Jump to content

fbi moneypak virus blocked my safe mode :(


Recommended Posts

please help me, my netbook is attacked by fbi moneypak malware. i already search about this topic on google and one of the solution is by using the safe mode, but that virus is prevent me to access my safe mode. Is anyone can help me to remove this malware from my netbook? Thanks dor your attention. Sorry if my english was not good

Link to post
Share on other sites

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

here is the log for frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2012 01

Ran by SYSTEM at 24-12-2012 09:17:42

Running from G:\

Windows 7 Ultimate (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [TaskTray] [x]

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-23] (Brother Industries, Ltd.)

HKLM\...\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-02-09] (Brother Industries, Ltd.)

HKU\Asus\...\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3540416 2012-10-26] (Tonec Inc.)

HKU\Asus\...\Run: [installIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun [1179648 2011-10-10] (W3i, LLC)

HKU\Asus\...\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup [1406664 2012-01-23] (SpeedBit LTD)

HKU\Asus\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)

HKU\Asus\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6595928 2012-05-24] (Yahoo! Inc.)

HKU\Asus\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17417392 2012-07-02] (Skype Technologies S.A.)

HKU\Asus\...\Run: [AutoLoader] "C:\Users\Asus\AppData\Local\Temp\systry.exe" [x]

HKU\Asus\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()

HKU\Asus\...\Policies\system: [DisableTaskMgr] 1

HKU\panji\...\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3540416 2012-10-26] (Tonec Inc.)

HKU\panji\...\Run: [Granola] "C:\Program Files\MiserWare\Granola Personal\granola.exe" [885992 2012-08-31] ()

HKU\panji\...\Policies\system: [DisableTaskMgr] 1

HKLM\...\Winlogon: [shell] Explorer.exe, C:\ProgramData\nzqwwnh_ [x ] ()

Startup: C:\Users\Asus\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)

2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)

2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)

3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [245760 2010-01-24] (Brother Industries, Ltd.)

2 CDROM_Detect; C:\Program Files\Flexi\C+WEject.exe [329216 2010-08-08] ()

2 Granola PM Manager; "C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe" [444656 2012-08-31] ()

2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [527728 2012-11-15] (AnchorFree Inc.)

2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [443760 2012-11-16] (AnchorFree Inc.)

3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-11-14] ()

2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [389488 2012-11-14] ()

2 UDisk Monitor; C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe [512000 2011-05-08] ()

4 VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [265928 2012-01-23] (SpeedBit Ltd.)

3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-05-08] (Avira GmbH)

1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-05-08] (Avira GmbH)

1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2011-10-19] (Avira GmbH)

3 bmusbser; C:\Windows\System32\DRIVERS\bmusbser.sys [105216 2009-05-22] (BM)

3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-01] ()

3 CT_QUALCOMM_U_drv; C:\Windows\System32\DRIVERS\CT_QUALCOMM_U_drv.sys [103552 2009-04-29] (QUALCOMM Incorporated)

3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2012-04-27] (DT Soft Ltd)

3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)

3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [107904 2010-07-19] (D-Link Incorporated)

3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [107904 2010-07-19] (D-Link Incorporated)

3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [107904 2010-07-19] (D-Link Incorporated)

1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [35592 2012-11-14] (AnchorFree Inc.)

3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )

3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2010-10-27] (MBB Incorporated)

2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)

1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)

3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-07-09] (AnchorFree Inc)

3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [35592 2012-11-14] (Anchorfree Inc.)

3 UsbModemDriver; C:\Windows\System32\DRIVERS\USB_MODEM_T.sys [21504 2011-04-04] ()

3 USB_BusEnum_T; C:\Windows\System32\DRIVERS\USB_BusEnum_T.sys [38400 2009-11-04] ()

3 USB_ETS_T; C:\Windows\System32\DRIVERS\USB_ETS_T.sys [16128 2008-05-28] (Via Telecom, Inc.)

3 USB_WinMux_T; C:\Windows\System32\DRIVERS\USB_WinMux_T.sys [30080 2009-10-26] ()

3 WinRing0_1_2_0; \??\C:\Program Files\BatteryCare\WinRing0.sys [14416 2008-07-26] (OpenLibSys.org)

3 catchme; \??\C:\Users\Asus\AppData\Local\Temp\catchme.sys [x]

3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]

3 ewusbmbb; C:\Windows\System32\DRIVERS\ewusbwwan.sys [x]

3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [x]

3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [x]

3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [x]

3 NTProcDrv; \??\D:\Plants vs. Zombies\my gundam\NtProcDrv.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-12-24 09:17 - 2012-12-24 09:17 - 00000000 ____D C:\FRST

2012-12-22 10:25 - 2012-12-22 10:47 - 00112128 ____A (Xixi) C:\Users\Asus\AppData\Roaming\nzqwwnh_.exe

2012-12-22 10:25 - 2012-12-22 10:47 - 00112128 ____A (Xixi) C:\Users\Asus\AppData\Local\nzqwwnh_.exe

2012-12-22 10:21 - 2012-12-22 11:10 - 00112128 ____A (Xixi) C:\Users\panji\AppData\Roaming\nzqwwnh_.exe

2012-12-22 10:20 - 2012-12-23 05:16 - 00112128 ____A (Xixi) C:\Users\All Users\nzqwwnh_.exe

2012-12-22 10:20 - 2012-12-22 11:10 - 00112128 ____A (Xixi) C:\Users\panji\AppData\Local\nzqwwnh_.exe

2012-12-12 08:11 - 2012-12-12 08:12 - 00000000 ____D C:\Users\panji\Desktop\Hunter X Hunter Manga

2012-12-10 10:11 - 2012-12-17 19:43 - 00000094 ____A C:\Users\panji\Desktop\cheat.txt

2012-12-07 07:44 - 2012-12-07 07:44 - 00001096 ____A C:\tmsgr_s0.bmp

2012-12-07 07:44 - 2012-12-07 07:44 - 00001028 ____A C:\tmsgr_s1.bmp

2012-12-07 07:44 - 2012-12-07 07:44 - 00001028 ____A C:\msgr_on.bmp

2012-12-07 07:44 - 2012-12-07 07:44 - 00000380 ____A C:\edu.bmp

2012-12-07 07:44 - 2012-12-07 07:44 - 00000304 ____A C:\dir.bmp

2012-12-07 07:44 - 2012-12-07 07:44 - 00000000 ____D C:\w

2012-12-07 07:44 - 2012-12-07 07:44 - 00000000 ____D C:\visi

2012-12-07 07:44 - 2012-12-07 07:44 - 00000000 ____D C:\skins

2012-12-07 07:44 - 2012-12-07 07:44 - 00000000 ____D C:\e

2012-12-01 17:40 - 2012-12-01 17:40 - 00000997 ____A C:\Users\Public\Desktop\Mobile Partner.lnk

2012-12-01 17:40 - 2007-08-24 04:44 - 00101504 ___RA (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys

2012-12-01 17:40 - 2007-08-24 04:44 - 00023424 ___RA (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys

==================== One Month Modified Files and Folders ========

2012-12-23 05:16 - 2012-12-22 10:20 - 00112128 ____A (Xixi) C:\Users\All Users\nzqwwnh_.exe

2012-12-22 11:10 - 2012-12-22 10:21 - 00112128 ____A (Xixi) C:\Users\panji\AppData\Roaming\nzqwwnh_.exe

2012-12-22 11:10 - 2012-12-22 10:20 - 00112128 ____A (Xixi) C:\Users\panji\AppData\Local\nzqwwnh_.exe

2012-12-22 10:49 - 2011-08-25 08:26 - 00000000 ____D C:\Users\Asus\AppData\Roaming\DMCache

2012-12-22 10:49 - 2009-07-13 20:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-22 10:49 - 2009-07-13 20:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-22 10:48 - 2012-05-17 09:20 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Dropbox

2012-12-22 10:47 - 2012-12-22 10:25 - 00112128 ____A (Xixi) C:\Users\Asus\AppData\Roaming\nzqwwnh_.exe

2012-12-22 10:47 - 2012-12-22 10:25 - 00112128 ____A (Xixi) C:\Users\Asus\AppData\Local\nzqwwnh_.exe

2012-12-22 10:47 - 2012-11-21 03:39 - 00014898 ____A C:\Windows\setupact.log

2012-12-22 10:47 - 2012-10-02 18:50 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-22 10:47 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-22 10:45 - 2012-06-27 22:30 - 00000000 ____D C:\Users\panji\AppData\Roaming\DMCache

2012-12-22 10:28 - 2012-11-13 06:28 - 00515505 ____A C:\Windows\WindowsUpdate.log

2012-12-22 10:27 - 2012-05-17 09:34 - 00000000 ___RD C:\Users\Asus\Dropbox

2012-12-22 10:22 - 2012-04-03 16:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-12-22 10:15 - 2012-11-09 22:34 - 00000000 ____D C:\Program Files\Mozilla Firefox

2012-12-22 09:55 - 2012-10-02 18:50 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-12-22 09:29 - 2012-11-22 07:07 - 00014608 ____A C:\Windows\PFRO.log

2012-12-19 05:10 - 2012-04-03 16:34 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-12-19 05:10 - 2011-08-21 03:10 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-12-17 19:43 - 2012-12-10 10:11 - 00000094 ____A C:\Users\panji\Desktop\cheat.txt

2012-12-16 08:04 - 2012-08-26 08:38 - 00000000 ____D C:\Users\panji\AppData\Local\Pokki

2012-12-13 23:36 - 2011-08-19 03:48 - 00782154 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-12 08:12 - 2012-12-12 08:11 - 00000000 ____D C:\Users\panji\Desktop\Hunter X Hunter Manga

2012-12-11 12:15 - 2012-06-27 22:30 - 00000000 ____D C:\Users\panji\Downloads\Compressed

2012-12-11 00:41 - 2012-07-06 11:25 - 00000000 ____D C:\Users\All Users\Yahoo! Companion

2012-12-10 03:14 - 2011-08-25 08:26 - 00000000 ____D C:\Program Files\Internet Download Manager

2012-12-09 20:34 - 2012-06-27 22:30 - 00000000 ____D C:\Users\panji\AppData\Roaming\IDM

2012-12-08 12:00 - 2012-05-22 09:15 - 00000370 ____A C:\Windows\Tasks\RegAce Scheduled Scan - Asus.job

2012-12-07 07:44 - 2012-12-07 07:44 - 00001096 ____A C:\tmsgr_s0.bmp

2012-12-07 07:44 - 2012-12-07 07:44 - 00001028 ____A C:\tmsgr_s1.bmp

2012-12-07 07:44 - 2012-12-07 07:44 - 00001028 ____A C:\msgr_on.bmp

2012-12-07 07:44 - 2012-12-07 07:44 - 00000380 ____A C:\edu.bmp

2012-12-07 07:44 - 2012-12-07 07:44 - 00000304 ____A C:\dir.bmp

2012-12-07 07:44 - 2012-12-07 07:44 - 00000000 ____D C:\w

2012-12-07 07:44 - 2012-12-07 07:44 - 00000000 ____D C:\visi

2012-12-07 07:44 - 2012-12-07 07:44 - 00000000 ____D C:\skins

2012-12-07 07:44 - 2012-12-07 07:44 - 00000000 ____D C:\e

2012-12-05 17:07 - 2012-10-13 06:00 - 00000000 ____D C:\Lyrics

2012-12-05 17:07 - 2012-10-13 05:58 - 00000000 ____D C:\Program Files\Minilyrics

2012-12-01 17:40 - 2012-12-01 17:40 - 00000997 ____A C:\Users\Public\Desktop\Mobile Partner.lnk

2012-12-01 17:40 - 2012-11-21 07:01 - 00000000 ____D C:\Program Files\Mobile Partner

2012-12-01 17:39 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore

2012-11-28 22:20 - 2012-04-30 10:13 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Skype

2012-11-27 20:21 - 2012-10-23 01:00 - 00000000 ____D C:\Program Files\Cain

2012-11-25 22:29 - 2011-08-19 04:57 - 00000000 ____D C:\Users\All Users\Adobe

ZeroAccess:

C:\Users\Asus\AppData\Local\a9b0d7a9

C:\Users\Asus\AppData\Local\a9b0d7a9\@

C:\Users\Asus\AppData\Local\a9b0d7a9\U

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 20%

Total physical RAM: 2038.12 MB

Available physical RAM: 1621.12 MB

Total Pagefile: 2038.12 MB

Available Pagefile: 1619.07 MB

Total Virtual: 2047.88 MB

Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:44.09 GB) (Free:6.31 GB) NTFS

2 Drive e: () (Fixed) (Total:126.95 GB) (Free:115.73 GB) NTFS

3 Drive f: () (Fixed) (Total:126.95 GB) (Free:58.73 GB) NTFS

4 Drive g: (MINTORO) (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 480 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 44 GB 101 MB

Partition 3 Primary 126 GB 44 GB

Partition 4 Primary 126 GB 171 GB

=========================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 44 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 E NTFS Partition 126 GB Healthy

=========================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F NTFS Partition 126 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 479 MB 16 KB

=========================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G MINTORO FAT Removable 479 MB Healthy

=========================================================

Last Boot: 2012-12-07 08:52

==================== End Of Log ============================

and this is for the search.txt

Farbar Recovery Scan Tool (x86) Version: 23-12-2012 01

Ran by SYSTEM at 2012-12-24 09:19:40

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\ERDNT\cache\services.exe

[2011-12-07 06:12] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Great!

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.