Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help With Trojan Horse Patched_C.LZI [Solved]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello gbrbob,

Open notepad.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L\00000004.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L\201d3dde
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\00000004.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\00000008.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\000000cb.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000000.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000032.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000064.@
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\@
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

This Registry file is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • 0

Advertisements


#17
gbrbob

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2012
Ran by SYSTEM at 2012-09-07 19:29:29 Run:1
Running from D:\

==============================================

Could not find C:\Windows\System32\services.exe.
Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087} moved successfully.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\@ not found.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L not found.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U not found.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L\00000004.@ not found.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L\201d3dde not found.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\00000004.@ not found.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\00000008.@ not found.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\000000cb.@ not found.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000000.@ not found.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000032.@ not found.
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000064.@ not found.
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087} moved successfully.
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\@ not found.
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L not found.
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====
  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Boot to System Recovery Options and run FRST, as we've done previously.

Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
  • 0

#19
gbrbob

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Farbar Recovery Scan Tool (x64) Version: 05-09-2012
Ran by SYSTEM at 2012-09-07 19:41:13
Running from D:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-12-03 15:55] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-12-03 15:55] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2009-12-03 15:55] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

====== End Of Search ======
  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
let's see of this will work:

Open notepad.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe

This Registry file is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
  • 0

#21
gbrbob

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2012
Ran by SYSTEM at 2012-09-07 20:13:31 Run:2
Running from D:\

==============================================

Could not find C:\Windows\System32\services.exe.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Have you tried a normal boot after removing the flash drive?

If not, give it a go and come back and tell me if we can move on with a working computer.
  • 0

#23
gbrbob

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Nope it still goes to a bsod. I've attached a pic of it.
  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay, let's have another look.

Using the instructions at post #14 re-run Farbars Recovery Scan Tool and post what it finds.
  • 0

#25
gbrbob

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012
Ran by SYSTEM at 07-09-2012 20:38:10
Running from D:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [272896 2008-09-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3863040 2008-11-20] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [2037328 2008-08-20] (Dell Inc.)
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462336 2008-12-14] (IDT, Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-06-08] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [446635 2008-06-03] (Creative Technology Ltd.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe [2042208 2011-10-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [28738 2001-08-16] (Microsoft® Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Rick\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-01-21] (Google Inc.)
HKU\Rick\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Rick\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Rick\...\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized [26192168 2010-05-13] (Skype Technologies S.A.)
HKU\Rick\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\RunOnce: [OTL] "C:\Users\Rick\Desktop\OTL.exe" [598528 2012-08-29] (OldTimer Tools)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
AppInit_DLLs: avgrssta.dll
IMEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rick\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rick\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

==================== Services ====================

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [88576 2008-12-14] (Andrea Electronics Corporation)
2 avg8emc; C:\PROGRA~2\AVG\AVG8\avgemc.exe [908056 2009-08-29] (AVG Technologies CZ, s.r.o.)
2 avg8wd; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [297752 2009-08-29] (AVG Technologies CZ, s.r.o.)
2 gupdate1c9a572192110f0; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-03-15] (Google Inc.)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-05] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-05] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2012-06-08] (LogMeIn, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe [281600 2008-12-14] (IDT, Inc.)
2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe [2930688 2008-11-20] (Dell Inc.)
2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [x]

==================== Drivers =================================

1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [427016 2009-08-29] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [33416 2009-08-29] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [133640 2009-05-06] (AVG Technologies CZ, s.r.o.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2012-06-08] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2012-06-08] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2012-06-08] (LogMeIn, Inc.)
3 OA009Ufd; C:\Windows\System32\Drivers\OA009Ufd.sys [168864 2008-09-03] (Creative Technology Ltd.)
3 OA009Vid; C:\Windows\System32\Drivers\OA009Vid.sys [307456 2008-09-03] (Creative Technology Ltd.)
0 PxHelp20; C:\Windows\SysWow64\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
4 LMIRfsClientNP; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-07 06:27 - 2012-09-07 06:27 - 00001532 ____A C:\Windows\PFRO.log
2012-09-01 02:56 - 2012-09-01 02:56 - 00000000 ____D C:\ComboFix
2012-08-31 15:29 - 2012-08-31 15:29 - 00002096 ____A C:\Users\Rick\Desktop\aswMBR.txt
2012-08-31 15:29 - 2012-08-31 15:29 - 00000512 ____A C:\Users\Rick\Desktop\MBR.dat
2012-08-31 14:31 - 2012-08-31 14:31 - 00000000 ____D C:\users\LogMeInRemoteUser.Rick-PC
2012-08-31 14:31 - 2011-01-29 13:19 - 00000000 ____D C:\Users\LogMeInRemoteUser.Rick-PC\AppData\Roaming\Mozilla
2012-08-31 14:23 - 2012-08-31 14:24 - 00000000 ____D C:\Users\Rick\AppData\Local\{0E8EFDA9-DFDC-479B-B2C1-BDD88F5CAEEC}
2012-08-30 16:21 - 2012-08-30 16:21 - 00000000 ____D C:\Users\Rick\AppData\Local\{338B037F-01A0-4AF2-B94D-4BBA156EBD39}
2012-08-30 15:26 - 2012-08-30 15:26 - 00000000 ____D C:\_OTL
2012-08-30 12:43 - 2012-08-30 12:43 - 00000000 ____D C:\Users\Rick\AppData\Local\{506D863F-68E4-4206-ACD1-CF01112837D9}
2012-08-29 17:12 - 2012-08-29 17:12 - 00044724 ____A C:\Users\Rick\Desktop\Extras.Txt
2012-08-29 17:10 - 2012-08-30 15:22 - 00084566 ____A C:\Users\Rick\Desktop\OTL.Txt
2012-08-29 16:57 - 2012-08-29 16:57 - 00598528 ____A (OldTimer Tools) C:\Users\Rick\Desktop\OTL.exe
2012-08-29 16:15 - 2012-09-07 10:41 - 00000000 ___SD C:\32788R22FWJFW
2012-08-29 16:15 - 2012-09-07 10:41 - 00000000 ____D C:\Windows\erdnt
2012-08-29 16:15 - 2012-09-07 10:41 - 00000000 ____D C:\Qoobox
2012-08-29 16:11 - 2012-08-29 16:12 - 04740381 ___RA (Swearware) C:\Users\Rick\Desktop\ComboFix.exe
2012-08-29 15:50 - 2012-08-29 15:50 - 00000020 __ASH C:\Users\LogMeInRemoteUser\ntuser.ini
2012-08-29 15:50 - 2011-01-29 13:19 - 00000000 ____D C:\Users\LogMeInRemoteUser\AppData\Roaming\Mozilla
2012-08-29 15:50 - 2009-12-08 19:35 - 00000000 ____D C:\Users\LogMeInRemoteUser\AppData\Roaming\Macromedia
2012-08-29 15:49 - 2012-09-07 10:41 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2012-08-29 15:49 - 2012-09-01 02:41 - 00000000 ____D C:\Users\All Users\LogMeIn
2012-08-29 15:49 - 2012-08-31 14:29 - 00001024 ____A C:\.rnd
2012-08-29 15:49 - 2012-08-29 15:49 - 00000000 ____D C:\Users\Rick\AppData\Local\LogMeIn
2012-08-29 15:49 - 2012-07-05 14:11 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-08-29 15:49 - 2012-07-05 14:10 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-08-29 15:49 - 2012-07-05 14:10 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-08-29 15:49 - 2012-06-08 08:06 - 00072216 ____A (LogMeIn, Inc.) C:\Windows\System32\Drivers\LMIRfsDriver.sys
2012-08-29 15:29 - 2012-08-29 15:30 - 00000000 ____D C:\Users\Rick\AppData\Local\{06407AD3-52D6-4795-AD4B-529B6C515579}
2012-08-21 02:49 - 2012-08-29 02:59 - 00000000 ____D C:\Users\Rick\AppData\Local\{AAFF3BD8-3794-4FA7-B9F5-CE58D54E4FC2}
2012-08-15 23:27 - 2012-08-19 01:40 - 00000000 ____D C:\Users\Rick\AppData\Local\{B4146E86-D208-439D-AD0F-F17B2CE10A2C}
2012-08-15 23:27 - 2012-08-15 23:28 - 00000000 ____D C:\Users\Rick\AppData\Local\{F8741D5E-B7E8-42D4-B2D8-925386D13C9F}
2012-08-15 23:04 - 2012-07-04 06:33 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 23:04 - 2012-06-27 20:10 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 23:04 - 2012-06-27 19:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 23:04 - 2012-06-27 19:28 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 23:04 - 2012-06-27 19:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 23:04 - 2012-06-27 19:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 23:04 - 2012-06-27 19:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 23:04 - 2012-06-27 19:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 23:04 - 2012-06-27 19:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 23:04 - 2012-06-27 19:16 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 23:04 - 2012-06-27 19:16 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 23:04 - 2012-06-27 19:14 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 23:04 - 2012-06-27 19:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 23:04 - 2012-06-27 19:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 23:04 - 2012-06-27 19:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 23:04 - 2012-06-27 16:50 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 23:04 - 2012-06-27 16:28 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 23:04 - 2012-06-27 16:27 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-15 23:04 - 2012-06-27 16:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-15 23:04 - 2012-06-27 16:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 23:04 - 2012-06-27 16:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 23:04 - 2012-06-27 16:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 23:04 - 2012-06-27 16:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 23:04 - 2012-06-27 16:12 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-15 23:04 - 2012-06-27 16:10 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 23:04 - 2012-06-27 16:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 23:04 - 2012-06-27 16:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 23:04 - 2012-06-27 16:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 23:04 - 2012-06-27 16:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 16:20 - 2012-06-29 08:20 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 16:20 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 16:20 - 2012-05-11 08:34 - 00788480 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 16:20 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll


==================== 3 Months Modified Files ================================

2012-09-07 16:18 - 2012-04-17 15:21 - 425923147 ____A C:\Windows\MEMORY.DMP
2012-09-07 10:42 - 2006-11-02 04:33 - 83623936 ____A C:\Windows\System32\config\software_previous
2012-09-07 10:42 - 2006-11-02 04:33 - 16515072 ____A C:\Windows\System32\config\system_previous
2012-09-07 10:28 - 2006-11-02 04:33 - 58458112 ____A C:\Windows\System32\config\components_previous
2012-09-07 10:28 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-09-07 06:27 - 2012-09-07 06:27 - 00001532 ____A C:\Windows\PFRO.log
2012-09-01 07:14 - 2006-11-02 04:33 - 04194304 ____A C:\Windows\System32\config\default_previous
2012-09-01 07:14 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-08-31 22:23 - 2009-01-20 18:14 - 01205725 ____A C:\Windows\WindowsUpdate.log
2012-08-31 15:29 - 2012-08-31 15:29 - 00002096 ____A C:\Users\Rick\Desktop\aswMBR.txt
2012-08-31 15:29 - 2012-08-31 15:29 - 00000512 ____A C:\Users\Rick\Desktop\MBR.dat
2012-08-31 14:29 - 2012-08-29 15:49 - 00001024 ____A C:\.rnd
2012-08-30 16:20 - 2009-06-14 05:18 - 00000680 ____A C:\Users\Rick\AppData\Local\d3d9caps.dat
2012-08-30 15:22 - 2012-08-29 17:10 - 00084566 ____A C:\Users\Rick\Desktop\OTL.Txt
2012-08-30 14:56 - 2012-05-02 16:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-30 14:40 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-30 14:40 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-30 14:30 - 2009-07-12 16:23 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-30 12:40 - 2009-07-12 16:23 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-30 12:40 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-29 20:45 - 2006-11-02 07:42 - 00032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-29 17:12 - 2012-08-29 17:12 - 00044724 ____A C:\Users\Rick\Desktop\Extras.Txt
2012-08-29 16:57 - 2012-08-29 16:57 - 00598528 ____A (OldTimer Tools) C:\Users\Rick\Desktop\OTL.exe
2012-08-29 16:12 - 2012-08-29 16:11 - 04740381 ___RA (Swearware) C:\Users\Rick\Desktop\ComboFix.exe
2012-08-29 15:50 - 2012-08-29 15:50 - 00000020 __ASH C:\Users\LogMeInRemoteUser\ntuser.ini
2012-08-29 15:29 - 2009-06-14 04:40 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-08-29 03:01 - 2009-04-17 14:56 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-18 13:43 - 2006-11-02 04:46 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-15 23:23 - 2006-11-02 07:21 - 00404352 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 23:00 - 2006-11-02 04:35 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-08-15 16:13 - 2012-05-02 16:31 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 16:13 - 2011-06-13 08:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-13 07:55 - 2009-03-01 11:39 - 00000398 ____A C:\Windows\Tasks\EasyShare Registration Task.job
2012-07-23 09:26 - 2009-02-18 18:32 - 00001600 ____A C:\Users\Rick\AppData\Roaming\wklnhst.dat
2012-07-05 14:11 - 2012-08-29 15:49 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-05 14:10 - 2012-08-29 15:49 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-05 14:10 - 2012-08-29 15:49 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-04 06:33 - 2012-08-15 23:04 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-29 08:20 - 2012-08-15 16:20 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-06-29 08:01 - 2012-08-15 16:20 - 00467968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-06-27 20:10 - 2012-08-15 23:04 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-27 19:39 - 2012-08-15 23:04 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-27 19:28 - 2012-08-15 23:04 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-27 19:22 - 2012-08-15 23:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-27 19:21 - 2012-08-15 23:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-27 19:20 - 2012-08-15 23:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-27 19:19 - 2012-08-15 23:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-27 19:17 - 2012-08-15 23:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-27 19:16 - 2012-08-15 23:04 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-27 19:16 - 2012-08-15 23:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-27 19:14 - 2012-08-15 23:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-27 19:13 - 2012-08-15 23:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-27 19:12 - 2012-08-15 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-27 19:08 - 2012-08-15 23:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-27 16:50 - 2012-08-15 23:04 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-27 16:28 - 2012-08-15 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-27 16:27 - 2012-08-15 23:04 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-27 16:19 - 2012-08-15 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-27 16:18 - 2012-08-15 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-27 16:18 - 2012-08-15 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-27 16:16 - 2012-08-15 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-27 16:13 - 2012-08-15 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-27 16:12 - 2012-08-15 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-27 16:10 - 2012-08-15 23:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-27 16:08 - 2012-08-15 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-27 16:08 - 2012-08-15 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-27 16:07 - 2012-08-15 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-27 16:04 - 2012-08-15 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-18 08:30 - 2012-06-18 08:09 - 05827983 ____A C:\Users\Rick\Documents\instructor guide.xps
2012-06-18 08:27 - 2012-06-18 08:26 - 05827983 ____A C:\Users\Rick\Documents\insturctor guide.xps
2012-06-18 05:36 - 2012-06-18 05:36 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-18 05:28 - 2012-06-18 05:28 - 00001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-18 05:26 - 2012-05-02 14:12 - 00001866 ____A C:\Users\Public\Desktop\Safari.lnk


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-06-22 13:16:00
Restore point made on: 2012-06-22 13:16:42
Restore point made on: 2012-06-22 13:17:46
Restore point made on: 2012-06-22 13:18:51
Restore point made on: 2012-06-24 07:09:08
Restore point made on: 2012-06-26 15:51:05
Restore point made on: 2012-07-02 18:32:27
Restore point made on: 2012-07-08 04:29:41
Restore point made on: 2012-07-11 06:19:57
Restore point made on: 2012-07-11 23:00:45
Restore point made on: 2012-07-15 12:27:02
Restore point made on: 2012-07-23 09:30:25
Restore point made on: 2012-07-23 09:38:30
Restore point made on: 2012-07-26 14:18:01
Restore point made on: 2012-07-26 14:19:21
Restore point made on: 2012-07-26 14:20:00
Restore point made on: 2012-07-30 13:11:28
Restore point made on: 2012-08-02 17:39:26
Restore point made on: 2012-08-04 05:25:18
Restore point made on: 2012-08-04 05:27:41
Restore point made on: 2012-08-09 18:00:12
Restore point made on: 2012-08-15 16:15:10
Restore point made on: 2012-08-15 23:00:31
Restore point made on: 2012-08-18 13:40:45
Restore point made on: 2012-08-29 15:48:51
Restore point made on: 2012-08-30 15:26:58
Restore point made on: 2012-08-31 14:28:55

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 4057.45 MB
Available physical RAM: 3627.53 MB
Total Pagefile: 3931.09 MB
Available Pagefile: 3601.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:190.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
8 Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.93 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1910 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 15 GB 40 MB
Partition 3 Primary 283 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1909 MB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D FAT32 Removable 1909 MB Healthy

==================================================================================

Last Boot: 2012-08-31 15:02

==================== End Of Log =============================
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm... that is still showing services.exe missing.

Let's try again:

Open notepad.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe C:\Windows\System32\services.exe

This Registry file is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • 0

#27
gbrbob

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2012
Ran by SYSTEM at 2012-09-07 20:50:49 Run:3
Running from D:\

==============================================

Could not find C:\Windows\System32\services.exe.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Have you tried a boot?
  • 0

#29
gbrbob

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I will. When it did restart it stopped at startup repair. I chose to start windows normally and it went to bsod.
  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Maybe that replacement text is not working.

Try this one.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

CMD: copy /y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe C:\Windows\System32\services.exe

This Registry file is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP