Malwarebytes hangs during scan

[mlou]

Hi hoping someone can help - malwarebytes hangs everytime I try to scan. I have tried to run it in safe mode and the same happens. I have run check disk and defragged the hard drive (I read this in another post). My PC is running windows XP and I use Bullguard anti virus. Thanks in advance

[AdvancedSetup]

Hello and Welcome to Malwarebytes mlou

Please create an mbam-check log:

• Download mbam-check.exe from here and save it to your desktop
  
• Double-click on mbam-check.exe to run it, it should then open a log file
  
• Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post
  

Next,Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

1. DDS.txt
   
2. Attach.txt
   

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[mlou]

Thanks for the fast response!

Attached are the files requested.

dds.txt

attach.txt

CheckResults.txt

[AdvancedSetup]

You have a couple of issues with the computer. One being that you have core processes from the OS running in Compatibility mode that really should not be there.

Please do the following STEPS

STEP 1

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from here
  
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  
• Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected.

  [*]Click on OK

  [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 2

Open REGEDIT.EXE and browse to the Registry key below. Locate the file entries listed and delete them from the Registry.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

STEP 3

This should not cause a crash but can cause other odd behavior in the program. Please open your International Settings and set the time format to match.

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ HH:mm:ss

REG_SZ AM

REG_SZ PM

REG_SZ :

STEP 4

I'm not going to get into infection detection or removal here as that is handled in the HJT forum but I will say that using uTorrent to share files can very easily get your computer infected up to and including malware that can encrypt your data and it will be impossible to recover from that type of damage without good solid external backups of the data.

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo2.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo2.dll

TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\utorrentcontrol2\prxtbuTo2.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo2.dll

These "type" of freebie programs can also help to sooner or later lead you into getting infected. They're often free in order to bring targeted advertising to your computer which again sooner or later can help lead to an infection.

IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm

STEP 5

Your Event Logs show that BullGuard is having issues loading as well which could be due to the items in STEP 2 that should be removed.

==== Event Viewer Messages From Past Week ========

.

19/02/2013 10:12:40, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

19/02/2013 10:12:40, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

17/02/2013 16:23:26, error: W32Time [34] - The time service has detected that the system time needs to be changed by +86411 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.65:123->65.55.21.15:123) is working properly.

14/02/2013 12:37:34, error: Service Control Manager [7022] - The BullGuard firewall service service hung on starting.

14/02/2013 11:31:43, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

14/02/2013 11:31:42, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

.

==== End Of File ===========================

STEP 6

We don't have an exmple posted but please double check your BullGuard Antivirus interface for exclusions and make sure you exclude the following files from detection during scan and real time.

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

C:\Program Files\Malwarebytes' Anti-Malware

C:\WINDOWS\system32\drivers\mbam.sys

If there is any Firewall setting then you need to allow MBAM out to access this site: data-cdn.mbamupdates.com

[mlou]

Thank you for the advice, I will follow your suggestions. I am new to this forum so I hope you will tolerate a couple more questions. Should the time format settings you recommend be the same on a windows 7 64 bit PC?

The problem PC has had the above set up for sometime (the programs you mentioned not used frequently) and Malwarebytes has always scanned efficiently - do you think removing the mentioned programs is sufficient or do you think I have an infection that needs to be addressed in the HJT(not sure what that is ) forum? If yes please could you forward a link it would be much appreciated!!

thanks again mlou

[AdvancedSetup]

Well I would start with removing the registry entries, running a full disk check and then see how it goes from there. Don't forget to also setup the exclusions for BullGuard antivirus.

I don't see any obvious infection but some of the infections lately have very few signs aside from sometime IP blocks or unexpected website redirection.

The HJT forum is where trained Experts help users scan for infections and remove them.

If the above procedure do not help then I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks

[mlou]

Thanks for sharing your knowledge and experience - it is much appreciated.

[AdvancedSetup]

You're quite welcome. Let's us know if you need further assistance

Take care

[mlou]

Hi I have followed the instructions given and I am still unable to complete a scan. During quick scan the program becomes unresponsive during 'currently scanning other items'

One item was detected half way through a full scan, so I aborted and fixed this issue before the program became unresponsive. Do I need to post this log somewhere else? It relates to a spyware password for a program I have installed.

Any advice appreciated.

Thanks

[AdvancedSetup]

I would suggest opening a ticket on the Help Desk and having them assist you with this further.

http://www.malwarebytes.org/contact_consumer/

Thanks

[mlou]

Thanks for the link, unfortunately I only have a free version so I don't think this option is available to me.

[AdvancedSetup]

It's okay. Go ahead and open a ticket and ask for me and reference your topic here please and I'll assist you.

http://forums.malwarebytes.org/index.php?showtopic=122926