Jump to content

MBAM freezes on zipfldr.dll

vain
 Share

Recommended Posts

vain

vain

Posted
Posted

Rather than revive an old topic I decided to post a new one and link to old ones I've looked at. I have several machines at home and have worked on many others and have run into this same problem multiple times on different operating systems. For the time being, I am running Windows XP SP3 with a 2.4 GHz Intel Xeon processor and 1 GB of RAM. This PC *should* be free of any malware but I am attempting to run MBAM to establish a baseline before I test some new software I picked up.

Here are the links to previous postings about what looks like the same issue:

http://forums.malwarebytes.org/index.php?s...;hl=zipfldr.dll

http://forums.malwarebytes.org/index.php?s...;hl=zipfldr.dll

Neither of these have a solution so I went ahead and did what was asked on the second post and here is the log from DebugView:

00000000 0.00000000 [3048] SNAC NP Attach!

00000001 0.00012432 [3048] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

00000002 0.00028495 [3048] NPGetCaps::WNNC_NET_TYPE

00000003 0.00039670 [3048] NPGetCaps::WNNC_USER

00000004 0.00050649 [3048] NPGetCaps::WNNC_CONNECTION

00000005 0.00062522 [3048] NPGetCaps::WNNC_ENUMERATION

00000006 0.00073613 [3048] NPGetCaps::WNNC_ADMIN

00000007 0.00109595 [3048] NPGetCaps::WNNC_DIALOG

00000008 8.86949825 [3048] NPGetCaps::WNNC_START

00000000 12.34095573 MBAMSwissArmy!ProcessNTFSIndexData: ProcessNTFSAttributeData (INDEX_ALLOCATION) failed with status 0xc0000034

00000001 12.34096527 MBAMSwissArmy!GetNTFSIndexEntryByName: No index entry for "Local Settings" found in file record 3353

00000002 12.34097195 MBAMSwissArmy!EnumerateNTFSDirectory: OpenNTFSFileRecordByName( "C:\Documents and Settings\All Users\Local Settings\Application Data" ) failed with status 0xc0000034

00000003 12.34097862 MBAMSwissArmy!HandleIoctlEnumerate: EnumerateDirectory( "C:\Documents and Settings\All Users\Local Settings\Application Data" ) failed on query operation with status 0xc0000034

00000009 173.80584717 [3504] SescLu - QueryContentSeqData() Moniker: {C60DC234-65F9-4674-94AE-62158EFCA433} Requested Sequence: 100525003

00000010 173.81892395 [3504] SescLu/LUMan: RefreshSyknappsContent() - Querying Syknapps for dependent content

00000011 173.86181641 [3504] SescLu/LUMan: GetSyknappsContentCollections() - Unable to get Proactive Thread Protection required dependent content. Proactive Threat Protection may not be installed. Error: 1000

00000012 173.86230469 [3504] SescLu/LUMan: RefreshSyknappsContent() - Unable to get Proactive Thread Protection content lists. Proactive Threat Protection may not be installed. Error: 2147500037

00000013 173.86724854 [3504] SescLu - AVContentUpdateHandler::QueryContentSeqData - Current sequence for {C60DC234-65F9-4674-94AE-62158EFCA433} is 100525003

00000014 173.87339783 [3504] SescLu - QueryContentSeqData() Moniker: {C60DC234-65F9-4674-94AE-62158EFCA433} Result: Requested content revision already in use (0x20010003)

00000015 173.92721558 [3504] SescLu - QueryContentSeqData() Moniker: {ECCC5006-EF61-4c99-829A-417B6C6AD963} Requested Sequence: 2008021700

00000016 173.92778015 [3504] SescLu - LuContentUpdateHandler::QueryContentSeqData - Current sequence for {ECCC5006-EF61-4c99-829A-417B6C6AD963} is 2008021700

00000017 173.92845154 [3504] SescLu - QueryContentSeqData() Moniker: {ECCC5006-EF61-4c99-829A-417B6C6AD963} Result: Requested content revision already in use (0x20010003)

00000018 173.98139954 [3504] SescLu - QueryContentSeqData() Moniker: {4F889C4A-784D-40de-8539-6A29BAA43139} Requested Sequence: 91111048

00000019 173.98185730 [3504] SescLu - LuContentUpdateHandler::QueryContentSeqData - Current sequence for {4F889C4A-784D-40de-8539-6A29BAA43139} is 91111048

00000020 173.98295593 [3504] SescLu - QueryContentSeqData() Moniker: {4F889C4A-784D-40de-8539-6A29BAA43139} Result: Requested content revision already in use (0x20010003)

Any help on this would be greatly appreciated.

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

If there is any Antivirus/Firewall program installed , please post back with details - Install a fresh copy from the below instructions -

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important !
  • Download and run mbam-clean.exe from here

It will ask to restart your computer, please allow it to do so, very important

After the computer restarts, temporarily disable your Anti-Virus and install

Then try to update -

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version only -

Link to post
Share on other sites
vain

vain

Posted
  • Author
Posted

Antivirus = Symantec Endpoint Protection 11.0.2000.1567

Sonicwall router has a built-in firewall

I followed your directions precisely. Updating works fine (it did before) but when running the full scan the scan stops on zipfldr.dll and a dialog appears.

"Malwarebytes' Anti-Malware has encountered a problem and needs to close. We are sorry for the inconvenience."

It has options to view more information about the error, debug, or close.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 30

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please run the following and post back the logs

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Your logs indicate this is a business machine and is on a network domain which means you need to have a license to use the product on this machine.

Please send me a private message with your Cleverbridge order reference number and your contact information and I will assist you through Corporate Support.

Thank you

Link to post
Share on other sites
vain

vain

Posted
  • Author
Posted

It's my personal machine that I have on the domain. If that classifies it as a business machine then I guess I'm done with Malwarebytes. However, this problem still occurs on personal computers that are not on domains so you might give a care to getting it resolved. Thanks anyway.

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

Hi vain -

With respect to the reply from AdvancedSetup - One quick question -

Do you get this problem on Quick Scan or only Full Scan - :welcome:

As you inferred "this problem still occurs on personal computers that are not on domains so you might give a care to getting it resolved."

Any other details so I can still research further on any problem would be helpfull -

Thank You - :)

Link to post
Share on other sites
vain

vain

Posted
  • Author
Posted

No problem. Malwarebytes is a great tool and I respect their licensing (thought I was following the rules). That said, if I run into this problem again on one of my PCs that I have at home or I hear from someone else that does I'll be sure to being it up.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Its quite possible to have a domain at home and not be a business, but is very rare due to the costs involved. Most home users do not sense the need or desire to spend $200 to $300 per copy of workstation software and $1,000+ per Server and $200 for a client access license just to start a basic network at home not including the hardware thus my comment saying it appears to be a business computer.

Well we are unable to duplicate the issue in-house so we probably need to use some other tools to see if they're able to detect something there that we're not seeing.

Please post in the HJT forum as shown below and have one of the Experts assist you in scanning for any Malware or rootkits on the system. If you have more than one system with the exact same symptoms then also take a look and see if you have some type of security software or something else maybe out of the ordinary that they share in common that might help give a clue as to what is going on.

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Thank you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.