Major freezing bug in 2.x version on Windows 7 64-bit SP1

[Naki]

My first topic was locked. Removed offending software, hope to get help again now...

 

This is not good. I have a fast and powerful PC - Intel Core i7 CPU, 32 GB of RAM (4 sticks 8 GB each), NVidia GeForce GTX 670 videocard, 2 SSDs, and also a 4 GB RAM disk.

When I do a scan with the new MBAM 2.0 version (using the free one), the MalwareBytes Antimalware Pre-scan causes the Windows shell and my web browser to stop responding (Chrome says Not responding, Windows taskbar won't respond to clicks). The mouse (by Razer, USB wired) won't reply to clicks also and barely moves or does not move at all. Keyboard (HP, again USB) also fails. Any comments on this?

Versions 1.x of MBAM Free never did this. Using Windows 7 64-bit Ultimate, SP1 + all Updates installed. Using the free MSSE antivirus by Microsoft as main antivirus software.

I have Daemon Tools Lite, version 4.49.1.0356, but without the SPTD component. Also, my RAM disk software is from AMD.

I have an additional USB 3.0 Etron 188 chipset PCI Express card (4 port), because my ASRock motherboard only has two USB 3.0 ports.

I also have VMware Workstation 10 installed, as well as LogMeIn Hamachi, maybe those two could affect Malwarebytes Antimalware with the extra (virtual) network cards they create.

 

If you need more info on my config, please tell me.

 

Attaching my latest FARBAR logs.

FRST.txt

Addition.txt

[Naki]

For reference, my old thread is here:

https://forums.malwarebytes.org/index.php?showtopic=147078

[Naki]

Any news/update?

[AdvancedSetup]

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[Naki]

OK, I took your advice and uninstalled the ooVoo Toolbar - I don't use it anyway.

 

Combofix log file attached.

 

Please let me know next steps...

ComboFix.txt

[Naki]

OK, Combofix fix broke my MSSE Updates again! Any idea why this happens? Currently MSSE can't Check for Updates and throws an error. Help?

[Naki]

OK, Combofix fix broke my MSSE Updates again! Any idea why this happens? Currently MSSE can't Check for Updates and throws an error. Help?

OK, restarting the PC fixed the MSSE Update function. Got a little scared, glad it works after the restart...

[AdvancedSetup]

Please try the following

• Please try the following and let us know if this corrects your issue or not. MBAM Clean Removal Process 2x
• Please try installing the new beta which has corrected some previously reported issues: - Malwarebytes Anti-Malware 2.0.2 Public Beta
• If that does not correct the issue then please read the following and post back the requested logs. - Diagnostic Logs
• NOTE: There is an FAQ section with valuable information located here: - Common Questions, Issues, and their Solutions

 

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
 
Thank You

[Naki]

Sadly the Beta did not change anything, system/web browser still keeps freezing.

 

Attaching FarBar logs + MBAM-check log.

Addition.txt

FRST.txt

CheckResults.txt

[Naki]

MBam Scan log:

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11.05.2014

Scan Time: 12:10:42

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1010

Malware Database: v2014.05.11.03

Rootkit Database: v2014.03.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Vlado

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 560624

Time Elapsed: 8 min, 51 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 3

PUP.Optional.OpenCandy, C:\Users\Vlado\Downloads\DTLite4413-0173.exe, , [7ea16de3dd9e0e283ee36303ca3a966a], 

PUP.Optional.Amonetize.A, C:\Users\Vlado\Downloads\PFPortChecker.exe, , [55caf25ebac13303570bd245bd4455ab], 

PUP.Optional.OpenCandy, C:\Users\Vlado\Downloads\winamp5621_full_emusic-7plus_all.exe, , [ab74143cdaa141f5180985e1ec18a65a], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

--------------

 

Now what? Clearly no viruses or other significant malware! 
Can you maybe send me a debug build of MBAM, that can create a more detailed log maybe?

[AdvancedSetup]

Please go ahead and run through the following steps and post back the logs when ready. There is no other special version of MBAM that allows other logging.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!