Jump to content

munkEE

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. PERFECT!!! Successfull reboot....here's the log file Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-05-2013 02 Ran by Administrator at 2013-05-20 16:54:51 Run:1 Running from E:\ Boot Mode: Safe Mode (minimal) ============================================== HKLM => Group Policy Restriction on software restored successfully. HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully. HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Value was restored successfully. C:\RECYCLER\S-1-5-21-484763869-1801674531-839522115-500\$3375b6f7918d214150b9e70b9726ee1d => Moved successfully. "C:\RECYCLER\S-1-5-18\$3375b6f7918d214150b9e70b9726ee1d" directory move: C:\RECYCLER\S-1-5-18\$3375b6f7918d214150b9e70b9726ee1d\n => Moved successfully. Could not move "C:\RECYCLER\S-1-5-18\$3375b6f7918d214150b9e70b9726ee1d" directory. => Scheduled to move on reboot. Could not move C:\Windows\assembly\GAC\Desktop.ini. => Scheduled to move on reboot. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll Winsock: Catalog5 entry 000000000003\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
  2. THANK YOU!! I'll let you know how I make out, I really appreciate your time
  3. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2013 02 Ran by Administrator (administrator) on 20-05-2013 15:07:12 Running from E:\ Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe (Farbar) e:\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe [x] HKLM\...\Run: [soundMan] SOUNDMAN.EXE [x] HKLM\...\Run: [AlcWzrd] ALCWZRD.EXE [x] HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x] HKLM\...\Run: [ifxSecurePlatformIndication] C:\Program Files\Infineon\Security Platform Software\SpTNA.exe [114688 2004-03-22] (Infineon Technologies AG) HKLM\...\Run: [PSDruntime] C:\Program Files\Infineon\Security Platform Software\PSDrt.EXE [87088 2004-03-22] (Infineon Technologies AG ) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-09-08] (Apple Inc.) HKLM\...\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 [x] HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.) HKLM\...\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.) HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [] [x] HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1564872 2012-06-06] (Ask) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u [x] HKLM\...\Run: [TimeServer] "C:\Documents and Settings\Administrator\Application Data\Infineon\WIN52.exe" [121344 2013-05-16] () HKLM Group Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION HKLM\...\Winlogon: [system] Winlogon\Notify\IfxWlxEN: IfxWlxEN.dll (Infineon Technologies AG) Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation) Winlogon\Notify\PSDNtfy: C:\Program Files\Infineon\Security Platform Software\PSDNtfy.dll [X] Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\RECYCLER\S-1-5-18\$3375b6f7918d214150b9e70b9726ee1d\n. ATTENTION! ====> ZeroAccess HKCU\...\Winlogon: [shell] explorer.exe,C:\Documents and Settings\Administrator\Application Data\skype.dat <==== ATTENTION HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-484763869-1801674531-839522115-500\$3375b6f7918d214150b9e70b9726ee1d\n. ATTENTION! ====> ZeroAccess MountPoints2: ##UTILITY#3DSMAX7 (G) - G:\Setup.exe MountPoints2: {23a126d0-2722-11e0-af70-001111658f7f} - "E:\WD SmartWare.exe" autoplay=true MountPoints2: {73159106-7204-11e0-afd2-001111658f7f} - E:\MI.exe MountPoints2: {86f479c2-4f93-11e1-b0d2-001111658f7f} - E:\setup.exe -a ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {492A9EBC-0C19-46DC-A6DB-5DE605D5717D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=550EAEAC-BFCE-4E68-9EF0-2AA9D4B50A52&apn_sauid=C49B9C2C-F012-49DC-9CFA-F08FCFF44668 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) PDF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122327659031 PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab PDF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab PDF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll [16896] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [16896] (Microsoft Corporation) Winsock: Catalog9 01 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 11 mswsock.dll [16896] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a88yyr5n.default FF SearchEngine: Ask.com FF Homepage: hxxp://www.yahoo.com/ FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=550EAEAC-BFCE-4E68-9EF0-2AA9D4B50A52&apn_ptnrs=TV&apn_sauid=C49B9C2C-F012-49DC-9CFA-F08FCFF44668&apn_dtid=OSJ000YYUS&&q= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a88yyr5n.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a88yyr5n.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a88yyr5n.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi ========================== Services (Whitelisted) ================= S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) S2 IFXSpMgtSrv; C:\WINDOWS\system32\IFXSPMGT.exe [196608 2004-03-22] (Infineon Technologies AG) S2 IFXTCS; C:\WINDOWS\system32\IFXTCS.exe [503808 2004-03-22] (Infineon Technologies AG) S2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon) S2 mi-raysat_3dsmax2011_32; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [86016 2010-03-10] () S2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] () S2 PersonalSecureDriveService; C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE [107568 2004-03-22] (Infineon Technologies AG ) S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [455632 2005-03-11] (RealVNC Ltd.) S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13192 2010-07-15] () S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [8456 2010-07-15] () S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [113664 2004-03-17] (Windows ® Server 2003 DDK provider) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [730653 2004-06-06] (Intel Corporation) R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [32640 2004-03-12] (Infineon Technologies AG) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [34520 2004-03-22] (Infineon Technologies AG ) S3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2010-06-13] (Padus, Inc.) R3 SMBios; C:\Windows\System32\DRIVERS\SMBios.sys [36484 2004-06-07] (Intel Corporation) S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [180480 2004-06-16] (Marvell) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 adpu160m; No ImagePath S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath U4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dpti2o; No ImagePath S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S1 lbrtfdc; No ImagePath S4 mraid35x; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S4 TosIde; No ImagePath S4 ultra; No ImagePath S4 ViaIde; No ImagePath S3 WDICA; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-20 15:06 - 2013-05-20 15:06 - 00000000 ____D C:\FRST 2013-05-16 01:55 - 2013-05-16 01:55 - 00000000 __SHD C:\Windows\CSC 2013-05-09 20:28 - 2013-05-09 20:28 - 00000000 ____D C:\Windows\System32\LogFiles ==================== One Month Modified Files and Folders ======== 2013-05-20 15:06 - 2013-05-20 15:06 - 00000000 ____D C:\FRST 2013-05-20 15:05 - 2004-08-04 08:00 - 00013692 ____A C:\Windows\System32\wpa.dbl 2013-05-20 15:01 - 2011-11-11 23:22 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-20 15:01 - 2005-07-25 17:28 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-20 15:01 - 2005-07-25 13:11 - 00000049 ____A C:\Windows\wiaservc.log 2013-05-20 14:59 - 2005-07-25 17:28 - 00032458 ____A C:\Windows\SchedLgU.Txt 2013-05-20 14:59 - 2005-07-25 17:17 - 01253835 ____A C:\Windows\WindowsUpdate.log 2013-05-20 14:59 - 2005-07-25 13:11 - 00000214 ____A C:\Windows\wiadebug.log 2013-05-20 14:38 - 2005-07-25 13:06 - 00801911 ____A C:\Windows\setupapi.log 2013-05-20 14:38 - 2005-07-25 13:05 - 00170764 ____A C:\Windows\setupact.log 2013-05-16 01:55 - 2013-05-16 01:55 - 00000000 __SHD C:\Windows\CSC 2013-05-16 01:38 - 2012-06-23 18:48 - 00000250 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job 2013-05-16 01:38 - 2008-12-10 16:44 - 00001324 ____A C:\Windows\System32\d3d9caps.dat 2013-05-16 01:27 - 2012-06-04 14:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-15 00:23 - 2011-11-11 23:22 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-14 23:37 - 2012-06-04 14:35 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-05-14 23:37 - 2011-05-14 17:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-05-09 20:28 - 2013-05-09 20:28 - 00000000 ____D C:\Windows\System32\LogFiles ZeroAccess: C:\RECYCLER\S-1-5-21-484763869-1801674531-839522115-500\$3375b6f7918d214150b9e70b9726ee1d ZeroAccess: C:\RECYCLER\S-1-5-18\$3375b6f7918d214150b9e70b9726ee1d ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 08:00] - [2008-04-13 20:12] - 1033728 ____A (Microsoft Corporation) 12896823FB95BFB3DC9B46BCAEDC9923 C:\Windows\System32\winlogon.exe [2004-08-04 08:00] - [2008-04-13 20:12] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E C:\Windows\System32\svchost.exe [2004-08-04 08:00] - [2008-04-13 20:12] - 0014336 ____A (Microsoft Corporation) 27C6D03BCDB8CFEB96B716F3D8BE3E18 C:\Windows\System32\services.exe [2004-08-04 08:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315 C:\Windows\System32\User32.dll [2004-08-04 08:00] - [2008-04-13 20:12] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B C:\Windows\System32\userinit.exe [2004-08-04 08:00] - [2008-04-13 20:12] - 0026112 ____A (Microsoft Corporation) A93AEE1928A9D7CE3E16D24EC7380F89 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 08:00] - [2008-04-13 14:41] - 0052352 ____A (Microsoft Corporation) 4C8FCB5CC53AAB716D810740FE59D025 ==================== End Of Log ============================ search.txt: Farbar Recovery Scan Tool (x86) Version: 22-05-2013 02 Ran by Administrator at 2013-05-20 15:09:43 Running from E:\ Boot Mode: Safe Mode (minimal) ================== Search: "services.exe" =================== C:\WINDOWS\system32\services.exe [2004-08-04 08:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315 C:\WINDOWS\system32\dllcache\services.exe [2010-03-27 12:56] - [2009-02-06 07:11] - 0110592 ____C (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315 C:\WINDOWS\ServicePackFiles\i386\services.exe [2008-09-29 15:12] - [2008-04-13 20:12] - 0108544 ____C (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185 C:\WINDOWS\$NtUninstallKB956572_0$\services.exe [2010-03-27 13:09] - [2004-08-04 08:00] - 0108032 ____C (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4 C:\WINDOWS\$NtUninstallKB956572$\services.exe [2010-03-28 12:06] - [2008-04-13 20:12] - 0108544 ____C (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185 C:\WINDOWS\$NtServicePackUninstall$\services.exe [2010-03-28 11:52] - [2009-02-06 13:14] - 0110592 ____C (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2010-03-27 12:56] - [2009-02-06 07:06] - 0110592 ___AC (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe [2010-03-27 12:56] - [2009-02-06 07:11] - 0110592 ___AC (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe [2010-03-27 12:56] - [2009-02-06 06:22] - 0110592 ___AC (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD === End Of Search ===
  4. Hey There, I've got the FBI virus with no access through safe mode.....downloaded and ran frst.exe, and have the .txt files that it saved. What should I do next?? Thank you for your help
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.