Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Total PC Defender


  • This topic is locked This topic is locked
5 replies to this topic

#1 Vince Cracchiolo

Vince Cracchiolo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 08 March 2010 - 04:03 PM

I have an infection on my Windows XP machine. It has had different names, Security Essentials 2010, Total PC Defender, and at least one other one. I have tried what similar posters have recommended, rkill, then malwarebytes anti-malware, AVG, spydoctor, spybot, and avast.

When I use firefox, most of my search results in google do not work, they go to some spam page. I also am unable to download any files from the internet. I cannot open EXE files from my desktop unless I go to properties and unblock them. AVG would not run, but i uninstalled and reinstalled it and it appears to be working. While running gmer.exe I got a blue screen of death. I ran gmer.exe a 2nd time, it ran for over 4 hours so I stopped it. I then could not do anything on the machine. It took ten minutes for notepad to open, and then i tried saving what i had copied and it just froze. I could not open Word or Wordpad either.




DDS (Ver_09-12-01.01) - NTFSx86
Run by Guest MVP at 12:55:06.59 on Mon 03/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1404 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\vtigercrm-5.1.0\apache\bin\Apache.exe
C:\Program Files\vtigercrm-5.1.0\mysql\bin\mysqld-nt.exe
C:\Program Files\vtigercrm-5.1.0\apache\bin\Apache.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Guest MVP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0071120
uSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0071120
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
dRun: [mlkhgfdrv] rundll32.exe "cbbabx.dll",s
dRun: [urrpolsys] rundll32.exe "cbxuss.dll",DllRegisterServer
mPolicies-system: EnableLUA = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235682370484
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: jayamuja.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 cbxuss.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\guestm~1\applic~1\mozilla\firefox\profiles\8burq8jr.default\
FF - component: c:\documents and settings\guest mvp\application data\mozilla\firefox\profiles\8burq8jr.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\guest mvp\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\guest mvp\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {08DE4E51-1F3F-4D7A-9067-2EE380B8855A} - c:\documents and settings\guest mvp\local settings\application data\{08DE4E51-1F3F-4D7A-9067-2EE380B8855A}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-8 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-8 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-8 242696]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-8 308064]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-2-26 47640]
R2 vtigercrmApache510;vtigercrmApache510;c:\program files\vtigercrm-5.1.0\apache\bin\Apache.exe [2009-5-8 20541]
R2 vtigercrmMysql510;vtigercrmMysql510;"c:\program files\vtigercrm-5.1.0\mysql\bin\mysqld-nt" "--defaults-file=c:\program files\vtigercrm-5.1.0\mysql\my.ini" vtigercrmmysql510 --> c:\program files\vtigercrm-5.1.0\mysql\bin\mysqld-nt [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 elomoufiltr;ELO TouchSystems-SRV2;c:\windows\system32\drivers\EloFiltr.sys [2007-12-17 53248]
S3 EloUsb;ELO TouchSystems-SRV;c:\windows\system32\drivers\EloUsb.Sys [2007-12-17 92032]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S4 123LiveHelp5.0;123LiveHelp5.0;c:\program files\123 live help 5.0\lhserver.exe [2010-1-1 156824]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2010-03-08 16:02:40 0 d-----w- c:\program files\Total PC Defender
2010-03-08 15:42:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-08 15:42:08 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-08 15:42:04 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-08 15:41:56 0 d-----w- c:\windows\system32\drivers\Avg
2010-03-08 15:41:38 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-03-08 15:03:34 0 d-----w- C:\VundoFix Backups
2010-03-05 20:19:30 0 d-----w- c:\docume~1\guestm~1\applic~1\WinAVI
2010-03-05 19:44:41 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-05 19:33:56 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-05 19:33:47 0 d-----w- c:\docume~1\guestm~1\applic~1\SUPERAntiSpyware.com
2010-03-05 14:05:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-04 21:48:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-04 17:08:01 99840 ---ha-w- c:\windows\system32\cbbabx.dll
2010-03-03 15:30:51 99840 ---ha-w- c:\windows\system32\rqrsrq.dll
2010-02-26 21:56:25 0 d-----w- c:\program files\MP3MyMP3 3.0
2010-02-23 22:02:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Pixela
2010-02-23 21:54:27 0 d-----w- c:\program files\PIXELA
2010-02-23 15:15:39 0 d-----w- c:\program files\Windows Media Connect 2
2010-02-22 16:30:16 0 d-----w- c:\windows\SxsCaPendDel
2010-02-19 17:15:42 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-18 18:15:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-18 18:06:45 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~0
2010-02-18 17:03:18 315 ----a-w- c:\windows\wininit.ini
2010-02-18 14:10:03 0 d-----w- c:\docume~1\guestm~1\applic~1\Malwarebytes
2010-02-18 14:09:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 14:09:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 14:09:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 14:09:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-18 13:13:32 0 ----a-w- c:\windows\system32\1869.exe
2010-02-18 12:53:32 0 ----a-w- c:\windows\system32\11538.exe
2010-02-18 12:33:32 0 ----a-w- c:\windows\system32\14771.exe
2010-02-18 12:13:32 0 ----a-w- c:\windows\system32\21726.exe
2010-02-18 11:53:31 0 ----a-w- c:\windows\system32\5447.exe
2010-02-18 11:33:31 0 ----a-w- c:\windows\system32\19895.exe
2010-02-18 11:13:31 0 ----a-w- c:\windows\system32\19718.exe
2010-02-18 10:53:30 0 ----a-w- c:\windows\system32\18716.exe
2010-02-18 10:33:30 0 ----a-w- c:\windows\system32\17421.exe
2010-02-18 10:13:30 0 ----a-w- c:\windows\system32\12382.exe
2010-02-18 09:53:29 0 ----a-w- c:\windows\system32\292.exe
2010-02-18 09:33:29 0 ----a-w- c:\windows\system32\153.exe
2010-02-18 09:13:29 0 ----a-w- c:\windows\system32\3902.exe
2010-02-18 08:53:28 0 ----a-w- c:\windows\system32\14604.exe
2010-02-18 08:33:28 0 ----a-w- c:\windows\system32\32391.exe
2010-02-18 08:13:28 0 ----a-w- c:\windows\system32\5436.exe
2010-02-18 07:53:28 0 ----a-w- c:\windows\system32\4827.exe
2010-02-18 07:33:27 0 ----a-w- c:\windows\system32\11942.exe
2010-02-18 07:13:27 0 ----a-w- c:\windows\system32\2995.exe
2010-02-18 06:53:27 0 ----a-w- c:\windows\system32\491.exe
2010-02-18 06:33:26 0 ----a-w- c:\windows\system32\9961.exe
2010-02-18 06:13:26 0 ----a-w- c:\windows\system32\16827.exe
2010-02-18 05:53:26 0 ----a-w- c:\windows\system32\23281.exe
2010-02-18 05:33:25 0 ----a-w- c:\windows\system32\28145.exe
2010-02-18 05:13:25 0 ----a-w- c:\windows\system32\5705.exe
2010-02-18 04:53:25 0 ----a-w- c:\windows\system32\24464.exe
2010-02-18 04:33:25 0 ----a-w- c:\windows\system32\26962.exe
2010-02-18 04:13:24 0 ----a-w- c:\windows\system32\29358.exe
2010-02-18 03:53:24 0 ----a-w- c:\windows\system32\11478.exe
2010-02-18 03:33:24 0 ----a-w- c:\windows\system32\15724.exe
2010-02-18 03:13:23 0 ----a-w- c:\windows\system32\19169.exe
2010-02-18 02:53:23 0 ----a-w- c:\windows\system32\26500.exe
2010-02-11 16:36:10 0 d-----w- c:\program files\WinAVI Video Converter

==================== Find3M ====================

2010-01-01 22:23:46 122588 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-23 20:00:18 4741664 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-23 20:00:19 41760 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 12:56:49.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:49 AM

Posted 11 March 2010 - 02:12 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Vince Cracchiolo

Vince Cracchiolo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 11 March 2010 - 02:17 PM


I ran Hitman Pro 3.5 and it seemed to do the trick, I have not had any problems with that PC since then. I reinstalled firefox which really did not do anything. The only thing I still notice is that I cannot download things in firefox. I use the download status bar, and it just has a grey box on the bottom.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:49 AM

Posted 11 March 2010 - 04:34 PM

Hi Vince,

You might want to uninstall and reinstall Firefox which should sort that out. You could also try asking on the browser forum here.

If you are happy that you are clean then let me know and I will close the topic. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#5 Vince Cracchiolo

Vince Cracchiolo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 11 March 2010 - 04:36 PM

yeah, i already reinstalled firefox so i am sure that is not it. but that is the only problem i am having so feel free to close the topic now. thanks!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:49 AM

Posted 11 March 2010 - 05:40 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users