munkEE
Members-
Posts
4 -
Joined
-
Last visited
Reputation
0 Neutral-
fbi virus removal...ran frst.exe, now what?
munkEE replied to munkEE's topic in Resolved Malware Removal Logs
PERFECT!!! Successfull reboot....here's the log file Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-05-2013 02 Ran by Administrator at 2013-05-20 16:54:51 Run:1 Running from E:\ Boot Mode: Safe Mode (minimal) ============================================== HKLM => Group Policy Restriction on software restored successfully. HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully. HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32\\Default => Value was restored successfully. C:\RECYCLER\S-1-5-21-484763869-1801674531-839522115-500\$3375b6f7918d214150b9e70b9726ee1d => Moved successfully. "C:\RECYCLER\S-1-5-18\$3375b6f7918d214150b9e70b9726ee1d" directory move: C:\RECYCLER\S-1-5-18\$3375b6f7918d214150b9e70b9726ee1d\n => Moved successfully. Could not move "C:\RECYCLER\S-1-5-18\$3375b6f7918d214150b9e70b9726ee1d" directory. => Scheduled to move on reboot. Could not move C:\Windows\assembly\GAC\Desktop.ini. => Scheduled to move on reboot. Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll Winsock: Catalog5 entry 000000000003\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll -
fbi virus removal...ran frst.exe, now what?
munkEE replied to munkEE's topic in Resolved Malware Removal Logs
THANK YOU!! I'll let you know how I make out, I really appreciate your time -
fbi virus removal...ran frst.exe, now what?
munkEE replied to munkEE's topic in Resolved Malware Removal Logs
FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2013 02 Ran by Administrator (administrator) on 20-05-2013 15:07:12 Running from E:\ Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe (Farbar) e:\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe [x] HKLM\...\Run: [soundMan] SOUNDMAN.EXE [x] HKLM\...\Run: [AlcWzrd] ALCWZRD.EXE [x] HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x] HKLM\...\Run: [ifxSecurePlatformIndication] C:\Program Files\Infineon\Security Platform Software\SpTNA.exe [114688 2004-03-22] (Infineon Technologies AG) HKLM\...\Run: [PSDruntime] C:\Program Files\Infineon\Security Platform Software\PSDrt.EXE [87088 2004-03-22] (Infineon Technologies AG ) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-09-08] (Apple Inc.) HKLM\...\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 [x] HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated) HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.) HKLM\...\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.) HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [] [x] HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1564872 2012-06-06] (Ask) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u [x] HKLM\...\Run: [TimeServer] "C:\Documents and Settings\Administrator\Application Data\Infineon\WIN52.exe" [121344 2013-05-16] () HKLM Group Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION HKLM\...\Winlogon: [system] Winlogon\Notify\IfxWlxEN: IfxWlxEN.dll (Infineon Technologies AG) Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation) Winlogon\Notify\PSDNtfy: C:\Program Files\Infineon\Security Platform Software\PSDNtfy.dll [X] Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\RECYCLER\S-1-5-18\$3375b6f7918d214150b9e70b9726ee1d\n. ATTENTION! ====> ZeroAccess HKCU\...\Winlogon: [shell] explorer.exe,C:\Documents and Settings\Administrator\Application Data\skype.dat <==== ATTENTION HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-484763869-1801674531-839522115-500\$3375b6f7918d214150b9e70b9726ee1d\n. ATTENTION! ====> ZeroAccess MountPoints2: ##UTILITY#3DSMAX7 (G) - G:\Setup.exe MountPoints2: {23a126d0-2722-11e0-af70-001111658f7f} - "E:\WD SmartWare.exe" autoplay=true MountPoints2: {73159106-7204-11e0-afd2-001111658f7f} - E:\MI.exe MountPoints2: {86f479c2-4f93-11e1-b0d2-001111658f7f} - E:\setup.exe -a ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {492A9EBC-0C19-46DC-A6DB-5DE605D5717D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=550EAEAC-BFCE-4E68-9EF0-2AA9D4B50A52&apn_sauid=C49B9C2C-F012-49DC-9CFA-F08FCFF44668 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) PDF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122327659031 PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab PDF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab PDF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll [16896] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [16896] (Microsoft Corporation) Winsock: Catalog9 01 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll [16896] (Microsoft Corporation) Winsock: Catalog9 11 mswsock.dll [16896] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a88yyr5n.default FF SearchEngine: Ask.com FF Homepage: hxxp://www.yahoo.com/ FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=550EAEAC-BFCE-4E68-9EF0-2AA9D4B50A52&apn_ptnrs=TV&apn_sauid=C49B9C2C-F012-49DC-9CFA-F08FCFF44668&apn_dtid=OSJ000YYUS&&q= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a88yyr5n.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a88yyr5n.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a88yyr5n.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi ========================== Services (Whitelisted) ================= S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) S2 IFXSpMgtSrv; C:\WINDOWS\system32\IFXSPMGT.exe [196608 2004-03-22] (Infineon Technologies AG) S2 IFXTCS; C:\WINDOWS\system32\IFXTCS.exe [503808 2004-03-22] (Infineon Technologies AG) S2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon) S2 mi-raysat_3dsmax2011_32; C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [86016 2010-03-10] () S2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] () S2 PersonalSecureDriveService; C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE [107568 2004-03-22] (Infineon Technologies AG ) S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [455632 2005-03-11] (RealVNC Ltd.) S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13192 2010-07-15] () S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [8456 2010-07-15] () S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [113664 2004-03-17] (Windows ® Server 2003 DDK provider) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [730653 2004-06-06] (Intel Corporation) R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [32640 2004-03-12] (Infineon Technologies AG) R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [34520 2004-03-22] (Infineon Technologies AG ) S3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2010-06-13] (Padus, Inc.) R3 SMBios; C:\Windows\System32\DRIVERS\SMBios.sys [36484 2004-06-07] (Intel Corporation) S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [180480 2004-06-16] (Marvell) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 adpu160m; No ImagePath S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath U4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dpti2o; No ImagePath S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S1 lbrtfdc; No ImagePath S4 mraid35x; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S4 TosIde; No ImagePath S4 ultra; No ImagePath S4 ViaIde; No ImagePath S3 WDICA; No ImagePath U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-20 15:06 - 2013-05-20 15:06 - 00000000 ____D C:\FRST 2013-05-16 01:55 - 2013-05-16 01:55 - 00000000 __SHD C:\Windows\CSC 2013-05-09 20:28 - 2013-05-09 20:28 - 00000000 ____D C:\Windows\System32\LogFiles ==================== One Month Modified Files and Folders ======== 2013-05-20 15:06 - 2013-05-20 15:06 - 00000000 ____D C:\FRST 2013-05-20 15:05 - 2004-08-04 08:00 - 00013692 ____A C:\Windows\System32\wpa.dbl 2013-05-20 15:01 - 2011-11-11 23:22 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-20 15:01 - 2005-07-25 17:28 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-20 15:01 - 2005-07-25 13:11 - 00000049 ____A C:\Windows\wiaservc.log 2013-05-20 14:59 - 2005-07-25 17:28 - 00032458 ____A C:\Windows\SchedLgU.Txt 2013-05-20 14:59 - 2005-07-25 17:17 - 01253835 ____A C:\Windows\WindowsUpdate.log 2013-05-20 14:59 - 2005-07-25 13:11 - 00000214 ____A C:\Windows\wiadebug.log 2013-05-20 14:38 - 2005-07-25 13:06 - 00801911 ____A C:\Windows\setupapi.log 2013-05-20 14:38 - 2005-07-25 13:05 - 00170764 ____A C:\Windows\setupact.log 2013-05-16 01:55 - 2013-05-16 01:55 - 00000000 __SHD C:\Windows\CSC 2013-05-16 01:38 - 2012-06-23 18:48 - 00000250 ____A C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job 2013-05-16 01:38 - 2008-12-10 16:44 - 00001324 ____A C:\Windows\System32\d3d9caps.dat 2013-05-16 01:27 - 2012-06-04 14:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-15 00:23 - 2011-11-11 23:22 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-14 23:37 - 2012-06-04 14:35 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-05-14 23:37 - 2011-05-14 17:58 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-05-09 20:28 - 2013-05-09 20:28 - 00000000 ____D C:\Windows\System32\LogFiles ZeroAccess: C:\RECYCLER\S-1-5-21-484763869-1801674531-839522115-500\$3375b6f7918d214150b9e70b9726ee1d ZeroAccess: C:\RECYCLER\S-1-5-18\$3375b6f7918d214150b9e70b9726ee1d ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2004-08-04 08:00] - [2008-04-13 20:12] - 1033728 ____A (Microsoft Corporation) 12896823FB95BFB3DC9B46BCAEDC9923 C:\Windows\System32\winlogon.exe [2004-08-04 08:00] - [2008-04-13 20:12] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E C:\Windows\System32\svchost.exe [2004-08-04 08:00] - [2008-04-13 20:12] - 0014336 ____A (Microsoft Corporation) 27C6D03BCDB8CFEB96B716F3D8BE3E18 C:\Windows\System32\services.exe [2004-08-04 08:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315 C:\Windows\System32\User32.dll [2004-08-04 08:00] - [2008-04-13 20:12] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B C:\Windows\System32\userinit.exe [2004-08-04 08:00] - [2008-04-13 20:12] - 0026112 ____A (Microsoft Corporation) A93AEE1928A9D7CE3E16D24EC7380F89 C:\Windows\System32\Drivers\volsnap.sys [2004-08-04 08:00] - [2008-04-13 14:41] - 0052352 ____A (Microsoft Corporation) 4C8FCB5CC53AAB716D810740FE59D025 ==================== End Of Log ============================ search.txt: Farbar Recovery Scan Tool (x86) Version: 22-05-2013 02 Ran by Administrator at 2013-05-20 15:09:43 Running from E:\ Boot Mode: Safe Mode (minimal) ================== Search: "services.exe" =================== C:\WINDOWS\system32\services.exe [2004-08-04 08:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315 C:\WINDOWS\system32\dllcache\services.exe [2010-03-27 12:56] - [2009-02-06 07:11] - 0110592 ____C (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315 C:\WINDOWS\ServicePackFiles\i386\services.exe [2008-09-29 15:12] - [2008-04-13 20:12] - 0108544 ____C (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185 C:\WINDOWS\$NtUninstallKB956572_0$\services.exe [2010-03-27 13:09] - [2004-08-04 08:00] - 0108032 ____C (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4 C:\WINDOWS\$NtUninstallKB956572$\services.exe [2010-03-28 12:06] - [2008-04-13 20:12] - 0108544 ____C (Microsoft Corporation) 0E776ED5F7CC9F94299E70461B7B8185 C:\WINDOWS\$NtServicePackUninstall$\services.exe [2010-03-28 11:52] - [2009-02-06 13:14] - 0110592 ____C (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2010-03-27 12:56] - [2009-02-06 07:06] - 0110592 ___AC (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6 C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe [2010-03-27 12:56] - [2009-02-06 07:11] - 0110592 ___AC (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315 C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe [2010-03-27 12:56] - [2009-02-06 06:22] - 0110592 ___AC (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD === End Of Search === -
Hey There, I've got the FBI virus with no access through safe mode.....downloaded and ran frst.exe, and have the .txt files that it saved. What should I do next?? Thank you for your help