spizzkid

Thank you! I am able to boot normally now! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2013 Ran by SYSTEM at 2013-05-16 17:37:37 Run:1 Running from H:\ Boot Mode: Recovery ============================================== HKEY_USERS\Tootsie\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found. C:\Users\Tootsie\AppData\Roaming\i.ini => Moved successfully. C:\ProgramData\ezsidmv.dat => Moved successfully. C:\Users\Tootsie\Desktop\pckb.tmp => File/Directory not found. C:\ProgramData\nej => Moved successfully. ==== End of Fixlog ====

Sorry for the delay, I will respond ASAP next time here is the first log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013 Ran by SYSTEM on 15-05-2013 17:39:57 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10081312 2010-02-25] (Realtek Semiconductor) HKLM\...\Run: [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [770728 2011-01-23] () HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2011-01-23] () HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1573576 2012-12-10] (Ask) HKLM-x32\...\Run: [Lexmark Pro800-Pro900 Series] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" /s [316072 2009-10-01] () HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard) HKU\Tootsie\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-22] (Google Inc.) HKU\Tootsie\...\Run: [smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe [80016 2012-01-28] (Avanquest Software) HKU\Tootsie\...\Run: [GenieoUpdaterService] "C:\Users\Tootsie\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 [290144 2012-11-26] () HKU\Tootsie\...\Run: [GenieoSystemTray] "C:\Users\Tootsie\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [526688 2012-11-26] () HKU\Tootsie\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google) HKU\Tootsie\...\Run: [smart Driver Updater] C:\Program Files (x86)\Smart Driver Updater\SDULauncher.exe [338576 2012-09-20] (Avanquest Software) HKU\Tootsie\...\Winlogon: [shell] C:\Users\Tootsie\AppData\Roaming\i.ini,explorer.exe <==== ATTENTION Startup: C:\ProgramData\Start Menu\Programs\Startup\Google Calendar Sync.lnk ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.) ==================== Services (Whitelisted) ================= S2 LexPrintListener; C:\Program Files (x86)\Lexmark\LexPrint\lmablpml.dll [204800 2009-09-11] ( ) S2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [45736 2010-04-14] (Lexmark International, Inc.) S2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( ) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-02] (McAfee, Inc.) S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] ==================== Drivers (Whitelisted) ==================== S3 ACPIService; C:\Windows\System32\DRIVERS\OSDACPI.SYS [17992 2009-06-17] () S3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [15728 2011-04-14] (Windows ® Win 7 DDK provider) S3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [15728 2011-04-14] (Windows ® Win 7 DDK provider) S3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.) S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [67072 2009-07-13] (Microsoft Corporation) S3 NW1950; C:\Windows\System32\DRIVERS\NW1950.sys [25080 2009-09-16] () S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213120 2008-05-09] (Novatel Wireless Inc.) S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213120 2008-05-09] (Novatel Wireless Inc.) S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213120 2008-05-09] (Novatel Wireless Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited) S3 ViaUsbEtsDriver; C:\Windows\System32\drivers\ViaUsbEts.sys [21760 2008-05-29] (Via Telecom, Inc.) S3 ViaUsbModemDriver; C:\Windows\System32\drivers\ViaUsbModem.sys [28160 2008-06-15] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-15 17:34 - 2013-05-15 17:34 - 00000000 ____D C:\FRST 2013-05-15 02:01 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 02:01 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 02:01 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-15 02:01 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 02:01 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-15 02:01 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-15 02:01 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-15 02:01 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-15 02:01 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 02:01 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-15 02:01 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-15 02:01 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-14 15:44 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-14 15:44 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-14 15:44 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-14 15:44 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-14 15:44 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-14 15:44 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-14 15:44 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-14 15:44 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-14 15:44 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-14 15:44 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-14 15:44 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-14 15:44 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-14 15:42 - 2013-05-14 15:47 - 00000000 ____D C:\Users\Tootsie\Desktop\pacific slopes 2013-05-14 12:21 - 2013-05-14 12:21 - 00000000 ____D C:\ProgramData\nej 2013-05-14 12:19 - 2013-05-14 12:19 - 00156664 ____A (Hilgraeve, Inc.) C:\Users\Tootsie\Desktop\pckb.tmp 2013-04-23 14:49 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2013-05-15 17:34 - 2013-05-15 17:34 - 00000000 ____D C:\FRST 2013-05-15 16:20 - 2009-07-13 21:13 - 00805602 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-15 16:15 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-15 16:15 - 2009-07-13 20:51 - 00075266 ____A C:\Windows\setupact.log 2013-05-15 16:13 - 2012-10-10 19:20 - 00000000 ___SD C:\Users\Tootsie\Google Drive 2013-05-15 16:13 - 2011-01-30 12:56 - 00146695 ____A C:\ProgramData\lxecscan.log 2013-05-15 16:12 - 2010-02-02 13:44 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-15 16:11 - 2009-11-11 18:57 - 00527706 ____A C:\Windows\PFRO.log 2013-05-15 16:05 - 2012-04-30 04:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-15 16:05 - 2010-02-02 13:44 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-15 16:05 - 2009-11-11 19:00 - 01118925 ____A C:\Windows\WindowsUpdate.log 2013-05-15 02:38 - 2009-07-13 20:45 - 00015984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-15 02:38 - 2009-07-13 20:45 - 00015984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-15 02:31 - 2009-07-13 20:45 - 00422392 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 02:11 - 2009-11-11 19:28 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-15 02:06 - 2009-11-26 10:05 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-14 15:47 - 2013-05-14 15:42 - 00000000 ____D C:\Users\Tootsie\Desktop\pacific slopes 2013-05-14 12:45 - 2012-04-30 04:01 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-14 12:45 - 2011-06-02 06:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-14 12:21 - 2013-05-14 12:21 - 00000000 ____D C:\ProgramData\nej 2013-05-14 12:19 - 2013-05-14 12:19 - 00156664 ____A (Hilgraeve, Inc.) C:\Users\Tootsie\Desktop\pckb.tmp 2013-05-11 22:07 - 2011-10-29 07:07 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-05-11 22:07 - 2009-11-16 06:20 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-05-11 22:06 - 2009-11-16 06:19 - 00000000 ____D C:\Users\Tootsie\AppData\Roaming\HpUpdate 2013-05-11 22:06 - 2009-11-16 06:19 - 00000000 ____D C:\Users\Tootsie\AppData\Roaming\HP Support Assistant 2013-05-08 18:30 - 2011-01-30 13:41 - 01981481 ____A C:\ProgramData\lxecJSW.log 2013-05-08 18:30 - 2011-01-30 13:26 - 00000000 ____D C:\ProgramData\Lx_cats 2013-05-08 05:46 - 2010-03-31 15:32 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForTootsie.job 2013-05-05 14:05 - 2011-09-09 12:31 - 00000553 ____A C:\ProgramData\lxecDiagnostics.log 2013-05-02 01:06 - 2009-11-15 07:34 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-04-30 11:27 - 2009-11-17 05:51 - 00000552 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job 2013-04-17 08:34 - 2011-12-16 12:16 - 00000000 ____D C:\Program Files\Lexmark Pro800-Pro900 Series 2013-04-17 08:34 - 2011-12-03 07:37 - 00000000 ____D C:\Users\Tootsie\AppData\Roaming\Pro800-Pro900 Series Other Malware: =========== C:\Users\Tootsie\AppData\Roaming\i.ini C:\ProgramData\ezsidmv.dat ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-16 03:43:00 Restore point made on: 2013-04-20 09:38:00 Restore point made on: 2013-04-23 14:47:18 Restore point made on: 2013-04-24 02:00:59 Restore point made on: 2013-04-30 11:39:09 Restore point made on: 2013-05-07 12:50:52 Restore point made on: 2013-05-10 12:54:53 Restore point made on: 2013-05-14 15:40:12 Restore point made on: 2013-05-15 02:00:51 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3839.17 MB Available physical RAM: 3072.4 MB Total Pagefile: 3837.32 MB Available Pagefile: 3065.99 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:451.67 GB) (Free:135.34 GB) NTFS (Disk=0 Partition=2) Drive e: (FACTORY_IMAGE) (Fixed) (Total:13.99 GB) (Free:2.48 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)] Drive h: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.64 GB) FAT32 (Disk=2 Partition=1) Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=452 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=4 GB) - (Type=0C) Last Boot: 2013-05-14 06:25 ==================== End Of Log ============================

My moms computer is infected with the fbi money pack virus. Can somebody please help me remove this from her computer?