Jump to content

Moneypak has killed my computer!


Recommended Posts

Got the FBI money pack virus the other day and it slowly killed my computer. First shut down safe mode. Then shut down setup. Then blocked cd drive from opening or working I have a windows 7 recovery disk in the drive to no avail. No matter what I do I eventually get a "white screen of death". Any ideas?

Link to post
Share on other sites

Welcome to the forum, see if you can do this......

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012

Ran by Terps1 at 01-01-2013 21:47:10

Running from E:\

Service Pack 1 (X64) OS Language: English(US)

Attention: Could not load system hive.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========

2013-01-01 20:42 - 2013-01-01 21:42 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job

2012-12-27 13:05 - 2012-12-27 13:05 - 00000000 ____D C:\Malwarebytes

2012-12-27 04:45 - 2012-12-27 04:45 - 00000000 ____D C:\Malwarebytes' Anti-Malware

2012-12-24 06:00 - 2012-12-24 06:00 - 00000000 _RASH C:\MSDOS.SYS

2012-12-24 06:00 - 2012-12-24 06:00 - 00000000 _RASH C:\IO.SYS

2012-12-21 13:28 - 2013-01-01 20:55 - 00000004 ____A C:\Users\Terps1\AppData\Roaming\skype.ini

2012-12-21 12:07 - 2012-12-21 12:07 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-12-21 12:06 - 2012-12-21 12:07 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-21 12:06 - 2012-12-21 12:07 - 00000000 ____D C:\Program Files\iTunes

2012-12-21 12:06 - 2012-12-21 12:07 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-12-21 12:06 - 2012-12-21 12:06 - 00000000 ____D C:\Program Files\iPod

2012-12-21 12:01 - 2012-12-21 12:01 - 00001849 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-12-21 12:00 - 2012-12-21 12:01 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-12-21 03:00 - 2012-12-16 12:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-21 03:00 - 2012-12-16 09:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-21 03:00 - 2012-12-16 09:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-21 03:00 - 2012-12-16 09:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-16 20:58 - 2012-12-16 20:58 - 00001155 ____A C:\Users\Terps1\Desktop\Wondershare iMate.lnk

2012-12-16 20:57 - 2012-12-16 20:57 - 24446624 ____A (WonderShare Software Co.,Ltd. ) C:\Users\Terps1\Downloads\imate_full742.exe

2012-12-16 20:57 - 2012-12-16 20:57 - 00000000 ____D C:\Program Files (x86)\Wondershare

2012-12-11 20:43 - 2012-11-21 22:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-12-11 20:43 - 2012-11-12 09:20 - 09055744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-12-11 20:43 - 2012-11-12 08:24 - 06028800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-12-11 20:43 - 2012-11-12 07:28 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-12-11 20:43 - 2012-11-12 06:52 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-12-11 20:43 - 2012-11-09 00:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-12-11 20:43 - 2012-11-08 23:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-12-11 20:43 - 2012-10-27 01:26 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-12-11 20:43 - 2012-10-27 01:26 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-12-11 20:43 - 2012-10-27 01:26 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-12-11 20:43 - 2012-10-27 01:24 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-12-11 20:43 - 2012-10-27 01:24 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-12-11 20:43 - 2012-10-27 01:23 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-12-11 20:43 - 2012-10-27 01:23 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-12-11 20:43 - 2012-10-27 01:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-12-11 20:43 - 2012-10-27 01:23 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-12-11 20:43 - 2012-10-27 00:51 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-12-11 20:43 - 2012-10-27 00:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-12-11 20:43 - 2012-10-27 00:51 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-12-11 20:43 - 2012-10-27 00:49 - 12295680 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-12-11 20:43 - 2012-10-27 00:49 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-12-11 20:43 - 2012-10-27 00:49 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-12-11 20:43 - 2012-10-27 00:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-12-11 20:43 - 2012-10-27 00:49 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-12-11 20:43 - 2012-10-27 00:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-12-11 20:43 - 2012-10-04 12:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-12-11 20:43 - 2012-10-04 12:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-12-11 20:43 - 2012-10-04 12:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-12-11 20:43 - 2012-10-04 12:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-12-11 20:43 - 2012-10-04 11:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-12-11 20:43 - 2012-10-04 11:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-12-11 20:43 - 2012-10-04 10:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-12-11 20:43 - 2012-10-04 09:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-12-11 20:42 - 2012-11-02 00:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

2012-12-11 20:42 - 2012-11-02 00:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

2012-12-11 20:42 - 2012-10-04 12:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-12-11 20:42 - 2012-10-04 12:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-12-11 20:42 - 2012-10-04 12:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 12:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 11:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 09:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-12-11 20:42 - 2012-10-04 09:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-12-11 20:42 - 2012-10-04 09:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-12-11 20:42 - 2012-10-04 09:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 09:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 09:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-12-11 20:42 - 2012-10-04 09:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

==================== One Month Modified Files and Folders =======

2013-01-01 23:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration

2013-01-01 21:47 - 2013-01-01 21:47 - 00000000 ____D C:\FRST

2013-01-01 21:44 - 2009-07-14 00:13 - 00730532 ____A C:\Windows\System32\PerfStringBackup.INI

2013-01-01 21:42 - 2013-01-01 20:42 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job

2013-01-01 20:55 - 2012-12-21 13:28 - 00000004 ____A C:\Users\Terps1\AppData\Roaming\skype.ini

2013-01-01 20:51 - 2010-10-19 12:44 - 01261162 ____A C:\Windows\WindowsUpdate.log

2013-01-01 20:48 - 2009-07-13 23:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-01 20:48 - 2009-07-13 23:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-01 20:41 - 2011-02-01 18:55 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-01-01 20:41 - 2011-01-14 23:16 - 00000000 ____D C:\users\Terps1

2013-01-01 20:41 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-01 20:41 - 2009-07-13 23:51 - 00058860 ____A C:\Windows\setupact.log

2013-01-01 16:06 - 2011-04-19 20:48 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2611583448-4012852574-889924089-1001UA.job

2013-01-01 15:41 - 2011-02-01 18:55 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-01-01 15:31 - 2011-10-25 20:31 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat

2013-01-01 15:31 - 2011-10-25 20:31 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat

2013-01-01 15:30 - 2012-04-05 20:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-12-27 13:05 - 2012-12-27 13:05 - 00000000 ____D C:\Malwarebytes

2012-12-27 04:45 - 2012-12-27 04:45 - 00000000 ____D C:\Malwarebytes' Anti-Malware

2012-12-24 06:00 - 2012-12-24 06:00 - 00000000 _RASH C:\MSDOS.SYS

2012-12-24 06:00 - 2012-12-24 06:00 - 00000000 _RASH C:\IO.SYS

2012-12-21 12:07 - 2012-12-21 12:07 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-12-21 12:07 - 2012-12-21 12:06 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-21 12:07 - 2012-12-21 12:06 - 00000000 ____D C:\Program Files\iTunes

2012-12-21 12:07 - 2012-12-21 12:06 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-12-21 12:06 - 2012-12-21 12:06 - 00000000 ____D C:\Program Files\iPod

2012-12-21 12:01 - 2012-12-21 12:01 - 00001849 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-12-21 12:01 - 2012-12-21 12:00 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-12-21 03:28 - 2011-02-01 18:55 - 00000000 ____D C:\Users\Terps1\AppData\Local\Google

2012-12-21 03:27 - 2009-07-13 23:45 - 00414080 ____A C:\Windows\System32\FNTCACHE.DAT

2012-12-21 03:26 - 2010-10-19 12:46 - 00025416 ____A C:\Windows\PFRO.log

2012-12-20 22:07 - 2011-04-19 20:48 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2611583448-4012852574-889924089-1001Core.job

2012-12-16 20:58 - 2012-12-16 20:58 - 00001155 ____A C:\Users\Terps1\Desktop\Wondershare iMate.lnk

2012-12-16 20:57 - 2012-12-16 20:57 - 24446624 ____A (WonderShare Software Co.,Ltd. ) C:\Users\Terps1\Downloads\imate_full742.exe

2012-12-16 20:57 - 2012-12-16 20:57 - 00000000 ____D C:\Program Files (x86)\Wondershare

2012-12-16 12:11 - 2012-12-21 03:00 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-16 09:45 - 2012-12-21 03:00 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-16 09:13 - 2012-12-21 03:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2012-12-16 09:13 - 2012-12-21 03:00 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2012-12-12 04:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2012-12-12 03:03 - 2011-03-30 16:55 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-12-12 03:03 - 2011-01-19 03:05 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-12-11 20:23 - 2012-04-05 20:43 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-12-11 20:23 - 2011-07-07 08:33 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-2611583448-4012852574-889924089-1001\$dad14df4bee78e467307c6105a6d9739

ZeroAccess:

C:\Users\Terps1\AppData\Local\{dad14df4-bee7-8e46-7307-c6105a6d9739}

C:\Users\Terps1\AppData\Local\{dad14df4-bee7-8e46-7307-c6105a6d9739}\L

C:\Users\Terps1\AppData\Local\{dad14df4-bee7-8e46-7307-c6105a6d9739}\U

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 5885.12 MB

Available physical RAM: 5247.85 MB

Total Pagefile: 11768.43 MB

Available Pagefile: 11146.33 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB

==================== Partitions =============================

1 Drive c: (WIN7) (Fixed) (Total:698.64 GB) (Free:7.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (HBCD 14.0) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

3 Drive e: (Secure II) (Removable) (Total:0.48 GB) (Free:0.45 GB) FAT

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 0 B

Disk 1 Online 495 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 698 GB 31 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C WIN7 NTFS Partition 698 GB Healthy System (partition with boot components)

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 495 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 04

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 E Secure II FAT Removable 495 MB Healthy

=========================================================

Last Boot: 2012-12-27 10:28

==================== End Of Log =============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012

Ran by Terps1 at 01-01-2013 21:47:10

Running from E:\

Service Pack 1 (X64) OS Language: English(US)

Attention: Could not load system hive.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

The scan was not run properly, try it again and please read and follow the directs carefully.

If you can't get it to run correctly, I have another disk we can try to use.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.