Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cryp_frdload


  • This topic is locked This topic is locked
18 replies to this topic

#1 Jihiro

Jihiro

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:06:12 PM

Posted 29 June 2009 - 12:10 AM

Whenever Trend Micro PC-cillin does it's daily scan, I keep seeing this thing called cryp_frdload (C:\Users\Jihiro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KUBHW4HI\A9installer_77o11804[1].exe is what it says under the 'Name or Location' tab) but it wont let me clean, quarantine or delete it or anything, all the buttons remain greyed out. There's already a topic here where I tried several things to no avail, hopefully with some more helpful information for you to work with, 'cause I don't really know what else to tell you ^_^;

Here's the DDS file:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Jihiro at 0:36:08.35 on Mon 06/29/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1012.423 [GMT -4:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Jihiro\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jihiro\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080328
uWindow Title = Internet Explorer provided by Dell
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [BitTorrent DNA] "c:\users\jihiro\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [RtHDVCpl] RtHDVCpl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jihiro\appdata\roaming\mozilla\firefox\profiles\njlya8g9.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\jihiro\appdata\roaming\mozilla\firefox\profiles\njlya8g9.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-3-27 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-3-27 280392]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-06-21 18:15 --d----- c:\programdata\SUPERAntiSpyware.com
2009-06-21 18:15 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-06-21 18:14 --d----- c:\users\jihiro\appdata\roaming\SUPERAntiSpyware.com
2009-06-21 18:14 --d----- c:\program files\SUPERAntiSpyware
2009-06-21 18:13 --d----- c:\program files\common files\Wise Installation Wizard
2009-06-20 04:39 --d----- c:\users\jihiro\appdata\roaming\Malwarebytes
2009-06-20 04:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 04:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-20 04:39 --d----- c:\programdata\Malwarebytes
2009-06-20 04:39 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 04:39 --d----- c:\progra~2\Malwarebytes
2009-06-11 07:00 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-02 07:28 --d----- c:\program files\DivX
2009-06-02 07:28 --d----- c:\program files\common files\DivX Shared

==================== Find3M ====================

2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-02-19 06:46 160 a------- c:\users\jihiro\appdata\roaming\wklnhst.dat
2009-01-13 03:24 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-13 03:24 51,200 a------- c:\windows\inf\infpub.dat
2009-01-13 03:24 86,016 a------- c:\windows\inf\infstor.dat
2008-06-24 03:18 174 a--sh--- c:\program files\desktop.ini
2008-06-24 03:10 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:36:52.97 ===============
Attached File  Attach.txt   3.22KB   17 downloads

BC AdBot (Login to Remove)

 


m

#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 02 July 2009 - 01:09 PM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 Jihiro

Jihiro
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:06:12 PM

Posted 02 July 2009 - 09:22 PM

Here's a fresh DDS log file and attachment thingy. As for any specific problems I'm having with my comp, there are none, unless you count Firefox crashing from time to time because it's memory usage just goes higher and higher when I keep using the same window all night long. Like up to 500,000-600,000 K which is insane... The only thing I'm here about is this thing called cryp_frdload that keeps showing up on my Trend Micro PC-cillin scanner thingy but it won't let me quarantine/delete it or anything. I don't even know if whatever it is is having any adverse effects. I've not noticed any so I may end up saying screw it and continue to ignore it. Anywho, here's the log files:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Jihiro at 22:16:52.81 on Thu 07/02/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1012.360 [GMT -4:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Users\Jihiro\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jihiro\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080328
uWindow Title = Internet Explorer provided by Dell
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [BitTorrent DNA] "c:\users\jihiro\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [RtHDVCpl] RtHDVCpl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jihiro\appdata\roaming\mozilla\firefox\profiles\njlya8g9.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\jihiro\appdata\roaming\mozilla\firefox\profiles\njlya8g9.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2007-11-9 345696]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2007-11-9 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-3-27 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2007-11-9 566872]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-3-27 280392]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-06-21 18:15 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-06-21 18:15 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-06-21 18:14 <DIR> --d----- c:\users\jihiro\appdata\roaming\SUPERAntiSpyware.com
2009-06-21 18:14 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-21 18:13 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-20 04:39 <DIR> --d----- c:\users\jihiro\appdata\roaming\Malwarebytes
2009-06-20 04:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 04:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-20 04:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-20 04:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 04:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-11 07:00 2,033,152 a------- c:\windows\system32\win32k.sys

==================== Find3M ====================

2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-02-19 06:46 160 a------- c:\users\jihiro\appdata\roaming\wklnhst.dat
2009-01-13 03:24 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-13 03:24 51,200 a------- c:\windows\inf\infpub.dat
2009-01-13 03:24 86,016 a------- c:\windows\inf\infstor.dat
2008-06-24 03:18 174 a--sh--- c:\program files\desktop.ini
2008-06-24 03:10 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:17:15.85 ===============

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 04 July 2009 - 06:20 PM

Hello.

Those logs look clean.

Let's try clearing the temporary files and taking a more indepth scan.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.
  • Double-click ATF-Cleaner.exe to run the program. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
Download and Run Fix with OTListIt
Please download OTListIt by OldTimer to your desktop.
Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTL.exe and select Run As Administrator.
Copy the contents of the CodeBox below into the Custom Scans/Fixes.
:commands
[EmptyTemp]

Click the Run Fix button. The fix should take a moment to complete. Post back with the logfile that opens.

After clicking Run Fix, OTListIt may ask to reboot the machine. If so, a logfile will open after the reboot.

After the fix is complete, open OTListIt again and click the Run Scan button. Be sure to include both the Fix and Scan logs.

With Regards,
The Panda

#5 Jihiro

Jihiro
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:06:12 PM

Posted 05 July 2009 - 03:26 AM

Hmm...I don't quite understand what happened, but it seems the cryp_frdload thing is gone. After you said my last scan looked clean I decided to run my Trend Micro PC-cillin again all was clear. I swear it was still there a while ago after the last things I tried. Oh well, I must be going crazy lol :thumbup2:

At any rate, thanks to everyone who spent their precious time helping me! I am much obliged. =P


THANK YOU

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 05 July 2009 - 08:38 AM

That's sounds good.

Would you like to continue, or are you content with the current state?

The Panda

#7 Jihiro

Jihiro
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:06:12 PM

Posted 05 July 2009 - 02:01 PM

Everything seems to be fine now, so I guess I'm good =P I can't really think of anything else that needs done....well except a few things maybe. In my last thread where someone was trying to help me, they had me make hidden files unhidden. First off about that, it made a whole butt load of weird sorta-see-through files all titled 'desktop.ini' and they're like everywhere. 2 actually on my desktop, 1 in My Documents, 1 in my Pictures, they're just everywhere. And all called the same exact thing. I was wondering if you knew what these are, if theyre normal and should be left alone, and how I can make them hidden again (if that's even what I should do...)

Also, this dds.scr thing can be deleted, right?

Also also, I should make a fresh restore point and whatever right? The thing is, whenever I try to do that now it always tells me I don't have enough memory or something. Shouldn't it be deleting all the old stuff as it goes along? I realize this prolly isn't the forum to ask this, but perhaps you could point me in the right direction?

Again, thank you sooo much!

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 05 July 2009 - 04:55 PM

Hello.

I was wondering if you knew what these are, if theyre normal and should be left alone, and how I can make them hidden again

Normally, you don't need to see hidden files. If you want to hide your hidden files . .
  • Double click the My Computer icon.
  • In the explorer window that pops-up, select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Remove the checkmark from the the checkbox labeled Display the Contents of System Folders.
  • Put a checkmark in the checkbox labeled Hide File Extensions for Known File Types, if it is not already unchecked.
  • Put a checkmark in the checkbox labeled Hide Protected Operating System Files, if it is not already unchecked.
  • Click the Apply button and then the OK button.
  • Close all the windows.
The desktop.ini files you see are folder view configuration files. For example, when you set a folder to thumbnails view, that data is stored in a desktop.ini file.

Also, this dds.scr thing can be deleted, right?

DDS can be deleted.

Let's try freeing up some space . .

Download and Run CCleaner
We will use CCleaner by Piriform to remove uneeded temporary files and settings to free space.

From this page, download the CCleaner setup file to your desktop by clicking Download Latest Version at the top right.
Double click ccsetup***.exe to run the installer. If you are using Windows Vista, right click the icon and select Run As Administrator.
Follow the prompts.
I suggest you uncheck the option for installing the Yahoo! Toolbar. The other settings are up to you.

Open CCleaner. You can do this by clicking on Start->Run->Type: ccleaner
Leaving the settings at default, click Run Cleaner.
Close CCleaner.

You can uninstall CCleaner using Add/Remove Programs if you wish.

Please do not use the other features of CCleaner unless asked.
---
Try creating a new restore point after.

With Regards,
The Panda

#9 Jihiro

Jihiro
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:06:12 PM

Posted 05 July 2009 - 11:24 PM

It still said 'There is not enough space to save the backup files. Free up disk space or change your backup settings.'

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 06 July 2009 - 08:05 AM

Hello.

Right click the My Computer icon on your desktop and select Properties-> System Restore tab.
Click the Settings button.
Tell me what the amount of disk space to use is.

With Regards,
The Panda

#11 Jihiro

Jihiro
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:06:12 PM

Posted 06 July 2009 - 03:42 PM

I dont have a My Computer icon on my desktop =S I'm using windows vista, if that helps.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 06 July 2009 - 04:22 PM

Sorry . . I had it based on an XP machine.

Click on the Windows Orb.
In the menu, there should be "Computer". Right click that and select Properties,
Click the System Protection under Tasks.
Under the "Create Restore Points automatically on the selected disks, uncheck all but the C: drive.
Apply the settings and quit.

Does that help at all?

Please run DDS again and post the Attach.txt file. The last one showed the restore points were being created automatically without issue.

There is plenty of space on the disk, so I don't see why you are getting those errors.

With Regards,
The Panda

#13 Jihiro

Jihiro
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:06:12 PM

Posted 06 July 2009 - 08:47 PM

The C: drive was already the only one with a check mark. But err...thats confusing...the only other drive listed in that system properties thing is D: drive which isn't checked but I think that's the one it's supposed to be saving stuff to? It's called RECOVERY (D:) when I click 'Computer' and that's the one that keeps getting overly filled when I try to backup my files. Right now its little bar showing what I assume is how full it is is completely full and red. Below it says 5.99 MB free of 9.99 GB. I would just delete everything in that D: drive and start over but I don't know what that would do, and I don't know how else to clean out all the old crap. Also, it's been saying for a while now that there wasn't enough space every time I would turn on my computer and I got tired of seeing it and told it to stop showing up or whatever, which prolly made it stop trying.

Here's a fresh DDS attachment thingy and the normal one too in case you need it:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Jihiro at 21:39:01.79 on Mon 07/06/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.1012.145 [GMT -4:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Jihiro\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jihiro\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080328
uWindow Title = Internet Explorer provided by Dell
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [BitTorrent DNA] "c:\users\jihiro\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jihiro\appdata\roaming\mozilla\firefox\profiles\njlya8g9.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\jihiro\appdata\roaming\mozilla\firefox\profiles\njlya8g9.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-05 22:01 <DIR> --d----- c:\program files\CCleaner
2009-07-05 04:35 <DIR> --d----- c:\program files\Celestia
2009-06-21 18:15 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-06-21 18:15 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-06-21 18:14 <DIR> --d----- c:\users\jihiro\appdata\roaming\SUPERAntiSpyware.com
2009-06-21 18:14 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-21 18:13 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-20 04:39 <DIR> --d----- c:\users\jihiro\appdata\roaming\Malwarebytes
2009-06-20 04:39 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 04:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-20 04:39 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-20 04:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 04:39 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-11 07:00 2,033,152 a------- c:\windows\system32\win32k.sys

==================== Find3M ====================

2009-07-03 13:26 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-03 13:26 51,200 a------- c:\windows\inf\infpub.dat
2009-07-03 13:24 86,016 a------- c:\windows\inf\infstor.dat
2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-02-19 06:46 160 a------- c:\users\jihiro\appdata\roaming\wklnhst.dat
2008-06-24 03:18 174 a--sh--- c:\program files\desktop.ini
2008-06-24 03:10 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:40:02.23 ===============

Attached Files


Edited by Jihiro, 06 July 2009 - 08:48 PM.


#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 07 July 2009 - 08:18 AM

Hello.

You might want to consider compressing the files on the D: drive.

Do you know if that is a separate drive, or just a partition with the C: ?

With Regards,
The Panda

#15 Jihiro

Jihiro
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ohio
  • Local time:06:12 PM

Posted 07 July 2009 - 11:48 AM

I have no idea. How to compress it and whether it's a separate drive or not. When I click on 'Computer' in my start menu, it says:

Hard Disk Drives (2)

OS (C:) and RECOVERY (D:)

then: Devices with removable storage (1)

DVD RW Drive (E:)



I hope that tells you what you needta know ^_^;




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users