Jump to content

bigstu

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by bigstu

    FBI Moneypak Virus - Can't Enter Safe Mode

    in Resolved Malware Removal Logs

    Posted

    Alright I was able to boot up normally and reach my desktop!

    I've made sure that the computer was disconnected from the internet before booting up and I'm going to keep it offline as I copy over the files I want to save. After which I will then try and re-format the system.

     

    Thank you so much for the help, I really appreciate it! 

    Unless there is something that you think needs to be done after viewing the fixlog, I think I can take care of the rest for myself :)

     

    Again, thank you

    So here is the fixlog:

     

    ==============================================
     
    HKU\Stuart\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
    HKU\Stuart\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.
    HKU\Stuart\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
    hklm\System\ControlSet002\Control\SafeBoot\\AlternateShell => Value was restored successfully.
    C:\Users\Stuart\AppData\Roaming\skype.ini => Moved successfully.
    C:\Windows\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}.job => Moved successfully.
    C:\Users\Stuart\java.exe => Moved successfully.
    C:\Users\Stuart\iexplore.exe => Moved successfully.
    C:\Windows\System32\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F} => Moved successfully.
    C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad => Moved successfully.
    C:\Users\Stuart\spoolsv.exe => Moved successfully.
    C:\Users\Stuart\flashplayer.exe => Moved successfully.
    C:\Users\Stuart\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 => Moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.
    "C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad\eedbcefcdacad.exe" => File/Directory not found.
    "C:\Users\Stuart\flashplayer.exe" => File/Directory not found.
    "C:\Users\Stuart\iexplore.exe" => File/Directory not found.
    "C:\Users\Stuart\java.exe" => File/Directory not found.
    "C:\Users\Stuart\spoolsv.exe" => File/Directory not found.
    C:\Users\Stuart\AppData\Roaming\skype.dat => Moved successfully.
    "C:\Users\Stuart\AppData\Roaming\skype.ini" => File/Directory not found.
    "C:\Windows\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}.job" => File/Directory not found.
     
    ==== End of Fixlog ====

    FBI Moneypak Virus - Can't Enter Safe Mode

    in Resolved Malware Removal Logs

    Posted

    Alright thank you for all the information this is extremely helpful.

    I'll be taking your advice to help keep my privacy and security.

     

    But I'd still like to try and recover the computer if possible and attempt to clean the computer of infections.

    I understand that it most likely won't entirely get cleaned, but I'd like to at least be able to copy a couple of important files to me onto a flashdrive - and then I will look into re-formatting.

    FBI Moneypak Virus - Can't Enter Safe Mode

    in Resolved Malware Removal Logs

    Posted

    Oh wow thanks for replying so quickly!

     

    So here is the log, the FRST.txt, that the scan put on my flash drive:

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-07-2013
    Ran by SYSTEM on 26-07-2013 08:39:29
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Recovery
     
    The current controlset is ControlSet002
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [TortoiseHgOverlayIconServer] - C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [53512 2012-07-02] ()
    HKLM\...\Run: [MouseDriver] - C:\Windows\System32\TiltWheelMouse.exe [241152 2012-12-12] (Pixart Imaging Inc)
    HKLM\...\Run: [GamecomSound] - C:\Program Files\Plantronics\GameCom780\GameCom780.exe [777448 2011-12-01] ()
    HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
    HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
    HKU\Default\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
    HKU\Default User\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
    HKU\Stuart\...\Run: [Google Update] - C:\Users\Stuart\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-24] (Google Inc.)
    HKU\Stuart\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1672616 2013-07-09] (Valve Corporation)
    HKU\Stuart\...\Run: [AdobeBridge] -  [x]
    HKU\Stuart\...\Run: [spotify Web Helper] - C:\Users\Stuart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)
    HKU\Stuart\...\Run: [spotify] - C:\Users\Stuart\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-09] (Spotify Ltd)
    HKU\Stuart\...\Run: [GoogleChromeAutoLaunch_C547D43CD725728C8B60ADB062C7B06A] - C:\Users\Stuart\AppData\Local\Google\Chrome\Application\chrome.exe [846288 2013-07-12] (Google Inc.)
    HKU\Stuart\...\Run: [Google Update] - C:\Users\Stuart\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-24] (Google Inc.)
    HKU\Stuart\...\Run: [Adobe CSS5.1 Manager] - C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad\eedbcefcdacad.exe [143360 2013-07-26] () <===== ATTENTION
    HKU\Stuart\...\RunOnce: [Adobe CSS5.1 Manager] - C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad\eedbcefcdacad.exe [143360 2013-07-26] () <===== ATTENTION
    HKU\Stuart\...\Winlogon: [shell] explorer.exe,C:\Users\Stuart\AppData\Roaming\skype.dat [124928 2011-11-16] (ImDev Software Group) <==== ATTENTION 
    AlternateShell: C:\ProgramData\DisplaySwitch.exe
     
    ==================== Services (Whitelisted) =================
     
    S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
    S2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()
    S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-03] ()
    S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [745880 2013-03-13] (Tunngle.net GmbH)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] ()
     
    ==================== Drivers (Whitelisted) ====================
     
    S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
    S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-13] (DT Soft Ltd)
    S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2012-03-01] (Echobit, LLC)
    S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-04] (C-Media Electronics Inc)
    S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-12] ()
    S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2013-07-26 08:37 - 2013-07-26 08:37 - 00000000 ____D C:\FRST
    2013-07-26 01:54 - 2013-07-26 02:10 - 00000004 _____ C:\Users\Stuart\AppData\Roaming\skype.ini
    2013-07-26 01:53 - 2013-07-26 02:10 - 00000330 ____H C:\Windows\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}.job
    2013-07-26 01:53 - 2013-07-26 01:53 - 00124928 _____ (ImDev Software Group) C:\Users\Stuart\java.exe
    2013-07-26 01:53 - 2013-07-26 01:53 - 00117248 _____ (InterVision Software Lab.) C:\Users\Stuart\iexplore.exe
    2013-07-26 01:53 - 2013-07-26 01:53 - 00003078 _____ C:\Windows\System32\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}
    2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 ____D C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad
    2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 ____D C:\Program Files (x86)\Google
    2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 _____ C:\Users\Stuart\spoolsv.exe
    2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 _____ C:\Users\Stuart\flashplayer.exe
    2013-07-19 15:34 - 2013-07-19 15:34 - 00547113 _____ C:\Users\Stuart\Desktop\effectsed.zip
    2013-07-15 20:23 - 2013-07-15 20:23 - 16802664 _____ C:\Users\Stuart\Downloads\PLAYA+135+stems.zip
    2013-07-11 12:56 - 2013-07-24 23:36 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
    2013-07-11 12:56 - 2013-07-11 12:56 - 00000932 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
    2013-07-11 12:52 - 2013-07-11 12:52 - 22716480 _____ (ArenaNet) C:\Users\Stuart\Downloads\Gw2Setup.exe
    2013-07-10 01:46 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-07-10 01:46 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-07-10 01:46 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-07-10 01:46 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-07-10 01:46 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-07-10 01:46 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-07-10 01:46 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-07-10 01:46 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-07-10 01:46 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-07-10 01:46 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-07-10 01:46 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-07-10 01:46 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-07-10 01:46 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-07-10 01:46 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-07-10 01:46 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-07-10 01:46 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-07-10 01:46 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-07-10 01:46 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-07-10 01:46 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-07-10 01:46 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-07-10 01:46 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-07-10 01:46 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-07-10 01:46 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-07-10 01:46 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-07-10 01:46 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-07-10 01:46 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-07-10 01:46 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-07-10 01:46 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-07-10 01:46 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-10 01:46 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-07-10 01:46 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-07-09 14:58 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-07-09 14:58 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
    2013-07-09 14:58 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2013-07-09 14:58 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2013-07-09 14:58 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-07-09 14:57 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2013-07-09 14:57 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2013-07-09 13:56 - 2013-07-09 13:56 - 00000000 ____D C:\ProgramData\ATI
    2013-07-09 13:56 - 2013-07-09 13:56 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2013-07-09 13:43 - 2013-07-09 13:44 - 154092488 _____ (Advanced Micro Devices, Inc.) C:\Users\Stuart\Downloads\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
    2013-07-09 13:41 - 2013-07-09 13:41 - 00000000 ____D C:\Users\Stuart\AppData\Local\Red 5 Studios
    2013-07-09 13:40 - 2013-07-09 13:40 - 00000000 ____D C:\Users\Stuart\Documents\Firefall
    2013-07-09 12:40 - 2013-07-09 12:40 - 00002346 _____ C:\Users\Public\Desktop\Play Firefall.lnk
    2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
    2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\Program Files (x86)\Red 5 Studios
    2013-07-09 11:49 - 2013-07-09 11:49 - 17830272 _____ C:\Users\Stuart\Downloads\FirefallInstaller.exe
    2013-07-04 09:29 - 2013-07-04 09:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2013-06-30 13:47 - 2013-06-30 13:47 - 00151312 ____H C:\Windows\SysWOW64\mlfcache.dat
    2013-06-30 13:47 - 2013-06-30 13:47 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
     
    ==================== One Month Modified Files and Folders =======
     
    2013-07-26 08:37 - 2013-07-26 08:37 - 00000000 ____D C:\FRST
    2013-07-26 02:10 - 2013-07-26 01:54 - 00000004 _____ C:\Users\Stuart\AppData\Roaming\skype.ini
    2013-07-26 02:10 - 2013-07-26 01:53 - 00000330 ____H C:\Windows\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}.job
    2013-07-26 02:10 - 2012-04-20 18:24 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\TortoiseHg
    2013-07-26 02:10 - 2012-02-26 18:35 - 00000000 ____D C:\Users\Stuart\AppData\Local\LogMeIn Hamachi
    2013-07-26 02:10 - 2012-02-25 00:38 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-07-26 02:10 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-07-26 02:10 - 2009-07-13 20:51 - 00057138 _____ C:\Windows\setupact.log
    2013-07-26 01:53 - 2013-07-26 01:53 - 00124928 _____ (ImDev Software Group) C:\Users\Stuart\java.exe
    2013-07-26 01:53 - 2013-07-26 01:53 - 00117248 _____ (InterVision Software Lab.) C:\Users\Stuart\iexplore.exe
    2013-07-26 01:53 - 2013-07-26 01:53 - 00003078 _____ C:\Windows\System32\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}
    2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 ____D C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad
    2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 ____D C:\Program Files (x86)\Google
    2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 _____ C:\Users\Stuart\spoolsv.exe
    2013-07-26 01:53 - 2013-07-26 01:53 - 00000000 _____ C:\Users\Stuart\flashplayer.exe
    2013-07-26 01:53 - 2012-02-24 23:50 - 00000000 ____D C:\Users\Stuart\AppData\Local\Google
    2013-07-26 01:53 - 2012-02-24 23:35 - 00000000 ____D C:\users\Stuart
    2013-07-26 01:53 - 2012-02-24 23:31 - 01076142 _____ C:\Windows\WindowsUpdate.log
    2013-07-26 01:38 - 2012-02-24 23:50 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376119635-772456243-3827184810-1001UA.job
    2013-07-26 01:34 - 2013-05-17 18:29 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Spotify
    2013-07-26 01:13 - 2012-04-03 16:18 - 00000000 ____D C:\Users\Stuart\AppData\Local\PMB Files
    2013-07-26 01:13 - 2012-04-03 16:18 - 00000000 ____D C:\ProgramData\PMB Files
    2013-07-25 22:43 - 2012-02-25 11:40 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\X-Chat 2
    2013-07-25 20:14 - 2012-02-25 14:39 - 00000000 ____D C:\Program Files (x86)\GtkRadiant-1.4
    2013-07-25 13:55 - 2009-07-13 20:45 - 00013440 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-07-25 13:55 - 2009-07-13 20:45 - 00013440 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-07-25 13:30 - 2012-04-05 11:18 - 00000000 ____D C:\Users\Stuart\AppData\Local\TSVNCache
    2013-07-24 23:44 - 2012-02-26 18:47 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Skype
    2013-07-24 23:36 - 2013-07-11 12:56 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
    2013-07-24 19:35 - 2012-04-20 18:44 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\FileZilla
    2013-07-24 19:24 - 2012-04-07 17:00 - 00000600 _____ C:\Users\Stuart\AppData\Roaming\winscp.rnd
    2013-07-24 12:38 - 2012-02-24 23:50 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376119635-772456243-3827184810-1001Core.job
    2013-07-20 23:42 - 2012-03-13 14:37 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Mumble
    2013-07-20 23:41 - 2012-02-25 12:51 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\TS3Client
    2013-07-20 00:01 - 2012-04-05 18:46 - 00000003 _____ C:\Windows\System32\HRUPPROG.TXT
    2013-07-19 15:34 - 2013-07-19 15:34 - 00547113 _____ C:\Users\Stuart\Desktop\effectsed.zip
    2013-07-19 01:01 - 2012-02-26 16:22 - 00000132 _____ C:\Users\Stuart\AppData\Roaming\Adobe Targa Format CS5 Prefs
    2013-07-18 15:27 - 2012-02-25 11:59 - 00333880 _____ C:\Windows\DirectX.log
    2013-07-15 20:23 - 2013-07-15 20:23 - 16802664 _____ C:\Users\Stuart\Downloads\PLAYA+135+stems.zip
    2013-07-15 10:38 - 2012-02-25 12:00 - 00000000 ____D C:\Users\Stuart\Documents\My Games
    2013-07-15 10:37 - 2009-07-13 21:13 - 00807176 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-07-12 20:57 - 2012-02-24 23:52 - 00002370 _____ C:\Users\Stuart\Desktop\Google Chrome.lnk
    2013-07-12 12:33 - 2012-02-24 23:50 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376119635-772456243-3827184810-1001UA
    2013-07-12 12:33 - 2012-02-24 23:50 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3376119635-772456243-3827184810-1001Core
    2013-07-11 12:56 - 2013-07-11 12:56 - 00000932 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
    2013-07-11 12:52 - 2013-07-11 12:52 - 22716480 _____ (ArenaNet) C:\Users\Stuart\Downloads\Gw2Setup.exe
    2013-07-10 10:46 - 2009-07-13 20:45 - 04905912 _____ C:\Windows\System32\FNTCACHE.DAT
    2013-07-10 10:43 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
    2013-07-10 10:43 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
    2013-07-10 10:43 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2013-07-10 01:48 - 2012-02-25 00:02 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-07-10 01:46 - 2012-03-17 12:57 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-07-09 21:33 - 2012-03-23 22:07 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Mozilla
    2013-07-09 13:56 - 2013-07-09 13:56 - 00000000 ____D C:\ProgramData\ATI
    2013-07-09 13:56 - 2013-07-09 13:56 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2013-07-09 13:56 - 2012-02-24 23:43 - 00000000 ____D C:\ProgramData\AMD
    2013-07-09 13:56 - 2012-02-24 23:42 - 00000000 ____D C:\Program Files\ATI Technologies
    2013-07-09 13:44 - 2013-07-09 13:43 - 154092488 _____ (Advanced Micro Devices, Inc.) C:\Users\Stuart\Downloads\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
    2013-07-09 13:41 - 2013-07-09 13:41 - 00000000 ____D C:\Users\Stuart\AppData\Local\Red 5 Studios
    2013-07-09 13:40 - 2013-07-09 13:40 - 00000000 ____D C:\Users\Stuart\Documents\Firefall
    2013-07-09 12:40 - 2013-07-09 12:40 - 00002346 _____ C:\Users\Public\Desktop\Play Firefall.lnk
    2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
    2013-07-09 11:50 - 2013-07-09 11:50 - 00000000 ____D C:\Program Files (x86)\Red 5 Studios
    2013-07-09 11:50 - 2012-03-01 14:46 - 00000000 ___HD C:\Windows\msdownld.tmp
    2013-07-09 11:50 - 2012-03-01 14:46 - 00000000 ____D C:\Windows\SysWOW64\directx
    2013-07-09 11:49 - 2013-07-09 11:49 - 17830272 _____ C:\Users\Stuart\Downloads\FirefallInstaller.exe
    2013-07-08 12:35 - 2013-05-17 18:29 - 00000000 ____D C:\Users\Stuart\AppData\Local\Spotify
    2013-07-04 09:29 - 2013-07-04 09:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2013-07-04 09:29 - 2013-03-13 14:05 - 00000926 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
    2013-06-30 13:59 - 2012-12-22 20:53 - 00000132 _____ C:\Users\Stuart\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2013-06-30 13:53 - 2012-02-24 23:54 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\Adobe
    2013-06-30 13:47 - 2013-06-30 13:47 - 00151312 ____H C:\Windows\SysWOW64\mlfcache.dat
    2013-06-30 13:47 - 2013-06-30 13:47 - 00000000 ____D C:\Users\Stuart\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
     
    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini
     
    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini
     
    Files to move or delete:
    ====================
    C:\Users\Stuart\AppData\Local\75e82ed1-b99c-42ef-8385-1c65d3a1c747ad\eedbcefcdacad.exe
    C:\Users\Stuart\flashplayer.exe
    C:\Users\Stuart\iexplore.exe
    C:\Users\Stuart\java.exe
    C:\Users\Stuart\spoolsv.exe
    C:\Users\Stuart\AppData\Roaming\skype.dat
    C:\Users\Stuart\AppData\Roaming\skype.ini
    C:\Windows\Tasks\{92A5A594-8F50-412B-8BFC-22FD997D881F}.job
     
    ==================== Known DLLs (Whitelisted) ================
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
     
    ==================== EXE ASSOCIATION =====================
     
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
     
    ==================== Restore Points  =========================
     
    Restore point made on: 2013-07-25 18:06:29
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 11%
    Total physical RAM: 5887.3 MB
    Available physical RAM: 5181.11 MB
    Total Pagefile: 5885.45 MB
    Available Pagefile: 5176.56 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:298.09 GB) (Free:25.54 GB) NTFS (Disk=1 Partition=1)
    Drive e: (Plantronics GameCom 780) (CDROM) (Total:0.04 GB) (Free:0 GB) UDF
    Drive g: () (Removable) (Total:1.86 GB) (Free:0.14 GB) FAT (Disk=2 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: () (Fixed) (Total:283.4 GB) (Free:283.29 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 151CF980)
    Partition 2: (Active) - (Size=283 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (Size: 298 GB) (Disk ID: 62EEAD3C)
    Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
     
     
    LastRegBack: 2013-07-23 01:14
     
    ==================== End Of Log ============================

    FBI Moneypak Virus - Can't Enter Safe Mode

    in Resolved Malware Removal Logs

    Posted

    I have the FBI Ransom Moneypak Virus which is locking me out of my computer.

    I've attempted to get to the desktop in Safe Mode with Networking and Safe Mode with Command Prompt, but it forces a computer reboot before I can even see the desktop.

    The computer does not reboot when I start it up normally, only in safe mode.

    The computer system is also windows 7.

     

    Since I can't enter safe mode I'm not sure how to go about solving this issue.

    Any help or advice you guys can offer me would be extremely appreciated!

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.