content

File: \windows\system32\drivers\MbamElam.sys Error code: 0xc000000f


Go to solution Solved by AmGeek,

Recommended Posts

A Windows 10 computer cannot boot to the Windows desktop. 
Instead, it immediately displays an error page 

Recovery
Your PC/Device needs to be repaired
The operating system couldn’t be loaded because of critical system driver is missing or contains errors

File: \windows\system32\drivers\MbamElam.sys
Error code: 0xc000000f


I have confirmed that the file MbamElam.sys is not in that directory.
I cannot boot to the desktop
I cannot boot to safemode
I can access and have open WinRe command prompt

What can I do to stop Windows from looking for that file

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Pretty much everything I and the various Chat bots  could come up with using boot media, WinRE, and accessing the drive from another computer.

If I delay AV it seems to make progress but no desktop so I can't try uninstall. Errors out (490) because it cant find the drive.

I am hoping there is a WinRE runnable uninstall program, Chat bots think there are.

Repair action: Boot configuration data store repair

Result: Failed. Error code =  0x490

Time taken = 15 ms

 

Root cause found: 

---------------------------

Boot manager failed to find OS loader.

Edited by AdvancedSetup
Corrected font issues
Link to post
Share on other sites

About a week ago. It is a production machine in a small sign shop, it was just doing its job, asked to restart but did not so they called me :)

So, this is the first of several issues and well into "Lets just see if it can be fixed" with the use of the "intelligent", artificial or otherwise, among us.

 

Link to post
Share on other sites

  • Root Admin

Good day @AmGeek

Please try disabling the early launch anti-malware protection

https://www.bleepingcomputer.com/tutorials/disable-early-launch-antimalware-protection/

That should allow it to boot.

Then get us some logs to check on this further.

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Okay, I'm guessing this does not have to do with our software then if that does not fix it.

Let's look at doing a full removal

Please save the following to a USB drive so you can access it from RE

 

Please download Farbar Recovery Scan Tool and save it to the USB stick

Then save the attached FIXLIST.TXT file to the same location as the Farbar program on the USB drive

fixlist.txt

From the RE locate and run the Farbar program and click on the FIX button.

That will run and produce a FIXLOG.TXT file on the USB drive as well.

Post that back when done and see if the computer will now boot into Normal Mode or Safe Mode @AmGeek

 

 

 

 

Link to post
Share on other sites

  • Root Admin

Now that the system is running. Please create a NEW System Restore Point

Then run the following, please.

 

Can you please do the following?

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click the CLEAN button and follow the onscreen instructions to reinstall Malwarebytes
  • NOTE: Please have patience as it can take a while to remove and reinstall. Once done, please go ahead and restart the computer.

After the restart please do the following

  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @AmGeek

Please consider the following. You can run the clean up from STEP 7 first and see if that helps to correct any of the other issues.

[ 1 ]

Your current DNS Servers:  192.168.50.1

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6

  • Google Public DNSIPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • CloudflareIPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNSIPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCHIPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b


The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

[ 2 ]

The Intel(R) Rapid Storage Technology runtime is faulting

Perhaps a reinstall may correct?

Error: (04/18/2023 10:02:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 13.1.0.1058, time stamp: 0x53642550
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03c1f5ad
Faulting process id: 0x29e0
Faulting application start time: 0x01d971fe4b93ea7b
Faulting application path: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: c374746a-9fd2-4550-8bed-c4c941534ffd
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2023 10:02:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

 

[ 3 ]

MsSense is also faulting and needs to be corrected

Error: (04/18/2023 09:57:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsSense.exe, version: 10.8210.19041.2193, time stamp: 0x20d1bafa
Faulting module name: MsSense.dll, version: 10.8210.19041.2193, time stamp: 0x53447add
Exception code: 0xc0000005
Fault offset: 0x00000000003efdb5
Faulting process id: 0x1fa4
Faulting application start time: 0x01d971fda937180a
Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.dll
Report Id: e9fa796c-bdc1-4242-b5ac-36b4a7e627b3
Faulting package full name:
Faulting package-relative application ID:

 

[ 4 ]

I would temporarily fully uninstall and remove the Avast Antivirus and get the system working properly first before reinstalling it.

System errors:
=============

Error: (04/18/2023 10:02:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/18/2023 10:01:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The %1!s! Update Service (avast) service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/18/2023 09:59:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hardlock service failed to start due to the following error:
This driver has been blocked from loading

Error: (04/18/2023 09:59:37 AM) (Source: Application Popup) (EventID: 875) (User: )
Description: hardlock.sys

Error: (04/18/2023 09:59:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Unchecky service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/18/2023 09:59:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The avast! Tools service depends on the avast! Antivirus service which failed to start because of the following error:
The system cannot find the file specified.

 

[ 5 ]

Firewall, DNS, or other issues blocking access to Microsoft security is not advised. I realize that many people want and use modifications to the hosts file to try to prevent telemetry and other connections to Microsoft but blocking security is dangerous to the system overall.

Windows Defender:
================ Event[0]:

Date: 2023-04-17 18:56:20
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.299.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x80072ee7

Error description: The server name or address could not be resolved

 

[ 6 ]

I don't see a license for the Malwarebytes Privacy program and the log say the controller is not populated. I would recommend you uninstall Malwarebytes Privacy unless the user has a license and wants to activate the program.

 

[ 7 ]

Please run the following fix

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\John\Downloads\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed in most, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.