Jump to content

FBI Malware (MoneyPak)


Recommended Posts

Hi, my name is Anita and I was reading an older forum post (http://forums.malwar...pic=121315&st=0) about this type of malware. My son's computer is infected with it and all he does is plays Minecraft, skypes with his friends and watches Minecraft videos on it. I followed the instructions and downloaded frst and frst64 to a flash drive and used frst64 to scan my son's computer. I have disconnected this computer from the internet just in case because before giving it to our son, it had been my husband and my computer with our personal and financial records on there. I hope there's help for this computer. Thank you! PS: I'm not very computer savvy but am teachable... :)

The following is the txt after the scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01

Ran by SYSTEM on 31-05-2013 18:48:02

Running from G:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11580520 2010-11-10] (Realtek Semiconductor)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sMessaging] C:\Users\Negron\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)

HKU\Default\...\RunOnce: [scrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()

HKU\Default User\...\RunOnce: [scrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] ()

HKU\Negron\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)

HKU\Negron\...\Run: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun [6369280 2013-02-20] (OpenDownloadManager.com)

HKU\Negron\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-06-30] (Google Inc.)

HKU\Negron\...\Run: [Macromedia] Rundll32.exe C:\Users\Negron\AppData\Local\Macromedia\pqlchzne.dll,bddgygkfbapzb [830976 2013-05-31] (SEIKO EPSON CORPORATION)

HKU\Negron\...\Run: [vMobilecdrom] rundll32.exe "C:\Users\Negron\AppData\Roaming\vMobilecdrom\vMobilecdrom.dll",fxcrtNotifier acxMapdb [28672 2013-04-05] ()

HKU\Negron\...\Run: [Adobe CSS5.1 Manager] C:\Users\Negron\AppData\Local\13cea454-2539-4671-bf39-1897eaadffc9ad\ceabfeaadffcad.exe [126976 2013-05-31] ()

HKU\Negron\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Negron\AppData\Local\13cea454-2539-4671-bf39-1897eaadffc9ad\ceabfeaadffcad.exe [126976 2013-05-31] ()

HKU\Negron\...\Winlogon: [shell] explorer.exe,C:\Users\Negron\AppData\Roaming\skype.dat [117248 2011-11-16] (VSN Software LTD) <==== ATTENTION

AppInit_DLLs: [0 ] ()

Startup: C:\Users\Negron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()

S2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [36456 2011-05-29] (Acer Incorporated)

S2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)

S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [162072 2013-04-04] (TMRG, Inc.)

==================== Drivers (Whitelisted) ====================

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-31 18:47 - 2013-05-31 18:47 - 00000000 ____D C:\FRST

2013-05-31 14:24 - 2013-05-31 14:31 - 00007201 ____A C:\Windows\IE10_main.log

2013-05-31 14:21 - 2013-05-31 14:23 - 00000004 ____A C:\Users\Negron\AppData\Roaming\skype.ini

2013-05-31 14:19 - 2013-05-31 14:19 - 00000332 ___AH C:\Windows\Tasks\{A61CE5CB-7FE4-4D20-A37F-DC8EDBB897C7}.job

2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\Users\Negron\AppData\Local\13cea454-2539-4671-bf39-1897eaadffc9ad

2013-05-31 14:18 - 2013-05-31 14:18 - 00117248 ____A (VSN Software LTD) C:\Users\Negron\vlcplayer.exe

2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\jqs.exe

2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\icq.exe

2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\firefox.exe

2013-05-30 11:43 - 2013-05-30 11:43 - 00014219 ____A C:\Users\Negron\Desktop\hs_err_pid8704.log

2013-05-28 03:52 - 2013-05-28 03:52 - 00014210 ____A C:\Users\Negron\Desktop\hs_err_pid14304.log

2013-05-26 09:12 - 2013-05-31 17:42 - 00000000 ____D C:\Users\Negron\AppData\Roaming\wabEventSupport16

2013-05-21 12:25 - 2013-05-21 12:25 - 00055808 ____A C:\Users\Negron\AppData\Local\otgkuw.rns

2013-05-21 12:25 - 2013-05-21 12:25 - 00055808 ____A C:\ProgramData\nzgnbtdf.lig

2013-05-15 14:26 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-15 14:26 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-15 14:26 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-15 14:26 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-15 14:24 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-15 14:24 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-15 14:24 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-15 14:24 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-15 14:24 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-15 14:24 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-15 14:24 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-15 14:24 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-15 14:24 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-15 14:24 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-15 14:24 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-15 14:24 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-15 14:24 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-15 14:24 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-15 14:24 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-15 14:24 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-15 14:24 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-15 14:24 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-15 14:24 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-15 14:24 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-15 14:24 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-15 14:24 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-15 14:24 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-15 14:24 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-15 14:24 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-15 14:24 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-15 14:24 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-15 14:24 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-15 13:38 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-15 13:38 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-15 13:38 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 13:38 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 13:38 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 13:38 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 13:38 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-15 13:38 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-15 13:38 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-15 13:38 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-15 13:38 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-15 13:37 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 13:37 - 2013-03-31 22:03 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\mcupdate_AuthenticAMD.dll

2013-05-15 13:37 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 13:37 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-11 08:40 - 2013-05-11 08:40 - 00013609 ____A C:\Users\Negron\Desktop\hs_err_pid6220.log

2013-05-08 12:48 - 2013-05-08 14:14 - 02436926 ____A C:\Users\Negron\Documents\tekkitlaucher.jar

2013-05-07 03:22 - 2013-05-07 03:22 - 00641808 ____A C:\Windows\Minidump\050713-21668-01.dmp

==================== One Month Modified Files and Folders =======

2013-05-31 18:47 - 2013-05-31 18:47 - 00000000 ____D C:\FRST

2013-05-31 17:44 - 2013-04-05 04:44 - 00000000 ____D C:\Users\Negron\AppData\Roaming\vMobilecdrom

2013-05-31 17:44 - 2013-02-21 17:40 - 00000000 ____D C:\Users\Negron\AppData\Roaming\Delta

2013-05-31 17:44 - 2013-02-17 18:10 - 00000000 ____D C:\Users\Negron\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files

2013-05-31 17:44 - 2013-02-05 15:47 - 00000000 ____D C:\Users\Negron\AppData\Local\Strongvault Online Backup

2013-05-31 17:44 - 2013-02-05 15:29 - 00000000 ____D C:\Users\Negron\AppData\Roaming\CamStudio Packages

2013-05-31 17:44 - 2012-03-11 10:15 - 00000000 ____D C:\ProgramData\webex

2013-05-31 17:44 - 2011-02-11 19:12 - 00000000 ___AD C:\Windows\DeployWinRE2

2013-05-31 17:44 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages

2013-05-31 17:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-05-31 17:44 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-05-31 17:42 - 2013-05-26 09:12 - 00000000 ____D C:\Users\Negron\AppData\Roaming\wabEventSupport16

2013-05-31 17:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-05-31 14:31 - 2013-05-31 14:24 - 00007201 ____A C:\Windows\IE10_main.log

2013-05-31 14:31 - 2012-05-28 10:33 - 00196608 ____A C:\Windows\System32\Ikeext.etl

2013-05-31 14:31 - 2012-01-27 15:49 - 01881706 ____A C:\Windows\WindowsUpdate.log

2013-05-31 14:25 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-31 14:23 - 2013-05-31 14:21 - 00000004 ____A C:\Users\Negron\AppData\Roaming\skype.ini

2013-05-31 14:23 - 2013-02-21 17:45 - 00000000 ____D C:\Program Files (x86)\RelevantKnowledge

2013-05-31 14:23 - 2013-02-21 17:44 - 00000000 ____D C:\Users\Negron\AppData\Roaming\Open Download Manager

2013-05-31 14:23 - 2012-07-15 10:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-31 14:23 - 2009-07-13 20:51 - 00074377 ____A C:\Windows\setupact.log

2013-05-31 14:19 - 2013-05-31 14:19 - 00000332 ___AH C:\Windows\Tasks\{A61CE5CB-7FE4-4D20-A37F-DC8EDBB897C7}.job

2013-05-31 14:19 - 2013-05-31 14:19 - 00000000 ____D C:\Users\Negron\AppData\Local\13cea454-2539-4671-bf39-1897eaadffc9ad

2013-05-31 14:19 - 2012-03-17 09:58 - 00000000 ____D C:\Users\Negron\AppData\Roaming\.minecraft

2013-05-31 14:19 - 2012-03-11 09:40 - 00000000 ____D C:\users\Negron

2013-05-31 14:18 - 2013-05-31 14:18 - 00117248 ____A (VSN Software LTD) C:\Users\Negron\vlcplayer.exe

2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\jqs.exe

2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\icq.exe

2013-05-31 14:18 - 2013-05-31 14:18 - 00000000 ____A C:\Users\Negron\firefox.exe

2013-05-31 14:10 - 2013-03-27 03:18 - 00000000 ____D C:\Users\Negron\AppData\Local\Macromedia

2013-05-31 14:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing

2013-05-31 14:00 - 2012-08-25 10:49 - 00000000 ____D C:\Users\Negron\AppData\Roaming\Skype

2013-05-31 13:54 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-31 13:54 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-31 13:45 - 2012-06-30 15:58 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-31 13:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-30 11:43 - 2013-05-30 11:43 - 00014219 ____A C:\Users\Negron\Desktop\hs_err_pid8704.log

2013-05-29 10:57 - 2012-03-11 13:42 - 00000000 ____D C:\Users\Negron\AppData\Local\CrashDumps

2013-05-28 03:52 - 2013-05-28 03:52 - 00014210 ____A C:\Users\Negron\Desktop\hs_err_pid14304.log

2013-05-24 22:40 - 2012-06-30 15:58 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-21 12:25 - 2013-05-21 12:25 - 00055808 ____A C:\Users\Negron\AppData\Local\otgkuw.rns

2013-05-21 12:25 - 2013-05-21 12:25 - 00055808 ____A C:\ProgramData\nzgnbtdf.lig

2013-05-18 09:44 - 2013-02-02 06:33 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-05-18 09:44 - 2011-08-10 03:46 - 00000000 ____D C:\ProgramData\Skype

2013-05-15 15:15 - 2009-07-13 20:45 - 00294024 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-15 15:12 - 2013-02-21 17:41 - 00000000 ____D C:\ProgramData\BrowserProtect

2013-05-15 15:12 - 2010-11-20 19:47 - 00602178 ____A C:\Windows\PFRO.log

2013-05-15 14:39 - 2013-02-14 00:12 - 00000118 ____A C:\Windows\System32\MRT.INI

2013-05-15 14:36 - 2012-04-22 08:34 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-14 12:28 - 2012-07-15 10:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-14 12:28 - 2011-08-10 04:01 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-11 08:40 - 2013-05-11 08:40 - 00013609 ____A C:\Users\Negron\Desktop\hs_err_pid6220.log

2013-05-08 14:14 - 2013-05-08 12:48 - 02436926 ____A C:\Users\Negron\Documents\tekkitlaucher.jar

2013-05-08 14:14 - 2013-04-26 03:36 - 00000000 ____D C:\Users\Negron\AppData\Roaming\.technic

2013-05-07 03:22 - 2013-05-07 03:22 - 00641808 ____A C:\Windows\Minidump\050713-21668-01.dmp

2013-05-07 03:22 - 2012-05-24 12:29 - 416127751 ____A C:\Windows\MEMORY.DMP

2013-05-07 03:22 - 2012-05-24 12:29 - 00000000 ____D C:\Windows\Minidump

2013-05-05 13:36 - 2013-05-15 14:26 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-05 13:16 - 2013-05-15 14:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-05 11:25 - 2013-05-15 14:26 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-05 11:12 - 2013-05-15 14:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-01 22:06 - 2010-11-20 19:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

Other Malware:

===========

C:\Users\Negron\firefox.exe

C:\Users\Negron\icq.exe

C:\Users\Negron\jqs.exe

C:\Users\Negron\vlcplayer.exe

C:\Users\Negron\AppData\Roaming\skype.dat

C:\Users\Negron\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-19 12:23:15

Restore point made on: 2013-04-23 03:38:37

Restore point made on: 2013-04-24 18:00:29

Restore point made on: 2013-04-30 00:39:59

Restore point made on: 2013-05-03 15:35:58

Restore point made on: 2013-05-07 01:34:35

Restore point made on: 2013-05-10 10:41:25

Restore point made on: 2013-05-13 23:11:06

Restore point made on: 2013-05-15 14:24:04

Restore point made on: 2013-05-20 23:23:46

Restore point made on: 2013-05-24 11:15:25

Restore point made on: 2013-05-24 23:00:33

Restore point made on: 2013-05-28 03:49:00

Restore point made on: 2013-05-31 13:54:14

Restore point made on: 2013-05-31 14:23:57

==================== Memory info ===========================

Percentage of memory in use: 18%

Total physical RAM: 3576.26 MB

Available physical RAM: 2914.61 MB

Total Pagefile: 3574.46 MB

Available Pagefile: 2906.36 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:446.13 GB) (Free:363.45 GB) NTFS (Disk=0 Partition=3)

Drive e: (PQSERVICE) (Fixed) (Total:19.53 GB) (Free:7.89 GB) NTFS (Disk=0 Partition=1)

Drive g: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32 (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B25EC62F)

Partition 1: (Not Active) - (Size=20 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

Last Boot: 2013-02-13 05:05

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.