Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FBI Moneypak infected my computer.. Please Help


  • This topic is locked This topic is locked

#1
Lilspree

Lilspree

    New Member

  • Member
  • Pip
  • 3 posts
Hello. I hope this is not a duplicate post because it shows that I did not post anything when I did. So I want to make sure it went through. This is my problem. Moneypak will not allow me to do anything. It pops up when I log on. How do I get rid of it. I've read through several of the same problems from other users but I know you have specific fixes. I don't know how to run the OTL log from the command prompt but I did run a log. What is the next step? How do I get rid of it? Can you tell me how to run OTL from the command prompt?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2012
Ran by Lilspree at 31-10-2012 11:59:49
Running from E:\
Service Pack 1 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-10-31 12:34 - 2012-10-31 11:59 - 00000000 ____D C:\FRST
2012-10-31 10:58 - 2012-10-31 10:58 - 00179712 ____A C:\Users\Lilspree\0.2162811992472986.exe
2012-10-31 10:01 - 2012-10-31 10:01 - 00000165 ___AH C:\Users\Lilspree\Documents\~$Growth.xlsx
2012-10-30 16:32 - 2012-10-30 16:32 - 00000988 ____A C:\Users\Lilspree\Desktop\PDF Reader.lnk
2012-10-30 16:32 - 2012-10-30 16:32 - 00000000 ____D C:\Users\Lilspree\AppData\Roaming\SumatraPDF
2012-10-30 16:32 - 2012-10-30 16:32 - 00000000 ____D C:\Program Files\PDFReader
2012-10-30 08:58 - 2012-10-31 09:14 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{01F261AA-5BD8-4799-A15D-E5F4FDAA2BAE}
2012-10-29 15:40 - 2012-10-31 10:03 - 00008372 ____A C:\Users\Lilspree\Documents\Growth.xlsx
2012-10-29 09:01 - 2012-10-29 09:01 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{F116F998-DC91-42A6-B7B3-1FCDA19ED306}
2012-10-28 10:56 - 2012-10-28 10:56 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{6D2B0818-2DA2-4CEF-9EEE-920590046FDB}
2012-10-27 09:56 - 2012-10-27 09:56 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{875EEA64-6C66-4DAE-A19F-74CDA78F97C9}
2012-10-26 08:16 - 2012-10-26 08:16 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{528068A4-A0C8-4CD3-8112-AABDA1196A7D}
2012-10-25 07:26 - 2012-10-25 07:27 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{6B435009-1C5C-4A71-AE3B-F60AD95A33A8}
2012-10-24 15:26 - 2012-10-24 15:26 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{9722674C-89ED-4C3C-B208-9F6FA3E06A99}
2012-10-23 10:18 - 2012-10-23 22:19 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{B7F1B23D-CA71-4480-BA12-906F78083992}
2012-10-23 08:26 - 2012-10-31 10:25 - 00009779 ____A C:\Users\Lilspree\Documents\Nani at Melissa.xlsx
2012-10-22 09:55 - 2012-10-22 09:55 - 00001092 ____A C:\Users\Public\Desktop\Eyeline Video System.lnk
2012-10-21 09:16 - 2012-10-22 22:17 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{345E75FC-002A-49A6-8427-12F90A3C344D}
2012-10-20 08:25 - 2012-10-20 08:25 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{2D47070D-277B-43A8-BC6B-5003B5597699}
2012-10-19 11:54 - 2012-10-19 11:54 - 00000000 ____D C:\Users\Lilspree\Documents\Symantec
2012-10-19 11:54 - 2012-10-19 11:54 - 00000000 ____D C:\Users\All Users\PCSettings
2012-10-19 11:48 - 2012-10-19 11:48 - 00001324 ____A C:\Users\Lilspree\Desktop\Norton Installation Files.lnk
2012-10-19 11:48 - 2012-10-19 11:48 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-10-19 07:25 - 2012-10-19 07:25 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{A10DB677-41CD-4DA1-9522-661862EC6D97}
2012-10-18 16:25 - 2012-10-18 16:25 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{E3C41681-030A-47CF-8240-D755B2D443F1}
2012-10-17 11:47 - 2012-10-17 23:47 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{2459405D-0476-4C75-8DA8-7FFCC62B3DB8}
2012-10-15 05:30 - 2012-10-16 19:09 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{C442A178-0EF7-42DD-BAB9-18F55865D2C9}
2012-10-12 07:36 - 2012-10-13 21:03 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{F20B5518-F4D6-4E54-B591-A5B28045835A}
2012-10-11 15:52 - 2012-10-11 15:52 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{AC9AFEA6-AC12-4D2D-8C02-9A12B2FABF61}
2012-10-10 09:42 - 2012-09-14 11:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 09:42 - 2012-08-24 09:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 09:41 - 2012-08-20 10:40 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 09:41 - 2012-08-20 10:40 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 09:41 - 2012-08-20 10:40 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 09:41 - 2012-08-20 10:37 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 09:41 - 2012-08-20 10:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 10:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 08:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 08:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 08:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 09:41 - 2012-08-20 08:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 09:40 - 2012-06-01 21:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 09:40 - 2012-06-01 21:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 09:40 - 2012-06-01 21:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 09:39 - 2012-08-31 10:18 - 01211760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 09:39 - 2012-08-10 16:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 09:38 - 2012-08-30 10:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-10 09:38 - 2012-08-30 10:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 10:41 - 2012-10-09 10:41 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-10-07 08:19 - 2012-10-10 09:09 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{95D724F7-F300-4827-B940-4E06C19C3072}
2012-10-05 06:34 - 2012-10-06 07:05 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{7B24CBC2-5430-48CF-A272-081427C1CCFC}
2012-10-01 07:25 - 2012-10-04 10:01 - 00000000 ____D C:\Users\Lilspree\AppData\Local\{095C4DC8-D12B-4172-A3CC-4EF2003FA223}

==================== 3 Months Modified Files ==================

2012-10-31 11:55 - 2009-07-13 21:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-31 11:55 - 2009-07-13 21:39 - 00094902 ____A C:\Windows\setupact.log
2012-10-31 11:20 - 2011-02-08 15:06 - 01372016 ____A C:\Windows\WindowsUpdate.log
2012-10-31 11:19 - 2012-01-08 15:04 - 00000384 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2012-10-31 11:19 - 2011-08-11 01:04 - 00262123 ____A C:\Users\Lilspree\AppData\Roaming\Error.log
2012-10-31 11:19 - 2011-08-08 05:10 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-31 10:58 - 2012-10-31 10:58 - 00179712 ____A C:\Users\Lilspree\0.2162811992472986.exe
2012-10-31 10:36 - 2012-07-29 16:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-31 10:28 - 2012-09-03 09:08 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3113721583-2875127098-2475180794-1000UA.job
2012-10-31 10:28 - 2012-09-03 09:08 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3113721583-2875127098-2475180794-1000Core.job
2012-10-31 10:28 - 2011-08-08 05:10 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-31 10:25 - 2012-10-23 08:26 - 00009779 ____A C:\Users\Lilspree\Documents\Nani at Melissa.xlsx
2012-10-31 10:21 - 2011-09-19 07:36 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3113721583-2875127098-2475180794-1000UA.job
2012-10-31 10:03 - 2012-10-29 15:40 - 00008372 ____A C:\Users\Lilspree\Documents\Growth.xlsx
2012-10-31 10:01 - 2012-10-31 10:01 - 00000165 ___AH C:\Users\Lilspree\Documents\~$Growth.xlsx
2012-10-31 09:27 - 2011-03-09 10:11 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-10-30 16:32 - 2012-10-30 16:32 - 00000988 ____A C:\Users\Lilspree\Desktop\PDF Reader.lnk
2012-10-30 16:31 - 2011-09-19 07:36 - 00000918 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3113721583-2875127098-2475180794-1000Core.job
2012-10-30 09:05 - 2009-07-13 21:34 - 00014128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-30 09:05 - 2009-07-13 21:34 - 00014128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-24 15:24 - 2012-03-06 20:03 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForLilspree.job
2012-10-23 07:36 - 2011-03-06 22:17 - 00000132 ____A C:\Users\Lilspree\AppData\Local\mv_Photo.xml
2012-10-23 07:36 - 2011-03-06 22:17 - 00000123 ____A C:\Users\Lilspree\AppData\Local\mv_music.xml
2012-10-22 09:55 - 2012-10-22 09:55 - 00001092 ____A C:\Users\Public\Desktop\Eyeline Video System.lnk
2012-10-22 09:34 - 2011-03-13 11:34 - 00000330 ____A C:\Windows\Tasks\HPCeeScheduleForASSASSIN$.job
2012-10-20 12:30 - 2011-03-07 06:00 - 01149706 ____A C:\Windows\PFRO.log
2012-10-19 12:10 - 2009-09-06 16:02 - 00727310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-19 11:48 - 2012-10-19 11:48 - 00001324 ____A C:\Users\Lilspree\Desktop\Norton Installation Files.lnk
2012-10-11 18:30 - 2012-09-03 09:09 - 00002464 ____A C:\Users\Lilspree\Desktop\Google Chrome.lnk
2012-10-11 16:05 - 2011-03-15 08:07 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 10:41 - 2012-10-09 10:41 - 10220472 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-10-09 10:41 - 2012-04-28 10:23 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-09 10:41 - 2011-07-02 05:04 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-21 16:20 - 2012-09-21 16:20 - 00039765 ____A C:\Users\Lilspree\Desktop\myfile.htm
2012-09-14 11:28 - 2012-10-10 09:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-10 14:33 - 2012-09-10 14:32 - 00057856 ____A C:\Users\Lilspree\Downloads\DrPsCu9_0200.wiz
2012-09-04 09:06 - 2012-09-04 09:06 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2012-08-31 10:18 - 2012-10-10 09:39 - 01211760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 10:12 - 2012-10-10 09:38 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-30 10:12 - 2012-10-10 09:38 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-26 10:03 - 2009-07-13 21:53 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-24 09:57 - 2012-10-10 09:42 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 00:27 - 2012-09-23 16:35 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 00:03 - 2012-09-23 16:35 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 23:59 - 2012-09-23 16:35 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 23:51 - 2012-09-23 16:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 23:51 - 2012-09-23 16:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 23:51 - 2012-09-23 16:35 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 23:49 - 2012-09-23 16:35 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 23:48 - 2012-09-23 16:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 23:47 - 2012-09-23 16:35 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 23:47 - 2012-09-23 16:35 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 23:47 - 2012-09-23 16:35 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 23:45 - 2012-09-23 16:35 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 23:44 - 2012-09-23 16:35 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 23:44 - 2012-09-23 16:35 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 23:43 - 2012-09-23 16:36 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 23:40 - 2012-09-23 16:35 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 03:32 - 2009-07-13 21:33 - 00413904 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-22 10:16 - 2012-09-12 09:49 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:16 - 2012-09-12 09:49 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:16 - 2012-09-12 09:49 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:16 - 2012-09-12 09:49 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:12 - 2012-09-26 06:47 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:40 - 2012-10-10 09:41 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:40 - 2012-10-10 09:41 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:40 - 2012-10-10 09:41 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:37 - 2012-10-10 09:41 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:32 - 2012-10-10 09:41 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:32 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 08:33 - 2012-10-10 09:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 08:33 - 2012-10-10 09:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 08:33 - 2012-10-10 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 08:33 - 2012-10-10 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-10 16:56 - 2012-10-10 09:39 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3113721583-2875127098-2475180794-1000\$d953e828d7e4d94de0c0b3243b22ee4e

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 1011.87 MB
Available physical RAM: 577.12 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 1623.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.84 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:214.58 GB) (Free:61.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:18 GB) (Free:2.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (USB20FD) (Removable) (Total:3.77 GB) (Free:2.95 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 103 MB
Disk 1 Online 3864 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 214 GB 200 MB
Partition 3 Primary 18 GB 214 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 214 GB Healthy Boot

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 18 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3863 MB 31 KB

=========================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E USB20FD FAT32 Removable 3863 MB Healthy

=========================================================

Last Boot: 2012-10-26 08:52

==================== End Of Log ============================
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Duplicate topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP