Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ukash Virus [Solved]


  • This topic is locked This topic is locked

#1
Steviep

Steviep

    Member

  • Member
  • PipPipPip
  • 311 posts
Hi my laptop appears to have picked up the Ukash virus, I've ran Frst and attached the log, thanks in advance for your help

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2013
Ran by SYSTEM on 07-05-2013 16:56:54
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7711264 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM\...\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1573576 2012-10-29] (Ask)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$23ceaf3e03eb15df900fdffb4f8e63b1\n. ATTENTION! ====> ZeroAccess
HKU\Ants\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [ 2012-03-08] (Microsoft Corporation)
HKU\Ants\...\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h [x]
HKU\Ants\...\Run: [Facebook Update] "C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [ 2012-07-11] (Facebook Inc.)
HKU\Ants\...\Winlogon: [Shell] C:\Users\Ants\AppData\Roaming\i.ini,explorer.exe <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

========================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-06-22] (AVG Technologies CZ, s.r.o.)
S2 avgfws9; C:\Program Files\AVG\AVG9\avgfws9.exe [2331544 2010-11-24] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5897808 2010-06-22] (AVG Technologies CZ, s.r.o.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\19.1.0.28\diMaster.dll [303544 2011-08-11] (Symantec Corporation)
S2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
S2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)

==================== Drivers (Whitelisted) ====================

S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [24856 2010-03-30] (AVG Technologies CZ, s.r.o.)
S3 AVGIDSDriverw7x; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [122448 2010-06-22] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSErHrw7x; C:\Windows\System32\Drivers\AVGIDSwx.sys [25168 2010-06-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilterw7x; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [30288 2010-06-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSShimw7x; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [20560 2010-06-22] (AVG Technologies CZ, s.r.o. )
S1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [216400 2010-06-22] (AVG Technologies CZ, s.r.o.)
S1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-12] (AVG Technologies CZ, s.r.o.)
S0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [52872 2010-03-30] (AVG Technologies CZ, s.r.o.)
S1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys [995488 2012-08-10] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1301000.01C\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-15] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-15] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvix86.sys [386208 2012-08-21] (Symantec Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVENG.SYS [92704 2012-08-21] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVEX15.SYS [1601184 2012-08-21] (Symantec Corporation)
S3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2010-12-02] (Nokia)
S3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2010-12-02] (Nokia)
S1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-27] (SAMSUNG ELECTRONICS)
S3 SRTSP; C:\Windows\system32\drivers\NIS\1301000.01C\SRTSP.SYS [566904 2011-08-02] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1301000.01C\SRTSPX.SYS [31864 2011-08-02] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1301000.01C\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1301000.01C\SYMEFA.SYS [897656 2011-07-28] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [127096 2012-07-23] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1301000.01C\Ironx86.SYS [149624 2011-07-25] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NIS\1301000.01C\SYMNETS.SYS [314488 2011-07-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-07 16:56 - 2013-05-07 16:56 - 00000000 ____D C:\FRST
2013-05-07 07:23 - 2013-05-07 07:23 - 00000000 ____D C:\Users\Ants\AppData\Local\{84637207-12FE-4DFB-883B-0742C92A5756}
2013-05-02 10:55 - 2013-05-02 10:55 - 00000000 ____D C:\ProgramData\usij
2013-05-02 10:53 - 2013-05-02 10:53 - 00185336 ____A (Hilgraeve, Inc.) C:\Users\Ants\Desktop\fdia.tmp
2013-05-02 09:44 - 2013-05-02 09:44 - 00000000 ____D C:\Users\Ants\AppData\Local\{B9FE0390-E383-491E-84C3-F6B5EA4F461E}
2013-04-30 07:40 - 2013-04-30 07:40 - 00000000 ____D C:\Users\Ants\AppData\Local\{ED17CB2B-858F-4CAB-9A8F-365270891108}
2013-04-29 10:18 - 2013-04-29 10:19 - 00000000 ____D C:\Users\Ants\AppData\Local\{AA47AB50-8EF7-4D8F-B41D-87553D87FE32}
2013-04-27 03:45 - 2013-04-27 03:45 - 00000000 ____D C:\Users\Ants\AppData\Local\{A5D6C57A-67E1-4FF3-9CD3-39EEF9FBCFD8}
2013-04-26 12:45 - 2013-04-26 12:45 - 00000000 ____D C:\Users\Ants\AppData\Local\{7C49B9B0-D5C7-46F8-8614-D824C03BB068}
2013-04-25 06:44 - 2013-04-25 06:44 - 00000000 ____D C:\Users\Ants\AppData\Local\{30B59BCB-5F5F-4DC3-9D18-B6BD72C70356}
2013-04-24 06:27 - 2013-04-24 06:28 - 00000000 ____D C:\Users\Ants\AppData\Local\{E56404B4-9053-49BB-982F-D67380DA42B4}
2013-04-23 09:37 - 2013-04-12 05:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-23 09:30 - 2013-04-23 09:30 - 00000000 ____D C:\Users\Ants\AppData\Local\{4D7F5676-6D7D-425F-82BB-4582AF90296A}
2013-04-22 02:28 - 2013-04-22 02:29 - 00000000 ____D C:\Users\Ants\AppData\Local\{64679DE0-EF34-47B3-9D13-6C27884594D8}
2013-04-20 11:17 - 2013-04-20 11:17 - 00000000 ____D C:\Users\Ants\AppData\Local\{BC2ABBC5-2562-4F2F-A5D7-5F243787CA9E}
2013-04-19 23:16 - 2013-04-19 23:17 - 00000000 ____D C:\Users\Ants\AppData\Local\{87E48C0A-4A40-408B-A10C-D54183448949}
2013-04-19 22:42 - 2013-04-19 22:42 - 00000000 ____D C:\Users\Ants\AppData\Local\{A508021D-7691-431A-A1D0-5EBB320F09AB}
2013-04-19 14:58 - 2013-04-19 14:58 - 00000000 ____D C:\Users\Ants\AppData\Local\{61A8F3A4-FFAD-4303-AAA6-9CF2E0B3945A}
2013-04-18 06:11 - 2013-04-18 06:11 - 00000000 ____D C:\Users\Ants\AppData\Local\{D1A9E8FD-98D3-4B70-AC42-C34F7B46A2C8}
2013-04-17 06:18 - 2013-04-17 06:18 - 00000000 ____D C:\Users\Ants\AppData\Local\{E23472E9-E4B1-4CCB-BEF7-39103B50C63A}
2013-04-16 07:16 - 2013-04-16 07:16 - 00000000 ____D C:\Users\Ants\AppData\Local\{AF671264-F52E-4175-B415-FF328FF6E99A}
2013-04-15 12:04 - 2013-04-15 12:04 - 00000000 ____D C:\Users\Ants\AppData\Local\{2BFAA136-56F6-452A-9C18-D845FE42700B}
2013-04-15 00:03 - 2013-04-15 00:04 - 00000000 ____D C:\Users\Ants\AppData\Local\{DF3244A7-F54E-4472-9725-806797D77CA7}
2013-04-14 12:03 - 2013-04-14 12:03 - 00000000 ____D C:\Users\Ants\AppData\Local\{424D716D-2655-49E3-9B96-C3FDB0604964}
2013-04-13 17:18 - 2013-04-13 17:18 - 00000000 ____D C:\Users\Ants\AppData\Local\{AAA9DA7B-08A4-44C8-B0BB-00A9AF52BBF7}
2013-04-13 14:56 - 2013-04-13 14:56 - 00000000 ____D C:\Users\Ants\AppData\Local\{B726B0F6-CBDC-4055-AE6E-F35A2226F0FF}
2013-04-12 05:15 - 2013-04-12 05:15 - 00000000 ____D C:\Users\Ants\AppData\Local\{E28F7DE0-0716-4716-8119-DDDAE2DEAAC8}
2013-04-11 17:10 - 2013-04-11 17:11 - 00000000 ____D C:\Users\Ants\AppData\Local\{8186FF53-6F8F-45EB-9E64-417F226D5DA5}
2013-04-11 05:10 - 2013-04-11 05:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{8FDCA9C2-6014-4904-B3EA-FA74C8DCEED5}
2013-04-10 18:02 - 2013-02-21 02:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 18:02 - 2013-02-21 02:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 18:02 - 2013-02-21 02:30 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-10 18:02 - 2013-02-21 02:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 18:02 - 2013-02-21 02:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 18:02 - 2013-02-21 02:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-10 18:02 - 2013-02-21 02:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 18:02 - 2013-02-21 02:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-10 18:02 - 2013-02-21 02:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 18:02 - 2013-02-21 02:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 18:02 - 2013-02-21 02:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-10 18:02 - 2013-02-21 02:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-10 18:02 - 2013-02-21 02:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 18:02 - 2013-02-21 02:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-10 18:02 - 2013-02-19 04:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 18:02 - 2013-02-19 03:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-10 17:09 - 2013-04-10 17:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{A180E1FE-0ECB-4525-BB0F-EE199CCE9183}
2013-04-10 05:16 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-04-10 05:16 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 05:16 - 2013-03-18 20:48 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 05:16 - 2013-03-18 18:49 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 05:16 - 2013-02-28 19:09 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 05:16 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 05:16 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 05:16 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 05:16 - 2013-01-23 20:47 - 00196328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-10 05:09 - 2013-04-10 05:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{D033449A-D1D7-4660-9CF9-232FA1ACEAE5}
2013-04-09 04:09 - 2013-04-09 04:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{D83CD0B7-6C28-49A7-A926-6373EF3F6152}
2013-04-08 06:52 - 2013-04-08 06:52 - 00000000 ____D C:\Users\Ants\AppData\Local\{59477288-5848-4EF6-8F7B-7AD208557C9C}
2013-04-07 03:13 - 2013-04-07 15:14 - 00000000 ____D C:\Users\Ants\AppData\Local\{732A5EF8-DD2B-4023-8192-DAFAB7A850CC}

==================== One Month Modified Files and Folders ========

2013-05-07 16:56 - 2013-05-07 16:56 - 00000000 ____D C:\FRST
2013-05-07 07:26 - 2009-09-16 22:44 - 01082803 ____A C:\Windows\WindowsUpdate.log
2013-05-07 07:26 - 2009-07-13 20:34 - 00015056 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-07 07:26 - 2009-07-13 20:34 - 00015056 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-07 07:23 - 2013-05-07 07:23 - 00000000 ____D C:\Users\Ants\AppData\Local\{84637207-12FE-4DFB-883B-0742C92A5756}
2013-05-07 07:23 - 2012-03-30 15:03 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
2013-05-07 07:23 - 2012-03-30 15:03 - 00000900 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000Core.job
2013-05-07 07:23 - 2010-03-30 14:37 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-02 10:58 - 2010-04-17 02:13 - 00000000 ____D C:\Users\Ants\Tracing
2013-05-02 10:58 - 2010-03-30 14:37 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-02 10:58 - 2009-09-16 23:19 - 01273072 ____A C:\Windows\PFRO.log
2013-05-02 10:58 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-02 10:58 - 2009-07-13 20:39 - 00178968 ____A C:\Windows\setupact.log
2013-05-02 10:55 - 2013-05-02 10:55 - 00000000 ____D C:\ProgramData\usij
2013-05-02 10:53 - 2013-05-02 10:53 - 00185336 ____A (Hilgraeve, Inc.) C:\Users\Ants\Desktop\fdia.tmp
2013-05-02 10:53 - 2010-03-30 13:28 - 00000000 ____D C:\users\Ants
2013-05-02 09:44 - 2013-05-02 09:44 - 00000000 ____D C:\Users\Ants\AppData\Local\{B9FE0390-E383-491E-84C3-F6B5EA4F461E}
2013-04-30 07:40 - 2013-04-30 07:40 - 00000000 ____D C:\Users\Ants\AppData\Local\{ED17CB2B-858F-4CAB-9A8F-365270891108}
2013-04-29 10:19 - 2013-04-29 10:18 - 00000000 ____D C:\Users\Ants\AppData\Local\{AA47AB50-8EF7-4D8F-B41D-87553D87FE32}
2013-04-29 10:18 - 2013-01-30 12:00 - 00000000 ____A C:\END
2013-04-27 03:45 - 2013-04-27 03:45 - 00000000 ____D C:\Users\Ants\AppData\Local\{A5D6C57A-67E1-4FF3-9CD3-39EEF9FBCFD8}
2013-04-27 03:45 - 2012-08-16 14:46 - 00000000 ____D C:\Users\Ants\AppData\Local\CrashDumps
2013-04-26 12:45 - 2013-04-26 12:45 - 00000000 ____D C:\Users\Ants\AppData\Local\{7C49B9B0-D5C7-46F8-8614-D824C03BB068}
2013-04-25 11:41 - 2012-04-08 09:03 - 00000400 ___AH C:\Windows\Tasks\Norton Security Scan for Ants.job
2013-04-25 06:44 - 2013-04-25 06:44 - 00000000 ____D C:\Users\Ants\AppData\Local\{30B59BCB-5F5F-4DC3-9D18-B6BD72C70356}
2013-04-24 06:28 - 2013-04-24 06:27 - 00000000 ____D C:\Users\Ants\AppData\Local\{E56404B4-9053-49BB-982F-D67380DA42B4}
2013-04-23 09:30 - 2013-04-23 09:30 - 00000000 ____D C:\Users\Ants\AppData\Local\{4D7F5676-6D7D-425F-82BB-4582AF90296A}
2013-04-22 02:29 - 2013-04-22 02:28 - 00000000 ____D C:\Users\Ants\AppData\Local\{64679DE0-EF34-47B3-9D13-6C27884594D8}
2013-04-20 11:17 - 2013-04-20 11:17 - 00000000 ____D C:\Users\Ants\AppData\Local\{BC2ABBC5-2562-4F2F-A5D7-5F243787CA9E}
2013-04-19 23:17 - 2013-04-19 23:16 - 00000000 ____D C:\Users\Ants\AppData\Local\{87E48C0A-4A40-408B-A10C-D54183448949}
2013-04-19 22:43 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2013-04-19 22:42 - 2013-04-19 22:42 - 00000000 ____D C:\Users\Ants\AppData\Local\{A508021D-7691-431A-A1D0-5EBB320F09AB}
2013-04-19 14:58 - 2013-04-19 14:58 - 00000000 ____D C:\Users\Ants\AppData\Local\{61A8F3A4-FFAD-4303-AAA6-9CF2E0B3945A}
2013-04-18 06:11 - 2013-04-18 06:11 - 00000000 ____D C:\Users\Ants\AppData\Local\{D1A9E8FD-98D3-4B70-AC42-C34F7B46A2C8}
2013-04-17 06:23 - 2009-07-26 12:06 - 00792128 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-17 06:18 - 2013-04-17 06:18 - 00000000 ____D C:\Users\Ants\AppData\Local\{E23472E9-E4B1-4CCB-BEF7-39103B50C63A}
2013-04-16 07:16 - 2013-04-16 07:16 - 00000000 ____D C:\Users\Ants\AppData\Local\{AF671264-F52E-4175-B415-FF328FF6E99A}
2013-04-15 12:04 - 2013-04-15 12:04 - 00000000 ____D C:\Users\Ants\AppData\Local\{2BFAA136-56F6-452A-9C18-D845FE42700B}
2013-04-15 00:04 - 2013-04-15 00:03 - 00000000 ____D C:\Users\Ants\AppData\Local\{DF3244A7-F54E-4472-9725-806797D77CA7}
2013-04-14 12:03 - 2013-04-14 12:03 - 00000000 ____D C:\Users\Ants\AppData\Local\{424D716D-2655-49E3-9B96-C3FDB0604964}
2013-04-13 17:18 - 2013-04-13 17:18 - 00000000 ____D C:\Users\Ants\AppData\Local\{AAA9DA7B-08A4-44C8-B0BB-00A9AF52BBF7}
2013-04-13 14:56 - 2013-04-13 14:56 - 00000000 ____D C:\Users\Ants\AppData\Local\{B726B0F6-CBDC-4055-AE6E-F35A2226F0FF}
2013-04-12 05:45 - 2013-04-23 09:37 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-12 05:15 - 2013-04-12 05:15 - 00000000 ____D C:\Users\Ants\AppData\Local\{E28F7DE0-0716-4716-8119-DDDAE2DEAAC8}
2013-04-11 17:11 - 2013-04-11 17:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{8186FF53-6F8F-45EB-9E64-417F226D5DA5}
2013-04-11 05:10 - 2013-04-11 05:10 - 00000000 ____D C:\Users\Ants\AppData\Local\{8FDCA9C2-6014-4904-B3EA-FA74C8DCEED5}
2013-04-11 03:10 - 2009-07-13 20:33 - 00418352 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-10 18:02 - 2010-03-30 13:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-04-10 17:10 - 2013-04-10 17:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{A180E1FE-0ECB-4525-BB0F-EE199CCE9183}
2013-04-10 10:53 - 2012-05-29 11:32 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-10 05:09 - 2013-04-10 05:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{D033449A-D1D7-4660-9CF9-232FA1ACEAE5}
2013-04-09 04:09 - 2013-04-09 04:09 - 00000000 ____D C:\Users\Ants\AppData\Local\{D83CD0B7-6C28-49A7-A926-6373EF3F6152}
2013-04-08 06:52 - 2013-04-08 06:52 - 00000000 ____D C:\Users\Ants\AppData\Local\{59477288-5848-4EF6-8F7B-7AD208557C9C}
2013-04-07 15:14 - 2013-04-07 03:13 - 00000000 ____D C:\Users\Ants\AppData\Local\{732A5EF8-DD2B-4023-8192-DAFAB7A850CC}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1131658597-4005637612-88016806-1000\$23ceaf3e03eb15df900fdffb4f8e63b1

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$23ceaf3e03eb15df900fdffb4f8e63b1

Other Malware:
===========
C:\Users\Ants\AppData\Roaming\i.ini
C:\Users\Ants\Application Data\i.ini

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-07 10:00:40
Restore point made on: 2013-04-10 18:00:51
Restore point made on: 2013-04-14 12:34:55
Restore point made on: 2013-04-22 02:38:33
Restore point made on: 2013-04-24 06:31:19
Restore point made on: 2013-04-29 10:28:29

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3004.61 MB
Available physical RAM: 2537.93 MB
Total Pagefile: 3000.83 MB
Available Pagefile: 2546.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:108.89 GB) (Free:52.95 GB) NTFS
Drive e: () (Fixed) (Total:108.89 GB) (Free:9.29 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:4.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: () (Removable) (Total:7.45 GB) (Free:7.25 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 233 GB) (Disk ID: 07A54FFB)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=109 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=109 GB) - (Type=07 NTFS)

====================================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)


Last Boot: 2013-04-25 11:40

==================== End Of Log ============================
  • 0

Advertisements


#2
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Sorry duplicate post
  • 0

#3
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I got the other one


gringo
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP