Jump to content

Blocked IPs/Browser Redirects -- HELP!

J Barrett
 Share

Recommended Posts

J Barrett

J Barrett

Posted
Posted

Hi,

I hope someone can help me with this problem I've been trying to rid for a while...

When I do a Google search of anything and then click on a link, Firefox keeps redirecting the page I'm trying to go to to some random website. Usually the sites I get redirected to are for sketchy looking anti-virus/spyware/malware scanners, but sometimes it'll be a survey or "Special Offer" site.

I'm not positive these are related to the issue, but: I can't successfully run Windows Update. I'm able to see the available updates but when I try to download & install them, but I get a "Code 80072EFE" error. Also, Google Chrome randomly stopped loading web pages. I can open Chrome, but any page I attempt to load stays completely blank. No errors or "Page cannot be loaded" dialog. I started having these problems around the same time the redirecting started happening... before that my computer was running smoothly.

I downloaded and ran Kaspersky, Malwarebytes and Ad-Aware which detected several trojans/malware and "successfully" removed them and, so far, it seems like the redirection problem is gone for now. However Malwarebytes keeps notifying me of malicious IPs being blocked, so I don't think the threats are completely eradicated.

Along with the 'attach.txt' and 'ark.txt' files, I'm attaching the Malwarebytes Protection Log file because it lists the blocked IPs in question.

Help will be greatly appreciated! :]

--------Malwarebytes Log File--------

Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/1/2010 7:31:34 PM
mbam-log-2010-03-01 (19-31-34).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 236677
Time elapsed: 1 hour(s), 15 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\$Recycle.Bin\S-1-5-21-4237113963-1484899726-2999723710-1000\$R2EJKXI.Keymaker-CORE\cr-ae368\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Josh\Local Settings\Temporary Internet Files\udRemove.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\spool\prtprocs\w32x86\A721.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\gsej.tmp\svchost.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

--------DDS--------

DDS (Ver_09-12-01.01) - NTFSx86  
Run by Josh at 21:08:00.12 on Mon 03/01/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.1526.679 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\3RVX\3RVX.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Josh\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
uRun: [3RVX] c:\program files\3rvx\3RVX.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Getting started with MacDrive 8] "c:\program files\mediafour\macdrive 8\MDGetStarted.exe" /auto
mRun: [MacDrive 8 application] "c:\program files\mediafour\macdrive 8\MacDrive.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\edjhkpzg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT851238&SearchSource=3&q={searchTerms}
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\users\josh\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-1 64288]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2009-9-28 259176]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2009-7-31 27488]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\mediafour\macdrive 8\MacDrive8Service.exe [2009-9-23 150528]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-1 236368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-18 1044808]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-1 19160]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2009-12-4 2595840]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-1 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-1-5 664944]

=============== Created Last 30 ================

2010-03-02 02:06:09	0	----a-w-	c:\users\josh\defogger_reenable
2010-03-02 01:50:00	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-03-02 00:56:09	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-03-02 00:56:02	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-03-02 00:46:31	0	dc-h--w-	c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-02 00:45:59	0	d-----w-	c:\programdata\Lavasoft
2010-03-02 00:45:59	0	d-----w-	c:\program files\Lavasoft
2010-03-01 23:49:44	0	d-----w-	c:\users\josh\appdata\roaming\eMusic
2010-03-01 23:49:29	0	d-----w-	c:\program files\eMusic Download Manager
2010-03-01 22:45:11	0	d-----w-	c:\users\josh\appdata\roaming\Malwarebytes
2010-03-01 22:45:01	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 22:44:58	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-03-01 22:44:58	0	d-----w-	c:\programdata\Malwarebytes
2010-03-01 22:44:58	0	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-03-01 02:31:43	0	d-sh--w-	c:\users\josh\appdata\roaming\lowsec
2010-02-26 05:20:40	0	d-----w-	c:\users\josh\fontconfig
2010-02-26 05:16:04	0	d-----w-	c:\program files\MPlayer for Windows
2010-02-26 02:30:41	0	d-----w-	c:\program files\MPC HomeCinema
2010-02-25 03:04:42	95259	----a-w-	c:\windows\system32\drivers\klick.dat
2010-02-25 03:04:42	108059	----a-w-	c:\windows\system32\drivers\klin.dat
2010-02-25 03:03:51	0	d-----w-	c:\programdata\Kaspersky Lab
2010-02-25 03:03:51	0	d-----w-	c:\program files\Kaspersky Lab
2010-02-25 03:01:16	0	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2010-02-25 01:11:33	65536	--sha-w-	c:\users\josh\ntuser.dat{0fef4c27-21a7-11df-8c60-00014aeee24c}.TM.blf
2010-02-25 01:11:33	524288	--sha-w-	c:\users\josh\ntuser.dat{0fef4c27-21a7-11df-8c60-00014aeee24c}.TMContainer00000000000000000002.regtrans-ms
2010-02-25 01:11:33	524288	--sha-w-	c:\users\josh\ntuser.dat{0fef4c27-21a7-11df-8c60-00014aeee24c}.TMContainer00000000000000000001.regtrans-ms
2010-02-13 04:59:46	0	d---a-w-	c:\programdata\TEMP
2010-02-12 20:28:50	0	d-----w-	c:\program files\common files\Software Update Utility
2010-02-08 23:22:58	0	d-----w-	c:\program files\Microsoft IntelliPoint
2010-02-06 05:33:15	0	d-----w-	c:\program files\iPod
2010-02-06 05:33:13	0	d-----w-	c:\program files\iTunes
2010-02-05 23:53:04	977920	----a-w-	c:\windows\system32\wininet.dll
2010-02-05 21:10:15	0	d-----w-	c:\windows\ShellNew
2010-02-05 04:32:03	0	d-----w-	c:\programdata\AIM
2010-02-05 04:31:57	0	d-----w-	c:\program files\AIM
2010-02-05 04:31:53	0	d-----w-	c:\program files\common files\AOL
2010-02-05 04:31:41	693	---ha-w-	C:\IPH.PH
2010-02-03 02:44:21	30536	----a-w-	c:\windows\system32\TURegOpt.exe
2010-02-03 02:44:15	30024	----a-w-	c:\windows\system32\uxtuneup.dll
2010-02-03 02:44:15	21320	----a-w-	c:\windows\system32\authuitu.dll
2010-02-03 02:43:47	0	d-----w-	c:\users\josh\appdata\roaming\TuneUp Software
2010-02-03 02:43:32	0	d-----w-	c:\program files\TuneUp Utilities 2010
2010-02-03 02:42:34	0	d-----w-	c:\programdata\TuneUp Software
2010-02-03 02:42:19	0	d-sh--w-	c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

==================== Find3M  ====================

2010-01-18 23:29:31	85504	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31	85504	----a-w-	c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31	365568	----a-w-	c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30	369152	----a-w-	c:\windows\system32\secproc.dll
2010-01-18 23:28:33	324608	----a-w-	c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33	277504	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30	320512	----a-w-	c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30	280064	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2010-01-14 16:12:06	181120	------w-	c:\windows\system32\MpSigStub.exe
2010-01-08 03:18:02	221184	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-01-05 21:33:21	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2009-12-19 09:02:52	12288	----a-w-	c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48	1328640	----a-w-	c:\windows\system32\quartz.dll
2009-12-19 09:02:46	22016	----a-w-	c:\windows\system32\msyuv.dll
2009-12-19 09:02:45	31744	----a-w-	c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45	13312	----a-w-	c:\windows\system32\msrle32.dll
2009-12-19 09:02:40	84480	----a-w-	c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39	50176	----a-w-	c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01	91648	----a-w-	c:\windows\system32\avifil32.dll
2009-12-18 00:30:08	87608	----a-w-	c:\users\josh\appdata\roaming\inst.exe
2009-12-18 00:30:08	47360	----a-w-	c:\users\josh\appdata\roaming\pcouffin.sys
2009-12-11 18:00:00	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2009-12-08 23:11:49	5640880	----a-w-	c:\windows\system32\SpoonUninstall.exe
2009-12-08 11:40:12	3955288	----a-w-	c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12	3899464	----a-w-	c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02	292864	----a-w-	c:\windows\system32\apphelp.dll
2009-12-04 00:58:36	21316	----a-w-	c:\windows\system32\emptyregdb.dat
2009-07-14 04:56:42	31548	----a-w-	c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42	31548	----a-w-	c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42	291294	----a-w-	c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42	291294	----a-w-	c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57	174	--sha-w-	c:\program files\desktop.ini
2009-07-14 00:34:40	291294	----a-w-	c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40	291294	----a-w-	c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38	31548	----a-w-	c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38	31548	----a-w-	c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35	9633792	--sha-r-	c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:09:51.04 ===============

Attach.zip

ark.zip

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Hello J Barrett

Welcome to Malwarebytes.

====================

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to reboot choose y then hit enter.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

Link to post
Share on other sites
J Barrett

J Barrett

Posted
  • Author
Posted
Hello J Barrett

Welcome to Malwarebytes.

====================

Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to reboot choose y then hit enter.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log

Hi there! I literally JUST finished wiping my HD/reinstalling Windows 7 because the problems I was having just kept escalating & eventually made it impossible to use my computer... so I suppose this thread is no longer necessary. :huh:

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.