Quick and Full Scan freezes not responding after several seconds

[sebringpwr]

.So far the only problems I notice is that I can not scan with Malwarebytes. Both quick and full scan stops working after about 8-9 seconds. After it seems to freeze, I place the cursor on something, click and it will say not responding. I have tried scanning in safe mode and the problem still exist.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Carey at 22:20:01 on 2012-03-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.224 [GMT -5:00]

.

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TENCENT\SOSOUpdate.exe

C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ebay.com/sch/merchant/momo_pwr_W0QQ_dmdZ1QQ_ipgZ50QQ_sopZ12

uSearch Page = hxxp://www.google.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

uDefault_Page_URL = hxxp://www.msn.com

uURLSearchHooks: Tencent SearchHook: {db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} - c:\program files\tencent\ssplus\SAddr.dll

BHO: Tencent Browser Helper: {005ec41a-f88a-2323-5938-8e8c6349a646} - c:\program files\tencent\ssplus\SAddr.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - hxxp://heva.solidworks.com/htdocs/pdownload/edrawings/e2010sp04/cab//eDrawingsEnglish.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230569120062

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230575727218

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{12764086-CD91-4D6E-B599-7D97CFDD1DC3} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7D776EBC-880F-42B0-88C2-FBBFDEAED7F1} : DhcpNameServer = 192.168.2.1

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\carey\application data\mozilla\firefox\profiles\dipr5cz8.default\

FF - prefs.js: browser.startup.homepage - ebay.com

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]

R2 SOSOUpSvc;Tencent SOSO Update Service;c:\program files\tencent\SOSOUpdate.exe [2012-1-22 111992]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]

R2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2011-4-24 272864]

R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-6 348352]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-4 106104]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-4 40776]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120304.006\naveng.sys [2012-3-4 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120304.006\navex15.sys [2012-3-4 1576312]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-4 43392]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2011-4-24 642432]

S3 cpuz134;cpuz134;\??\c:\docume~1\carey\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\carey\locals~1\temp\cpuz134\cpuz134_x32.sys [?]

S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-4-24 50704]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-05 02:51:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-05 01:45:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2012-03-05 01:44:59 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2012-03-05 01:44:59 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2012-03-05 01:44:59 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-03-05 01:44:59 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-03-05 01:44:59 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-03-05 01:44:58 97240 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2012-03-05 01:44:58 437208 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2012-03-05 01:44:58 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2012-03-05 01:44:58 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2012-03-05 01:44:58 1911768 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2012-03-05 01:44:58 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2012-03-04 23:30:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-04 23:30:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-04 21:20:32 -------- d-----w- c:\program files\AVAST Software

2012-03-04 21:20:32 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-03-04 20:03:53 -------- d-----w- c:\documents and settings\carey\AppData

2012-03-04 18:26:22 -------- d-----w- c:\documents and settings\carey\application data\Malwarebytes

2012-03-04 18:26:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-02-15 02:56:19 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-15 02:56:19 3072 ------w- c:\windows\system32\iacenc.dll

.

==================== Find3M ====================

.

2012-02-27 23:00:04 770384 ----a-w- c:\windows\system32\msvcr100.dll

2012-02-27 23:00:04 421200 ----a-w- c:\windows\system32\msvcp100.dll

2012-01-24 03:51:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 22:20:49.25 ===============

attach.txt

[Maurice Naggar]

Hello,

Please advise if your issue has been cured.

If not, and you would like guided help, please do the following.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Click on Scan.
  
• Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!