Jump to content

Recommended Posts

When I am running a "full scan" with the actual version of mbam 1.44 (language german) in the "protected mode" of windwos vista, the scan works fine and finishes with satisfying results (no malicious items detected). :D

BUT:

When I start a "full scan" in the "non-protected mode" (the mode I am usually working with) the scan "gets caught in a loop" in the specific directory C:\Users\myName\AppData\Local\Microsoft\Windows\*.*. Within there the scan checks the files one after the other and starts again with the first file in that directory, instead of going further to another directory, outside of .../windows/*.*. When I abort that full scan I get the following log.

Malwarebytes' Anti-Malware 1.44

Database version: 3737

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

14.02.2010 12:24:51

mbam-log-2010-02-14 (12-24-51).txt

Scan type: Full Scan (C:\|)

Objects scanned: 75023

Time elapsed: 20 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

That log looks okay to me ;) but I am still wondering about the fact, that I have to abort this full scan (under non-protected mode) !

What I did so far to fix this problem, I cleaned temp-files, the registry etc. with CC-Cleaner and deleted within this "suspicious directory" (C:\Users\myName\AppData\Local\Microsoft\Windows\*.*) all possible files (i.e. index.dat) with Unlocker, still there are remaing (or new creating) 25 files in 13 folders with 4.83 mbytes (screenshot see attachment).

Do you have an idea ?

http://forums.malwarebytes.org/style_image.../attach_add.png

post-32989-1266152184_thumb.jpg

Link to post
Share on other sites

  • Replies 77
  • Created
  • Last Reply

Top Posters In This Topic

Greetings Virus Fighter and welcome to Malwarebytes ;)

What other security software are you currently using on your system (antivirus, firewall etc) besides Malwarebytes' Anti-Malware? The reason I ask is because it is possible that one of them is creating a conflict as most security softwares, including Malwarebytes' Anti-Malware, do not load their drivers in Safe Mode which would indicate that there is a driver conflict of some sort.

To attempt to solve the issue Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows Vista or Windows 7:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista or Windows 7:

  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

The FAQ contains examples of setting file exclusions for some known AV products.

Please let me know how it goes.

Thanks :D

Link to post
Share on other sites

I appreciate your welcome, exile360 !

Well, my virus-protection software is avira-antivir premium (latest update), I excluded the files you listed (Vista) in the settings of "the guard" in avira (not in the "scanner", I think that should be reasonable).

Nevertheless I disconnected my pc from internet.

Than I deactivated my protection, such as "avira", "windows firewall", and "windows defender".

Than I made a full scan with mbam.... but the same problem as before ! ;)

Whatelse can I try ?

Link to post
Share on other sites

It is possible that there is some sort of hard drive corruption causing the problem here. Please do the following:

Windows Vista

  • Click the Start vista-7-start.png button and type cmd
  • You should see cmd under Programs
  • Right-click on cmd and select Run as administrator
  • Click Continue at the User Account Control prompt
  • Copy and paste the following text in the code box into the black command prompt window and press Enter Note: you must right click with your mouse to paste the text into the window as CTRL+V will not work:
    echo y| chkdsk %systemdrive /r


  • Restart your computer and when it loads it will check the hard drive, don't press any keys so that is allowed to do so
  • After the Disk Check completes it will automatically reboot your computer again, this time log in normally and attempt another scan with Malwarebytes' Anti-Malware to see if the problem is resolved.

Please let me know how it goes.

Thanks ;)

Link to post
Share on other sites

Sorry, when I enter the correct command, the response is: chkdsk cannot be executed, since the volume is used by another process. Shall this volume be checked, while the system is started next time ? (y/n).

This notice is repeated, as shown in the screenshot three times, with me having no chance to "say y(es)".

Have you got an idea how I can chkdsk ? Thank you very much for your patience ! :)

post-32989-1266228246_thumb.jpg

Link to post
Share on other sites

Ah, exile360, I`ve got you ! Now I found out the real reason, why you asked me to run this chkdsk: This keeps me busy and thus prevents my further "disturbing" your business :)

The diskchecking is proceeding v e r y s l o w ......... (34% at the moment). Think you will be hearing from me not before next week ! :)

Link to post
Share on other sites

Bad news....

The chkdsk was finished successfully (no errors detected) and reboot was normal.

Then I started full scan with MBAM and..... after 18 minutes processing the scan was caught in a loop again (repeatingly verifying all files within the directory) in the known path c:/users/appdata/local/microsoft/windows/*.* :)

What else can we try ?

Link to post
Share on other sites

I was really hoping that was it but I haven't given up yet :). Lets take a closer look at that directory:

  • Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
    @echo off
    dir /a /s "%localappdata%">"%userprofile%\desktop\directory.txt"
    "%userprofile%\desktop\directory.txt"
    del /f /q "%userprofile%\desktop\directory.txt"
    del /f /q %0

    Once you've done that click on File and select Save As...

  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file Info.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it finishes it will open the file it created in notepad, please copy and paste the file's contents into your next reply.

Thanks :)

Link to post
Share on other sites

Hi exile360, that was a fancy "command" ! :)

Here are exactly all the files, MBAM "is looping in":

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows

15.02.2010 16:12 <DIR> .

15.02.2010 16:12 <DIR> ..

14.02.2010 12:26 <DIR> 1031

14.02.2010 11:30 <DIR> Burn

15.02.2010 16:54 <DIR> Explorer

14.02.2010 11:26 <DIR> History

15.02.2010 17:01 <DIR> Temporary Internet Files

16.02.2010 08:23 3.407.872 UsrClass.dat

16.02.2010 08:23 262.144 UsrClass.dat.LOG1

02.11.2006 14:03 0 UsrClass.dat.LOG2

15.02.2010 12:39 65.536 UsrClass.dat{1f2794d0-6a72-11db-b2a9-0014220f8c51}.TM.blf

15.02.2010 12:39 524.288 UsrClass.dat{1f2794d0-6a72-11db-b2a9-0014220f8c51}.TMContainer00000000000000000001.regtrans-ms

02.11.2006 14:08 524.288 UsrClass.dat{1f2794d0-6a72-11db-b2a9-0014220f8c51}.TMContainer00000000000000000002.regtrans-ms

15.02.2010 09:47 <DIR> WER

15.02.2010 16:25 2.991 WindowsUpdate.log

7 Datei(en), 4.787.119 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\1031

14.02.2010 12:26 <DIR> .

14.02.2010 12:26 <DIR> ..

14.02.2010 12:26 197.783 StructuredQuerySchema.bin

1 Datei(en), 197.783 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Burn

14.02.2010 11:30 <DIR> .

14.02.2010 11:30 <DIR> ..

14.02.2010 11:30 <DIR> Burn

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Burn\Burn

14.02.2010 11:30 <DIR> .

14.02.2010 11:30 <DIR> ..

14.02.2010 11:30 174 desktop.ini

1 Datei(en), 174 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Explorer

15.02.2010 16:54 <DIR> .

15.02.2010 16:54 <DIR> ..

15.02.2010 16:54 24 thumbcache_1024.db

15.02.2010 16:54 24 thumbcache_256.db

15.02.2010 16:54 24 thumbcache_32.db

15.02.2010 16:54 24 thumbcache_96.db

15.02.2010 16:54 4.064 thumbcache_idx.db

15.02.2010 16:54 24 thumbcache_sr.db

6 Datei(en), 4.184 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\History

14.02.2010 11:26 <DIR> .

14.02.2010 11:26 <DIR> ..

14.02.2010 11:26 6 desktop.ini

14.02.2010 11:26 <DIR> History.IE5

1 Datei(en), 6 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\History\History.IE5

14.02.2010 11:26 <DIR> .

14.02.2010 11:26 <DIR> ..

14.02.2010 11:26 145 desktop.ini

16.02.2010 08:21 32.768 index.dat

2 Datei(en), 32.913 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files

15.02.2010 17:01 <DIR> .

15.02.2010 17:01 <DIR> ..

14.02.2010 17:36 <DIR> Content.IE5

15.02.2010 17:19 <DIR> Content.MSO

15.02.2010 17:01 <DIR> Content.Outlook

16.02.2010 08:14 <DIR> Content.Word

14.02.2010 11:47 67 desktop.ini

1 Datei(en), 67 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

14.02.2010 17:36 <DIR> .

14.02.2010 17:36 <DIR> ..

14.02.2010 13:02 <DIR> 7ZP9V0FC

14.02.2010 11:47 67 desktop.ini

16.02.2010 08:21 49.152 index.dat

15.02.2010 18:28 <DIR> KHOPI360

15.02.2010 18:28 <DIR> LCC2GGV7

15.02.2010 18:28 <DIR> N4M5TLS6

15.02.2010 19:19 <DIR> WY48PXR3

2 Datei(en), 49.219 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZP9V0FC

14.02.2010 13:02 <DIR> .

14.02.2010 13:02 <DIR> ..

14.02.2010 13:02 67 desktop.ini

1 Datei(en), 67 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHOPI360

15.02.2010 18:28 <DIR> .

15.02.2010 18:28 <DIR> ..

15.02.2010 17:24 185 3[1].gif

14.02.2010 17:36 67 desktop.ini

15.02.2010 17:24 433 garmin[1].gif

15.02.2010 17:24 3.252 ic_bestprice_guaranteed_de[1].gif

15.02.2010 16:10 66.199 io[1].xml

15.02.2010 17:24 16.113 Melia_Duesseldorf_580x60[1].jpg

15.02.2010 18:28 121 news[1].txt

15.02.2010 17:25 42 p[1].gif

8 Datei(en), 86.412 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCC2GGV7

15.02.2010 18:28 <DIR> .

15.02.2010 18:28 <DIR> ..

15.02.2010 17:24 628 avis[1].gif

14.02.2010 17:36 67 desktop.ini

15.02.2010 17:25 21.272 header_webcheckin_de_01[1].gif

15.02.2010 18:28 3 mbam.check[1].program

15.02.2010 17:24 758 menu-start[1].gif

15.02.2010 17:24 93 menu-trenner[1].gif

15.02.2010 17:24 1.015 navigon[1].gif

15.02.2010 17:24 590 sixt[1].gif

8 Datei(en), 24.426 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4M5TLS6

15.02.2010 19:19 <DIR> .

15.02.2010 19:19 <DIR> ..

15.02.2010 17:24 56 arrow[1].gif

14.02.2010 17:36 67 desktop.ini

15.02.2010 17:25 27.012 header_webcheckin_de_02[1].jpg

15.02.2010 17:24 7.045 logo[1].jpg

15.02.2010 18:28 4 mbam.check[1].database

15.02.2010 17:24 742 menu-end[1].gif

15.02.2010 17:24 963 skobbler[1].gif

7 Datei(en), 35.889 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY48PXR3

15.02.2010 19:19 <DIR> .

15.02.2010 19:19 <DIR> ..

15.02.2010 17:24 68 1x1[1].gif

15.02.2010 17:24 681 bmw[1].gif

15.02.2010 17:25 1.931 bt_wci_einchecken[1].gif

14.02.2010 17:36 67 desktop.ini

15.02.2010 17:24 903 menu-background[1].gif

15.02.2010 19:19 13.824 Reader8Manifest[1].msi

15.02.2010 16:10 35.297 rss[1].xml

15.02.2010 16:10 19.767 rss[2].xml

15.02.2010 17:24 928 tomtom[1].gif

9 Datei(en), 73.466 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO

15.02.2010 17:19 <DIR> .

15.02.2010 17:19 <DIR> ..

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook

15.02.2010 17:01 <DIR> .

15.02.2010 17:01 <DIR> ..

15.02.2010 17:01 <DIR> SM133YAY

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\SM133YAY

15.02.2010 17:01 <DIR> .

15.02.2010 17:01 <DIR> ..

15.02.2010 15:44 1.231.061 SDC10761.JPG

1 Datei(en), 1.231.061 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word

16.02.2010 08:17 <DIR> .

16.02.2010 08:17 <DIR> ..

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\WER

15.02.2010 09:47 <DIR> .

15.02.2010 09:47 <DIR> ..

15.02.2010 12:03 <DIR> ReportArchive

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\WER\ReportArchive

15.02.2010 12:03 <DIR> .

15.02.2010 12:03 <DIR> ..

0 Datei(en), 0 Bytes

That`s it. I hope, this will help us :)

Link to post
Share on other sites

Thanks :)

Yes, hopefully that info will help us figure out why it's getting stuck.

Please try this to see if it clears those files:

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here or here and save it to your desktop.
  • Close any open programs and internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

After it's done and you've restarted your PC run another scan with Malwarebytes' Anti-Malware to see if it still freezes.

Please let me know how it goes.

Thanks :)

Link to post
Share on other sites

I am so sorry.... :)

TFC was run, Computer rebooted, I made full scan with MBAM, but it`s still looping...

This is the TFC-reduced Directory - list:

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows

15.02.2010 16:12 <DIR> .

15.02.2010 16:12 <DIR> ..

14.02.2010 12:26 <DIR> 1031

14.02.2010 11:30 <DIR> Burn

15.02.2010 16:54 <DIR> Explorer

14.02.2010 11:26 <DIR> History

15.02.2010 17:01 <DIR> Temporary Internet Files

16.02.2010 10:25 3.407.872 UsrClass.dat

16.02.2010 10:25 262.144 UsrClass.dat.LOG1

02.11.2006 14:03 0 UsrClass.dat.LOG2

16.02.2010 10:18 65.536 UsrClass.dat{1f2794d0-6a72-11db-b2a9-0014220f8c51}.TM.blf

16.02.2010 10:18 524.288 UsrClass.dat{1f2794d0-6a72-11db-b2a9-0014220f8c51}.TMContainer00000000000000000001.regtrans-ms

02.11.2006 14:08 524.288 UsrClass.dat{1f2794d0-6a72-11db-b2a9-0014220f8c51}.TMContainer00000000000000000002.regtrans-ms

15.02.2010 09:47 <DIR> WER

15.02.2010 16:25 2.991 WindowsUpdate.log

7 Datei(en), 4.787.119 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\1031

14.02.2010 12:26 <DIR> .

14.02.2010 12:26 <DIR> ..

14.02.2010 12:26 197.783 StructuredQuerySchema.bin

1 Datei(en), 197.783 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Burn

14.02.2010 11:30 <DIR> .

14.02.2010 11:30 <DIR> ..

14.02.2010 11:30 <DIR> Burn

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Burn\Burn

14.02.2010 11:30 <DIR> .

14.02.2010 11:30 <DIR> ..

14.02.2010 11:30 174 desktop.ini

1 Datei(en), 174 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Explorer

15.02.2010 16:54 <DIR> .

15.02.2010 16:54 <DIR> ..

15.02.2010 16:54 24 thumbcache_1024.db

15.02.2010 16:54 24 thumbcache_256.db

15.02.2010 16:54 24 thumbcache_32.db

15.02.2010 16:54 24 thumbcache_96.db

15.02.2010 16:54 4.064 thumbcache_idx.db

15.02.2010 16:54 24 thumbcache_sr.db

6 Datei(en), 4.184 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\History

14.02.2010 11:26 <DIR> .

14.02.2010 11:26 <DIR> ..

14.02.2010 11:26 6 desktop.ini

14.02.2010 11:26 <DIR> History.IE5

1 Datei(en), 6 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\History\History.IE5

14.02.2010 11:26 <DIR> .

14.02.2010 11:26 <DIR> ..

14.02.2010 11:26 145 desktop.ini

16.02.2010 10:44 32.768 index.dat

2 Datei(en), 32.913 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files

15.02.2010 17:01 <DIR> .

15.02.2010 17:01 <DIR> ..

14.02.2010 17:36 <DIR> Content.IE5

15.02.2010 17:19 <DIR> Content.MSO

15.02.2010 17:01 <DIR> Content.Outlook

16.02.2010 10:17 <DIR> Content.Word

14.02.2010 11:47 67 desktop.ini

1 Datei(en), 67 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

14.02.2010 17:36 <DIR> .

14.02.2010 17:36 <DIR> ..

14.02.2010 13:02 <DIR> 7ZP9V0FC

14.02.2010 11:47 67 desktop.ini

16.02.2010 10:44 49.152 index.dat

16.02.2010 10:28 <DIR> KHOPI360

16.02.2010 10:28 <DIR> LCC2GGV7

16.02.2010 10:28 <DIR> N4M5TLS6

16.02.2010 10:09 <DIR> WY48PXR3

2 Datei(en), 49.219 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZP9V0FC

14.02.2010 13:02 <DIR> .

14.02.2010 13:02 <DIR> ..

14.02.2010 13:02 67 desktop.ini

1 Datei(en), 67 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHOPI360

16.02.2010 10:28 <DIR> .

16.02.2010 10:28 <DIR> ..

15.02.2010 17:24 185 3[1].gif

14.02.2010 17:36 67 desktop.ini

15.02.2010 17:24 433 garmin[1].gif

15.02.2010 17:24 3.252 ic_bestprice_guaranteed_de[1].gif

15.02.2010 16:10 66.199 io[1].xml

16.02.2010 10:28 3 mbam.check[1].program

15.02.2010 17:24 16.113 Melia_Duesseldorf_580x60[1].jpg

15.02.2010 17:25 42 p[1].gif

16.02.2010 10:09 27 Version[1].asp

9 Datei(en), 86.321 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCC2GGV7

16.02.2010 10:28 <DIR> .

16.02.2010 10:28 <DIR> ..

15.02.2010 17:24 628 avis[1].gif

14.02.2010 17:36 67 desktop.ini

16.02.2010 10:09 178 GetMessages[1].asp

15.02.2010 17:25 21.272 header_webcheckin_de_01[1].gif

16.02.2010 10:28 4 mbam.check[1].database

15.02.2010 17:24 758 menu-start[1].gif

15.02.2010 17:24 93 menu-trenner[1].gif

15.02.2010 17:24 1.015 navigon[1].gif

15.02.2010 17:24 590 sixt[1].gif

9 Datei(en), 24.605 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4M5TLS6

16.02.2010 10:28 <DIR> .

16.02.2010 10:28 <DIR> ..

15.02.2010 17:24 56 arrow[1].gif

14.02.2010 17:36 67 desktop.ini

15.02.2010 17:25 27.012 header_webcheckin_de_02[1].jpg

15.02.2010 17:24 7.045 logo[1].jpg

15.02.2010 17:24 742 menu-end[1].gif

16.02.2010 10:28 121 news[1].txt

16.02.2010 10:25 13.824 Reader8Manifest[2].msi

16.02.2010 10:28 4.074.805 rules[1].ref

15.02.2010 17:24 963 skobbler[1].gif

9 Datei(en), 4.124.635 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY48PXR3

16.02.2010 10:09 <DIR> .

16.02.2010 10:09 <DIR> ..

15.02.2010 17:24 68 1x1[1].gif

15.02.2010 17:24 681 bmw[1].gif

15.02.2010 17:25 1.931 bt_wci_einchecken[1].gif

14.02.2010 17:36 67 desktop.ini

15.02.2010 17:24 903 menu-background[1].gif

16.02.2010 10:09 3 Ping[1].asp

15.02.2010 16:10 35.297 rss[1].xml

15.02.2010 16:10 19.767 rss[2].xml

15.02.2010 17:24 928 tomtom[1].gif

9 Datei(en), 59.645 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO

15.02.2010 17:19 <DIR> .

15.02.2010 17:19 <DIR> ..

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook

15.02.2010 17:01 <DIR> .

15.02.2010 17:01 <DIR> ..

15.02.2010 17:01 <DIR> SM133YAY

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\SM133YAY

15.02.2010 17:01 <DIR> .

15.02.2010 17:01 <DIR> ..

15.02.2010 15:44 1.231.061 SDC10761.JPG

1 Datei(en), 1.231.061 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word

16.02.2010 10:17 <DIR> .

16.02.2010 10:17 <DIR> ..

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\WER

15.02.2010 09:47 <DIR> .

15.02.2010 09:47 <DIR> ..

15.02.2010 12:03 <DIR> ReportArchive

0 Datei(en), 0 Bytes

Verzeichnis von C:\Users\MyName\AppData\Local\Microsoft\Windows\WER\ReportArchive

15.02.2010 12:03 <DIR> .

15.02.2010 12:03 <DIR> ..

0 Datei(en), 0 Bytes

Shall I scrap my PC now ? :)

Link to post
Share on other sites

Hehe, don't scrap your PC just yet :).

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

I'll take a look and see if I can find anything that may be interfering with the scans.

Link to post
Share on other sites

Hi' exile360,

it`s getting crowded on my desktop ..... :) There are "growing" new icons everywhere.... :)

Yeah, you've got TFC (which you can now delete if you wish) along with Autoruns.exe, Autoruns.arn (which you can also delete) and Autoruns.zip (which you can also delete now that you've uploaded it).
I hope, you`ll not find the numer of my swiss bank-account there....
Nope, no account numbers, just info about what loads every time your computer boots :).

I'll take a look at the log and let you know if I find anything that seems like it might conflict with MBAM's scanner and get back to you shortly :).

Link to post
Share on other sites

Alright, I'm back :)

The only thing I can see in your log that may have any impact on scanning would be Diskeeper. It uses a background service that starts with Windows.

If you wouldn't mind, please temporarily disable its service from running at boot and do an MBAM scan to see if the freeze still happens:

Disable a Service on Vista:

  • Click on the Start vista-7-start.png button and type services.msc and press Enter
  • Click Continue at the User Account Control prompt
  • Once the Services window opens, scroll down the list until you find the Diskeeper and double click on it
  • Click the Stop button to stop the service from running, then click the drop down menu next to Startup Type and select Disabled
  • Click the Apply button and click on Ok
  • Close the Services control panel and restart your computer
  • Try a scan with Malwarebytes' Anti-Malware once more to see if the issue still occurs

Please let me know how it goes.

Thanks :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.