Jump to content

Malwarebytes Scan locks up computer


Recommended Posts

I was scanning my son's computer with MBAM free version and found that it would freeze the entire computer about 20-30 seconds into a Quick Scan.

Mouse and keyboard are non-responsive. Have to power cycle to get it back

I tried logging in as administrator, tried running in Safe mode, tried turning off heuristics. I have Mcafee Enterprise 8.5i installed but Access protection is disabled. Also tried disabling On Access Scan. I tried Spybot S&D as well and it freezes up the computer as well.

Ran a CHKDSK with no problems. Tried uninstalling MBAM, ran mbam-clean.exe adn re-installed and still freezes.

Freeze seems to occur when scanning files in the SYSTEM32 directory.

System is Windows XP Home Edition SP3

Thanks for any help or insight you may have.

Link to post
Share on other sites

Hello koslo! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

Wow thanks for the quick reply here is the DDS.txt, Attach.txt is attached:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Matthew at 19:07:11.31 on Thu 01/27/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1528 [GMT -5:00]

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============


C:\WINDOWS\system32\svchost -k DcomLaunch


C:\WINDOWS\System32\svchost.exe -k netsvcs





C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe


C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE



C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe





C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe


C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\McAfee\Common Framework\McTray.exe


C:\Documents and Settings\Matthew\Desktop\dds.scr


============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://disney.go.com/index

uSearch Bar = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"


mRun: [Alcmtr] ALCMTR.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [DSS] c:\windows\bbstore\dss\DSSAGENT.EXE

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.35.9/ttinst.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-5-22 31816]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-27 103744]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-5-22 144704]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-5-22 54608]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 TraiHelper;Tomb Raider Advanced Installer Multiprocessor Helper;c:\tombraid\TRAISVCS.EXE [2009-10-15 177152]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2011-1-27 72936]

R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2011-1-27 33960]

R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2011-1-27 174952]

S2 gupdate1c9661f2371232a;Google Update Service (gupdate1c9661f2371232a);c:\program files\google\update\GoogleUpdate.exe [2008-12-24 133104]

S3 lredbooo;lredbooo;\??\c:\docume~1\matthew\locals~1\temp\lredbooo.sys --> c:\docume~1\matthew\locals~1\temp\lredbooo.sys [?]

=============== Created Last 30 ================

2011-01-27 23:58:19 -------- d-s---w- C:\ComboFix

2011-01-27 06:22:15 72936 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-01-27 06:22:15 64232 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-01-27 06:22:15 52104 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2011-01-27 06:22:15 33960 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-01-27 06:22:15 174952 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-01-27 06:21:58 -------- d-----w- c:\program files\McAfee

2011-01-27 06:21:58 -------- d-----w- c:\program files\common files\McAfee

2011-01-27 06:19:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-27 06:19:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-27 06:18:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-27 06:18:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-27 05:40:50 -------- d-sha-r- C:\cmdcons

2011-01-27 05:38:48 98816 ----a-w- c:\windows\sed.exe

2011-01-27 05:38:48 89088 ----a-w- c:\windows\MBR.exe

2011-01-27 05:38:48 256512 ----a-w- c:\windows\PEV.exe

2011-01-27 05:38:48 161792 ----a-w- c:\windows\SWREG.exe

2011-01-27 05:31:55 -------- d-----w- c:\program files\WinPcap

2011-01-27 05:29:58 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys

2011-01-27 05:28:58 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2011-01-27 05:27:59 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll

2011-01-27 05:26:59 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys

2011-01-27 05:25:57 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys

2011-01-27 05:24:58 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll

2011-01-27 05:23:58 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll

2011-01-27 05:22:59 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys

2011-01-27 05:21:58 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys

2011-01-27 05:20:58 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys

2011-01-27 05:19:59 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll

2011-01-27 05:18:58 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll

2011-01-27 05:17:58 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys

2011-01-27 05:16:59 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys

2011-01-27 05:15:58 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys

2011-01-27 05:14:57 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll

2011-01-27 05:13:58 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys

2011-01-27 05:12:59 96256 -c--a-w- c:\windows\system32\dllcache\ctlsb16.sys

2011-01-27 05:11:59 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll

2011-01-27 05:09:14 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys

2011-01-27 05:08:49 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

2011-01-27 04:29:03 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-01-27 04:29:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-01-27 04:01:56 -------- d-----w- c:\docume~1\matthew\applic~1\Malwarebytes

2011-01-24 19:57:17 247808 ------r- c:\windows\system32\QTVRW32.QTC

2011-01-24 19:57:13 -------- d-----w- c:\program files\Walt Disney

2011-01-09 17:56:31 32768 ----a-w- c:\windows\_dsC.tmp

2010-12-30 19:26:23 -------- d-----w- c:\program files\Take2Interactive

==================== Find3M ====================

2010-12-30 20:55:41 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll

2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec

============= FINISH: 19:08:27.52 ===============


Link to post
Share on other sites

Thanks for your continued help on this issue. I assume you meant to follow the instructions on that page regarding McAfee Enterprise. I tried everything it said. I added all the exceptions it listed and I still have the issue.

Malwarebytes freezes about 30-50 seconds in to the quick scan. Then a few seconds later the whole system is frozen.

I have also tried (previously) disabling all of the McAfee scanner options. (On access scan, Access protection, Email Scanner, etc), and the issue still exists.

Any other guidance is greatly appreciated.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.