Jump to content

malware redirects

taradog
 Share

Recommended Posts

taradog

taradog

Posted
Posted

DDS (Ver_10-03-17.01) - NTFSx86

Run by Steve at 16:54:06.03 on Fri 04/16/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2534.1939 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp .exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS .exe

C:\Program Files\Citrix\GoToMyPC\g2svc .exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui .exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Steve\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>;*.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [GoToMyPC] "c:\program files\citrix\gotomypc\g2svc.exe" -logon

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [iTunesLocalizediTunes] c:\program files\itunes\itunes.resources\ja.lproj\itunesituneslocalized9.0.2.7.exe

mRun: [QuickTimeQuickTimeResources] c:\program files\quicktime\qtsystem\quicktime3gppauthoring.resources\de.lproj\quicktimeresourcesquicktime.exe

mRun: [WABMIGSETUP50] c:\program files\outlook express\wabimpoemig50.exe

mRun: [PanelHelperBasePropPanelHelpers7.6.51327.80] c:\program files\quicktime\propertypanels\quicktimequicktime.exe

mRun: [annoannopQuickTime] c:\program files\quicktime\propertypanels\quicktimequicktime.exe

mRun: [syncUICoreLocalizedMobileMe] c:\program files\common files\apple\mobile device support\bin\syncuicore.resources\fr.lproj\mobilemesyncuicore.exe

mRun: [setupSetup15.0] c:\program files\common files\logishrd\logidriverstore\lvdrivers\12.0.1278\installshieldsetup15.0.498.exe

mRun: [iTunesMiniPlayerLocalizediTunesMiniPlayerLocalized] c:\program files\itunes\itunesminiplayer.resources\sv.lproj\itunesminiplayerlocalizeditunes.exe

mRun: [quicktimequicktime] c:\program files\quicktime\propertypanels\quicktimequicktime.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\progra~1\malwar~1\MBAM.exe" /runcleanupscript

mRunServices: [ybkU] c:\windows\temp\ybku.exe

mRunServices: [Dynamicversion] c:\program files\hp\digital imaging\help\1041\librarydynamic.exe

mRunServices: [MobileApple] c:\program files\common files\apple\mobile device support\drivers\usbaaplrcdevice.exe

mRunServices: [QuickTimeResourcesQuickTime] c:\program files\quicktime\propertypanels\panelhelperbase.resources\nl.lproj\quicktimeresourcesquicktime.exe

mRunServices: [QuickTimeQuickTime] c:\program files\quicktime\propertypanels\quicktimequicktime.exe

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: flyingj.com\b2b

Trusted Zone: intuit.com\ttlc

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\yb1pgb1v.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: keyword.URL - hxxp://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-71-0-q0TJ\n&q=

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [2009-8-13 971232]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214664]

R2 k;k;c:\windows\system32\o.sys [2010-4-15 4736]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-11 303952]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-4 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-8-4 144704]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-11 20824]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-8-4 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-4 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-4 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-4 40552]

S2 AVerRemote;AVerRemote;c:\program files\common files\avermedia\service\AVerRemote.exe [2009-8-20 352256]

S2 AVerScheduleService;AVerScheduleService;c:\program files\common files\avermedia\service\AVerScheduleService.exe [2009-8-20 409600]

S2 gupdate1ca19dd92d3f874;Google Update Service (gupdate1ca19dd92d3f874);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 AVerFx2hbtv;AVerMedia H826 USB Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2009-8-9 272640]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-11 38224]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-4 34248]

============== File Associations ===============

.scr=DWGTrueViewScriptFile

=============== Created Last 30 ================

2010-04-16 22:51:37 0 ----a-w- c:\documents and settings\steve\defogger_reenable

2010-04-16 15:49:54 0 d-----w- C:\spoolerlogs

2010-04-15 19:06:30 4736 ----a-w- c:\windows\system32\o.sys

2010-04-14 13:15:19 41480 ----a-w- c:\docume~1\alluse~1\applic~1\5R13r6xt.exe

2010-04-14 01:15:18 41480 ----a-w- c:\windows\system32\5R13r6xt.com

2010-04-13 13:46:00 0 d-----w- c:\program files\CCleaner

2010-04-13 12:27:38 0 d--h--w- c:\windows\PIF

2010-04-13 12:18:56 41480 ----a-w- c:\documents and settings\steve\5R13r6xt.com

2010-04-12 23:30:05 41480 ----a-w- c:\windows\system32\OperatingWindows.exe

2010-04-12 23:28:02 41480 ----a-w- c:\windows\brunin03Monitor.exe

2010-04-12 23:26:10 41480 -c--a-w- c:\windows\system32\dllcache\SystemProxy.exe

2010-04-12 23:25:35 41480 ----a-w- c:\windows\system\mmsystemavifile.exe

2010-04-12 23:25:28 41480 ----a-w- c:\windows\system32\wbem\trnsprovWindows.exe

2010-04-12 19:51:26 0 d-----w- c:\docume~1\alluse~1\applic~1\avG

2010-04-12 19:38:55 1833 ----a-w- C:\Desktop Security 2010.lnk

2010-04-12 19:38:55 0 d-----w- C:\Desktop Security 2010

2010-04-12 19:29:58 71170 ----a-w- c:\docume~1\alluse~1\applic~1\rn0AB6iG.exe

2010-04-12 19:29:58 112 ----a-w- c:\docume~1\alluse~1\applic~1\M0adLfwH.dat

2010-04-12 19:27:51 0 d-----w- C:\CyberLink DVD Suite

2010-04-12 14:12:19 3518464 ----a-w- c:\windows\system32\cdintf300.dll

2010-04-12 14:12:19 1843200 ----a-w- c:\windows\system32\acXMLParser.dll

2010-04-12 14:12:01 0 d-----w- c:\program files\common files\Palo Alto Software

2010-04-12 14:11:49 0 d-----w- c:\program files\Quicken

2010-04-12 14:11:38 165 ----a-w- c:\windows\QUICKEN.INI

2010-04-11 19:33:19 0 d-----w- c:\docume~1\steve\applic~1\Intuit

2010-04-11 19:33:15 0 d-----w- c:\program files\common files\AnswerWorks 5.0

2010-04-11 19:29:56 0 d-----w- c:\program files\common files\Intuit

2010-04-11 19:29:35 0 d-----w- c:\program files\TurboTax

2010-04-11 19:29:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit

2010-04-11 17:55:02 0 d-----w- c:\windows\system32\wbem\Repository

2010-03-24 16:40:31 0 d-----w- c:\docume~1\steve\applic~1\Autodesk

2010-03-24 16:39:56 0 d-----w- c:\program files\DWG TrueView 2010

2010-03-24 16:39:43 43160 ----a-w- c:\windows\system32\AcSignIcon.dll

2010-03-24 16:39:43 429720 ----a-w- c:\windows\system32\AcSignOpt.exe

2010-03-24 16:39:43 29848 ----a-w- c:\windows\system32\AcSignExt.dll

2010-03-24 16:39:13 283800 ----a-w- c:\windows\system32\plotman.cpl

2010-03-24 16:39:13 14488 ----a-w- c:\windows\system32\AcSignExtRes.dll

2010-03-24 16:25:11 0 d-----w- c:\program files\common files\Autodesk Shared

2010-03-24 16:25:11 0 d-----w- c:\program files\Autodesk

==================== Find3M ====================

2010-04-16 22:49:05 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-04-16 22:49:00 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2010-04-14 23:38:01 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-04-12 23:15:53 41484 ----a-w- c:\windows\fonts\5R13r6xt.com

2010-03-29 21:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-29 21:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 16:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2009-10-07 15:17:01 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-08-04 22:23:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2009-08-04 22:42:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080420090805\index.dat

============= FINISH: 16:55:51.67 ===============

Attach.zip

mbam_log_2010_04_16__14_46_44_.zip

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

Hello taradog ,Welcome to Malwarebytes.org -

As we don't work on Malware removal or diagnostics in the general forums, please follow these directions so our experts can help you -

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post. Please note that experts can get busy at times so please be patient -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Thank You - :)

Please use the ADD REPLY Tab at the bottom of the page when responding -

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.