Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacker or possible trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 AGuyAndALaptop

AGuyAndALaptop

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 13 October 2010 - 05:09 AM

Hello,

I have been getting redirected when browsing using FireFox, and I got an alert from my Avast AV reporting an infection of SVCHOST.EXE, and also warnings about malicious web sites. These alerts pop up when my machine is sitting idle, and not actively browsing the Web.

I also started receiving alerts from Microsoft Security Essentials. I have run scans with Avast, MalwareBytes and Spybot Search & Destroy. Avast found a virus and quarantined it. Malware Bytes and Spybot S&D found nothing.

My Windows Firewall service will not start, and I receive an error that it cannot find the file specified.

***Note *** I am having problems getting Gmer to run to completion so I can post the log. I locked up on my when I tried to save, and then I rebooted and restarted Gmer and then got a BSOD. I will try Gmer again later this afternoon.

Here are my logs:


DDS (Ver_10-10-10.03) - NTFSx86
Run by Ignacio at 0:26:43.54 on Wed 10/13/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2458 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ignacio\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uWinlogon: Shell=c:\documents and settings\ignacio\application data\hotfix.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.7.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264168225187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264168213015
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://bis.na.blackberry.com/html/web/client_tools/TOImport.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {28A47114-C3F0-4EEE-827F-45F4EB6308D3} = 192.168.1.1
TCP: {370E624D-60AB-4E91-A51C-A77E39F82EC2} = 192.168.1.254
TCP: {D0D8C33C-FB24-4186-9BAC-7C17606BD69F} = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ignacio\applic~1\mozilla\firefox\profiles\fjdi59q7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\ignacio\local settings\application data\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-17 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-1 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-1 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2009-12-12 6656]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]
R3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [2010-2-19 196409]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys --> c:\windows\system32\drivers\cccp106.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-25 18560]
S3 nuvaudio;NUVision Audio Service;c:\windows\system32\drivers\nuvaudio.sys [2007-1-12 22848]
S3 NUVision;NUVision Video Service;c:\windows\system32\drivers\NUVision.sys [2007-1-12 135424]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2005-4-10 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2005-4-10 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2005-4-10 21081]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\ultramonmirror.sys --> c:\windows\system32\drivers\UltraMonMirror.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-10-13 03:54:21 166 ----a-w- c:\docume~1\ignacio\applic~1\dsfsds.bat
2010-10-13 01:13:25 388096 ----a-r- c:\docume~1\ignacio\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-10 19:56:35 -------- d-----w- c:\windows\D9DE9E0371CA423BB10157F13A751003.TMP
2010-10-07 22:55:39 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-10-07 22:55:36 -------- d-----w- c:\docume~1\ignacio\locals~1\applic~1\Downloaded Installations
2010-10-07 22:55:35 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-10-04 21:04:35 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2010-10-04 21:04:31 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-10-04 21:04:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-10-04 21:04:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-04 21:04:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-09-22 22:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-22 22:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-15 20:01:44 -------- d-----w- c:\windows\system32\custom matrices
2010-09-15 20:01:41 -------- d-----w- c:\windows\system32\C2MP
2010-09-15 00:02:00 -------- d-----w- c:\program files\Light-O-Rama
2010-09-15 00:02:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Light-O-Rama

==================== Find3M ====================

2010-10-04 21:16:42 218496 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-04 21:16:42 218496 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-04 21:04:56 138056 ----a-w- c:\docume~1\ignacio\applic~1\PnkBstrK.sys
2010-10-04 21:04:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-24 21:32:48 98304 ----a-w- c:\windows\system32\vbalDTab6.ocx
2010-08-24 21:32:48 94208 ----a-w- c:\windows\system32\vbalIml6.ocx
2010-08-24 21:32:48 49152 ----a-w- c:\windows\system32\vbalMDITabs6.dll
2010-08-24 21:32:48 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-08-24 21:32:48 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2010-08-24 21:32:34 90112 ----a-w- c:\windows\system32\ccrpTmr6.dll
2010-08-24 21:32:34 386872 ----a-w- c:\windows\system32\mswless.ocx
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2005-07-14 19:31:20 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2007-12-17 13:43:00 27648 --sha-w- c:\windows\system32\Smab0.dll

============= FINISH: 0:27:55.95 ===============

Follow up *** I am not able to run Gmer at all. Now it keeps crashing with a Windows error, both in normal mode and Safe Mode.

I am able to run HJT, if that helps.

EDIT: Posts merged ~BP

Edited by Budapest, 13 October 2010 - 04:03 PM.


BC AdBot (Login to Remove)

 


#2 AGuyAndALaptop

AGuyAndALaptop
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 15 October 2010 - 06:58 AM

Good morning,

I know the folks here are swamped with help requests, and I needed my PC for some urgent projects, so I have gone ahead and wiped it and reinstalled Windows, it was probably due for a reformat anyway.

You can go ahead and close out this thread.

Thanks for everything the volunteers do to help!!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:22 AM

Posted 15 October 2010 - 10:44 AM

Hello,

Thank you for letting us know. I'm sorry we couldn't get to you sooner. Sometimes a reformat and reinstall is the quickest solution.

Since this issue seems to be resolved, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users