Jump to content

Troubleshooting freezing issue - potential conflict between MBAM Pro 2 and MSE


Recommended Posts

I am troubleshooting an intermittent freezing issue - one suspect is a potential conflict between newly upgraded MBAM Pro 2 and MSE. I am also running Webroot SecureAnywhere (WSA), on Windows 7.

 

I did not have any issues previously between MBAM Pro 1.75 / MSE with exclusions set as per this post: https://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=181018entry181018 , and WSA.

 

I saw that the .exe files in MBAM Pro 2 are different and I updated the excluded processes in MSE accordingly after updating to MBAM Pro 2 i.e. all .exe files in C:\Program Files\Malwarebytes  Anti-Malware\ .

 

I am sure there many who are successfully running MBAM Pro 2 and MSE together, even without excluding processes. But to see if my freezing problem goes away, would it help to uninstall MBAM Pro 2 in safe mode, then re-install (as per the post)?  I am reluctant to do this as I would lose my 'exclusions list' in MBAM Pro 2.

 

Maybe MSE is just one too many anti-malware programs, but they have worked together fine up till now. Both MSE and WSA had previously been listed as compitble with MBAM: http://data-cdn.mbamupdates.com/v1/docs/compatibility/data/AV_Compatibility_Testing_Report-13081201.pdf

 

 

 

 

Link to post
Share on other sites

Hi, paulderdash: :)

 

Sorry you are experiencing freezing issues.

If a clean reinstall and setting mutual exclusions did not work, the staff will need a bit more info in order to better assist you.

 

Please run these scanners and post back with the logs attached to your next reply.

 

The staff/experts will review them and take it from there...

 

Thanks,

daledoc1

 

STEP 1
Please run the DDS scanner and send back both logs as attachments to your next reply.

>>If you are running Win 8.1, please skip this step.

Download DDS from one of the locations below and save it to your Desktop:
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include both of the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.

STEP 2
Please run mbam-check and send back the log as an attachment to your next reply.

  • Download mbam-check.exe from HERE and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post; instead please attach to your next reply the CheckResults.txt log file which should now be located on your desktop.

STEP 3
Please run the FRST tool and send back both logs as attachments to your next reply.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. The one that runs will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your next reply.
Link to post
Share on other sites

Hi paulderdash,

 

In addition to what daledoc1 wrote:

 

I read in your post that you are running two anti-virus products. Namely: Microsoft security essentials and Webroot SecureAnywhere (WSA). This can lead to problems like system freezes and slowdowns. In contrast to MBAM are MSE and WSA not made to work with other anti-virus/anti-malware programs. Since MSE scores abysmal in the tests and even microsoft recognizes that it's not living up to standards I advise to remove MSE. If you're lucky this might just fix your problem.

 

Please follow daledoc1's instructions, the experts will need those logs to help you fix your problem.

 

I hope this helps,.If you have any questions, please post and ask.

Link to post
Share on other sites

Hi:

 

 

If the reinstall and reboot and setting exclusions between MBAM and MSE don't work, please run the scanner tools requested in my earlier reply >>here<<.

 

Then please post back with the logs attached to your next reply.

The staff/experts will review them and advise you further.

It may well be a conflict between MBAM/MSE and WSA, but having the logs will reduce the guesswork a bit.

 

Thanks for your patience,

 

daledoc1

Link to post
Share on other sites

OK daledoc1 - I'm back!

I have tried the clean uninstall mbam-clean.exe, and a normal uninstall, and neither appeared to work, as in both cases when I reinstalled it remembered my product ID and key. I would like to see if MBAM removal or reverting to the free edition of MBAM would make my slow response / intermittent temporary freezing go away. kzins' issues: https://forums.malwarebytes.org/index.php?showtopic=146370 sound similar ...
I also experienced this problem: https://forums.malwarebytes.org/index.php?showtopic=145759 and I don't know if the fact that MBAM Premium is installed as Administrator has something to do with it? I am using a user account with administrative privileges.

Please find requested reports attached, all run with WSA and MSE realtime protection disabled.

I don't know if it's in any way relevant but I am also recently unable to upgrade or uninstall MSE, or update definitions: https://forums.malwarebytes.org/index.php?showtopic=145721
 

dds.txt

attach.txt

CheckResults.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

For what it's worth: I had intermittent freezing too. At some point I almost believed that rebooting would help. One application that was affected was explorer.exe. One click on the desktop was enough for a frozen explorer.

For me reverting to the free edition seemed to help. As you might have read, I uninstalled it afterwards, run  the mbam-clean, and reinstalled 2.00. Almost the same as you did, except that reverting to the free edition was one of the first things I tried (at that point I was not sure if mbam was causing problems).

 

I have compared your CheckResults with mine, and the big difference is that some applications use RUNASADMIN, while none of my compatibilty flags have it.

Link to post
Share on other sites

paulderdash There is a lot more going on with this system that its going to require help from the experts to take a deeper look. This could be due to a conflict or a malware infection. Also you are running two antivirus programs, this is not recommended as this can cause serious conflicts with your computer. You will need to choose one and uninstall the other. If it was up to me I would remove Microsoft Security Essentials.

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

==== Event Viewer Messages From Past Week ========.2014/04/12 9:41:21 AM, Error: Service Control Manager [7031]  - The CryptoPrevent Event Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.2014/04/12 9:41:14 AM, Error: Service Control Manager [7022]  - The NVIDIA Update Service Daemon service hung on starting.2014/04/12 9:32:22 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EaseUS Agent service.2014/04/12 9:32:12 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GenieTimelineService service.2014/04/12 9:13:30 AM, Error: Service Control Manager [7034]  - The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).2014/04/12 9:12:29 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Soluto PCGenome Core Service service to connect.2014/04/12 9:12:29 AM, Error: Service Control Manager [7000]  - The Soluto PCGenome Core Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.2014/04/12 6:57:30 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.2014/04/10 9:11:45 AM, Error: Service Control Manager [7043]  - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.2014/04/10 7:59:55 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SolutoService service.2014/04/10 6:15:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 2582014/04/10 6:14:48 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Cron Service for Prey service to connect.2014/04/10 6:14:48 PM, Error: Service Control Manager [7000]  - The Cron Service for Prey service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.2014/04/10 6:12:14 PM, Error: Service Control Manager [7043]  - The TuneUp Utilities Service service did not shut down properly after receiving a preshutdown control.2014/04/10 6:05:52 PM, Error: Service Control Manager [7043]  - The Acronis Sync Agent Service service did not shut down properly after receiving a preshutdown control.2014/04/10 10:17:21 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Event Log service to connect.2014/04/10 10:17:21 AM, Error: Service Control Manager [7000]  - The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.2014/04/09 9:57:22 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.2014/04/09 8:47:27 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Malwarebytes Anti-Exploit Service service to connect.2014/04/09 8:47:27 PM, Error: Service Control Manager [7000]  - The Malwarebytes Anti-Exploit Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.2014/04/09 8:38:21 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.2014/04/09 8:38:21 PM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.2014/04/08 9:03:07 AM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.2014/04/08 8:22:39 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.2014/04/08 8:22:39 PM, Error: Service Control Manager [7000]  - The MBAMService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.2014/04/08 8:21:58 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.2014/04/08 8:21:58 PM, Error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.2014/04/08 8:18:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.2014/04/08 8:09:42 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.2014/04/08 8:06:42 PM, Error: Service Control Manager [7022]  - The Intel(R) Management and Security Application User Notification Service service hung on starting.2014/04/08 5:54:35 PM, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).2014/04/07 7:48:53 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  	New Signature Version:   	Previous Signature Version: 1.169.1913.0  	Update Source: Microsoft Update Server  	Update Stage: Install  	Source Path: http://www.microsoft.com  	Signature Type: AntiVirus  	Update Type: Full  	User: NT AUTHORITY\SYSTEM  	Current Engine Version:   	Previous Engine Version: 1.1.10401.0  	Error code: 0x8024001e  	Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 2014/04/06 7:02:27 PM, Error: Service Control Manager [7034]  - The CrashPlan Backup Service service terminated unexpectedly.  It has done this 2 time(s).2014/04/06 6:51:04 PM, Error: Service Control Manager [7034]  - The CrashPlan Backup Service service terminated unexpectedly.  It has done this 1 time(s).2014/04/06 5:21:42 PM, Error: volsnap [8]  - The flush and hold writes operation on volume C: timed out while waiting for a release writes command.2014/04/06 10:08:28 AM, Error: Service Control Manager [7043]  - The Acronis Scheduler2 Service service did not shut down properly after receiving a preshutdown control.2014/04/05 6:50:11 PM, Error: Service Control Manager [7031]  - The Genie Timeline Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.2014/04/05 5:23:10 PM, Error: Service Control Manager [7022]  - The Cron Service for Prey service hung on starting.2014/04/05 5:17:33 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243.==== End Of File ===========================

 

Link to post
Share on other sites

FYI, I got sudden complete system lock-ups with the combination of MBAM2Pro+MSE randomly when browsing, but only if the Web Protection module was enabled.

I tried various other AVs instead of MSE and had similar problems with some but not all.  Avira Free though seems to behave.

 

BTW, you've a lot of odd errors on your system and timeouts.  The one that stands out to me is "The driver detected a controller error on \DeviceHarddisk1\DR1".  Try an app like CrystalDiskInfo and see if you have SMART errors from your drive.

Link to post
Share on other sites

Thanks Firefox, I have indeed been trying to uninstall MSE as I suspected this might be a problem (though I never experienced this with MBAM 1.75), and this has taken me a few days!

http://www.bleepingcomputer.com/forums/t/530702/unable-to-upgrade-or-uninstall-microsoft-security-essentials-mse/

I think I have just now uninstalled it.

 

I don't think I have a malware infection as MBAM and HitmanPro find nothing, but a conflict of some sort is a possiblity - it does appear that my issue remains ... I will seek expert assistance as per your link if this persists.

 

@cantoris: I ran CrystalDiskInfo but no issues, health good.

Link to post
Share on other sites

paulderdash now that you have MSE removed, you can rerun the tool and post new logs to see if the issues are gone, but if you are still having problems its probably going to be best to have an expert help you either way.

Some of the nastiest rootkits like to hide and are had to detect. The experts will be able to verify you are clean, and perhaps help you get rid of any conflicts going on.

Link to post
Share on other sites

I just downloaded and installed V2 last night. No problems with the Threat scan, but this morning I tried running a Custom scan with Rootkit detection enabled. No problems until it hit /Windows/Web/Wallpaper/Scnenes, at which it hung scanning img28. About 5 minuts of no progress (it's a 9065K file), I hit the cancel button, at which point Mbam stoped responding. It kept the scanning going, and I couldn't see any changes in performance in Task Manager.

 

I rebooted the computer and redid the Custom scan without the rootkit detector. The speed was similar to V1.175, and no problems were seen. I then did a rootkit-only scan (disabling the other checks), and Mbam hung up on the same directory, but img26 (about 1.5MB). I let it go 15-20 minutes with no progress. Same behavior after hitting the cancel button.

 

I tried an Mbam scan on img26, but the single file scan didn't look for rootkits. (I enabled rootkit detection in settings, but didn't reboot before looking at that file.)

 

I'm running windows 7 with the current updates (and service packs) along with MSE, currently up to date. Haven't tried anything with MSE disabled yet. I'm stuck on dialup at home, so I have to be careful to find AV programs that update robustly...

 

Modulo the rootkit issue, I like it. I'm on my wife's laptop using broadband, but will try more checks when I get home.

Link to post
Share on other sites

Just ran the test; MSE disabled, scanning everything including the root kit. It delayed at img28, but I let it run. Success! The scan on the main drive (I skipped my backup hard drive) took about 90 minutes. Amazing what finding the FAQ does...

One of these days I'll try the same thing with an AV program enabled.

I know I'm one of the few percent without broadband, but it might be good to include a warning about the extra time root kit scans will take. Might avoid some problems.

Link to post
Share on other sites

Great glad you found the FAQ's and were able to complete a scan... Also it looks like AdvancedSetup has picked up your topic HERE

 

For others that may be following this thread, the FAQ in question can be seen below....

 

NOTE: There is an FAQ section with valuable information located here:
Common Questions, Issues, and their Solutions

Link to post
Share on other sites

  • 2 months later...

Hello TVBaune3 and :welcome:

We are disappointed to read your system is having issues. Each computer is unique. Problems that seem "the same" most often are not.

The same is true for solutions. They most often need to be individualized.

It is less confusing for everyone if we adhere to the "one user per topic" sub-forum policy.

Please start a NEW, SEPARATE topic using this >>cjfj.png<< button.

Staffers, experts and helpers will be able to more easily provide both you, and the OP/Topic Starter, with individualized assistance to get you both up and running.

Please also re-attach the same files.

Thank you always for your patience and understanding. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.