Jump to content

Recommended Posts

Hi,

Malwarebytes was unable to complete a scan and would always crash in the windows fonts folder. I am unable to get the exact file name now because it is scanning without issue now. The scans were done with updated definitions. Was having issues updating/installing itunes, then a secondary internal drive used for music crashed. Chkdsk would freeze but the next day was able to complete and the drive is back now.

Thanks!

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by k at 19:11:01.75 on 21/03/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.2047.1554 [GMT -7:00]

.

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\fireface.exe

C:\WINDOWS\system32\firefacemix.exe

C:\Program Files\AirPort\APAgent.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\LG Soft India\fortePivot\bin\fortePivot.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Wuala Dokan\mounter.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\k\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWindow Title = Internet Explorer Provided by SHAW Internet

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [FirefaceTray] fireface.exe

mRun: [FirefaceMixTray] firefacemix.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fortep~1.lnk - c:\program files\lg soft india\fortepivot\bin\fortePivot.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263355122953

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263355108406

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: {440BD492-68AE-4655-A507-0773D536B805} = 64.59.144.16,64.59.144.17

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\k\applic~1\mozilla\firefox\profiles\o1gxrzp1.default\

FF - prefs.js: browser.startup.homepage - hxxps://duckduckgo.com/

FF - component: c:\documents and settings\k\application data\mozilla\firefox\profiles\o1gxrzp1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: c:\documents and settings\k\application data\mozilla\firefox\profiles\o1gxrzp1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-19 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-19 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-19 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-19 61960]

R2 wDokan;wDokan;c:\windows\system32\drivers\wdokan.sys [2010-8-11 72184]

R2 wDokanMounter;wDokanMounter;c:\program files\wuala dokan\mounter.exe [2010-8-11 22016]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-5-16 33792]

S3 9d2af6db-7ce5-476d-9900-0c46605da505;9d2af6db-7ce5-476d-9900-0c46605da505;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]

S3 fireface;Service for Fireface (WDM);c:\windows\system32\drivers\fireface.sys [2007-5-15 83072]

S3 ZMHHPAudioSrv;ZOOM H Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmhhpau.sys [2008-3-28 89856]

S4 Dmusvrnd;Dmusvrnd; [x]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

.

=============== Created Last 30 ================

.

2011-09-19 00:47:09 -------- d-----w- c:\docume~1\k\applic~1\SUPERAntiSpyware.com

2011-09-19 00:47:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2011-09-19 00:47:02 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-03-19 21:52:25 -------- d-----w- c:\docume~1\k\applic~1\Avira

2011-03-19 21:45:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-03-19 21:45:37 -------- d-----w- c:\program files\Avira

2011-03-19 21:45:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-03-08 21:55:37 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2011-03-08 21:55:37 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-03-08 21:55:25 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-03-08 21:54:58 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-03-08 21:52:51 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-03-08 02:32:28 -------- d-----w- C:\MGtools

2011-03-08 02:18:16 -------- d-sha-r- C:\cmdcons

2011-03-08 02:15:27 98816 ----a-w- c:\windows\sed.exe

2011-03-08 02:15:27 89088 ----a-w- c:\windows\MBR.exe

2011-03-08 02:15:27 256512 ----a-w- c:\windows\PEV.exe

2011-03-08 02:15:27 161792 ----a-w- c:\windows\SWREG.exe

2011-03-08 02:14:19 2417973 ----a-w- C:\MGtools.exe

2011-03-07 19:20:33 -------- d-----w- c:\windows\system32\scripting

2011-03-07 19:20:33 -------- d-----w- c:\windows\l2schemas

2011-03-07 19:20:32 -------- d-----w- c:\windows\system32\en

2011-03-04 02:37:04 -------- d-----w- c:\program files\Bonjour

2011-03-03 10:26:14 138056 ----a-w- c:\docume~1\k\applic~1\PnkBstrK.sys

2011-03-03 09:00:35 -------- d-----w- c:\docume~1\k\locals~1\applic~1\AA3DeployClient

2011-03-03 09:00:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\AA3DeployClient

2011-03-03 08:59:39 -------- d-----w- c:\docume~1\k\locals~1\applic~1\Deployment

.

==================== Find3M ====================

.

2011-02-19 00:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll

2001-11-05 16:30:50 165376 ----a-w- c:\program files\UNWISE.EXE

.

============= FINISH: 19:12:11.39 ===============

Forgot this in last post:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6128

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

22/03/2011 1:32:10 AM

mbam-log-2011-03-22 (01-32-10).txt

Scan type: Full scan (C:\|)

Objects scanned: 291370

Time elapsed: 1 hour(s), 5 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.zip

Link to post
Share on other sites

Perhaps.. Although it has done this before, where for a period of time it would crash in the fonts file, then for a stretch of time, be able to complete scans. Then crashing again, now success in scanning. In posting this issue I was looking for others who may have encountered something similar or that there might be some explanation like certain programs reacting undesirably together. Also whether there might be malware lurking beneath the reach of the program somehow and if it is related to the secondary drive failures I've been experiencing or if it happened to be a coincedence! Thanks for your time!

Link to post
Share on other sites

  • Staff

Hi,

This may be a permanent solution:

Set Exclusions for Malwarebytes' Anti-Malware in Avira on 32 bit Windows Versions:

  1. Open Avira and click on Local Protection on the left
  2. Click on Guard
  3. Click on Configuration on the upper right
  4. Click the checkbox next to Expert mode on the upper left so that it is checked
  5. Under Guard, click the + next to Scan to expand the list
  6. Click on Exceptions
  7. Under Processes to be omitted by the Guard click the ... button next to the blank white box
  8. In the browse window that opens, navigate to C:\Program Files\Malwarebytes' Anti-Malware
  9. Double-click on mbam.exe then click the Add button
  10. Repeat steps 7-9 for the following files:
    • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[*]Click on Apply

[*]Close Avira's window

Set Exclusions for Avira in Malwarebytes' Anti-Malware:

  • Open Malwarebytes' Anti-Malware and click on the Ignore List tab
  • Click the Add button on the lower left
  • In the small browse window that opens, navigate to C:\Program Files and click once on Avira and click OK
  • Close Malwarebytes' Anti-Malware

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.