Jump to content

FBI Virus..no safe modes...please help

baldeagle79
 Share

Recommended Posts

baldeagle79

baldeagle79

Posted
Posted

read some other threads about this virus. downloaded and proceeded with Farbar search

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013

Ran by SYSTEM on 15-05-2013 19:11:44

Running from E:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [OSD CC] %ProgramFiles%\OSD\Launch_CC.exe [20480 2009-02-19] (Alienware Corporation)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-08-25] (IDT, Inc.)

HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [63304 2010-05-21] (Alienware Corporation)

HKLM\...\Run: [] [x]

HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [291360 2009-04-29] (NVIDIA Corporation)

HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1694016 2011-10-15] ()

HKLM\...\Run: [FG_Monitor] C:\PROGRAMS\FGUARD\FGKey64.exe /Start [143688 2009-01-30] (WinAbility® Software Corporation)

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [6330568 2013-03-21] (ESET)

HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$afe4b345aebc1cf6ffff527fce0e88d0\n. ATTENTION! ====> ZeroAccess

HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )

HKLM-x32\...\Run: [FAStartup] [x]

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKU\KC\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\KC\Documents\7fbc1c9a.exe [25088 2013-05-14] ()

HKU\KC\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION

Lsa: [Notification Packages] scecli FAPassSync

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - No File

==================== Services (Whitelisted) =================

S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)

S2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] ()

S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1341664 2013-03-21] (ESET)

S2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )

S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-01] ()

S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\STacSV64.exe [240640 2009-08-25] (IDT, Inc.)

S2 WinAbility Encryption Driver; C:\Program Files\WinAbility Encryption Driver.10.9.5.1309\WED64.EXE [170408 2010-09-15] (WinAbility® Software Corporation)

S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [3066368 2009-12-21] (Broadcom Corporation)

S2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [x]

==================== Drivers (Whitelisted) ====================

S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-08-15] (DT Soft Ltd)

S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)

S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)

S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)

S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)

S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)

S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [58416 2013-02-20] (ESET)

S2 FGUARD64; C:\PROGRAMS\FGUARD\FGUARD64.SYS [70224 2009-01-30] (WinAbility® Software Corporation)

S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto)

S1 HWiNFO32; C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [28032 2011-05-22] (REALiX)

S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [15160 2010-06-03] (Windows ® Codename Longhorn DDK provider)

S0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175136 2009-04-29] (NVIDIA Corporation)

S3 SaiK0CCB; C:\Windows\System32\DRIVERS\SaiK0CCB.sys [171016 2010-08-10] (Saitek)

S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)

S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek)

S3 SaiU0CCB; C:\Windows\System32\DRIVERS\SaiU0CCB.sys [41096 2010-04-22] (Saitek)

S2 WED1309; C:\Program Files\WinAbility Encryption Driver.10.9.5.1309\WEDx64.sys [136368 2010-09-15] (WinAbility® Software Corporation)

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-04-15] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-15 13:33 - 2013-05-15 13:34 - 00000000 ____D C:\FRST

2013-05-14 18:45 - 2013-05-14 18:45 - 00000000 ____D C:\Program Files\HitmanPro

2013-05-14 14:18 - 2013-05-14 14:18 - 00003618 ____A C:\Windows\System32\.crusader

2013-05-14 14:06 - 2013-05-14 14:18 - 00000000 ____D C:\ProgramData\HitmanPro

2013-05-14 13:01 - 2013-05-14 13:01 - 00405926 ____A C:\Users\KC\AppData\Local\2433f433

2013-05-14 13:01 - 2013-05-14 13:01 - 00405914 ____A C:\ProgramData\2433f433

2013-05-14 13:01 - 2013-05-14 13:01 - 00405893 ____A C:\Users\KC\AppData\Roaming\2433f433

2013-05-14 13:01 - 2013-05-14 13:01 - 00025088 ____A C:\Users\KC\Documents\7fbc1c9a.exe

2013-05-13 12:29 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-13 12:29 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-13 12:29 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-13 12:29 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-13 12:29 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-13 12:29 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-13 12:29 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-13 12:29 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-13 12:29 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-13 12:29 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-13 12:29 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-13 12:29 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-13 12:29 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-13 12:29 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-13 12:29 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-13 12:29 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-13 12:29 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-13 12:29 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-13 12:29 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-13 12:29 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-13 12:29 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-13 12:29 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-13 12:29 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-13 12:29 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-13 12:29 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-13 12:29 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-13 12:29 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-13 12:29 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-13 12:29 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-13 12:29 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-13 12:29 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-13 12:29 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-13 12:28 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-05-13 12:28 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-05-13 12:28 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-05-13 12:28 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-05-13 12:28 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-05-13 12:28 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-05-13 12:28 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-05-13 12:28 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-13 12:28 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys

2013-05-13 12:28 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

2013-05-12 01:45 - 2013-05-15 15:39 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4ef56e6bf530.job

2013-05-12 01:45 - 2013-05-14 18:50 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce4ef56f325270.job

==================== One Month Modified Files and Folders =======

2013-05-15 15:39 - 2013-05-12 01:45 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce4ef56e6bf530.job

2013-05-15 15:39 - 2012-09-26 09:20 - 00007434 ____A C:\Windows\setupact.log

2013-05-15 15:39 - 2012-02-26 22:53 - 00000000 ____D C:\ProgramData\NVIDIA

2013-05-15 15:39 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-15 15:36 - 2012-08-22 11:14 - 00000332 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job

2013-05-15 13:34 - 2013-05-15 13:33 - 00000000 ____D C:\FRST

2013-05-14 18:57 - 2012-09-26 09:23 - 01510943 ____A C:\Windows\WindowsUpdate.log

2013-05-14 18:52 - 2009-07-13 20:45 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-14 18:52 - 2009-07-13 20:45 - 00018928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-14 18:50 - 2013-05-12 01:45 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ce4ef56f325270.job

2013-05-14 18:47 - 2012-10-26 15:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-14 18:45 - 2013-05-14 18:45 - 00000000 ____D C:\Program Files\HitmanPro

2013-05-14 14:18 - 2013-05-14 14:18 - 00003618 ____A C:\Windows\System32\.crusader

2013-05-14 14:18 - 2013-05-14 14:06 - 00000000 ____D C:\ProgramData\HitmanPro

2013-05-14 13:03 - 2011-02-18 18:44 - 00000000 ____D C:\Program Files (x86)\BitTorrent

2013-05-14 13:02 - 2011-02-28 10:07 - 00000000 ____D C:\Users\KC\AppData\Roaming\SoftGrid Client

2013-05-14 13:01 - 2013-05-14 13:01 - 00405926 ____A C:\Users\KC\AppData\Local\2433f433

2013-05-14 13:01 - 2013-05-14 13:01 - 00405914 ____A C:\ProgramData\2433f433

2013-05-14 13:01 - 2013-05-14 13:01 - 00405893 ____A C:\Users\KC\AppData\Roaming\2433f433

2013-05-14 13:01 - 2013-05-14 13:01 - 00025088 ____A C:\Users\KC\Documents\7fbc1c9a.exe

2013-05-14 12:49 - 2012-09-26 22:34 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-14 12:49 - 2012-09-26 22:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-14 03:54 - 2011-02-06 20:13 - 00000000 ____D C:\Users\KC\AppData\Roaming\vlc

2013-05-13 18:51 - 2011-02-18 18:43 - 00000000 ____D C:\Users\KC\AppData\Roaming\BitTorrent

2013-05-13 12:43 - 2009-12-21 07:50 - 00000000 ____D C:\ProgramData\Adobe

2013-05-13 12:36 - 2009-07-13 20:45 - 00427152 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-13 12:30 - 2011-02-07 17:17 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-10 17:15 - 2013-03-11 15:50 - 00000000 ____D C:\Users\KC\Desktop\860OKMZO

2013-05-10 04:19 - 2013-04-12 19:05 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2013-05-10 04:19 - 2012-01-19 19:39 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2013-05-10 04:18 - 2012-01-19 19:38 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2013-05-01 23:06 - 2011-02-06 20:08 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-05-01 21:58 - 2013-05-01 21:58 - 00000214 ____A C:\Users\KC\Desktop\Dimensions.url

2013-05-01 21:58 - 2013-05-01 21:58 - 00000208 ____A C:\Users\KC\Desktop\Zombie Squad • View topic - AK SBR Project Yugo M92 PAP.url

2013-04-23 21:06 - 2012-07-29 12:40 - 00000000 ____D C:\Users\KC\AppData\Local\CrashDumps

2013-04-22 19:10 - 2013-04-22 19:10 - 00000160 ____A C:\Users\KC\Desktop\7.62x39, mm, tula, tulammo, 124, grain, fmj, full, metal, jacket, ulyanovsk, cartridge, works, ammo, ammunition, rifle, centerfire, 39, russian, 39, 762, 39, 762x39, ak, 814950010015, ULA076201, 2,396 fps,.url

Other Malware:

===========

C:\Users\KC\taskmgr.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 11%

Total physical RAM: 7934.35 MB

Available physical RAM: 6996.82 MB

Total Pagefile: 7932.5 MB

Available Pagefile: 7094.13 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.08 GB) (Free:55.18 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]

Drive e: () (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32 (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 196125A3)

Partition 1: (Active) - (Size=918 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=13 GB) - (Type=12)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=4 GB) - (Type=0B)

Last Boot: 2013-05-05 02:13

==================== End Of Log ============================

-----------------------------------------------------------------------------------------------------------

Farbar Recovery Scan Tool (x64) Version: 14-05-2013

Ran by SYSTEM at 2013-05-15 19:02:23

Running from E:\

Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\WINDOWS\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

thanks in advance for any help!

FRST.txt

Search.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

We have to run several scans to ensure you're clean:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept