Jump to content


Photo
- - - - -

FBI MoneyPac virus

fbi warning

  • This topic is locked This topic is locked
11 replies to this topic

#1 404lebowski

404lebowski

    New Member

  • Members
  • Pip
  • 7 posts

Posted 12 May 2013 - 05:16 PM

Hello, my computer has become infected with the FBI Warning virus.

I can't boot to safe mode with networking - it goes back to the warning screen.

I've seen lots of HiJack This help on here. Hoping someone can help me as well.

Thanks in advance!

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 May 2013 - 05:23 PM

Welcome to the forum, here's how we deal with that malware:

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 404lebowski

404lebowski

    New Member

  • Members
  • Pip
  • 7 posts

Posted 12 May 2013 - 05:26 PM

Thank You sir! I'm working on it right now

#4 404lebowski

404lebowski

    New Member

  • Members
  • Pip
  • 7 posts

Posted 12 May 2013 - 05:35 PM

Here it is. Hope this makes sense to you.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01
Ran by SYSTEM on 12-05-2013 18:30:12
Running from G:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [869736 2010-01-06] (Lenovo Group Limited)
HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69568 2009-12-21] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [515888 2013-02-28] (McAfee, Inc.)
HKLM\...\Run: [ScrewDrivers RDP Plugin] C:\Program Files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [45384 2011-04-28] ()
HKLM\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [515888 2013-02-28] (McAfee, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM\...\Winlogon: [System]
HKU\Wes\...\Run: [] c:\users\wes\ctfmon.exe [ 2013-05-12] ()
HKU\Wes\...\Winlogon: [Shell] explorer.exe,C:\Users\Wes\AppData\Roaming\skype.dat <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

========================== Services (Whitelisted) =================

S2 CLDTVHNService; C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
S4 LENOVO.CAMMUTE; C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe [54632 2009-11-09] (Lenovo Group Limited)
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [44984 2009-11-17] (Lenovo Group Limited)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [287752 2013-03-01] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
S2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-04-06] (Memeo)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [632344 2012-10-06] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [168880 2012-12-26] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [171976 2012-12-26] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
S2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo)
S3 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [1659624 2011-02-04] (RealVNC Ltd)
S2 RoxLiveShare10; "c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5073920 2009-08-24] (ATI Technologies Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-12-26] (McAfee, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147472 2012-05-28] (McAfee, Inc.)
S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [5946368 2009-09-22] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [132976 2012-12-26] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [234824 2012-12-26] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65488 2012-12-26] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [362640 2012-12-26] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565416 2012-12-26] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [252200 2012-11-01] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81456 2012-11-01] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210168 2012-12-26] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
S3 NetDirect; C:\Windows\System32\DRIVERS\NetDirect.sys [24576 2007-08-19] (The OpenVPN Project)
S2 ntk_dtv; C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [119792 2009-09-17] (Cyberlink Corp.)
S3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2011-02-04] (RealVNC Ltd.)
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [x]
S3 NT_NvcA; system32\DRIVERS\ntnvca.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-12 18:29 - 2013-05-12 18:29 - 00000000 ____D C:\FRST
2013-05-12 13:43 - 2013-05-12 13:44 - 00000004 ____A C:\Users\Wes\AppData\Roaming\skype.ini
2013-05-12 13:29 - 2013-05-12 13:29 - 00139264 ____A (EA Swiss-Digital LLC) C:\Users\Wes\icq.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00103301 ____A C:\Users\Wes\ctfmon.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00034181 ____A C:\Users\Wes\teamviewer.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00034181 ____A C:\Users\Wes\conhost.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\winlogon.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\vlcplayer.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\spoolsv.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\jucheck.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\flashplayer.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\chrome.exe
2013-05-05 07:55 - 2013-05-05 07:55 - 02373122 ____A C:\Users\Public\Documents\Stupid Conversation with Sam - trolling.pptx
2013-05-02 12:53 - 2013-05-02 12:53 - 00100352 ____A C:\Users\Wes\Downloads\tap_drill.xls
2013-05-02 12:53 - 2013-05-02 12:53 - 00025600 ____A C:\Users\Wes\Downloads\locknut threads.xls
2013-04-23 15:25 - 2013-04-12 05:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-18 17:07 - 2013-04-18 17:07 - 00134514 ____A C:\Users\Wes\Downloads\image(3).jpeg
2013-04-18 17:07 - 2013-04-18 17:07 - 00084691 ____A C:\Users\Wes\Downloads\image(5).jpeg
2013-04-18 17:07 - 2013-04-18 17:07 - 00080375 ____A C:\Users\Wes\Downloads\image(4).jpeg
2013-04-16 14:06 - 2013-04-16 14:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf

==================== One Month Modified Files and Folders ========

2013-05-12 18:29 - 2013-05-12 18:29 - 00000000 ____D C:\FRST
2013-05-12 13:44 - 2013-05-12 13:43 - 00000004 ____A C:\Users\Wes\AppData\Roaming\skype.ini
2013-05-12 13:43 - 2010-12-24 18:41 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-12 13:43 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-12 13:43 - 2009-07-13 20:39 - 00161457 ____A C:\Windows\setupact.log
2013-05-12 13:29 - 2013-05-12 13:29 - 00139264 ____A (EA Swiss-Digital LLC) C:\Users\Wes\icq.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00103301 ____A C:\Users\Wes\ctfmon.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00034181 ____A C:\Users\Wes\teamviewer.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00034181 ____A C:\Users\Wes\conhost.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\winlogon.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\vlcplayer.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\spoolsv.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\jucheck.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\flashplayer.exe
2013-05-12 13:29 - 2013-05-12 13:29 - 00000000 ____A C:\Users\Wes\chrome.exe
2013-05-12 13:29 - 2010-02-10 11:58 - 00000000 ____D C:\users\Wes
2013-05-12 12:51 - 2010-12-24 18:41 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-12 12:34 - 2012-04-09 16:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-12 09:53 - 2010-07-14 18:13 - 00001854 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-05-12 07:12 - 2010-02-10 14:28 - 01324028 ____A C:\Windows\WindowsUpdate.log
2013-05-10 08:48 - 2009-07-13 20:34 - 00013456 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-10 08:48 - 2009-07-13 20:34 - 00013456 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-06 04:14 - 2012-04-09 16:39 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-06 04:14 - 2011-05-22 16:10 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-06 04:13 - 2010-02-10 12:38 - 00000000 ____D C:\ProgramData\Adobe
2013-05-06 04:10 - 2010-02-10 12:14 - 00132640 ____A C:\Windows\PFRO.log
2013-05-05 07:55 - 2013-05-05 07:55 - 02373122 ____A C:\Users\Public\Documents\Stupid Conversation with Sam - trolling.pptx
2013-05-02 12:53 - 2013-05-02 12:53 - 00100352 ____A C:\Users\Wes\Downloads\tap_drill.xls
2013-05-02 12:53 - 2013-05-02 12:53 - 00025600 ____A C:\Users\Wes\Downloads\locknut threads.xls
2013-04-30 03:46 - 2010-07-14 18:11 - 00000000 ____D C:\Program Files\McAfee
2013-04-23 23:18 - 2012-05-19 11:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-04-18 17:07 - 2013-04-18 17:07 - 00134514 ____A C:\Users\Wes\Downloads\image(3).jpeg
2013-04-18 17:07 - 2013-04-18 17:07 - 00084691 ____A C:\Users\Wes\Downloads\image(5).jpeg
2013-04-18 17:07 - 2013-04-18 17:07 - 00080375 ____A C:\Users\Wes\Downloads\image(4).jpeg
2013-04-17 03:48 - 2013-04-11 12:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-16 14:06 - 2013-04-16 14:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2013-04-16 13:50 - 2010-02-10 11:55 - 00731366 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-12 05:45 - 2013-04-23 15:25 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

Other Malware:
===========
C:\Users\Wes\chrome.exe
C:\Users\Wes\conhost.exe
C:\Users\Wes\ctfmon.exe
C:\Users\Wes\flashplayer.exe
C:\Users\Wes\GoToAssistDownloadHelper.exe
C:\Users\Wes\icq.exe
C:\Users\Wes\jucheck.exe
C:\Users\Wes\spoolsv.exe
C:\Users\Wes\teamviewer.exe
C:\Users\Wes\vlcplayer.exe
C:\Users\Wes\winlogon.exe
C:\Users\Wes\AppData\Roaming\skype.dat
C:\Users\Wes\AppData\Roaming\skype.ini
C:\Users\Wes\Application Data\skype.dat
C:\Users\Wes\Application Data\skype.ini
C:\ProgramData\ezsidmv.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-14 00:01:28
Restore point made on: 2013-02-21 18:51:22
Restore point made on: 2013-03-02 14:34:28
Restore point made on: 2013-03-09 19:05:23
Restore point made on: 2013-03-12 23:01:13
Restore point made on: 2013-03-20 16:28:46
Restore point made on: 2013-03-25 23:00:35
Restore point made on: 2013-04-03 04:31:14
Restore point made on: 2013-04-09 23:00:58
Restore point made on: 2013-04-17 04:57:12
Restore point made on: 2013-04-23 23:00:27
Restore point made on: 2013-05-02 09:34:05
Restore point made on: 2013-05-10 14:28:47

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 2968.01 MB
Available physical RAM: 2454.89 MB
Total Pagefile: 2966.29 MB
Available Pagefile: 2453.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Drives ================================

Drive c: (SW_Preload) (Fixed) (Total:137.82 GB) (Free:12.57 GB) NTFS
Drive e: (Lenovo) (Fixed) (Total:9.77 GB) (Free:3.42 GB) NTFS
Drive g: (USB20FD) (Removable) (Total:60.94 GB) (Free:55.39 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 62928F40)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=138 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 61 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=61 GB) - (Type=0C)


Last Boot: 2013-05-03 20:07

==================== End Of Log ============================

#5 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 May 2013 - 06:22 PM

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#6 404lebowski

404lebowski

    New Member

  • Members
  • Pip
  • 7 posts

Posted 12 May 2013 - 06:43 PM

working on it now

#7 404lebowski

404lebowski

    New Member

  • Members
  • Pip
  • 7 posts

Posted 12 May 2013 - 06:48 PM

Looks like it is booting normally so far!!!

Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01
Ran by SYSTEM at 2013-05-12 19:43:59 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

HKEY_USERS\Wes\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Wes\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Wes\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Wes\icq.exe => Moved successfully.
C:\Users\Wes\ctfmon.exe => Moved successfully.
C:\Users\Wes\teamviewer.exe => Moved successfully.
C:\Users\Wes\conhost.exe => Moved successfully.
C:\Users\Wes\winlogon.exe => Moved successfully.
C:\Users\Wes\vlcplayer.exe => Moved successfully.
C:\Users\Wes\spoolsv.exe => Moved successfully.
C:\Users\Wes\jucheck.exe => Moved successfully.
C:\Users\Wes\flashplayer.exe => Moved successfully.
C:\Users\Wes\chrome.exe => Moved successfully.
C:\Users\Wes\GoToAssistDownloadHelper.exe => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.

==== End of Fixlog ====

#8 404lebowski

404lebowski

    New Member

  • Members
  • Pip
  • 7 posts

Posted 12 May 2013 - 06:49 PM

I'm updating Malwarebytes now and running a scan

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 May 2013 - 07:11 PM

OK...Good, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 404lebowski

404lebowski

    New Member

  • Members
  • Pip
  • 7 posts

Posted 14 May 2013 - 05:55 AM

Thank you so much, MrC!

#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 May 2013 - 05:58 AM

If you're all set.......

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 16 May 2013 - 07:22 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users