Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebyte's stops responding


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,320 posts
  • MVP
Log: 'Application' Date/Time: 2010/8/9 8:38:53 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{FCD9CD52-7222-4672-94A0-A722BA702FD0}', feature 'MainApp' failed during request for component '{3207D1B8-80E5-11D2-B95D-006097C4DE24}'

"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD which is in your uninstall list. Don't know what is wrong with it but it's not happy. Don't think it's anything you really need so if you uninstall it it may fix the problem or at least that what
http://forums.majorg...ad.php?t=211400
says.
You may want to create a backup copy first if you haven't already:
Start>All Programs>Dell Accessories>Dell Resource CD.

Let's check your dbghelp.dll file since it has a error:


# Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
# Under the Custom Scan box paste this in:

/md5start
dbghelp.dll
mbam.dll
/md5stop

Hit Quick Scan and then copy and paste the log into a reply.

Log: 'System' Date/Time: 2010/10/9 5:34:23 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

right click on the clock and adjust/date Time (or just double click on it I think works in XP). Select Internet Time and see if you can get it to synchronize. It's possible that if Trend has a firewall that it blocks it.

Trend is having a lot of problems. It really needs to be uninstalled and replaced with Avast.

Ron
  • 0

Advertisements


#32
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OTL logfile created on: 2010/9/10 12:43:37 PM - Run 4
OTL by OldTimer - Version 3.2.11.0 Folder = I:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/M/d

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): I:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 14.89 Gb Total Space | 11.32 Gb Free Space | 76.00% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 298.01 Gb Total Space | 123.10 Gb Free Space | 41.31% Space Free | Partition Type: NTFS

Computer Name: HARBOURSIDEXPS
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/07 16:18:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/08/30 14:49:08 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2007/03/29 08:10:06 | 000,394,952 | ---- | M] (Trend Micro Inc.) -- I:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2007/03/29 08:10:02 | 000,214,712 | ---- | M] () -- I:\WINDOWS\Temp\RADF95.EXE
PRC - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) -- I:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) -- I:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) -- I:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
PRC - [2005/07/22 17:02:40 | 000,126,464 | ---- | M] (NVIDIA Corporation) -- I:\WINDOWS\system32\nvraidservice.exe
PRC - [2005/05/26 11:38:38 | 012,275,200 | ---- | M] (Realtek Semiconductor Corp.) -- I:\WINDOWS\system32\RTDCPL.EXE
PRC - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) -- I:\Program Files\RealVNC\VNC4\winvnc4.exe


========== Modules (SafeList) ==========

MOD - [2010/09/07 16:18:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\msscript.ocx
MOD - [2006/10/22 12:22:00 | 001,470,464 | ---- | M] () -- I:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 12:22:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- I:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2007/03/29 08:09:38 | 000,603,856 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- I:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2007/03/29 08:09:36 | 000,685,776 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- I:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)
SRV - [2007/03/29 08:03:16 | 000,282,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- I:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe -- (OfcPfwSvc)
SRV - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- I:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- I:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- I:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- I:\Program Files\Trend Micro\Client Server Security Agent\tmxpflt.sys -- (TmFilter)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- I:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- I:\Program Files\Trend Micro\Client Server Security Agent\vsapint.sys -- (VSApiNt)
DRV - [2007/12/24 18:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- I:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/03/22 10:54:58 | 001,844,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- I:\Program Files\Trend Micro\Client Server Security Agent\TM_CFW.sys -- (TM_CFW)
DRV - [2006/10/22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/26 18:48:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/26 18:48:28 | 000,033,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/07/19 22:59:26 | 000,093,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- I:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005/07/19 14:59:28 | 000,076,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- I:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2005/06/14 04:38:58 | 002,802,112 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 03:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.34

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/09/08 14:58:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/09/08 14:58:59 | 000,000,000 | ---D | M]

[2010/04/22 09:30:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/22 09:30:39 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/09 13:11:22 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6zb9x1bc.default\extensions
[2010/09/08 14:59:04 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6zb9x1bc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/07/08 16:08:44 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/08 08:46:22 | 000,000,098 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [IMEKRMIG6.1] I:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] I:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] I:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] I:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] I:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PHIME2002A] I:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] I:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTDCPL] I:\WINDOWS\System32\RTDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1272489429046 (WUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: I:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: I:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/10 09:11:19 | 000,061,440 | ---- | C] ( ) -- I:\Documents and Settings\Administrator\Desktop\VEW.exe
[2010/09/09 15:49:35 | 000,000,000 | -HSD | C] -- I:\RECYCLER
[2010/09/08 15:11:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 15:11:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 15:11:11 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- I:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46(2).exe
[2010/09/08 14:59:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/09/08 10:32:45 | 000,000,000 | RHSD | C] -- I:\cmdcons
[2010/09/08 10:32:06 | 000,212,480 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWXCACLS.exe
[2010/09/08 10:32:06 | 000,161,792 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWREG.exe
[2010/09/08 10:32:06 | 000,136,704 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWSC.exe
[2010/09/08 10:32:06 | 000,031,232 | ---- | C] (NirSoft) -- I:\WINDOWS\NIRCMD.exe
[2010/09/08 10:32:01 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERDNT
[2010/09/08 10:31:52 | 000,000,000 | ---D | C] -- I:\Qoobox
[2010/09/08 08:46:21 | 000,000,000 | ---D | C] -- I:\_OTL
[2010/09/07 16:18:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/07 14:44:52 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- I:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/08/31 03:00:20 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\PreInstall
[2010/08/30 16:00:59 | 000,000,000 | ---D | C] -- I:\Program Files\Malwarebytes' Anti-Malware
[2010/08/30 15:54:53 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\Administrator\Recent
[2010/08/30 15:16:13 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\SoftwareDistribution
[2010/08/30 14:47:27 | 000,446,464 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/08/20 14:18:33 | 000,000,000 | ---D | C] -- I:\Program Files\Panda Security
[2010/08/05 14:59:34 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/07/21 08:43:51 | 000,000,000 | ---D | C] -- I:\Image Backup
[2010/07/08 16:09:47 | 000,000,000 | ---D | C] -- I:\Program Files\PDFCreator
[2010/07/08 16:08:44 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\appmgmt

========== Files - Modified Within 90 Days ==========

[2010/09/10 09:15:20 | 001,835,008 | -H-- | M] () -- I:\Documents and Settings\Administrator\NTUSER.DAT
[2010/09/10 09:14:23 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010/09/10 09:14:12 | 000,275,400 | ---- | M] () -- I:\WINDOWS\System32\NvApps.xml
[2010/09/10 09:14:07 | 000,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010/09/10 09:14:04 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010/09/10 09:13:58 | 000,119,744 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/10 09:13:09 | 000,000,178 | -HS- | M] () -- I:\Documents and Settings\Administrator\ntuser.ini
[2010/09/10 09:13:04 | 005,880,732 | -H-- | M] () -- I:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/10 09:12:59 | 000,000,227 | ---- | M] () -- I:\WINDOWS\system.ini
[2010/09/10 09:11:19 | 000,061,440 | ---- | M] ( ) -- I:\Documents and Settings\Administrator\Desktop\VEW.exe
[2010/09/09 12:22:55 | 003,841,108 | R--- | M] () -- I:\Documents and Settings\Administrator\Desktop\George.exe
[2010/09/08 15:13:54 | 000,356,120 | ---- | M] () -- I:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/08 15:13:54 | 000,311,604 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2010/09/08 15:13:54 | 000,039,992 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2010/09/08 15:11:51 | 000,000,696 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 15:11:30 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- I:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46(2).exe
[2010/09/08 11:22:23 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- I:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2010/09/08 10:32:48 | 000,000,327 | RHS- | M] () -- I:\boot.ini
[2010/09/08 08:46:22 | 000,000,098 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/07 16:18:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/03 10:57:27 | 000,293,376 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\1wx24enh.exe
[2010/09/03 10:54:42 | 000,525,824 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/03 10:52:51 | 000,002,463 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/09/03 10:52:13 | 001,402,880 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010/09/01 03:00:25 | 000,001,789 | ---- | M] () -- I:\WINDOWS\imsins.BAK
[2010/08/30 14:47:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/08/11 09:02:58 | 000,008,875 | ---- | M] () -- I:\WINDOWS\cfgall.ini
[2010/08/06 15:53:11 | 1040,355,328 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\vista_6000.16386.061101-2205-LRMAIK_EN.img
[2010/08/06 09:50:24 | 001,849,343 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\WindowsServer2003-KB892778-SP1-DeployTools-x86-ENU.cab
[2010/07/29 16:39:46 | 001,015,348 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\p95v2511.zip
[2010/07/08 16:09:54 | 000,000,706 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\PDFCreator.lnk

========== Files Created - No Company Name ==========

[2010/09/09 12:22:45 | 003,841,108 | R--- | C] () -- I:\Documents and Settings\Administrator\Desktop\George.exe
[2010/09/08 15:11:51 | 000,000,696 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 10:32:48 | 000,000,210 | ---- | C] () -- I:\Boot.bak
[2010/09/08 10:32:46 | 000,260,272 | RHS- | C] () -- I:\cmldr
[2010/09/08 10:32:06 | 000,256,512 | ---- | C] () -- I:\WINDOWS\PEV.exe
[2010/09/08 10:32:06 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe
[2010/09/08 10:32:06 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe
[2010/09/08 10:32:06 | 000,077,312 | ---- | C] () -- I:\WINDOWS\MBR.exe
[2010/09/08 10:32:06 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe
[2010/09/03 10:57:26 | 000,293,376 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\1wx24enh.exe
[2010/09/03 10:54:40 | 000,525,824 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/09/03 10:52:44 | 000,002,463 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/09/03 10:52:09 | 001,402,880 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010/08/31 03:00:22 | 000,001,789 | ---- | C] () -- I:\WINDOWS\imsins.BAK
[2010/08/10 13:06:50 | 000,005,946 | ---- | C] () -- I:\Documents and Settings\Administrator\reset.log
[2010/08/06 14:47:00 | 1040,355,328 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\vista_6000.16386.061101-2205-LRMAIK_EN.img
[2010/08/06 09:50:20 | 001,849,343 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\WindowsServer2003-KB892778-SP1-DeployTools-x86-ENU.cab
[2010/07/29 16:39:45 | 001,015,348 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\p95v2511.zip
[2010/07/08 16:09:54 | 000,000,706 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
[2010/07/08 16:09:49 | 000,116,224 | ---- | C] () -- I:\WINDOWS\System32\pdfcmnnt.dll
[2010/04/06 15:25:53 | 000,212,992 | ---- | C] () -- I:\WINDOWS\System32\nvapi.dll
[2010/04/06 11:45:20 | 000,000,036 | ---- | C] () -- I:\WINDOWS\webica.ini
[2009/12/22 10:45:43 | 000,008,875 | ---- | C] () -- I:\WINDOWS\cfgall.ini
[2009/12/22 10:40:10 | 000,156,672 | ---- | C] () -- I:\WINDOWS\System32\RTLCPAPI.dll
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- I:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- I:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- I:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- I:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- I:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- I:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2010/03/30 14:28:38 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Administrator\Application Data\ICAClient
[2010/09/08 15:00:33 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/04/06 16:23:32 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/04/22 09:30:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Administrator\Application Data\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: DBGHELP.DLL >
[2004/08/04 03:00:00 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=6479A184873F7CA797FF0375D711E9A6 -- I:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll
[2008/04/14 06:41:52 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=B6E6F3F5B63053D5DC1F4EE32992492F -- I:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
[2008/04/14 06:41:52 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=B6E6F3F5B63053D5DC1F4EE32992492F -- I:\WINDOWS\system32\dbghelp.dll

< MD5 for: MBAM.DLL >
[2010/04/29 15:39:30 | 000,350,544 | ---- | M] (Malwarebytes Corporation) MD5=AFDAA0258FBE0528C3F70AD889CE16F9 -- I:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
< End of report >
  • 0

#33
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
i've uninstalled dell resource cd. i can sync with the ntp server.
  • 0

#34
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
just did a quick scan and it was completed successfully without crashing.
was it the dell resouces cd that's causing the problem here?
is the md5 the hash algorithm?
and does this command check if the dll file is corrupted?
/md5start
dbghelp.dll
mbam.dll
/md5stop

Thanks.

Edited by drunkducki, 10 September 2010 - 02:58 PM.

  • 0

#35
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
did a full scan here's the log


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4591

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2010/9/10 1:29:00 PM
mbam-log-2010-09-10 (13-29-00).txt

Scan type: Full scan (I:\|)
Objects scanned: 157498
Time elapsed: 21 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
I:\System Volume Information\_restore{8D4B9B9D-D785-4791-9ADD-0FF658BBB14E}\RP111\A0007803.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8D4B9B9D-D785-4791-9ADD-0FF658BBB14E}\RP111\A0007806.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
I:\System Volume Information\_restore{8D4B9B9D-D785-4791-9ADD-0FF658BBB14E}\RP111\A0007807.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,320 posts
  • MVP
I think the Dell Resource CD was causing the installer to malfunction when it tried to install MBAM. The OTL scan we did looked for all instances of the files in the list and calculated the MD5 value for each. We can see from the results that the current dbghelp.dll is the same as one in another location so odds are that it is OK.

MBAM just had one instance. Normally I google for it to see if other people had it. When I do that I see there are 4 hits which is not a lot but I expect it changes fairly often plus it's not a file that get sent to virustotal.

Appears we are over the hump with this one. A little housekeeping:

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java (Java™ 6 Update 21). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 16 which may be new enough that it will be removed automatically.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 18.1 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://oldmcdonald.w...orun-eater-v25/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) and No Script are two others you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

Ron
  • 0

#37
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
ok thank you very much for your time. I really appreciate your help.

Edited by drunkducki, 13 September 2010 - 09:53 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP