Jump to content


Photo

FBI Malware (MoneyPak)


  • This topic is locked This topic is locked
1 reply to this topic

#1 anitan4

anitan4

    New Member

  • Members
  • Pip
  • 25 posts
  • Gender:Female

Posted 31 May 2013 - 07:13 PM

Hi, my name is Anita and I was reading an older forum post (http://forums.malwar...pic=121315&st=0) about this type of malware. My son's computer is infected with it and all he does is plays Minecraft, skypes with his friends and watches Minecraft videos on it. I followed the instructions and downloaded frst and frst64 to a flash drive and used frst64 to scan my son's computer. I have disconnected this computer from the internet just in case because before giving it to our son, it had been my husband and my computer with our personal and financial records on there. I hope there's help for this computer. Thank you! PS: I'm not very computer savvy but am teachable... :)

The following is the txt after the scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01
Ran by SYSTEM on 31-05-2013 18:48:02
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11580520 2010-11-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SMessaging] C:\Users\Negron\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()
HKU\Negron\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Negron\...\Run: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun [6369280 2013-02-20] (OpenDownloadManager.com)
HKU\Negron\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-06-30] (Google Inc.)
HKU\Negron\...\Run: [Macromedia] Rundll32.exe C:\Users\Negron\AppData\Local\Macromedia\pqlchzne.dll,bddgygkfbapzb [830976 2013-05-31] (SEIKO EPSON CORPORATION)
HKU\Negron\...\Run: [vMobilecdrom] rundll32.exe "C:\Users\Negron\AppData\Roaming\vMobilecdrom\vMobilecdrom.dll",fxcrtNotifier acxMapdb [28672 2013-04-05] ()
HKU\Negron\...\Run: [Adobe CSS5.1 Manager] C:\Users\Negron\AppData\Local\13cea454-2539-4671-bf39-1897eaadffc9ad\ceabfeaadffcad.exe [126976 2013-05-31] ()
HKU\Negron\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Negron\AppData\Local\13cea454-2539-4671-bf39-1897eaadffc9ad\ceabfeaadffcad.exe [126976 2013-05-31] ()
HKU\Negron\...\Winlogon: [Shell] explorer.exe,C:\Users\Negron\AppData\Roaming\skype.dat [117248 2011-11-16] (VSN Software LTD) <==== ATTENTION
AppInit_DLLs: [0 ] ()
Startup: C:\Users\Negron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()
S2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [36456 2011-05-29] (Acer Incorporated)
S2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [162072 2013-04-04] (TMRG, Inc.)

==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-31 18:47 - 2013-05-31 18:47 - 00000000 ____D C:\FRST
2013-05-31 14:24 - 2013-05-31 14:31 - 00007201 ____A C:\Windows\IE10_main.log
2013-05-31 14:21 - 2013-05-31 14:23 - 00000004 ____A C:\Users\Negron\AppData\Roaming\skype.ini
2013-05-31 14:19 - 2013-05-31 14:19 - 00000332 ___AH C:\Windows\Tasks\{A61CE5CB-7FE4-4D20-A37F-DC8EDBB897C7}.job
2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\Users\Negron\AppData\Local\13cea454-2539-4671-bf39-1897eaadffc9ad
2013-05-31 14:18 - 2013-05-31 14:18 - 00117248 ____A (VSN Software LTD) C:\Users\Negron\vlcplayer.exe
2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\jqs.exe
2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\icq.exe
2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\firefox.exe
2013-05-30 11:43 - 2013-05-30 11:43 - 00014219 ____A C:\Users\Negron\Desktop\hs_err_pid8704.log
2013-05-28 03:52 - 2013-05-28 03:52 - 00014210 ____A C:\Users\Negron\Desktop\hs_err_pid14304.log
2013-05-26 09:12 - 2013-05-31 17:42 - 00000000 ____D C:\Users\Negron\AppData\Roaming\wabEventSupport16
2013-05-21 12:25 - 2013-05-21 12:25 - 00055808 ____A C:\Users\Negron\AppData\Local\otgkuw.rns
2013-05-21 12:25 - 2013-05-21 12:25 - 00055808 ____A C:\ProgramData\nzgnbtdf.lig
2013-05-15 14:26 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 14:26 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 14:26 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 14:26 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 14:24 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 14:24 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 14:24 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 14:24 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 14:24 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 14:24 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 14:24 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 14:24 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 14:24 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 14:24 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 14:24 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 14:24 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 14:24 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 14:24 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 14:24 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 14:24 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 14:24 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 14:24 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 14:24 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 14:24 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-15 14:24 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 14:24 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 14:24 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 14:24 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-15 14:24 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 14:24 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 14:24 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 14:24 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 13:38 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 13:38 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 13:38 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 13:38 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 13:38 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 13:38 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 13:38 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 13:38 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 13:38 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 13:38 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 13:38 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 13:37 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 13:37 - 2013-03-31 22:03 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\mcupdate_AuthenticAMD.dll
2013-05-15 13:37 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 13:37 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-11 08:40 - 2013-05-11 08:40 - 00013609 ____A C:\Users\Negron\Desktop\hs_err_pid6220.log
2013-05-08 12:48 - 2013-05-08 14:14 - 02436926 ____A C:\Users\Negron\Documents\tekkitlaucher.jar
2013-05-07 03:22 - 2013-05-07 03:22 - 00641808 ____A C:\Windows\Minidump\050713-21668-01.dmp

==================== One Month Modified Files and Folders =======

2013-05-31 18:47 - 2013-05-31 18:47 - 00000000 ____D C:\FRST
2013-05-31 17:44 - 2013-04-05 04:44 - 00000000 ____D C:\Users\Negron\AppData\Roaming\vMobilecdrom
2013-05-31 17:44 - 2013-02-21 17:40 - 00000000 ____D C:\Users\Negron\AppData\Roaming\Delta
2013-05-31 17:44 - 2013-02-17 18:10 - 00000000 ____D C:\Users\Negron\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
2013-05-31 17:44 - 2013-02-05 15:47 - 00000000 ____D C:\Users\Negron\AppData\Local\Strongvault Online Backup
2013-05-31 17:44 - 2013-02-05 15:29 - 00000000 ____D C:\Users\Negron\AppData\Roaming\CamStudio Packages
2013-05-31 17:44 - 2012-03-11 10:15 - 00000000 ____D C:\ProgramData\webex
2013-05-31 17:44 - 2011-02-11 19:12 - 00000000 ___AD C:\Windows\DeployWinRE2
2013-05-31 17:44 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-05-31 17:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-05-31 17:44 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-31 17:42 - 2013-05-26 09:12 - 00000000 ____D C:\Users\Negron\AppData\Roaming\wabEventSupport16
2013-05-31 17:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-05-31 14:31 - 2013-05-31 14:24 - 00007201 ____A C:\Windows\IE10_main.log
2013-05-31 14:31 - 2012-05-28 10:33 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2013-05-31 14:31 - 2012-01-27 15:49 - 01881706 ____A C:\Windows\WindowsUpdate.log
2013-05-31 14:25 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-31 14:23 - 2013-05-31 14:21 - 00000004 ____A C:\Users\Negron\AppData\Roaming\skype.ini
2013-05-31 14:23 - 2013-02-21 17:45 - 00000000 ____D C:\Program Files (x86)\RelevantKnowledge
2013-05-31 14:23 - 2013-02-21 17:44 - 00000000 ____D C:\Users\Negron\AppData\Roaming\Open Download Manager
2013-05-31 14:23 - 2012-07-15 10:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-31 14:23 - 2009-07-13 20:51 - 00074377 ____A C:\Windows\setupact.log
2013-05-31 14:19 - 2013-05-31 14:19 - 00000332 ___AH C:\Windows\Tasks\{A61CE5CB-7FE4-4D20-A37F-DC8EDBB897C7}.job
2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\Users\Negron\AppData\Local\13cea454-2539-4671-bf39-1897eaadffc9ad
2013-05-31 14:19 - 2012-03-17 09:58 - 00000000 ____D C:\Users\Negron\AppData\Roaming\.minecraft
2013-05-31 14:19 - 2012-03-11 09:40 - 00000000 ____D C:\users\Negron
2013-05-31 14:18 - 2013-05-31 14:18 - 00117248 ____A (VSN Software LTD) C:\Users\Negron\vlcplayer.exe
2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\jqs.exe
2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\icq.exe
2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\firefox.exe
2013-05-31 14:10 - 2013-03-27 03:18 - 00000000 ____D C:\Users\Negron\AppData\Local\Macromedia
2013-05-31 14:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-05-31 14:00 - 2012-08-25 10:49 - 00000000 ____D C:\Users\Negron\AppData\Roaming\Skype
2013-05-31 13:54 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-31 13:54 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-31 13:45 - 2012-06-30 15:58 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-31 13:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-30 11:43 - 2013-05-30 11:43 - 00014219 ____A C:\Users\Negron\Desktop\hs_err_pid8704.log
2013-05-29 10:57 - 2012-03-11 13:42 - 00000000 ____D C:\Users\Negron\AppData\Local\CrashDumps
2013-05-28 03:52 - 2013-05-28 03:52 - 00014210 ____A C:\Users\Negron\Desktop\hs_err_pid14304.log
2013-05-24 22:40 - 2012-06-30 15:58 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-21 12:25 - 2013-05-21 12:25 - 00055808 ____A C:\Users\Negron\AppData\Local\otgkuw.rns
2013-05-21 12:25 - 2013-05-21 12:25 - 00055808 ____A C:\ProgramData\nzgnbtdf.lig
2013-05-18 09:44 - 2013-02-02 06:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-18 09:44 - 2011-08-10 03:46 - 00000000 ____D C:\ProgramData\Skype
2013-05-15 15:15 - 2009-07-13 20:45 - 00294024 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 15:12 - 2013-02-21 17:41 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-05-15 15:12 - 2010-11-20 19:47 - 00602178 ____A C:\Windows\PFRO.log
2013-05-15 14:39 - 2013-02-14 00:12 - 00000118 ____A C:\Windows\System32\MRT.INI
2013-05-15 14:36 - 2012-04-22 08:34 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 12:28 - 2012-07-15 10:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 12:28 - 2011-08-10 04:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-11 08:40 - 2013-05-11 08:40 - 00013609 ____A C:\Users\Negron\Desktop\hs_err_pid6220.log
2013-05-08 14:14 - 2013-05-08 12:48 - 02436926 ____A C:\Users\Negron\Documents\tekkitlaucher.jar
2013-05-08 14:14 - 2013-04-26 03:36 - 00000000 ____D C:\Users\Negron\AppData\Roaming\.technic
2013-05-07 03:22 - 2013-05-07 03:22 - 00641808 ____A C:\Windows\Minidump\050713-21668-01.dmp
2013-05-07 03:22 - 2012-05-24 12:29 - 416127751 ____A C:\Windows\MEMORY.DMP
2013-05-07 03:22 - 2012-05-24 12:29 - 00000000 ____D C:\Windows\Minidump
2013-05-05 13:36 - 2013-05-15 14:26 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 13:16 - 2013-05-15 14:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 11:25 - 2013-05-15 14:26 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 11:12 - 2013-05-15 14:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-01 22:06 - 2010-11-20 19:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

Other Malware:
===========
C:\Users\Negron\firefox.exe
C:\Users\Negron\icq.exe
C:\Users\Negron\jqs.exe
C:\Users\Negron\vlcplayer.exe
C:\Users\Negron\AppData\Roaming\skype.dat
C:\Users\Negron\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-19 12:23:15
Restore point made on: 2013-04-23 03:38:37
Restore point made on: 2013-04-24 18:00:29
Restore point made on: 2013-04-30 00:39:59
Restore point made on: 2013-05-03 15:35:58
Restore point made on: 2013-05-07 01:34:35
Restore point made on: 2013-05-10 10:41:25
Restore point made on: 2013-05-13 23:11:06
Restore point made on: 2013-05-15 14:24:04
Restore point made on: 2013-05-20 23:23:46
Restore point made on: 2013-05-24 11:15:25
Restore point made on: 2013-05-24 23:00:33
Restore point made on: 2013-05-28 03:49:00
Restore point made on: 2013-05-31 13:54:14
Restore point made on: 2013-05-31 14:23:57

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3576.26 MB
Available physical RAM: 2914.61 MB
Total Pagefile: 3574.46 MB
Available Pagefile: 2906.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:446.13 GB) (Free:363.45 GB) NTFS (Disk=0 Partition=3)
Drive e: (PQSERVICE) (Fixed) (Total:19.53 GB) (Free:7.89 GB) NTFS (Disk=0 Partition=1)
Drive g: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B25EC62F)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


Last Boot: 2013-02-13 05:05

==================== End Of Log ============================

#2 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,602 posts
  • Gender:Male

Posted 01 June 2013 - 12:07 AM



Hello Anita

I need you to make a topic in this room - http://forums.malwar...php?showforum=7

go ahead and post the same reports you have in the new topic and one of us will be very glad to help you


Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users