Jump to content

BertArnett

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Everything posted by BertArnett

  1. BertArnett
    Worked great! My parents thank you After I got it back up ran Malewarebytes rootkit tool. Then I ran AVG again everything came up clean. For your request. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-06-2013 04 Ran by SYSTEM at 2013-06-12 22:08:44 Run:1 Running from F:\ Boot Mode: Recovery ============================================== HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKU\user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\user\AppData\Roaming\skype.dat => Moved successfully. C:\Users\user\AppData\Roaming\skype.ini => Moved successfully. C:\Users\user\Application Data\skype.dat => File/Directory not found. C:\Users\user\Application Data\skype.ini => File/Directory not found. C:\Windows\Tasks\SA.DAT => Moved successfully. C:\Users\user\AppData\Roaming\skype.ini => File/Directory not found. C:\Windows\Tasks\qoln.job => Moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully. ==== End of Fixlog ==== Once again thanks!
  2. BertArnett
    Hi my dads computer got the new FBI Ransom virus would like some help. It is the one that shuts down safe mode and also blocks resetting computer to a previous version. here are the logs you have asked from others with the same issue. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-06-2013 04 Ran by SYSTEM on 12-06-2013 20:39:12 Running from F:\ Windows 7 Professional (X86) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7739936 2009-09-11] (Realtek Semiconductor) HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [997320 2012-11-12] () HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] () HKLM\...\Run: [] [x] HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1644680 2013-02-08] (Ask) HKU\user\...\Winlogon: [shell] explorer.exe,C:\Users\user\AppData\Roaming\skype.dat <==== ATTENTION Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk ShortcutTarget: JL Alpine Advent Calendar.lnk -> C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe () BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart ========================== Services (Whitelisted) ================= S4 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated) S2 avgfws; C:\Program Files\AVG\AVG2012\avgfws.exe [2321520 2012-03-23] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) S4 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.) S4 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-29] (Malwarebytes Corporation) S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-29] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47968 2011-05-22] (AVG Technologies CZ, s.r.o.) S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. ) S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. ) S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.) S1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.) S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.) S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.) S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [26984 2012-11-12] (AVG Technologies) S4 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation) S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-12 20:38 - 2013-06-12 20:38 - 00000000 ____D C:\FRST 2013-06-12 14:00 - 2013-06-12 16:42 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini 2013-05-17 08:04 - 2013-05-17 08:04 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-05-16 06:16 - 2013-02-26 21:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-16 06:16 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-16 06:16 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-16 06:16 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-16 06:16 - 2013-02-26 20:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-16 00:04 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 00:04 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 00:04 - 2013-04-04 21:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-16 00:04 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 00:04 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 00:04 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 00:04 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 00:04 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 00:04 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 00:04 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 00:04 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-16 00:04 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-16 00:04 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 00:04 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-16 00:04 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-16 00:04 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-15 10:08 - 2013-04-09 21:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 10:08 - 2013-04-09 21:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 10:08 - 2013-04-09 19:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 10:08 - 2013-03-18 20:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 10:08 - 2013-03-18 19:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll ==================== One Month Modified Files and Folders ======== 2013-06-12 20:38 - 2013-06-12 20:38 - 00000000 ____D C:\FRST 2013-06-12 19:34 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles 2013-06-12 16:42 - 2013-06-12 14:00 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini 2013-06-12 16:39 - 2013-04-29 15:49 - 00000306 ____A C:\Windows\Tasks\qoln.job 2013-06-12 16:39 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-12 16:39 - 2009-07-13 20:39 - 00053830 ____A C:\Windows\setupact.log 2013-06-12 15:01 - 2009-07-13 20:55 - 01382999 ____A C:\Windows\WindowsUpdate.log 2013-06-12 14:39 - 2012-05-08 06:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-12 14:07 - 2011-01-10 19:15 - 00000000 ____D C:\Windows\System32\Drivers\AVG 2013-06-12 14:07 - 2011-01-10 18:30 - 00000000 ____D C:\ProgramData\MFAData 2013-06-11 21:42 - 2012-05-08 06:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-06-11 21:42 - 2011-10-17 20:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-06-11 14:17 - 2013-01-23 18:37 - 00000000 ____D C:\Users\user\Documents\10K 2013-06-10 17:59 - 2011-01-10 20:41 - 00000000 ____D C:\Users\user\Documents\Mom 2013-06-10 16:50 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-10 16:50 - 2009-07-13 20:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-10 09:11 - 2011-01-10 20:34 - 00000000 ____D C:\Users\user\Documents\Mahlon's 2013-06-10 06:27 - 2011-05-07 09:21 - 00000000 ____D C:\Users\user\Documents\Pagan 2013-06-09 18:19 - 2011-01-09 15:53 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2013-06-09 18:19 - 2010-12-11 04:56 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-29 19:57 - 2011-01-13 06:57 - 00376832 __ASH C:\Users\user\Documents\Thumbs.db 2013-05-29 13:36 - 2009-07-13 20:53 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-29 10:09 - 2011-01-10 20:45 - 00000000 ____D C:\Users\user\Documents\Politics 2013-05-23 13:30 - 2011-01-10 20:22 - 00000000 ____D C:\Users\user\Documents\Arnett Farm 2013-05-20 00:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache 2013-05-19 13:57 - 2012-05-04 11:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-05-18 09:11 - 2011-01-10 20:24 - 00000000 ____D C:\Users\user\Documents\Farm 2013-05-17 08:04 - 2013-05-17 08:04 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-05-16 07:41 - 2011-01-10 20:31 - 00000000 ____D C:\Users\user\Documents\Hutto EdF 2013-05-16 00:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-05-16 00:22 - 2009-07-13 20:33 - 02373080 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-16 00:05 - 2011-01-09 15:43 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-16 00:00 - 2011-01-10 19:23 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe Files to move or delete: ==================== C:\Users\user\avg_isc_stb_all_2012_2180.exe C:\Users\user\AppData\Roaming\skype.dat C:\Users\user\AppData\Roaming\skype.ini C:\Users\user\Application Data\skype.dat C:\Users\user\Application Data\skype.ini ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 4060.8 MB Available physical RAM: 3553.71 MB Total Pagefile: 4059.08 MB Available Pagefile: 3559.18 MB Total Virtual: 2047.88 MB Available Virtual: 1919.3 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:222.03 GB) (Free:146.22 GB) NTFS Drive e: (HP DJ1050_J410) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS Drive f: (STORE'N'GO) (Removable) (Total:3.76 GB) (Free:3.74 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (RECOVERY) (Fixed) (Total:10.76 GB) (Free:6.4 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: EC0328C2) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=222 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 2C6B7369) Partition 1: (Not Active) - (Size=883 GB) - (Type=68) Partition 2: (Not Active) - (Size=257 GB) - (Type=79) Partition 3: (Not Active) - (Size=667 GB) - (Type=53) Partition 4: (Not Active) - (Size=10 MB) - (Type=49) LastRegBack: 2013-06-02 21:40 ==================== End Of Log ============================ and Farbar Recovery Scan Tool (x86) Version: 12-06-2013 04 Ran by SYSTEM at 2013-06-12 20:40:39 Running from F:\ Boot Mode: Recovery ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 === End Of Search === If you need anything else please let me know I will be checking back and e-mail. Thank you for any help in advance he is on SS and does not have a lot of money to spend if we can take care of this here.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.