Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBi Moneypak problem [Closed]


  • This topic is locked This topic is locked

#1
Lilspree

Lilspree

    New Member

  • Member
  • Pip
  • 3 posts
So the FBI moneypak popped up and after I log in it pops up. This happens in safe mode also and I can't do anything. I don't know what to do after the scan but this is what I got:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2012
Ran by Lilspree at 31-10-2012 11:59:49
Running from E:\
Service Pack 1 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-10-31 12:34 - 2012-10-31 11:59 - 00000000 ____D C:\FRST
2012-10-31 10:58 - 2012-10-31 10:58 - 00179712 ____A C:\Users\Lilspree\0.2162811992472986.exe
2012-10-31 10:01 - 2012-10-31 10:01 - 00000165 ___AH C:\Users\Lilspree\Documents\~$Growth.xlsx
2012-10-30 16:32 - 2012-10-30 16:32 - 00000988 ____A C:\Users\Lilspree\Desktop\PDF Reader.lnk
2012-10-30 16:32 - 2012-10-30 16:32 - 00000000 ____D C:\Users\Lilspree\AppData\Roaming\SumatraPDF
2012-10-30 16:32 - 2012-10-30 16:32 - 00000000 ____D C:\Program Files\PDFReader
2012-10-30 08:58 - 2012-10-31 09:14 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{01F261AA-5BD8-4799-A15D-E5F4FDAA2BAE}
2012-10-29 15:40 - 2012-10-31 10:03 - 00008372 ____A C:\Users\Lilspree\Documents\Growth.xlsx
2012-10-29 09:01 - 2012-10-29 09:01 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{F116F998-DC91-42A6-B7B3-1FCDA19ED306}
2012-10-28 10:56 - 2012-10-28 10:56 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{6D2B0818-2DA2-4CEF-9EEE-920590046FDB}
2012-10-27 09:56 - 2012-10-27 09:56 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{875EEA64-6C66-4DAE-A19F-74CDA78F97C9}
2012-10-26 08:16 - 2012-10-26 08:16 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{528068A4-A0C8-4CD3-8112-AABDA1196A7D}
2012-10-25 07:26 - 2012-10-25 07:27 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{6B435009-1C5C-4A71-AE3B-F60AD95A33A8}
2012-10-24 15:26 - 2012-10-24 15:26 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{9722674C-89ED-4C3C-B208-9F6FA3E06A99}
2012-10-23 10:18 - 2012-10-23 22:19 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{B7F1B23D-CA71-4480-BA12-906F78083992}
2012-10-23 08:26 - 2012-10-31 10:25 - 00009779 ____A C:\Users\Lilspree\Documents\Nani at Melissa.xlsx
2012-10-22 09:55 - 2012-10-22 09:55 - 00001092 ____A C:\Users\Public\Desktop\Eyeline Video System.lnk
2012-10-21 09:16 - 2012-10-22 22:17 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{345E75FC-002A-49A6-8427-12F90A3C344D}
2012-10-20 08:25 - 2012-10-20 08:25 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{2D47070D-277B-43A8-BC6B-5003B5597699}
2012-10-19 11:54 - 2012-10-19 11:54 - 00000000 ____D C:\Users\Lilspree\Documents\Symantec
2012-10-19 11:54 - 2012-10-19 11:54 - 00000000 ____D C:\Users\All Users\PCSettings
2012-10-19 11:48 - 2012-10-19 11:48 - 00001324 ____A C:\Users\Lilspree\Desktop\Norton Installation Files.lnk
2012-10-19 11:48 - 2012-10-19 11:48 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-10-19 07:25 - 2012-10-19 07:25 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{A10DB677-41CD-4DA1-9522-661862EC6D97}
2012-10-18 16:25 - 2012-10-18 16:25 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{E3C41681-030A-47CF-8240-D755B2D443F1}
2012-10-17 11:47 - 2012-10-17 23:47 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{2459405D-0476-4C75-8DA8-7FFCC62B3DB8}
2012-10-15 05:30 - 2012-10-16 19:09 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{C442A178-0EF7-42DD-BAB9-18F55865D2C9}
2012-10-12 07:36 - 2012-10-13 21:03 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{F20B5518-F4D6-4E54-B591-A5B28045835A}
2012-10-11 15:52 - 2012-10-11 15:52 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{AC9AFEA6-AC12-4D2D-8C02-9A12B2FABF61}
2012-10-10 09:42 - 2012-09-14 11:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 09:42 - 2012-08-24 09:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 09:41 - 2012-08-20 10:40 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 09:41 - 2012-08-20 10:40 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 09:41 - 2012-08-20 10:40 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 09:41 - 2012-08-20 10:37 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 09:41 - 2012-08-20 10:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 08:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 08:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 08:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 09:40 - 2012-06-01 21:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 09:40 - 2012-06-01 21:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 09:40 - 2012-06-01 21:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 09:39 - 2012-08-31 10:18 - 01211760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 09:39 - 2012-08-10 16:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 09:38 - 2012-08-30 10:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-10 09:38 - 2012-08-30 10:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 10:41 - 2012-10-09 10:41 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-10-07 08:19 - 2012-10-10 09:09 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{95D724F7-F300-4827-B940-4E06C19C3072}
2012-10-05 06:34 - 2012-10-06 07:05 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{7B24CBC2-5430-48CF-A272-081427C1CCFC}
2012-10-01 07:25 - 2012-10-04 10:01 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{095C4DC8-D12B-4172-A3CC-4EF2003FA223}

==================== 3 Months Modified Files ==================

2012-10-31 11:55 - 2009-07-13 21:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-31 11:55 - 2009-07-13 21:39 - 00094902 ____A C:\Windows\setupact.log
2012-10-31 11:20 - 2011-02-08 15:06 - 01372016 ____A C:\Windows\WindowsUpdate.log
2012-10-31 11:19 - 2012-01-08 15:04 - 00000384 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2012-10-31 11:19 - 2011-08-11 01:04 - 00262123 ____A C:\Users\Lilspree\AppData\Roaming\Error.log
2012-10-31 11:19 - 2011-08-08 05:10 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-31 10:58 - 2012-10-31 10:58 - 00179712 ____A C:\Users\Lilspree\0.2162811992472986.exe
2012-10-31 10:36 - 2012-07-29 16:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-31 10:28 - 2012-09-03 09:08 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3113721583-2875127098-2475180794-1000UA.job
2012-10-31 10:28 - 2012-09-03 09:08 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3113721583-2875127098-2475180794-1000Core.job
2012-10-31 10:28 - 2011-08-08 05:10 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-31 10:25 - 2012-10-23 08:26 - 00009779 ____A C:\Users\Lilspree\Documents\Nani at Melissa.xlsx
2012-10-31 10:21 - 2011-09-19 07:36 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3113721583-2875127098-2475180794-1000UA.job
2012-10-31 10:03 - 2012-10-29 15:40 - 00008372 ____A C:\Users\Lilspree\Documents\Growth.xlsx
2012-10-31 10:01 - 2012-10-31 10:01 - 00000165 ___AH C:\Users\Lilspree\Documents\~$Growth.xlsx
2012-10-31 09:27 - 2011-03-09 10:11 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-10-30 16:32 - 2012-10-30 16:32 - 00000988 ____A C:\Users\Lilspree\Desktop\PDF Reader.lnk
2012-10-30 16:31 - 2011-09-19 07:36 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3113721583-2875127098-2475180794-1000Core.job
2012-10-30 09:05 - 2009-07-13 21:34 - 00014128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-30 09:05 - 2009-07-13 21:34 - 00014128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-24 15:24 - 2012-03-06 20:03 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForLilspree.job
2012-10-23 07:36 - 2011-03-06 22:17 - 00000132 ____A C:\Users\Lilspree\AppData\Local\mv_Photo.xml
2012-10-23 07:36 - 2011-03-06 22:17 - 00000123 ____A C:\Users\Lilspree\AppData\Local\mv_music.xml
2012-10-22 09:55 - 2012-10-22 09:55 - 00001092 ____A C:\Users\Public\Desktop\Eyeline Video System.lnk
2012-10-22 09:34 - 2011-03-13 11:34 - 00000330 ____A C:\Windows\Tasks\HPCeeScheduleForASSASSIN$.job
2012-10-20 12:30 - 2011-03-07 06:00 - 01149706 ____A C:\Windows\PFRO.log
2012-10-19 12:10 - 2009-09-06 16:02 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-19 11:48 - 2012-10-19 11:48 - 00001324 ____A C:\Users\Lilspree\Desktop\Norton Installation Files.lnk
2012-10-11 18:30 - 2012-09-03 09:09 - 00002464 ____A C:\Users\Lilspree\Desktop\Google Chrome.lnk
2012-10-11 16:05 - 2011-03-15 08:07 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 10:41 - 2012-10-09 10:41 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-10-09 10:41 - 2012-04-28 10:23 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-09 10:41 - 2011-07-02 05:04 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-21 16:20 - 2012-09-21 16:20 - 00039765 ____A C:\Users\Lilspree\Desktop\myfile.htm
2012-09-14 11:28 - 2012-10-10 09:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-10 14:33 - 2012-09-10 14:32 - 00057856 ____A C:\Users\Lilspree\Downloads\DrPsCu9_0200.wiz
2012-09-04 09:06 - 2012-09-04 09:06 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-08-31 10:18 - 2012-10-10 09:39 - 01211760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 10:12 - 2012-10-10 09:38 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-30 10:12 - 2012-10-10 09:38 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-26 10:03 - 2009-07-13 21:53 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-24 09:57 - 2012-10-10 09:42 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 00:27 - 2012-09-23 16:35 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 00:03 - 2012-09-23 16:35 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 23:59 - 2012-09-23 16:35 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 23:51 - 2012-09-23 16:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 23:51 - 2012-09-23 16:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 23:51 - 2012-09-23 16:35 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 23:49 - 2012-09-23 16:35 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 23:48 - 2012-09-23 16:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 23:47 - 2012-09-23 16:35 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 23:47 - 2012-09-23 16:35 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 23:47 - 2012-09-23 16:35 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 23:45 - 2012-09-23 16:35 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 23:44 - 2012-09-23 16:35 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 23:44 - 2012-09-23 16:35 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 23:43 - 2012-09-23 16:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 23:40 - 2012-09-23 16:35 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 03:32 - 2009-07-13 21:33 - 00413904 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-22 10:16 - 2012-09-12 09:49 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:16 - 2012-09-12 09:49 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:16 - 2012-09-12 09:49 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:16 - 2012-09-12 09:49 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:12 - 2012-09-26 06:47 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:40 - 2012-10-10 09:41 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:40 - 2012-10-10 09:41 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:40 - 2012-10-10 09:41 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:37 - 2012-10-10 09:41 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:32 - 2012-10-10 09:41 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 08:33 - 2012-10-10 09:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 08:33 - 2012-10-10 09:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 08:33 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 08:33 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-10 16:56 - 2012-10-10 09:39 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3113721583-2875127098-2475180794-1000\$d953e828d7e4d94de0c0b3243b22ee4e

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 1011.87 MB
Available physical RAM: 577.12 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 1623.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.84 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:214.58 GB) (Free:61.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:18 GB) (Free:2.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (USB20FD) (Removable) (Total:3.77 GB) (Free:2.95 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 103 MB
Disk 1 Online 3864 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 214 GB 200 MB
Partition 3 Primary 18 GB 214 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 214 GB Healthy Boot

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 18 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3863 MB 31 KB

=========================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E USB20FD FAT32 Removable 3863 MB Healthy

=========================================================

Last Boot: 2012-10-26 08:52

==================== End Of Log ============================

What do I do next. How do I get rid of the moneypak
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi and welcome to Geeks to Go...

I have bad news I'm afraid. :(

One or more of the identified infections is a variant of the extremely severe Zero Access Rootkit plus undoubtedly other comprising malware!

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course I strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Next:

I can attempt to clean this machine(anything I try may not be successful and the machine may loose internet connectivity) but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
  • 0

#3
Lilspree

Lilspree

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks,

Before your reply, I was impatient. I did the combofix as I was desperate. I understood that it could ruin the computer but I accepted that risk. I ran combofix through safe mode with networking and at least for the most part it did the trick. After that I installed microsoft security essentials and it found a couple more viruses and got rid of them. Or did it? Do you know of a very good free removal tool that possibly detects what others miss. Because I would really like to save my files. I understand if I format I will have to loose everything because I don't know if the viruses are hiding in the files.
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Thanks

You're welcome!

Before your reply, I was impatient. I did the combofix as I was desperate. I understood that it could ruin the computer but I accepted that risk. I ran combofix through safe mode with networking and at least for the most part it did the trick. After that I installed microsoft security essentials and it found a couple more viruses and got rid of them. Or did it?

OK fair play and I do appreciate your concerns. I think at this juncture we shall continue with a malware removal process.

Do you know of a very good free removal tool that possibly detects what others miss. Because I would really like to save my files. I understand if I format I will have to loose everything because I don't know if the viruses are hiding in the files.

As mentioned we will continue with a malware removal process. Though if you do decide to choose the advised option of a reformat and reinstallation of the Windows Operating System...this particular infection will not have compromised your personal files, though at this stage I cannot say if further compromising malware is on-board such as a file infector for example but with any luck this will not be the case.

Anyway lets proceed as follows shall we..

Next:

I would like to rescan with a FRST as follows. Delete your current version of the Farbar Recovery Scan Tool, then empty the Recycle Bin.

Re-scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 32-Bit to a Flash/USB drive.

Then insert the Flash/USB drive into your machine....

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:


Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter[/list] Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste the contents of the aforementioned notepad file in your next reply.
Next:

Boot your machine back into Normal Mode if not done so after the above scan...

Click on Start >> Run... then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

A text file should open. Post the contents of that file in your next reply.

I would also like to review the ComboFix log, it can be located at the root of your machines hard-drive:-

C:\ComboFix.txt

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • The new FRST Log.
  • Add-Remove Programs.txt
  • ComboFix Log.
Note: Feel free to post each log separately if you so wish as that may make things a tad easier rather than say one long post with all three requested logs etc.
  • 0

#5
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP