Jump to content

Search the Community

Showing results for tags 'sireef zeroaccess blended'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 1 result

  1. my situation is very similar to the one discussed here: http://forums.malwarebytes.org/index.php?showtopic=112682 I am at the stage where two log files have been produced: FRST.TXT Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-09-2012 Ran by SYSTEM at 21-09-2012 13:02:56 Running from G:\ Windows Vista (TM) Home Basic (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [90112 2006-07-11] () HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-10-04] (Google) HKLM\...\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe [161360 2006-10-19] (McAfee Inc.) HKLM\...\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup [x] HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1173636751\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [622592 2007-02-06] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [65536 2006-07-19] (Brother Industries, Ltd.) HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [155648 2003-09-29] (Scansoft, Inc.) HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [36864 2006-05-05] (ScanSoft, Inc.) HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [40960 2006-05-05] (ScanSoft, Inc.) HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ereg.ini" [324 2012-09-20] () HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [3039352 2012-08-29] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [947808 2012-09-18] () HKLM\...\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-18] () HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software) HKU\dothankins\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation) HKU\dothankins\...\Run: [PPScheduler] C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe [98304 2006-05-05] (Nuance Communications, Inc.) HKU\dothankins\...\Run: [Iligkaids] C:\Users\dothankins\AppData\Roaming\Solei\iscuw.exe [245760 2012-01-31] () HKU\dothankins\...\Run: [Google Update] "C:\Users\dothankins\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-20] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\Users\dothankins\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC) 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software) 2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [5751928 2012-08-20] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [184304 2012-08-20] (AVG Technologies CZ, s.r.o.) 3 Emproxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [337488 2006-10-15] (McAfee, Inc.) 3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-10-04] (Google) 2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation) 2 McAfee HackerWatch Service; "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" [554600 2006-09-28] (McAfee, Inc.) 3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.) 3 mcmispupdmgr; C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe [689752 2007-01-05] (McAfee, Inc.) 2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [361560 2007-01-05] (McAfee, Inc.) 2 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [362064 2006-10-16] (McAfee, Inc.) 2 mcpromgr; C:\PROGRA~1\McAfee\MSC\mcpromgr.exe [493144 2007-01-05] (McAfee, Inc.) 2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [140864 2006-10-12] (McAfee, Inc.) 3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [622160 2006-10-15] (McAfee, Inc.) 3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-05] (Mozilla Foundation) 2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [828968 2006-10-12] (McAfee, Inc.) 2 MPS9; C:\PROGRA~1\McAfee\MPS\mps.exe [890408 2006-10-11] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [28752 2006-10-19] (McAfee Inc.) 2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-18] () 2 McNASvc; "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" [x] 2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [x] 2 McRedirector; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [x] ==================== Drivers (Whitelisted) ==================== 2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-08-21] (AVAST Software) 1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [176096 2012-08-13] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [54112 2012-08-09] (AVG Technologies CZ, s.r.o. ) 1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19808 2012-08-10] (AVG Technologies CZ, s.r.o. ) 1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [151520 2012-08-09] (AVG Technologies CZ, s.r.o.) 0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [178656 2012-08-09] (AVG Technologies CZ, s.r.o.) 1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [89440 2012-08-10] (AVG Technologies CZ, s.r.o.) 0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35168 2012-08-10] (AVG Technologies CZ, s.r.o.) 1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164704 2012-08-10] (AVG Technologies CZ, s.r.o.) 1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [27496 2012-09-18] (AVG Technologies) 3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302492 2006-11-01] (Intel Corporation) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [71496 2006-10-12] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34120 2006-10-12] (McAfee, Inc.) 3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [168392 2006-10-12] (McAfee, Inc.) 3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [31944 2006-10-12] (McAfee, Inc.) 3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [35048 2006-10-12] (McAfee, Inc.) 1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [111192 2006-10-12] (McAfee, Inc.) 3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-01] (Intel® Corporation) 2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2006-12-16] (New Boundary Technologies, Inc.) 3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.) 4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-09-20 14:58 - 2012-09-20 14:58 - 10213296 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe 2012-09-20 13:27 - 2012-09-20 13:27 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2012-09-20 13:19 - 2012-09-20 13:27 - 00000000 ____D C:\Users\All Users\HitmanPro 2012-09-20 13:19 - 2012-09-20 13:27 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro 2012-09-20 13:19 - 2012-09-20 13:19 - 00135016 ____A (SurfRight B.V.) C:\Windows\System32\LnkProtect.dll 2012-09-20 13:18 - 2012-09-20 13:18 - 07758424 ____A (SurfRight B.V.) C:\Users\dothankins\Downloads\HitmanPro36.exe 2012-09-20 12:47 - 2012-09-20 12:47 - 00002067 ____A C:\Users\dothankins\Desktop\Google Chrome.lnk 2012-09-20 12:44 - 2012-09-21 08:54 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3074645540-534623877-3370066440-1000UA.job 2012-09-20 12:44 - 2012-09-20 17:54 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3074645540-534623877-3370066440-1000Core.job 2012-09-20 12:43 - 2012-09-20 12:44 - 00000000 ____D C:\Users\dothankins\Local Settings\Deployment 2012-09-20 12:43 - 2012-09-20 12:44 - 00000000 ____D C:\Users\dothankins\Local Settings\Application Data\Deployment 2012-09-20 12:43 - 2012-09-20 12:44 - 00000000 ____D C:\Users\dothankins\AppData\Local\Deployment 2012-09-20 12:43 - 2012-09-20 12:43 - 00000000 ____D C:\Users\dothankins\AppData\Local\Apps\2.0 2012-09-20 12:30 - 2012-09-20 12:30 - 00000134 ____A C:\Users\dothankins\Desktop\Microsoft Fix it.url 2012-09-20 12:25 - 2012-09-20 12:30 - 01703936 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl 2012-09-20 12:25 - 2012-09-20 12:30 - 00327680 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf 2012-09-20 12:25 - 2012-09-20 12:30 - 00065536 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx 2012-09-20 12:23 - 2012-09-20 12:23 - 00347424 ____A (Microsoft Corporation) C:\Users\dothankins\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe 2012-09-20 08:53 - 2012-09-20 08:53 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-20 08:53 - 2012-09-20 08:53 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-20 08:53 - 2012-09-20 08:53 - 00000000 ____D C:\Users\dothankins\Application Data\Malwarebytes 2012-09-20 08:53 - 2012-09-20 08:53 - 00000000 ____D C:\Users\dothankins\AppData\Roaming\Malwarebytes 2012-09-20 08:53 - 2012-09-20 08:53 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-20 08:53 - 2012-09-20 08:53 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes 2012-09-20 08:53 - 2012-09-20 08:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-09-20 08:53 - 2012-09-07 13:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-20 08:50 - 2012-09-20 08:51 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\dothankins\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-20 08:20 - 2012-09-20 08:20 - 00000000 ____D C:\Users\dothankins\Application Data\Macromedia 2012-09-20 08:20 - 2012-09-20 08:20 - 00000000 ____D C:\Users\dothankins\AppData\Roaming\Macromedia 2012-09-20 08:15 - 2012-09-20 08:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2012-09-20 07:55 - 2012-09-20 07:56 - 17790056 ____A (Mozilla) C:\Users\dothankins\Downloads\Firefox Setup 15.0.1.exe 2012-09-18 16:13 - 2012-09-18 16:13 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-09-18 16:13 - 2012-09-18 16:13 - 00001829 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk 2012-09-18 16:13 - 2012-08-21 01:13 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-09-18 15:47 - 2012-09-18 15:47 - 216786920 ____A C:\Windows\MEMORY.DMP 2012-09-18 15:47 - 2012-09-18 15:47 - 00138096 ____A C:\Windows\Minidump\Mini091812-01.dmp 2012-09-18 15:47 - 2012-09-18 15:47 - 00000000 ____D C:\Windows\Minidump 2012-09-18 15:09 - 2012-09-18 15:09 - 00000000 ____D C:\Users\dothankins\Application Data\AVG2013 2012-09-18 15:09 - 2012-09-18 15:09 - 00000000 ____D C:\Users\dothankins\AppData\Roaming\AVG2013 2012-09-18 15:04 - 2012-09-18 15:17 - 00000000 ____D C:\Users\All Users\AVG Secure Search 2012-09-18 15:04 - 2012-09-18 15:17 - 00000000 ____D C:\Users\All Users\Application Data\AVG Secure Search 2012-09-18 15:04 - 2012-09-18 15:04 - 00000842 ____A C:\Users\Public\Desktop\AVG 2013.lnk 2012-09-18 15:04 - 2012-09-18 15:04 - 00000842 ____A C:\Users\All Users\Desktop\AVG 2013.lnk 2012-09-18 15:04 - 2012-09-18 15:04 - 00000000 ____D C:\Users\dothankins\Application Data\TuneUp Software 2012-09-18 15:04 - 2012-09-18 15:04 - 00000000 ____D C:\Users\dothankins\AppData\Roaming\TuneUp Software 2012-09-18 15:03 - 2012-09-18 15:03 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2012-09-18 15:03 - 2012-09-18 15:03 - 00000000 ____D C:\Users\dothankins\Local Settings\AVG Secure Search 2012-09-18 15:03 - 2012-09-18 15:03 - 00000000 ____D C:\Users\dothankins\Local Settings\Application Data\AVG Secure Search 2012-09-18 15:03 - 2012-09-18 15:03 - 00000000 ____D C:\Users\dothankins\AppData\Local\AVG Secure Search 2012-09-18 15:03 - 2012-09-18 15:03 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2012-09-18 15:03 - 2012-09-18 15:03 - 00000000 ____D C:\Program Files\AVG Secure Search 2012-09-18 15:00 - 2012-09-18 15:35 - 00000000 ____D C:\Users\All Users\AVG2013 2012-09-18 15:00 - 2012-09-18 15:35 - 00000000 ____D C:\Users\All Users\Application Data\AVG2013 2012-09-18 15:00 - 2012-09-18 15:00 - 00000000 ___HD C:\$AVG 2012-09-18 14:58 - 2012-09-18 14:58 - 00000000 ____D C:\Program Files\AVG 2012-09-18 14:50 - 2012-09-21 08:04 - 00000000 ____D C:\Users\All Users\MFAData 2012-09-18 14:50 - 2012-09-21 08:04 - 00000000 ____D C:\Users\All Users\Application Data\MFAData 2012-09-18 14:50 - 2012-09-18 15:32 - 00000000 ____D C:\Users\dothankins\Local Settings\Avg2013 2012-09-18 14:50 - 2012-09-18 15:32 - 00000000 ____D C:\Users\dothankins\Local Settings\Application Data\Avg2013 2012-09-18 14:50 - 2012-09-18 15:32 - 00000000 ____D C:\Users\dothankins\AppData\Local\Avg2013 2012-09-18 14:50 - 2012-09-18 14:50 - 00000000 ____D C:\Users\dothankins\Local Settings\MFAData 2012-09-18 14:50 - 2012-09-18 14:50 - 00000000 ____D C:\Users\dothankins\Local Settings\Application Data\MFAData 2012-09-18 14:50 - 2012-09-18 14:50 - 00000000 ____D C:\Users\dothankins\AppData\Local\MFAData 2012-09-18 14:41 - 2012-08-21 01:12 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-09-18 14:41 - 2012-08-21 01:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-09-18 14:39 - 2012-09-18 16:09 - 00000000 ____D C:\Users\All Users\AVAST Software 2012-09-18 14:39 - 2012-09-18 16:09 - 00000000 ____D C:\Users\All Users\Application Data\AVAST Software 2012-09-18 14:39 - 2012-09-18 16:09 - 00000000 ____D C:\Program Files\AVAST Software 2012-09-18 14:19 - 2012-09-18 14:19 - 00000000 ____D C:\Users\All Users\McAfee Security Scan 2012-09-18 14:19 - 2012-09-18 14:19 - 00000000 ____D C:\Users\All Users\Application Data\McAfee Security Scan 2012-09-18 14:19 - 2012-09-18 14:18 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-09-18 14:18 - 2012-09-18 14:18 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-09-18 14:18 - 2012-09-18 14:18 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-09-18 14:18 - 2012-09-18 14:18 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2012-09-18 13:09 - 2012-09-18 13:10 - 00894952 ____A (Oracle Corporation) C:\Users\dothankins\Downloads\jre-7u7-windows-i586-iftw.exe 2012-09-18 12:02 - 2012-09-19 06:26 - 00000000 ___HD C:\Users\dothankins\Application Data\80B1A0DF 2012-09-18 12:02 - 2012-09-19 06:26 - 00000000 ___HD C:\Users\dothankins\AppData\Roaming\80B1A0DF 2012-09-12 10:44 - 2012-09-20 09:43 - 00000000 ____D C:\Users\dothankins\Application Data\Ultotu 2012-09-12 10:44 - 2012-09-20 09:43 - 00000000 ____D C:\Users\dothankins\AppData\Roaming\Ultotu 2012-09-12 10:44 - 2012-09-12 10:44 - 00000000 ____D C:\Users\dothankins\Application Data\Solei 2012-09-12 10:44 - 2012-09-12 10:44 - 00000000 ____D C:\Users\dothankins\Application Data\Azlemu 2012-09-12 10:44 - 2012-09-12 10:44 - 00000000 ____D C:\Users\dothankins\AppData\Roaming\Solei 2012-09-12 10:44 - 2012-09-12 10:44 - 00000000 ____D C:\Users\dothankins\AppData\Roaming\Azlemu 2012-09-12 10:43 - 2012-09-18 15:08 - 00006530 ____A C:\Users\dothankins\Local Settings\chromeupdate.crx 2012-09-12 10:43 - 2012-09-18 15:08 - 00006530 ____A C:\Users\dothankins\Local Settings\Application Data\chromeupdate.crx 2012-09-12 10:43 - 2012-09-18 15:08 - 00006530 ____A C:\Users\dothankins\AppData\Local\chromeupdate.crx 2012-09-12 10:43 - 2012-09-12 10:43 - 00000000 ____D C:\Users\dothankins\Local Settings\Application Data\{D0ADB54E-FD09-11E1-8271-B8AC6F996F26} 2012-09-12 10:43 - 2012-09-12 10:43 - 00000000 ____D C:\Users\dothankins\Local Settings\{D0ADB54E-FD09-11E1-8271-B8AC6F996F26} 2012-09-12 10:43 - 2012-09-12 10:43 - 00000000 ____D C:\Users\dothankins\AppData\Local\{D0ADB54E-FD09-11E1-8271-B8AC6F996F26} 2012-09-07 12:16 - 2012-09-20 08:15 - 00000000 ____D C:\Program Files\Mozilla Firefox 2012-09-04 12:20 - 2012-09-04 12:20 - 00003001 ____A C:\Users\dothankins\Downloads\covenant mortuary cover.htm 2012-09-04 12:20 - 2012-09-04 12:20 - 00000000 ____D C:\Users\dothankins\Downloads\covenant mortuary cover_files 2012-08-31 09:09 - 2012-08-31 09:09 - 00051712 ___AH C:\Users\dothankins\My Documents\~WRL2356.tmp 2012-08-31 09:09 - 2012-08-31 09:09 - 00051712 ___AH C:\Users\dothankins\Documents\~WRL2356.tmp 2012-08-27 12:33 - 2012-08-27 12:33 - 00003761 ____A C:\Users\dothankins\My Documents\msh_searchpoint_signature.html 2012-08-27 12:33 - 2012-08-27 12:33 - 00003761 ____A C:\Users\dothankins\Documents\msh_searchpoint_signature.html 2012-08-23 11:41 - 2012-08-23 11:41 - 00168572 ____A C:\Users\dothankins\Downloads\Grunau Hankins & Associates.08.16.2011.mdi 2012-08-23 09:40 - 2012-08-23 09:40 - 00000000 ____D C:\Users\dothankins\Downloads\jne amendment cover_files 2012-08-23 09:39 - 2012-08-23 09:40 - 00002995 ____A C:\Users\dothankins\Downloads\jne amendment cover.htm 2012-08-22 06:09 - 2012-08-22 06:09 - 01105016 ____A C:\Users\dothankins\Downloads\drupal-6.26.tar.gz ==================== 3 Months Modified Files ================== 2012-09-21 08:57 - 2006-12-16 14:40 - 00083222 ____A C:\Windows\System32\Config.MPF 2012-09-21 08:57 - 2006-11-02 04:58 - 00027722 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-21 08:57 - 2006-11-02 04:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-21 08:56 - 2006-11-02 04:45 - 00003072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-21 08:56 - 2006-11-02 04:45 - 00003072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-21 08:54 - 2012-09-20 12:44 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3074645540-534623877-3370066440-1000UA.job 2012-09-21 07:58 - 2012-05-14 05:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-20 17:54 - 2012-09-20 12:44 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3074645540-534623877-3370066440-1000Core.job 2012-09-20 14:58 - 2012-09-20 14:58 - 10213296 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe 2012-09-20 14:58 - 2012-05-14 05:17 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-09-20 14:58 - 2011-10-04 06:06 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-09-20 13:27 - 2012-09-20 13:27 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2012-09-20 13:19 - 2012-09-20 13:19 - 00135016 ____A (SurfRight B.V.) C:\Windows\System32\LnkProtect.dll 2012-09-20 13:18 - 2012-09-20 13:18 - 07758424 ____A (SurfRight B.V.) C:\Users\dothankins\Downloads\HitmanPro36.exe 2012-09-20 12:47 - 2012-09-20 12:47 - 00002067 ____A C:\Users\dothankins\Desktop\Google Chrome.lnk 2012-09-20 12:38 - 2006-12-16 13:37 - 01918392 ____A C:\Windows\WindowsUpdate.log 2012-09-20 12:35 - 2011-10-06 05:38 - 00005728 ____A C:\Windows\IE9_main.log 2012-09-20 12:30 - 2012-09-20 12:30 - 00000134 ____A C:\Users\dothankins\Desktop\Microsoft Fix it.url 2012-09-20 12:30 - 2012-09-20 12:25 - 01703936 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl 2012-09-20 12:30 - 2012-09-20 12:25 - 00327680 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf 2012-09-20 12:30 - 2012-09-20 12:25 - 00065536 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx 2012-09-20 12:23 - 2012-09-20 12:23 - 00347424 ____A (Microsoft Corporation) C:\Users\dothankins\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe 2012-09-20 11:59 - 2006-11-02 02:33 - 00716774 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-20 09:30 - 2006-12-16 14:17 - 00042528 ____A C:\Windows\PFRO.log 2012-09-20 08:53 - 2012-09-20 08:53 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-20 08:53 - 2012-09-20 08:53 - 00000906 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-20 08:51 - 2012-09-20 08:50 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\dothankins\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-20 07:56 - 2012-09-20 07:55 - 17790056 ____A (Mozilla) C:\Users\dothankins\Downloads\Firefox Setup 15.0.1.exe 2012-09-18 16:13 - 2012-09-18 16:13 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-09-18 16:13 - 2012-09-18 16:13 - 00001829 ____A C:\Users\All Users\Desktop\avast! Free Antivirus.lnk 2012-09-18 16:13 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt 2012-09-18 15:47 - 2012-09-18 15:47 - 216786920 ____A C:\Windows\MEMORY.DMP 2012-09-18 15:47 - 2012-09-18 15:47 - 00138096 ____A C:\Windows\Minidump\Mini091812-01.dmp 2012-09-18 15:08 - 2012-09-12 10:43 - 00006530 ____A C:\Users\dothankins\Local Settings\chromeupdate.crx 2012-09-18 15:08 - 2012-09-12 10:43 - 00006530 ____A C:\Users\dothankins\Local Settings\Application Data\chromeupdate.crx 2012-09-18 15:08 - 2012-09-12 10:43 - 00006530 ____A C:\Users\dothankins\AppData\Local\chromeupdate.crx 2012-09-18 15:04 - 2012-09-18 15:04 - 00000842 ____A C:\Users\Public\Desktop\AVG 2013.lnk 2012-09-18 15:04 - 2012-09-18 15:04 - 00000842 ____A C:\Users\All Users\Desktop\AVG 2013.lnk 2012-09-18 15:03 - 2012-09-18 15:03 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys 2012-09-18 14:37 - 2006-11-02 04:49 - 00002696 ____A C:\Windows\setupact.log 2012-09-18 14:18 - 2012-09-18 14:19 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-09-18 14:18 - 2012-09-18 14:18 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-09-18 14:18 - 2012-09-18 14:18 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-09-18 14:18 - 2012-09-18 14:18 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2012-09-18 14:18 - 2012-06-28 06:31 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-09-18 14:18 - 2012-06-28 06:31 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-09-18 13:10 - 2012-09-18 13:09 - 00894952 ____A (Oracle Corporation) C:\Users\dothankins\Downloads\jre-7u7-windows-i586-iftw.exe 2012-09-13 16:56 - 2007-03-10 14:01 - 00000376 ____A C:\Windows\ODBC.INI 2012-09-12 23:02 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-09-07 13:04 - 2012-09-20 08:53 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-04 12:20 - 2012-09-04 12:20 - 00003001 ____A C:\Users\dothankins\Downloads\covenant mortuary cover.htm 2012-08-31 09:09 - 2012-08-31 09:09 - 00051712 ___AH C:\Users\dothankins\My Documents\~WRL2356.tmp 2012-08-31 09:09 - 2012-08-31 09:09 - 00051712 ___AH C:\Users\dothankins\Documents\~WRL2356.tmp 2012-08-27 12:33 - 2012-08-27 12:33 - 00003761 ____A C:\Users\dothankins\My Documents\msh_searchpoint_signature.html 2012-08-27 12:33 - 2012-08-27 12:33 - 00003761 ____A C:\Users\dothankins\Documents\msh_searchpoint_signature.html 2012-08-23 11:41 - 2012-08-23 11:41 - 00168572 ____A C:\Users\dothankins\Downloads\Grunau Hankins & Associates.08.16.2011.mdi 2012-08-23 09:40 - 2012-08-23 09:39 - 00002995 ____A C:\Users\dothankins\Downloads\jne amendment cover.htm 2012-08-22 06:09 - 2012-08-22 06:09 - 01105016 ____A C:\Users\dothankins\Downloads\drupal-6.26.tar.gz 2012-08-21 12:53 - 2012-08-21 12:53 - 02234513 ____A C:\Users\dothankins\Downloads\daniels bank of america sale page 1.jpeg 2012-08-21 01:13 - 2012-09-18 16:13 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-08-21 01:12 - 2012-09-18 14:41 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-08-21 01:12 - 2012-09-18 14:41 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-08-13 12:40 - 2012-08-13 12:40 - 00176096 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdriverx.sys 2012-08-10 07:21 - 2012-03-20 10:26 - 00000162 ___AH C:\Users\dothankins\My Documents\~$rpe diem counseling RUSH LLC 2 ARTICLES FLACORPS RA.DOT 2012-08-10 07:21 - 2012-03-20 10:26 - 00000162 ___AH C:\Users\dothankins\Documents\~$rpe diem counseling RUSH LLC 2 ARTICLES FLACORPS RA.DOT 2012-08-10 00:52 - 2012-08-10 00:52 - 00164704 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdix.sys 2012-08-10 00:52 - 2012-08-10 00:52 - 00089440 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx86.sys 2012-08-10 00:52 - 2012-08-10 00:52 - 00035168 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx86.sys 2012-08-10 00:52 - 2012-08-10 00:52 - 00019808 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsshimx.sys 2012-08-09 09:56 - 2012-08-09 09:56 - 00178656 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avglogx.sys 2012-08-09 09:56 - 2012-08-09 09:56 - 00151520 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx86.sys 2012-08-09 09:56 - 2012-08-09 09:56 - 00054112 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidshx.sys 2012-07-17 10:02 - 2011-10-11 12:43 - 00000426 ____A C:\Windows\BRWMARK.INI 2012-07-16 11:41 - 2012-07-16 11:39 - 00000104 ___AH C:\Users\dothankins\Downloads\.picasa.ini 2012-07-16 11:38 - 2012-07-16 11:38 - 00000899 ____A C:\Users\Public\Desktop\Picasa 3.lnk 2012-07-16 11:38 - 2012-07-16 11:38 - 00000899 ____A C:\Users\All Users\Desktop\Picasa 3.lnk 2012-07-16 11:33 - 2012-07-16 11:32 - 15267728 ____A (Google Inc.) C:\Users\dothankins\Downloads\picasa39-setup.exe 2012-06-28 06:22 - 2012-06-28 06:22 - 00894448 ____A (Oracle Corporation) C:\Users\dothankins\Downloads\jxpiinstall.exe 2012-06-26 06:17 - 2011-10-11 12:40 - 00000065 ____A C:\Windows\System32\bd7820n.dat ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$a1dff5358c3b104b481c8ceb9be89fd0 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$a1dff5358c3b104b481c8ceb9be89fd0 C:\$Recycle.Bin\S-1-5-18\$a1dff5358c3b104b481c8ceb9be89fd0\@ C:\$Recycle.Bin\S-1-5-18\$a1dff5358c3b104b481c8ceb9be89fd0\L C:\$Recycle.Bin\S-1-5-18\$a1dff5358c3b104b481c8ceb9be89fd0\U ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3074645540-534623877-3370066440-1000\$a1dff5358c3b104b481c8ceb9be89fd0 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$a1dff5358c3b104b481c8ceb9be89fd0 C:\$Recycle.Bin\S-1-5-21-3074645540-534623877-3370066440-1000\$a1dff5358c3b104b481c8ceb9be89fd0\@ C:\$Recycle.Bin\S-1-5-21-3074645540-534623877-3370066440-1000\$a1dff5358c3b104b481c8ceb9be89fd0\L C:\$Recycle.Bin\S-1-5-21-3074645540-534623877-3370066440-1000\$a1dff5358c3b104b481c8ceb9be89fd0\U C:\$Recycle.Bin\S-1-5-21-3074645540-534623877-3370066440-1000\$a1dff5358c3b104b481c8ceb9be89fd0\U\00000001.@ C:\$Recycle.Bin\S-1-5-21-3074645540-534623877-3370066440-1000\$a1dff5358c3b104b481c8ceb9be89fd0\U\80000000.@ C:\$Recycle.Bin\S-1-5-21-3074645540-534623877-3370066440-1000\$a1dff5358c3b104b481c8ceb9be89fd0\U\800000cb.@ ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-07 17:47:57 Restore point made on: 2012-09-08 20:00:50 Restore point made on: 2012-09-09 20:00:49 Restore point made on: 2012-09-10 20:00:52 Restore point made on: 2012-09-11 06:22:07 Restore point made on: 2012-09-11 20:00:51 Restore point made on: 2012-09-12 23:01:16 Restore point made on: 2012-09-18 14:16:17 Restore point made on: 2012-09-18 14:39:50 Restore point made on: 2012-09-18 14:58:09 Restore point made on: 2012-09-18 14:59:41 Restore point made on: 2012-09-18 16:09:30 Restore point made on: 2012-09-19 14:15:42 Restore point made on: 2012-09-20 08:03:45 Restore point made on: 2012-09-20 08:04:57 Restore point made on: 2012-09-20 08:07:50 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 1501.01 MB Available physical RAM: 1235.23 MB Total Pagefile: 1451.44 MB Available Pagefile: 1292.93 MB Total Virtual: 2047.88 MB Available Virtual: 1983.51 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:140.54 GB) (Free:93.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: () (Fixed) (Total:104.89 GB) (Free:58.58 GB) NTFS ==>[System with boot components (obtained from reading drive)] 3 Drive e: (DRV1_VOL1) (Fixed) (Total:128 GB) (Free:31.67 GB) NTFS ==>[System with boot components (obtained from reading drive)] 4 Drive f: (990928_1326) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS 5 Drive g: () (Removable) (Total:14.89 GB) (Free:14.65 GB) FAT32 10 Drive r: (MS-RAMDRIVE) (Fixed) (Total:0.01 GB) (Free:0.01 GB) FAT 11 Drive x: (Recovery) (Fixed) (Total:8.51 GB) (Free:3.65 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 153 GB 4441 MB Disk 1 Online 233 GB 822 KB Disk 2 Online 15 GB 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 9 GB 32 KB Partition 2 Primary 141 GB 9 GB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 X Recovery NTFS Partition 9 GB Healthy Boot ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 6 C NTFS Partition 141 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 128 GB 32 KB Partition 2 Primary 105 GB 128 GB ========================================================= Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 E DRV1_VOL1 NTFS Partition 128 GB Healthy ========================================================= Disk: 1 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 9 D NTFS Partition 105 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 15 GB 16 KB ========================================================= Disk: 2 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 7 G FAT32 Removable 15 GB Healthy ========================================================= Last Boot: 2012-09-20 21:38 ==================== End Of Log ============================ and search.txt Farbar Recovery Scan Tool (x86) Version: 20-09-2012 Ran by SYSTEM at 2012-09-21 13:05:32 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe [2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0 C:\Windows\System32\services.exe [2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0 C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [2011-10-07 00:31] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C === End Of Search === I have beaten my system to death with antivirus software and my browser is still redirected, even though I think I've gotten the droppers out of the picture. Help! Thanks in advance for what comes next! FRST.txt Search.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.