Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malwarebytes crashes during full scan


  • This topic is locked This topic is locked
3 replies to this topic

#1 masterosok

masterosok

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 25 December 2012 - 02:12 AM

I am trying to clean up my nieces computer that is littered with malware however Malwarebytes crashes when I perform a full scan in both normal and safe modes.

I have included a dds log.


Any feedback would be greatly appreciated.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 1:04:43 on 2012-12-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.939.243 [GMT -6:00]
.
.
============== Running Processes ================
.
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\EtmService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe
C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe
C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Panasonic\WSwitch\WSwitch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panasonic\CHGBMODE\ChgBmode.exe
C:\Program Files\Panasonic\OPDOFF\opdoff.exe
C:\Program Files\Panasonic\PPopup\ppopup.exe
C:\WINDOWS\system32\RAMAsst.exe
C:\Program Files\Panasonic\WheelPad\Touchpad.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://panasonic.net/pavc/toughbook/site_info/global_link.html
uInternet Connection Wizard,ShellNext = hxxp://panasonic.net/pavc/toughbook/site_info/global_link.html
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WSwitch] c:\program files\panasonic\wswitch\WSwitch.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [setfan] "c:\program files\panasonic\setfan\setfan.exe" /resetting
mRun: [Panasonic Hotkey Manager] c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE
mRun: [PCinfo] c:\program files\panasonic\pcinfo\PcInfoUt.exe
mRun: [PRunOnce] c:\util\prunonce\PRunOnce.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\econom~1.lnk - c:\program files\panasonic\chgbmode\ChgBmode.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\optica~1.lnk - c:\program files\panasonic\opdoff\opdoff.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcinfo~1.lnk - c:\program files\panasonic\ppopup\ppopup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMAsst.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\touchp~1.lnk - c:\program files\panasonic\wheelpad\Touchpad.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1334108865913
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{25A5C58D-7A0E-4C6D-BC35-CBE3A8BAF6CE} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ETMService;Intel® Dynamic Power Performance Management Service Application;c:\windows\system32\etmservice.exe [2008-9-26 223768]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-25 399432]
R2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\panasonic\opdoff\opdoffsv.exe [2008-9-26 206480]
R2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\panasonic\pcinfo\PcInfoPi.exe [2008-9-26 54632]
R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\panasonic\pcinfo\PCInfoSV.exe [2008-9-26 189800]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-25 244368]
R3 EtmCpu;EtmCpu;c:\windows\system32\drivers\EtmDevCpu.sys [2008-9-26 25088]
R3 EtmDevGen;EtmDevGen;c:\windows\system32\drivers\EtmDevGen.sys [2008-9-26 18944]
R3 EtmDrvMgr;EtmDrvMgr;c:\windows\system32\drivers\EtmDrvMgr.sys [2008-9-26 46592]
R3 EtmFan;EtmFan;c:\windows\system32\drivers\EtmDevFan.sys [2008-9-26 11264]
R3 EtmGmchMem;EtmGmchMem;c:\windows\system32\drivers\EtmDevGmch.sys [2008-9-26 98304]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-9-25 41216]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-25 110080]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-25 40776]
R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2008-9-25 47976]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-25 676936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-25 22856]
.
=============== Created Last 30 ================
.
2012-12-25 06:46:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-25 06:46:16 -------- d--h--w- c:\windows\PIF
2012-12-25 06:18:21 -------- d-----w- c:\program files\CCleaner
2012-12-25 06:16:28 -------- d-----w- c:\windows\pss
2012-12-25 06:12:36 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-12-25 06:12:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-12-25 06:12:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-25 06:12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 1:05:17.85 ===============

Attached Files


Edited by masterosok, 25 December 2012 - 02:13 AM.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:16 PM

Posted 25 December 2012 - 10:36 AM

Hello masterosok, Happy Holidays and welcome to Bleeping Computer! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

==========

I have just recently had the same issue on a relatives computer, and one of my colleges has mentioned the issue could be due to a filesystem error...so let's tackle that first.

Step :step1:

Hold the "WindowsPosted Image" key and press "R" to open the runbox, type in chkdsk /r and click Ok.
***Note the space between chkdsk and /r...it needs to be there.

In the command box that opens type in Y and press Enter. Then close the command window and then restart the computer. The reboot will start the Windows Error Checking utility and may take some time to run, but just let it complete.

==========

Step :step2:

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:


Hold the "WindowsPosted Image" key and press "R" to open the runbox, type in eventvwr and click Ok.
  • The Event Viewer window will open.
  • In the left pane, expand "Event Viewer (local)" then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Click on that Winlogon entry to select it.
  • In the box below "Description", Copy all of the contents.
  • Paste the contents into your next reply.

==========

Step :step3:

Now try again to run MBAM with a full scan and post me the resultant log if successful as well as the chkdsk log in your next reply! :)

bloopie

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:16 PM

Posted 28 December 2012 - 06:37 PM

Hello again,

Are you still with me? :)

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:16 PM

Posted 30 December 2012 - 01:17 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users