Razion

Hello! I seem to have aquired a rather nasty version of the moneypak fake fbi virus that prevents me from doing anything (including booting in safe mode). I've gone ahead and made proper FRST logs to save some time. Any assistance would be brilliant. Thanks! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013 Ran by SYSTEM at 12-01-2013 18:04:20 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [bins] "C:\Program Files\1UPIndustries\Bins\BinsLauncher.exe" /startup [1141952 2012-08-25] () HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8321568 2009-11-10] (Realtek Semiconductor) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray [32032 2012-11-14] (Panda Security, S.L.) HKLM-x32\...\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe [978840 2011-07-19] (Razer USA Ltd) HKLM-x32\...\Run: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe [2548056 2009-10-22] (Razer USA Ltd) HKU\Chris Vitale\...\Run: [AdobeBridge] [x] HKU\Chris Vitale\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1354736 2012-12-24] (Valve Corporation) HKU\Chris Vitale\...\Run: [spotify Web Helper] "C:\Users\Chris Vitale\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-12-14] (Spotify Ltd) HKU\Chris Vitale\...\Run: [unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe [275544 2013-01-03] (Unified Intents AB) HKU\Chris Vitale\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-11] () HKU\Chris Vitale\...\Policies\system: [DisableTaskMgr] 1 HKLM\...\Winlogon: [shell] explorer.exe, C:\Users\Chris Vitale\AppData\Roaming\_gzysxapmk [x ] () Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 ==================== Services (Whitelisted) =================== 3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () 2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140064 2012-11-12] (Panda Security, S.L.) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-24] () 2 PSUAService; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe" [36640 2012-11-14] (Panda Security, S.L.) ==================== Drivers (Whitelisted) ===================== 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-12-24] (DT Soft Ltd) 1 NNSALPC; C:\Windows\System32\Drivers\NNSALPC.sys [127016 2012-11-09] (Panda Security, S.L.) 1 NNSHTTP; C:\Windows\System32\Drivers\NNSHTTP.sys [136232 2012-11-09] (Panda Security, S.L.) 1 NNSIDS; C:\Windows\System32\Drivers\NNSIDS.sys [154152 2012-11-09] (Panda Security, S.L.) 1 NNSNAHSL; C:\Windows\System32\Drivers\NNSNAHSL.sys [33320 2012-10-22] (Panda Security, S.L.) 1 NNSPICC; C:\Windows\System32\Drivers\NNSPICC.sys [134696 2012-11-09] (Panda Security, S.L.) 4 NNSPIHSW; C:\Windows\System32\Drivers\NNSPIHSW.sys [83496 2012-11-09] (Panda Security, S.L.) 1 NNSPOP3; C:\Windows\System32\Drivers\NNSPOP3.sys [139304 2012-11-09] (Panda Security, S.L.) 1 NNSPROT; C:\Windows\System32\Drivers\NNSPROT.sys [397864 2012-11-09] (Panda Security, S.L.) 1 NNSPRV; C:\Windows\System32\Drivers\NNSPRV.sys [150568 2012-11-09] (Panda Security, S.L.) 1 NNSSMTP; C:\Windows\System32\Drivers\NNSSMTP.sys [135208 2012-11-09] (Panda Security, S.L.) 1 NNSSTRM; C:\Windows\System32\Drivers\NNSSTRM.sys [291368 2012-11-09] (Panda Security, S.L.) 1 NNSTLSC; C:\Windows\System32\Drivers\NNSTLSC.sys [148520 2012-11-09] (Panda Security, S.L.) 2 PSINAflt; C:\Windows\System32\Drivers\PSINAflt.sys [167976 2012-11-09] (Panda Security, S.L.) 2 PSINFile; C:\Windows\System32\Drivers\PSINFile.sys [119848 2012-11-09] (Panda Security, S.L.) 1 PSINKNC; C:\Windows\System32\Drivers\PSINKNC.sys [204328 2012-11-09] (Panda Security, S.L.) 2 PSINProc; C:\Windows\System32\Drivers\PSINProc.sys [123944 2012-11-09] (Panda Security, S.L.) 2 PSINProt; C:\Windows\System32\Drivers\PSINProt.sys [133160 2012-11-09] (Panda Security, S.L.) 3 PSKMAD; C:\Windows\System32\Drivers\PSKMAD.sys [58360 2012-11-07] (Panda Security, S.L.) 3 rzjoystk; C:\Windows\System32\Drivers\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd) 3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd) ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-01-12 17:45 - 2013-01-12 17:58 - 00115200 ____A (Iwu) C:\Users\Chris Vitale\AppData\Local\_gzysxapmk.exe 2013-01-12 08:56 - 2013-01-12 09:04 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0 2013-01-12 04:08 - 2013-01-12 04:08 - 00000000 ____D C:\FRST 2013-01-12 03:19 - 2013-01-12 17:57 - 00115200 ____A (Iwu) C:\Users\Chris Vitale\AppData\Roaming\_gzysxapmk.exe 2013-01-12 02:55 - 2013-01-12 17:57 - 00115200 ____A (Iwu) C:\Users\All Users\_gzysxapmk.exe ==================== One Month Modified Files and Folders ======= 2013-01-12 17:58 - 2013-01-12 17:45 - 00115200 ____A (Iwu) C:\Users\Chris Vitale\AppData\Local\_gzysxapmk.exe 2013-01-12 17:58 - 2013-01-12 03:19 - 00115200 ____A (Iwu) C:\Users\Chris Vitale\AppData\Roaming\_gzysxapmk.exe 2013-01-12 17:57 - 2013-01-12 02:55 - 00115200 ____A (Iwu) C:\Users\All Users\_gzysxapmk.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-14 03:10] - [2012-09-06 09:38] - 0295792 ____A (Microsoft Corporation) 9E425AC5C9A5A973273D169F43B4F5E1 testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION! nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-01-10 00:24:18 Restore point made on: 2013-01-10 12:20:46 Restore point made on: 2013-01-10 19:28:55 Restore point made on: 2013-01-11 12:28:05 Restore point made on: 2013-01-11 21:07:27 Restore point made on: 2013-01-12 00:44:36 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6068.55 MB Available physical RAM: 5340.39 MB Total Pagefile: 6066.7 MB Available Pagefile: 5325.75 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:596.07 GB) (Free:456.09 GB) NTFS 4 Drive g: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 7629 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 596 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 596 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 7629 MB 0 B ================================================================================== Disk: 2 There is no partition selected. There is no partition selected. Please select a partition and try again. ========================================================= Last Boot: 2013-01-04 14:16 ==================== End Of Log ============================= Farbar Recovery Scan Tool (x64) Version: 09-01-2013 Ran by SYSTEM at 2013-01-12 18:06:27 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======