Jump to content

goodbar

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. goodbar
    Hello - I have this Homeland Security / FBI Moneypak virus and it won't let me boot to safe mode. I saw on other forums that you requested a Farbar log, so I was able to follow those steps and supply the below log. Are you able to help me clean up this computer? Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013Ran by SYSTEM on MINWINPC on 24-09-2013 20:03:35Running from D:\Windows Vista Home Premium (X86) OS Language: English(US)Internet Explorer Version 9Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)HKLM\...\Run: [RegWork] - C:\Program Files\RegWork\RegWork.exeHKLM\...\Run: [] - [x]HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNzQ1ODYyNzA3LVQxNi1LVjMrNy1CQSsxLVhMKzEtRlA5KzYtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsyLUxJQys3LUZMMTArMS1TUDErMS1UVUcrMy1TUDFTMisxLVNVRCsxLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1809"&"mid=edb25a48c3b0ad4250e3220dfcf3eb28-e9f8851e23746e64914e03e9f46496ac9f613789HKU\Cynthia\...\Run: [Facebook Update] - C:\Users\Cynthia\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2012-07-11] (Facebook Inc.)HKU\Cynthia\...\Run: [GarminExpressTrayApp] - C:\Program Files\Garmin\Express Tray\ExpressTray.exe [ 2013-03-27] (Garmin Ltd or its subsidiaries)HKU\Cynthia\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation)HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-01-22] (TOSHIBA)HKU\Default\...\Run: [EasyLinkAdvisor] - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [ 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-01-22] (TOSHIBA)HKU\Default User\...\Run: [EasyLinkAdvisor] - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [ 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)HKU\Guest\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-01-22] (TOSHIBA)HKU\Guest\...\Run: [EasyLinkAdvisor] - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [ 2007-03-15] (Linksys, a Division of Cisco Systems, Inc.)HKU\Guest\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)HKU\Guest\...\Run: [MyWebSearch Email Plugin] - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeHKU\Guest\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation)HKU\Guest\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"HKU\Guest\...\RunOnce: [AVG Security Toolbar_updatecleanup] - "C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe" /CLEANUPHKU\Guest\...\RunOnce: [spchecker] - "C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe"Startup: C:\Users\Cynthia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4vrj4wld.lnkShortcutTarget: 4vrj4wld.lnk -> C:\PROGRA~2\dlw4jrv4.plz () ========================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)S4 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()S4 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()S4 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [77824 2007-06-15] (TOSHIBA Corporation)S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)S2 Winmgmt; C:\PROGRA~2\dlw4jrv4.plz [155648 2013-09-24] () ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-30] (AVAST Software)S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-30] (AVAST Software)S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35928 2012-10-30] (AVAST Software)S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-30] (AVAST Software)S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-30] (AVAST Software)S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-30] (AVAST Software)S1 BRCMDECO; C:\Windows\System32\DRIVERS\BRCMHD32.sys [70528 2007-07-13] (Broadcom Corporation)S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)S2 elagopro; C:\Windows\System32\DRIVERS\elagopro.sys [28672 2007-03-22] (Gteko Ltd.)S2 elaunidr; C:\Windows\System32\DRIVERS\elaunidr.sys [5376 2007-03-22] (Gteko Ltd.)S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)S2 MCSTRM; C:\Windows\System32\Drivers\MCSTRM.sys [8413 2008-05-07] (RealNetworks, Inc.)S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]S3 Tosrfcom; No ImagePathS3 TpChoice; system32\DRIVERS\TpChoice.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-24 20:03 - 2013-09-24 20:03 - 00000000 ____D C:\FRST2013-09-24 03:53 - 2013-09-24 03:53 - 00143280 _____ C:\Windows\Minidump\Mini092413-01.dmp2013-09-24 03:03 - 2013-09-24 03:03 - 00016181 ____T C:\ProgramData\va3.exe2013-09-24 02:55 - 2013-09-24 16:50 - 00000000 _____ C:\ProgramData\4vrj4wld.ctrl2013-09-24 02:55 - 2013-09-24 15:34 - 95025368 ____T C:\ProgramData\4vrj4wld.pff2013-09-24 02:55 - 2013-09-24 02:55 - 00155648 _____ C:\ProgramData\dlw4jrv4.plz2013-09-14 16:06 - 2013-07-31 02:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-09-14 16:06 - 2013-07-31 02:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-09-14 16:06 - 2013-07-31 02:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-09-14 16:06 - 2013-07-31 01:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-09-14 16:06 - 2013-07-31 01:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-09-14 16:06 - 2013-07-31 01:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-09-14 16:06 - 2013-07-31 01:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll2013-09-14 16:06 - 2013-07-31 01:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-09-14 16:06 - 2013-07-31 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-09-14 16:06 - 2013-07-31 01:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-09-14 16:06 - 2013-07-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-09-14 16:06 - 2013-07-31 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-09-14 16:06 - 2013-07-31 01:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-09-14 16:06 - 2013-07-31 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-09-14 16:06 - 2013-07-31 01:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-09-14 16:06 - 2013-07-31 01:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-09-12 02:10 - 2013-08-07 17:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-09-12 02:10 - 2013-07-15 20:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\themeui.dll2013-08-29 09:18 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL ==================== One Month Modified Files and Folders ======= 2013-09-24 20:03 - 2013-09-24 20:03 - 00000000 ____D C:\FRST2013-09-24 16:58 - 2007-12-27 10:40 - 01336161 _____ C:\Windows\WindowsUpdate.log2013-09-24 16:58 - 2006-11-02 04:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-09-24 16:58 - 2006-11-02 04:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-09-24 16:50 - 2013-09-24 02:55 - 00000000 _____ C:\ProgramData\4vrj4wld.ctrl2013-09-24 15:34 - 2013-09-24 02:55 - 95025368 ____T C:\ProgramData\4vrj4wld.pff2013-09-24 03:53 - 2013-09-24 03:53 - 00143280 _____ C:\Windows\Minidump\Mini092413-01.dmp2013-09-24 03:53 - 2011-10-04 11:39 - 00000000 ____D C:\Windows\Minidump2013-09-24 03:53 - 2011-10-04 11:38 - 277138536 _____ C:\Windows\MEMORY.DMP2013-09-24 03:03 - 2013-09-24 03:03 - 00016181 ____T C:\ProgramData\va3.exe2013-09-24 02:55 - 2013-09-24 02:55 - 00155648 _____ C:\ProgramData\dlw4jrv4.plz2013-09-20 22:05 - 2012-07-13 07:14 - 00001982 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-09-20 09:01 - 2012-05-07 10:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2013-09-20 09:01 - 2011-05-14 16:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2013-09-14 20:21 - 2006-11-02 04:47 - 00403592 _____ C:\Windows\System32\FNTCACHE.DAT2013-09-14 16:09 - 2007-12-27 10:50 - 00000000 ____D C:\ProgramData\Microsoft Help2013-09-14 16:01 - 2013-08-16 08:39 - 00000000 ____D C:\Windows\System32\MRT2013-09-14 15:57 - 2006-11-02 02:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe2013-09-14 15:54 - 2012-11-29 08:05 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-08-30 06:53 - 2012-04-21 08:53 - 00000000 ____D C:\Users\Cynthia\Documents\My Scans Files to move or delete:====================C:\Users\Cynthia\AppData\Roaming\desktop.iniC:\ProgramData\4vrj4wld.ctrlC:\ProgramData\4vrj4wld.pffC:\ProgramData\dlw4jrv4.plzC:\ProgramData\PKP_DLdu.DATC:\ProgramData\PKP_DLes.DATC:\ProgramData\PKP_DLet.DATC:\ProgramData\PKP_DLev.DATC:\ProgramData\va3.exe Some content of TEMP:====================C:\Users\Cynthia\AppData\Local\Temp\0.5863474924875889.exeC:\Users\Cynthia\AppData\Local\Temp\0.7481529780457172.exeC:\Users\Cynthia\AppData\Local\Temp\lignpyhpojttaxdrcet.exeC:\Users\Cynthia\AppData\Local\Temp\nscF983.tmp.tbWise.dllC:\Users\Cynthia\AppData\Local\Temp\nswDDA9.tmp.tbWise.dllC:\Users\Cynthia\AppData\Local\Temp\setup.exeC:\Users\Cynthia\AppData\Local\Temp\SkypeSetup.exeC:\Users\Cynthia\AppData\Local\Temp\tmp31A7.exeC:\Users\Cynthia\AppData\Local\Temp\tmp88C7.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-09-09 23:02:52Restore point made on: 2013-09-10 21:00:38Restore point made on: 2013-09-11 21:00:28Restore point made on: 2013-09-12 21:00:35Restore point made on: 2013-09-13 21:46:16Restore point made on: 2013-09-14 15:56:53Restore point made on: 2013-09-15 21:00:29Restore point made on: 2013-09-16 21:00:31Restore point made on: 2013-09-17 21:00:31Restore point made on: 2013-09-18 21:00:36Restore point made on: 2013-09-19 21:00:36Restore point made on: 2013-09-19 22:56:20Restore point made on: 2013-09-20 21:00:36Restore point made on: 2013-09-21 21:00:31Restore point made on: 2013-09-22 21:00:28Restore point made on: 2013-09-23 21:00:33Restore point made on: 2013-09-23 22:56:14 ==================== Memory info =========================== Percentage of memory in use: 19%Total physical RAM: 2037.81 MBAvailable physical RAM: 1649.03 MBTotal Pagefile: 1866.29 MBAvailable Pagefile: 1720.3 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1975.72 MB ==================== Drives ================================ Drive c: (SQ008691V02) (Fixed) (Total:184.84 GB) (Free:110.91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (Sep 24 2013) (CDROM) (Total:0.69 GB) (Free:0.66 GB) UDFDrive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFSDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186 GB) (Disk ID: E7A78905)Partition 1: (Not Active) - (Size=1 GB) - (Type=27)Partition 2: (Active) - (Size=185 GB) - (Type=07 NTFS) LastRegBack: 2013-09-24 16:57 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.