Jump to content

plax

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by plax

  1. Just for information concerning my last, I finally realized that I had a script filter blocking JavaScript for this site and that's what was precluding the attachment controls from appearing. So I've got that much resolved now and have uploaded the zip. Thank you much
  2. I finally figured out that my secondary script filter on this particular PC was blocking JavaScript here. I've thus exempted malwarebytes.org from said filtering so here's my belated attachment for the ThinkPad issue. If you require any other information please let me know. Thnaks kindly attach.zip
  3. I've concluded that it's the rundll32.exe instance that's handling Tweak UI which causes the MBAM scan stalling issue. Repeated testing establishes that the other one that handles the ThinkPad utilities makes no difference whether or not it's running. If I disable the Tweak UI call in the registry at HKLM\SOFTWARE/Microsoft\Windows\CurrentVersion\Run and reboot the machine, the registry value remains disabled (or deleted - whichever I've done) but the second instance of rundll32.exe still loads and must be terminated before MBAM will scan. Conversely, if I disable the ThinkPad utilities call at the HKLM Run key, the associated rundll32.exe process will no longer start upon the next reboot. But even with just the single instance of rundll.exe running (that's handling the Tweak UI activities), MBAM still refuses to scan for longer than 20 seconds. So it appears to be an issue related to Tweal UI and its DLL dynamics. The strange thing is that before I installed the Microsoft security patches yesterday, MBAM would scan fine without issue and Tweak UI was running then as well. The reason I want to continue using Tweak UI is because of its ability to auto-clear various logs, lists, and histories upon restarting the laptop. So I'd prefer to keep using it but I'd also like to be able to use Malwarebytes as an on-demand tool, and do so without having to guess which rundll.exe isntance to terminate first.
  4. Thanks for the reply and for your instructions. I've followed the item #7 steps and completed the tasks outlined therein. However, although I've posted the new topic to the HiJackThis Logs forum as directed, I 'm unable to see a way to attach my attach.zip file to my post. I have the file compressed and ready to go but need a way to transfer it. I've pasted the text from the DDS.txt file to my post, though. Thanks
  5. Please help per thread: http://www.malwarebytes.org/forums/index.php?showtopic=34815 Original Message: ==================== Hello, I recently put my old T21 ThinkPad back in service. Its OS is Windows 2000 Pro SP4. Several days ago I downloaded and installed MBAM v1.42, I updated the defs, and I ran a full scan. No problems and no malware was detected. This morning I decided to go to the Windows Update site to get caught up on security patches. It needed 76 of them. I downloaded and installed them all, then ran Microsoft Security Analyzer to verify all was well. All patches were successfully installed. This afternoon, I updated MBAM and tried to run a new scan. The scan stalled after 16 seconds and would not resume. I spent the rest of the afternoon trying to troubleshoot the matter. I tried multiple quick scans and multiple full scans. Each one would stall at some point between 9 and 20 seconds after it started. The MBAM GUI interface would virtually freeze (no buttons would respond) and the scan would remain paralyzed indefinitely. The only thing that worked to get out of it (aside from killing the process in task manager) is clicking the X button in the upper right corner of the interface window -- in that it would bring up the "Not Responding - End Program" dialog. The frozen MBAM would easily terminate from that dialog. During my testing sessions I noticed in task manager that two instances of rundll32.exe were running. I found that terminating one of them would allow a newly launched instance of MBAM to easily and consistently complete either a full or a quick scan. And the results of these MBAM scans is consistently that no malware objects are detected. There is currently no AV software installed on this ThinkPad. I was planning on installing Nod32 on it tomorrow, but I'd like to get this MBAM matter sorted first if I could. There is an older version of Sygate Pro firewall (v5) installed on it though. Any help or suggestions will be much appreciated. Thank you Added comment: I've observed yet another: Unchecking "Always scan memory objects" will also eliminate this scan stalling issue. So I can get the scans to complete by either terminating one of the two running rundll32.exe processes (and I've discovered that it must be a particular one of them that's stopped in order to eliminates the problem; terminating the other one makes no difference), OR I can deactivate the memory objects scanning function in MBAM. ==================== DDS.txt Contents: ==================== DDS (Ver_09-12-01.01) - FAT32x86 Run by Administrator at 6:20:34.91 on Tue 12/29/2009 Internet Explorer: 6.0.2800.1106 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.383.258 [GMT -8:00] ============== Running Processes =============== C:\WINNT\system32\ibmpmsvc.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\PGPsdkServ.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\SPF\Smc.exe C:\Program Files\UPHClean\uphclean.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\tp4serv.exe C:\WINNT\system32\ltmsg.exe C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE C:\WINNT\system32\RunDll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe C:\WINNT\system32\PRPCUI.exe C:\Program Files\The Cleaner\tcm.exe C:\WINNT\system32\RunDll32.exe C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe C:\CFGSAFE\AUTOCHK.EXE C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\OLYMPUS\OLYMPUS Viewer\Ov_Monitor.exe C:\Program Files\Network Associates\PGP for Windows 2000\PGPtray.exe C:\Install\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyOverride = *hotmail*;*services.msn*;*yahoo* BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll uRun: [intelProcNumUtility] "c:\program files\intel\intel psncu\CpuNumber.exe" /nosplash mRun: [TrackPointSrv] tp4serv.exe mRun: [LTWinModem1] ltmsg.exe 9 mRun: [tourpath] regedit /s c:\winnt\tour.reg mRun: [TPTRAY] c:\progra~1\thinkpad\utilit~1\TP98TRAY.EXE mRun: [bMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor mRun: [TpHotkey] c:\progra~1\thinkpad\utilit~1\tphkmgr.exe mRun: [PRPCMonitor] PRPCUI.exe mRun: [smcService] c:\progra~1\spf\Smc.exe -startgui mRun: [tcmonitor] c:\program files\the cleaner\tcm.exe mRun: [soundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\pgptray.lnk - c:\program files\network associates\pgp for windows 2000\PGPtray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autochk.lnk - c:\cfgsafe\AUTOCHK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adsubt~1.lnk - c:\program files\adsubtract\adsub.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\olympu~1.lnk - c:\program files\olympus\olympus viewer\Ov_Monitor.exe DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261846091336 DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37866.4440740741 DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} - hxxp://windowsupdate.microsoft.com/R970/V31Controls/x86/nt5/en/actsetup.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: {E573382F-E9C7-44E0-AB68-0B8325781D7D} = 209.210.176.8,209.210.176.9 ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\jr5w84pf.default\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 TPPWR;TPPWR;c:\winnt\system32\drivers\TPPWR.SYS [2001-7-11 11776] R2 IntelPND;IntelPND;c:\winnt\system32\drivers\IntelPND.sys [2001-7-15 18528] R2 PGPsdkServ;PGPsdkService;c:\winnt\system32\PGPsdkServ.exe [2001-9-20 65536] R2 PGPService;PGPService;c:\program files\network associates\pgp for windows 2000\PGPservice.exe [2001-9-20 249856] R2 PRPC;PRPC;c:\winnt\system32\drivers\prpc.sys [2001-7-11 12182] R2 SVKP;SVKP;c:\winnt\system32\SVKP.sys [2005-11-5 2368] R2 V7;V7;c:\winnt\system32\drivers\V7.SYS [2001-7-11 7196] R3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [2009-12-29 38224] R3 ne2000;Novell/Eagle NE2000 Adapter Driver;c:\winnt\system32\drivers\ne2000.sys [2001-7-20 16016] R3 S3GSavageMX;S3GSavageMX;c:\winnt\system32\drivers\s3gsavm.sys [2003-1-24 88576] R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\winnt\system32\drivers\tp4track.sys [1980-1-1 8991] S3 ec2t;Linksys Combo PCMCIA EthernetCard NT Driver;c:\winnt\system32\drivers\ec2t.sys [1980-1-1 26944] =============== Created Last 30 ================ 2009-12-29 14:19:21 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_2e0.dat 2009-12-29 14:16:14 0 ----a-w- c:\documents and settings\administrator\defogger_reenable 2009-12-29 13:56:20 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys 2009-12-29 13:56:17 18520 ----a-w- c:\winnt\system32\drivers\mbam.sys 2009-12-29 13:56:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-29 13:01:52 0 d-----w- c:\program files\StartUp Control 2009-12-28 21:00:05 0 d-----w- c:\program files\UPHClean 2009-12-28 16:50:59 744716 ---h--w- c:\winnt\ShellIconCache 2009-12-28 16:08:41 0 d-----w- C:\d27cc7383e44beeb149067 2009-12-28 16:08:16 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-12-28 15:13:34 0 d-----w- c:\program files\Microsoft Baseline Security Analyzer 2 2009-12-28 14:56:13 69904 ----a-w- c:\winnt\system32\dllcache\browser.dll 2009-12-28 14:56:13 69904 ----a-w- c:\winnt\system32\browser.dll 2009-12-28 14:56:13 442640 ----a-w- c:\winnt\system32\ipnathlp.dll 2009-12-28 14:56:13 442640 ----a-w- c:\winnt\system32\dllcache\ipnathlp.dll 2009-12-28 14:56:13 167184 ----a-w- c:\winnt\system32\WINTRUST.DLL 2009-12-28 14:56:13 167184 ----a-w- c:\winnt\system32\dllcache\wintrust.dll 2009-12-28 14:56:12 255248 ----a-w- c:\winnt\system32\h323.tsp 2009-12-28 14:56:12 255248 ------w- c:\winnt\system32\dllcache\h323.tsp 2009-12-28 14:54:45 155408 ----a-w- c:\winnt\system32\dllcache\mtstocom.exe 2009-12-28 14:50:13 107792 ----a-w- c:\winnt\system32\dllcache\tshoot.ocx 2009-12-27 00:08:40 57344 ----a-w- c:\winnt\uneng.exe 2009-12-27 00:08:40 0 d-----w- c:\program files\common files\Adaptec Shared 2009-12-26 21:02:59 0 d--h--w- c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$ 2009-12-26 21:00:19 957 ----a-w- c:\winnt\setup.inf 2009-12-26 21:00:19 283 ----a-w- c:\winnt\setup.rpt 2009-12-26 21:00:15 0 d-----w- c:\winnt\mui 2009-12-26 18:57:51 0 d-----w- C:\0dd5435c07f835984914c35fb815 2009-12-26 16:50:23 21728 ----a-w- c:\winnt\system32\wucltui.dll.mui 2009-12-26 16:50:23 17632 ----a-w- c:\winnt\system32\wuaueng.dll.mui 2009-12-26 16:50:23 15072 ----a-w- c:\winnt\system32\wuaucpl.cpl.mui 2009-12-26 16:50:22 15064 ----a-w- c:\winnt\system32\wuapi.dll.mui 2009-12-26 16:50:22 0 d-----w- c:\winnt\system32\SoftwareDistribution 2009-12-26 01:22:47 65240 ----a-w- c:\winnt\system32\drivers\avgntflt.sys 2009-12-25 23:50:05 0 d-----w- c:\program files\CCleaner 2009-12-25 22:37:49 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2009-12-25 22:37:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-12-25 21:26:11 0 d-----w- c:\winnt\winsxs 2009-12-25 19:54:37 499712 ----a-w- c:\winnt\system32\MSVCP71.dll 2009-12-25 19:54:37 348160 ----a-w- c:\winnt\system32\MSVCR71.dll 2009-12-25 19:54:37 1060864 ----a-w- c:\winnt\system32\MFC71.dll ==================== Find3M ==================== 2009-12-27 00:08:42 58000 ----a-w- c:\winnt\system32\drivers\cdr4_2k.sys ==================== NOTE: I'm unable to find a way to attach the attach.zip file (containing attach.txt and ark.txt). Perhaps I can do it on a reply. Thank you
  6. One last thing I forgot to mention is that unchecking "Always scan memory objects" will also eliminates the scan stalling. So I can either terminate one of the two running rundll32.exe processes, OR deactivate the memory objects scanning to cause the scans to complete.
  7. Hello, I recently put my old T21 ThinkPad back in service. Its OS is Windows 2000 Pro SP4. Several days ago I downloaded and installed MBAM v1.42, I updtaed the defs, and I ran a full scan. No problems and no malware was detected. This morning I decided to go to the Windows Update site to get caught up on security patches. It needed 76 of them. I downloaded and installed them all, then ran Microsoft Security Analyzer to verify all was well. All patches were successfully installed. This afternoon, I updated MBAM and tried to run a new scan. The scan stalled after 16 seconds and would not resume. I spent the rest of the afternoon trying to troubleshoot the matter. I tried multiple quick scans and multiple full scans. Each one would stall at some point between 9 and 20 seconds after it started. The MBAM GUI interface would virtually freeze (no buttons would respond) and the scan would remain paralyzed indefinitely. The only thing that worked to get out of it (aside from killing the process in task manager) is clicking the X button in the upper right corner of the interface window -- in that it would bring up the "Not Responding - End Program" dialog. The frozen MBAM would easily terminate from that dialog. During my testing sessions I noticed in task manager that two instances of rundll32.exe were running. I found that terminating one of them would allow a newly launched instance of MBAM to easily and consistently complete either a full or a quick scan. And the results of these MBAM scans is consistently that no malware objects are detected. There is currently no AV software installed on this ThinkPad. I was planning on installing Nod32 on it tomorrow, but I'd like to get this MBAM matter sorted first if I could. There is an older version of Sygate Pro firewall (v5) installed on it though. Any help or suggestions will be much appreciated. Thank you
  8. Hello, I recently put my old T21 ThinkPad back in service. Its OS is Windows 2000 Pro SP4. Several days ago I downloaded and installed MBAM v1.42, I updated the defs, and I ran a full scan. No problems and no malware was detected. This morning I decided to go to the Windows Update site to get caught up on security patches. It needed 76 of them. I downloaded and installed them all, then ran Microsoft Security Analyzer to verify all was well. All patches were successfully installed. This afternoon, I updated MBAM and tried to run a new scan. The scan stalled after 16 seconds and would not resume. I spent the rest of the afternoon trying to troubleshoot the matter. I tried multiple quick scans and multiple full scans. Each one would stall at some point between 9 and 20 seconds after it started. The MBAM GUI interface would virtually freeze (no buttons would respond) and the scan would remain paralyzed indefinitely. The only thing that worked to get out of it (aside from killing the process in task manager) is clicking the X button in the upper right corner of the interface window -- in that it would bring up the "Not Responding - End Program" dialog. The frozen MBAM would easily terminate from that dialog. During my testing sessions I noticed in task manager that two instances of rundll32.exe were running. I found that terminating one of them would allow a newly launched instance of MBAM to easily and consistently complete either a full or a quick scan. And the results of these MBAM scans is consistently that no malware objects are detected. There is currently no AV software installed on this ThinkPad. I was planning on installing Nod32 on it tomorrow, but I'd like to get this MBAM matter sorted first if I could. There is an older version of Sygate Pro firewall (v5) installed on it though. Any help or suggestions will be much appreciated. Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.