Jump to content

adrock16

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by adrock16

  1. I have gotten rid of the FBI virus in the past thru safemode, but I can't get into safemode now! It just keeps shutting my computer down! I donwloaded Farbar Recovery tool, put on a flashdrive, and went thru the steps. Here are the FRST txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 01 Ran by SYSTEM on 25-06-2013 00:12:24 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2816808 2012-09-11] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-14] (IDT, Inc.) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-02-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS) HKLM-x32\...\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1320200136\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.) HKLM-x32\...\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini [259624 2007-04-16] (Nuance Communications, Inc.) HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x] HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [383544 2012-12-14] (Citrix Systems, Inc.) HKU\Adam\...\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-16] (InstallShield Software Corporation) HKU\Adam\...\Winlogon: [shell] explorer.exe,C:\Users\Adam\AppData\Roaming\skype.dat [61440 2011-11-16] () <==== ATTENTION AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.) ==================== Services (Whitelisted) ================= S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-02-28] (Advanced Micro Devices, Inc.) S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices) S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-22] (Symantec Corporation) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-22] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [476792 2010-11-10] (Symantec Corporation) S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [476792 2010-11-10] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\ENG64.SYS [117880 2011-01-06] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\ENG64.SYS [117880 2011-01-06] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\EX64.SYS [1791096 2011-01-06] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\EX64.SYS [1791096 2011-01-06] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-10-29] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-25 00:12 - 2013-06-25 00:12 - 00000000 ____D C:\FRST 2013-06-24 19:26 - 2013-06-24 19:52 - 00000004 ____A C:\Users\Adam\AppData\Roaming\skype.ini 2013-06-11 17:03 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 17:02 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 17:02 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 17:02 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 17:02 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 17:02 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 17:02 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 17:02 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 17:02 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 17:02 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 17:02 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 17:02 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 17:02 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 17:02 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 17:02 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-05-30 07:03 - 2013-05-30 07:03 - 00000000 ____D C:\a5831e41d36ea0563a836bc786ef ==================== One Month Modified Files and Folders ======= 2013-06-25 00:12 - 2013-06-25 00:12 - 00000000 ____D C:\FRST 2013-06-24 19:52 - 2013-06-24 19:26 - 00000004 ____A C:\Users\Adam\AppData\Roaming\skype.ini 2013-06-24 19:52 - 2011-11-06 12:44 - 00000000 ____D C:\Users\Adam\AppData\Local\CrashDumps 2013-06-24 19:51 - 2012-11-30 03:13 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-24 19:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-24 19:51 - 2009-07-13 20:51 - 00076775 ____A C:\Windows\setupact.log 2013-06-24 19:42 - 2011-08-01 15:06 - 01633141 ____A C:\Windows\WindowsUpdate.log 2013-06-24 19:42 - 2009-07-13 21:13 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-24 19:42 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-24 19:42 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-24 19:41 - 2012-06-15 19:54 - 00296592 ____A C:\Windows\IE9_main.log 2013-06-24 19:26 - 2012-05-20 10:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-22 11:33 - 2012-11-30 03:13 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-22 11:24 - 2011-10-29 05:25 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2013-06-15 17:57 - 2012-02-11 06:57 - 00000524 ____A C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job 2013-06-15 17:57 - 2012-02-11 06:57 - 00000500 ____A C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job 2013-06-15 10:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-06-12 19:13 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini 2013-06-12 19:06 - 2011-11-03 17:37 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 17:26 - 2012-05-20 10:50 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 17:26 - 2011-11-13 09:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-30 07:03 - 2013-05-30 07:03 - 00000000 ____D C:\a5831e41d36ea0563a836bc786ef 2013-05-30 04:29 - 2011-10-29 04:26 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForAdam.job Files to move or delete: ==================== C:\Users\Adam\AppData\Roaming\skype.dat C:\Users\Adam\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-10 19:30:27 Restore point made on: 2013-05-13 03:19:13 Restore point made on: 2013-05-13 13:23:53 Restore point made on: 2013-05-13 18:16:30 Restore point made on: 2013-05-18 05:33:30 Restore point made on: 2013-05-18 10:32:50 Restore point made on: 2013-05-20 16:51:08 Restore point made on: 2013-05-20 19:16:18 Restore point made on: 2013-05-25 05:20:15 Restore point made on: 2013-05-25 10:03:28 Restore point made on: 2013-05-30 04:58:08 Restore point made on: 2013-05-30 07:02:49 Restore point made on: 2013-06-01 04:57:46 Restore point made on: 2013-06-01 10:30:03 Restore point made on: 2013-06-06 03:09:59 Restore point made on: 2013-06-11 16:56:54 Restore point made on: 2013-06-12 19:04:35 Restore point made on: 2013-06-15 17:57:57 Restore point made on: 2013-06-19 17:34:40 Restore point made on: 2013-06-22 11:23:44 Restore point made on: 2013-06-24 19:41:44 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3692.41 MB Available physical RAM: 2987.27 MB Total Pagefile: 3690.55 MB Available Pagefile: 2981.51 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:450.76 GB) (Free:314.31 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:14.71 GB) (Free:1.63 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4) Drive h: (NANO PRO) (Removable) (Total:1.86 GB) (Free:1.64 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E10CAA52) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-06-15 10:01 ==================== End Of Log ============================ AND Search txt: Farbar Recovery Scan Tool (x64) Version: 25-06-2013 01 Ran by SYSTEM at 2013-06-25 00:23:25 Running from H:\ Boot Mode: Recovery ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ====== SOMEBODY PLEASE HELP! I have seen some awesome responses from techs on this forum, responding with fixlists. I am waiting for help...thank you so much in advance!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.