Jump to content

Ukash virus and I cannot boot to safe mode.

daveybabs
 Share

Recommended Posts

daveybabs

daveybabs

Posted
Posted

Hi, Ive been trying for 24 hours to sort this virus out and I cant. I usually just boot into safe mode go to msconfig, follow the path and delete the file. This time I cant boot into safe mode it just shuts down. Have tried every rescue disk out there and I think Ive removed the virus but the screen still appears when I log on. I have attached a log and hope you can help me. Thank you

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013

Ran by SYSTEM on 14-06-2013 14:31:32

Running from I:\

Windows 7 Professional (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence [x]

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10135584 2010-03-26] (Realtek Semiconductor)

HKLM\...\Run: [MveXinfo.exe] "C:\PROGRA~1\MATROX~1.UTI\System64\MveXinfo.exe" /tray [705640 2012-11-10] (Matrox Electronic Systems)

HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [478984 2012-12-15] (Adobe Systems Incorporated)

HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [403112 2012-04-27] (Acronis)

HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$b70534b1e5227d8b03ec7790383f2ccc\n. ATTENTION! ====> ZeroAccess

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave [x]

HKLM-x32\...\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [5955280 2012-04-27] (Acronis)

HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [x]

HKLM-x32\...\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [x]

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)

HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2005-02-16] (InstallShield Software Corporation)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284184 2011-02-09] (Intel Corporation)

HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [655360 2012-05-29] ()

HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd)

HKLM-x32\...\Run: [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe [118784 2011-02-14] (Contour Design, Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1611160 2011-03-28] (CANON INC.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [38984 2013-05-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171304 2012-04-27] (Acronis)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [840768 2013-05-09] (Adobe Systems Inc.)

HKLM-x32\...\Run: [NortonSupport] "C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\symerr.exe" /supportreboot [54096 2013-01-25] (Symantec Corporation)

HKU\b2b Productions\...\Run: [AdobeBridge] [x]

HKU\b2b Productions\...\Run: [YouSendIt.exe] C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe -ui none [198144 2012-04-10] (YouSendIt)

HKU\b2b Productions\...\Run: [update] C:\Users\b2b Productions\AppData\Roaming\do3Hrdt.exe [x]

HKU\b2b Productions\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [x]

HKU\b2b Productions\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18643048 2013-02-28] (Skype Technologies S.A.)

HKU\b2b Productions\...\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-16] (InstallShield Software Corporation)

HKU\b2b Productions\...\Run: [Google Update] "C:\Users\b2b Productions\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]

HKU\b2b Productions\...\Run: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon [53341 2006-11-17] (Creative Technology Ltd)

HKU\b2b Productions\...\Run: [Akamai NetSession Interface] "C:\Users\b2b Productions\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)

HKU\b2b Productions\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)

HKU\b2b Productions\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION

HKU\b2b Productions\...\Command Processor: "C:\Users\B2BPRO~1\AppData\Local\Temp\QJpIKma.exe" <===== ATTENTION!

HKU\UpdatusUser\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)

Startup: C:\ProgramData\Start Menu\Programs\Startup\GIGABYTE OC Guru.lnk

ShortcutTarget: GIGABYTE OC Guru.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\OC_Guru.exe (GIGABYTE Technology Co.,Ltd)

Startup: C:\ProgramData\Start Menu\Programs\Startup\SpyderUtility.lnk

ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ( )

Startup: C:\Users\b2b Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\b2b Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

ShortcutTarget: ctfmon.lnk -> C:\ProgramData\lsass.exe (Microsoft Corporation)

Startup: C:\Users\b2b Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

Startup: C:\Users\b2b Productions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-02-11] (Adobe Systems)

S4 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-06-14] (SurfRight B.V.)

S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-06-08] (Nero AG)

S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-06] ()

S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()

S4 mvOptimizerService; C:\PROGRA~1\MATROX~1.UTI\System64\mvOptimizerService.exe [117352 2012-11-10] (Matrox Electronic Systems)

S2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe [144520 2012-12-23] (Symantec Corporation)

S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe [144520 2012-12-23] (Symantec Corporation)

S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2012-04-13] ()

S4 ShuttleEngine; C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe [86016 2011-02-14] (Contour Design, Inc.)

S4 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)

S4 HitmanPro37CrusaderBoot; "G:\HitmanPro_x64.exe" /crusader:boot [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-22] ()

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)

S1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1403010.016\ccSetx64.sys [168096 2012-11-15] (Symantec Corporation)

S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD03030.013\ccSetx64.sys [168096 2012-11-15] (Symantec Corporation)

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-05-14] (Symantec Corporation)

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-05-14] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)

S3 gdrv; C:\Windows\gdrv.sys [25640 2013-02-18] (Windows ® Server 2003 DDK provider)

S3 gdrv; C:\Windows\gdrv.sys [25640 2013-02-18] (Windows ® Server 2003 DDK provider)

S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130613.001\IDSvia64.sys [513184 2013-05-15] (Symantec Corporation)

S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130613.001\IDSvia64.sys [513184 2013-05-15] (Symantec Corporation)

S3 mtx_WdmAudioLE; C:\Windows\System32\drivers\mvkWdmAudioLE.sys [47208 2012-11-10] (Matrox Electronic Systems)

S3 mvkAudioInput; C:\Windows\System32\DRIVERS\mvkAudioInput.sys [66664 2012-11-10] (Matrox Electronic Systems)

S3 mvkAudioOutput; C:\Windows\System32\DRIVERS\mvkAudioOutput.sys [70760 2012-11-10] (Matrox Electronic Systems)

S3 mvkAVBus; C:\Windows\System32\DRIVERS\mvkAVBus.sys [342120 2012-11-10] (Matrox Electronic Systems)

S3 mvkAVCio; C:\Windows\System32\DRIVERS\mvkAVCio.sys [497256 2012-11-10] (Matrox Electronic Systems)

S3 mvkInput; C:\Windows\System32\DRIVERS\mvkInput.sys [79976 2012-11-10] (Matrox Electronic Systems)

S3 mvkLQScaler; C:\Windows\System32\DRIVERS\mvkLQScaler.sys [66664 2012-11-10] (Matrox Electronic Systems)

S3 mvkMemMngr; C:\Windows\System32\DRIVERS\mvkMemMngr.sys [57960 2012-11-10] (Matrox Electronic Systems)

S3 mvkMisc; C:\Windows\System32\DRIVERS\mvkMisc.sys [75880 2012-11-10] (Matrox Electronic Systems)

S3 mvkOutput; C:\Windows\System32\DRIVERS\mvkOutput.sys [90216 2012-11-10] (Matrox Electronic Systems)

S3 mvkPciOptimizer; C:\Program Files\Matrox Mtx.utils\drivers\mvkPciOptimizer.sys [20072 2012-11-25] (Matrox Electronic Systems)

S3 mvkSystemClock; C:\Windows\System32\DRIVERS\mvkSystemClock.sys [63592 2012-11-10] (Matrox Electronic Systems)

S3 mvkTransfer; C:\Windows\System32\DRIVERS\mvkTransfer.sys [74344 2012-11-10] (Matrox Electronic Systems)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130613.001\ENG64.SYS [126040 2013-05-21] (Symantec Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130613.001\ENG64.SYS [126040 2013-05-21] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130613.001\EX64.SYS [2098776 2013-05-21] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130613.001\EX64.SYS [2098776 2013-05-21] (Symantec Corporation)

S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)

S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)

S1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1403010.016\SRTSP64.SYS [796248 2013-01-28] (Symantec Corporation)

S1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1403010.016\SRTSPX64.SYS [36952 2013-01-28] (Symantec Corporation)

S0 SymDS; C:\Windows\System32\drivers\NAVx64\1403010.016\SYMDS64.SYS [493656 2013-01-21] (Symantec Corporation)

S0 SymEFA; C:\Windows\System32\drivers\NAVx64\1403010.016\SYMEFA64.SYS [1139800 2013-01-30] (Symantec Corporation)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-05-15] (Symantec Corporation)

S1 SymIRON; C:\Windows\system32\drivers\NAVx64\1403010.016\Ironx64.SYS [224416 2012-11-15] (Symantec Corporation)

S1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS [432800 2013-01-30] (Symantec Corporation)

S0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2011-04-28] (TuneClone Software)

S3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)

S2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)

S2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)

S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)

S3 ALSysIO; \??\C:\Users\B2BPRO~1\AppData\Local\Temp\ALSysIO64.sys [x]

S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [x]

S3 mvkMemManager; system32\DRIVERS\mvkMemManager.sys [x]

S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [x]

S3 WinRing0_1_2_0; \??\C:\Users\b2b Productions\Desktop\RealTemp_360\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2020-05-06 07:24 - 2011-05-06 12:59 - 00000000 ____D C:\Program Files\NewBlue

2013-06-14 14:31 - 2013-06-14 14:31 - 00000000 ____D C:\FRST

2013-06-14 12:55 - 2013-06-14 12:55 - 00000000 ____D C:\NBRT

2013-06-14 01:14 - 2013-06-14 01:14 - 88342528 ____A C:\Windows\System32\config\SOFTWARE.bhv

2013-06-14 01:14 - 2013-06-14 01:14 - 30146560 ____A C:\Windows\System32\config\SYSTEM.bhv

2013-06-14 01:14 - 2013-06-14 01:14 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bhv

2013-06-14 01:14 - 2013-06-14 01:14 - 00262144 ____A C:\Windows\System32\config\SECURITY.bhv

2013-06-14 01:14 - 2013-06-14 01:14 - 00262144 ____A C:\Windows\System32\config\SAM.bhv

2013-06-13 18:19 - 2013-06-13 18:19 - 00000000 ___AD C:\$Anvi Rescue Disk$

2013-06-13 16:43 - 2013-06-13 16:43 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe

2013-06-13 16:43 - 2013-06-13 16:43 - 00003144 ____A C:\Windows\System32\.crusader

2013-06-13 16:40 - 2013-06-14 03:26 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk

2013-06-13 16:40 - 2013-06-13 16:43 - 00000000 ____D C:\ProgramData\HitmanPro

2013-06-13 16:40 - 2013-06-13 16:40 - 00000000 ____D C:\Program Files\HitmanPro

2013-06-13 15:59 - 2013-06-13 15:59 - 01038434 ____A C:\ProgramData\2433f433

2013-06-13 15:59 - 2013-06-13 15:59 - 01038410 ____A C:\Users\b2b Productions\AppData\Local\2433f433

2013-06-13 15:59 - 2013-06-13 15:59 - 01038392 ____A C:\Users\b2b Productions\AppData\Roaming\2433f433

2013-06-13 12:39 - 2013-06-13 12:47 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota (2).xls

2013-06-12 03:41 - 2013-06-12 03:41 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota (1).xls

2013-06-11 06:30 - 2013-06-11 06:30 - 26592511 ____A C:\Users\b2b Productions\Downloads\Colette & Simon Project Files.zip

2013-06-06 03:48 - 2013-06-06 03:48 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota.xls

2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\b2b Productions\Documents\Twixtor5AEManual

2013-05-30 20:57 - 2013-05-30 21:02 - 00000000 ____D C:\Program Files (x86)\REVisionEffects

2013-05-30 20:57 - 2013-05-30 20:57 - 17659190 ____A C:\Users\b2b Productions\Downloads\Twixtor Installer by iStazy.rar

2013-05-30 20:57 - 2013-05-30 20:57 - 00000000 ____D C:\Users\b2b Productions\Downloads\Twixtor Installer by iStazy

2013-05-30 20:49 - 2013-05-30 20:49 - 17539039 ____A C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus (1).zip

2013-05-30 20:49 - 2013-05-30 20:49 - 00000000 ____D C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus (1)

2013-05-30 20:46 - 2013-05-30 20:46 - 17539039 ____A C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus.zip

2013-05-28 03:12 - 2013-05-28 03:12 - 66248637 ____A C:\Users\b2b Productions\Downloads\promo_chrisswendy_sd (1).wmv

2013-05-26 14:09 - 2013-05-26 14:09 - 00002865 ____A C:\Users\b2b Productions\Documents\FCP Translation Results 2013-05-26 23-09.txt

2013-05-26 14:03 - 2013-05-26 14:03 - 00001424 ____A C:\Users\b2b Productions\Documents\FCP Translation Results 2013-05-26 23-03.txt

2013-05-24 08:21 - 2013-05-24 08:21 - 66248637 ____A C:\Users\b2b Productions\Downloads\promo_chrisswendy_sd.wmv

2013-05-20 07:20 - 2013-05-20 07:21 - 79992211 ____A C:\Users\b2b Productions\Downloads\promo_caroline_sd.wmv

2013-05-20 05:17 - 2013-05-20 05:17 - 00000074 ____A C:\Windows\???.ini

2013-05-20 05:14 - 2013-05-21 01:39 - 00000074 ____A C:\Windows\e??.ini

2013-05-20 05:14 - 2013-05-20 05:14 - 00000074 ____A C:\Windows\§??.ini

2013-05-18 03:25 - 2013-05-18 03:25 - 00000074 ____A C:\Windows\???.ini

2013-05-18 03:24 - 2013-05-18 03:24 - 00000074 ____A C:\Windows\e??.ini

2013-05-17 08:13 - 2013-05-17 08:13 - 00000074 ____A C:\Windows\D??.ini

2013-05-17 07:25 - 2013-05-17 07:25 - 00000074 ____A C:\Windows\???.ini

2013-05-17 07:24 - 2013-05-17 07:24 - 00000074 ____A C:\Windows\È??.ini

2013-05-16 11:02 - 2013-05-16 11:02 - 00001071 ____A C:\Users\Public\Desktop\EOS Utility.lnk

2013-05-16 11:01 - 2013-05-16 11:01 - 00000000 ____D C:\ProgramData\Canon_Inc_IC

2013-05-16 02:47 - 2013-05-16 02:47 - 00002397 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk

2013-05-16 02:47 - 2013-05-16 02:47 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64

2013-05-16 02:47 - 2013-05-16 02:47 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe

==================== One Month Modified Files and Folders =======

2013-06-14 14:31 - 2013-06-14 14:31 - 00000000 ____D C:\FRST

2013-06-14 12:55 - 2013-06-14 12:55 - 00000000 ____D C:\NBRT

2013-06-14 05:23 - 2009-07-13 20:45 - 00019840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-14 05:23 - 2009-07-13 20:45 - 00019840 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-14 03:26 - 2013-06-13 16:40 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk

2013-06-14 01:14 - 2013-06-14 01:14 - 88342528 ____A C:\Windows\System32\config\SOFTWARE.bhv

2013-06-14 01:14 - 2013-06-14 01:14 - 30146560 ____A C:\Windows\System32\config\SYSTEM.bhv

2013-06-14 01:14 - 2013-06-14 01:14 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bhv

2013-06-14 01:14 - 2013-06-14 01:14 - 00262144 ____A C:\Windows\System32\config\SECURITY.bhv

2013-06-14 01:14 - 2013-06-14 01:14 - 00262144 ____A C:\Windows\System32\config\SAM.bhv

2013-06-14 01:14 - 2011-02-08 10:32 - 00000000 ____D C:\users\b2b Productions

2013-06-13 18:19 - 2013-06-13 18:19 - 00000000 ___AD C:\$Anvi Rescue Disk$

2013-06-13 17:33 - 2013-01-15 03:21 - 01055212 ____A C:\Windows\WindowsUpdate.log

2013-06-13 17:12 - 2012-06-22 05:58 - 00000000 ____D C:\Windows\pss

2013-06-13 17:10 - 2012-10-05 11:59 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-13 17:10 - 2009-07-13 21:13 - 00789528 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-13 17:00 - 2011-02-09 00:53 - 00000000 ____D C:\Users\b2b Productions\AppData\Local\Adobe

2013-06-13 16:54 - 2013-01-15 03:20 - 00017829 ____A C:\Windows\setupact.log

2013-06-13 16:54 - 2011-02-09 03:36 - 00000000 ____D C:\ProgramData\NVIDIA

2013-06-13 16:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-13 16:43 - 2013-06-13 16:43 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe

2013-06-13 16:43 - 2013-06-13 16:43 - 00003144 ____A C:\Windows\System32\.crusader

2013-06-13 16:43 - 2013-06-13 16:40 - 00000000 ____D C:\ProgramData\HitmanPro

2013-06-13 16:40 - 2013-06-13 16:40 - 00000000 ____D C:\Program Files\HitmanPro

2013-06-13 16:21 - 2012-10-05 11:59 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-13 16:14 - 2012-05-24 13:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-13 15:59 - 2013-06-13 15:59 - 01038434 ____A C:\ProgramData\2433f433

2013-06-13 15:59 - 2013-06-13 15:59 - 01038410 ____A C:\Users\b2b Productions\AppData\Local\2433f433

2013-06-13 15:59 - 2013-06-13 15:59 - 01038392 ____A C:\Users\b2b Productions\AppData\Roaming\2433f433

2013-06-13 12:47 - 2013-06-13 12:39 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota (2).xls

2013-06-13 11:23 - 2011-08-12 07:19 - 00000000 ___RD C:\Users\b2b Productions\Dropbox

2013-06-13 11:23 - 2011-08-12 07:17 - 00000000 ____D C:\Users\b2b Productions\AppData\Roaming\Dropbox

2013-06-13 11:23 - 2011-07-25 06:30 - 00000000 ____D C:\Users\b2b Productions\AppData\Local\Htc

2013-06-12 13:51 - 2011-02-23 13:08 - 00000000 ____D C:\Users\b2b Productions\Documents\b2b Documentation

2013-06-12 11:39 - 2012-09-07 01:30 - 00000000 ____D C:\Users\b2b Productions\AppData\Roaming\TeamViewer

2013-06-12 03:41 - 2013-06-12 03:41 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota (1).xls

2013-06-12 03:14 - 2012-05-24 13:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-06-12 03:14 - 2011-08-11 05:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-06-12 02:21 - 2013-04-10 00:05 - 00001090 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk

2013-06-12 01:59 - 2013-02-24 08:55 - 00000000 ____D C:\Users\b2b Productions\Desktop\Stuff

2013-06-11 06:30 - 2013-06-11 06:30 - 26592511 ____A C:\Users\b2b Productions\Downloads\Colette & Simon Project Files.zip

2013-06-11 01:34 - 2011-12-12 18:15 - 00039424 ____A C:\Users\b2b Productions\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-06-11 01:14 - 2012-01-20 04:14 - 00000000 ____D C:\project copies

2013-06-10 05:29 - 2011-02-10 01:11 - 00000000 ____D C:\Users\b2b Productions\AppData\Local\CrashDumps

2013-06-06 05:18 - 2011-02-09 04:14 - 00000021 ____A C:\Windows\SurCode.INI

2013-06-06 03:48 - 2013-06-06 03:48 - 00102912 ____A C:\Users\b2b Productions\Downloads\The Wedding Lounge - Rota.xls

2013-06-05 04:43 - 2012-02-10 03:42 - 00000000 ____D C:\ProgramData\CanonIJPLM

2013-05-30 21:02 - 2013-05-30 20:57 - 00000000 ____D C:\Program Files (x86)\REVisionEffects

2013-05-30 20:59 - 2013-05-30 20:59 - 00000000 ____D C:\Users\b2b Productions\Documents\Twixtor5AEManual

2013-05-30 20:57 - 2013-05-30 20:57 - 17659190 ____A C:\Users\b2b Productions\Downloads\Twixtor Installer by iStazy.rar

2013-05-30 20:57 - 2013-05-30 20:57 - 00000000 ____D C:\Users\b2b Productions\Downloads\Twixtor Installer by iStazy

2013-05-30 20:49 - 2013-05-30 20:49 - 17539039 ____A C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus (1).zip

2013-05-30 20:49 - 2013-05-30 20:49 - 00000000 ____D C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus (1)

2013-05-30 20:46 - 2013-05-30 20:46 - 17539039 ____A C:\Users\b2b Productions\Downloads\Twixtor 5.0 Full AE CS5 ALexus.zip

2013-05-30 11:02 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-05-28 03:12 - 2013-05-28 03:12 - 66248637 ____A C:\Users\b2b Productions\Downloads\promo_chrisswendy_sd (1).wmv

2013-05-26 14:09 - 2013-05-26 14:09 - 00002865 ____A C:\Users\b2b Productions\Documents\FCP Translation Results 2013-05-26 23-09.txt

2013-05-26 14:03 - 2013-05-26 14:03 - 00001424 ____A C:\Users\b2b Productions\Documents\FCP Translation Results 2013-05-26 23-03.txt

2013-05-24 08:21 - 2013-05-24 08:21 - 66248637 ____A C:\Users\b2b Productions\Downloads\promo_chrisswendy_sd.wmv

2013-05-22 10:54 - 2013-01-31 06:33 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-05-21 16:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-05-21 10:54 - 2013-01-15 03:19 - 00033556 ____A C:\Windows\PFRO.log

2013-05-21 10:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-05-21 07:25 - 2011-02-23 13:05 - 00000000 ____D C:\Users\b2b Productions\Documents\dvd artwork

2013-05-21 05:32 - 2011-02-08 12:24 - 00000000 ____D C:\ProgramData\Adobe

2013-05-21 01:39 - 2013-05-20 05:14 - 00000074 ____A C:\Windows\e??.ini

2013-05-21 01:36 - 2013-03-16 23:56 - 00000074 ____A C:\Windows\e.ini

2013-05-20 07:21 - 2013-05-20 07:20 - 79992211 ____A C:\Users\b2b Productions\Downloads\promo_caroline_sd.wmv

2013-05-20 05:17 - 2013-05-20 05:17 - 00000074 ____A C:\Windows\???.ini

2013-05-20 05:14 - 2013-05-20 05:14 - 00000074 ____A C:\Windows\§??.ini

2013-05-18 16:02 - 2012-09-09 06:19 - 00000000 ____D C:\Users\b2b Productions\AppData\Roaming\Skype

2013-05-18 14:05 - 2011-02-18 01:22 - 00000000 ____D C:\Users\b2b Productions\Documents\Shared

2013-05-18 03:25 - 2013-05-18 03:25 - 00000074 ____A C:\Windows\???.ini

2013-05-18 03:24 - 2013-05-18 03:24 - 00000074 ____A C:\Windows\e??.ini

2013-05-17 08:13 - 2013-05-17 08:13 - 00000074 ____A C:\Windows\D??.ini

2013-05-17 07:25 - 2013-05-17 07:25 - 00000074 ____A C:\Windows\???.ini

2013-05-17 07:24 - 2013-05-17 07:24 - 00000074 ____A C:\Windows\È??.ini

2013-05-16 11:02 - 2013-05-16 11:02 - 00001071 ____A C:\Users\Public\Desktop\EOS Utility.lnk

2013-05-16 11:02 - 2011-06-13 13:04 - 00000000 ____D C:\Program Files (x86)\Canon

2013-05-16 11:01 - 2013-05-16 11:01 - 00000000 ____D C:\ProgramData\Canon_Inc_IC

2013-05-16 02:48 - 2011-02-08 10:53 - 00000000 ____D C:\Windows\System32\Drivers\NAVx64

2013-05-16 02:48 - 2011-02-08 10:51 - 00000000 ____D C:\ProgramData\Norton

2013-05-16 02:47 - 2013-05-16 02:47 - 00002397 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk

2013-05-16 02:47 - 2013-05-16 02:47 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64

2013-05-16 02:47 - 2013-05-16 02:47 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe

2013-05-15 12:44 - 2011-02-08 10:53 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS

2013-05-15 12:44 - 2011-02-08 10:53 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT

2013-05-15 12:44 - 2011-02-08 10:53 - 00000000 ____D C:\Program Files\Symantec

2013-05-15 11:59 - 2011-02-08 10:51 - 00000000 ____D C:\Users\Public\Downloads\Norton

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-2789869841-2288115831-1932289116-1000\$b70534b1e5227d8b03ec7790383f2ccc

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$b70534b1e5227d8b03ec7790383f2ccc

Files to move or delete:

====================

C:\ProgramData\lsass.exe

C:\Users\b2b Productions\AppData\Roaming\AltShell.ini

C:\Users\Public\Dreamweaver8-en.exe

C:\Users\Public\DriverDPSEv1.30-32-64.exe

C:\ProgramData\0955336.bat

C:\ProgramData\0955336.pad

C:\ProgramData\0955336.reg

C:\ProgramData\4268165.bat

C:\ProgramData\4268165.pad

C:\ProgramData\4268165.reg

C:\ProgramData\jQBjASj.bat

C:\ProgramData\jQBjASj.pad

C:\ProgramData\jQBjASj.reg

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-03 02:17:15

Restore point made on: 2013-06-04 02:09:19

Restore point made on: 2013-06-05 04:44:11

Restore point made on: 2013-06-06 00:47:03

Restore point made on: 2013-06-06 17:00:08

Restore point made on: 2013-06-07 13:54:11

Restore point made on: 2013-06-07 17:00:05

Restore point made on: 2013-06-10 01:15:32

Restore point made on: 2013-06-11 00:24:26

Restore point made on: 2013-06-12 01:12:42

Restore point made on: 2013-06-13 11:53:42

Restore point made on: 2013-06-13 17:00:12

==================== Memory info ===========================

Percentage of memory in use: 8%

Total physical RAM: 12286.4 MB

Available physical RAM: 11223.41 MB

Total Pagefile: 12284.55 MB

Available Pagefile: 11227.85 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:65.64 GB) NTFS (Disk=2 Partition=2)

Drive d: (Ext Back up) (Fixed) (Total:465.76 GB) (Free:31.52 GB) NTFS (Disk=1 Partition=1)

Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=2 Partition=1) ==>[system with boot components (obtained from reading drive)]

Drive g: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF

Drive i: (NBRT) (Removable) (Total:29.79 GB) (Free:29.79 GB) FAT32 (Disk=3 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (Raid) (Fixed) (Total:3725.9 GB) (Free:1195.32 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 3726 GB) (Disk ID: 6A66A3EA)

Partition: GPT Partition Type

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9C0BBAF1)

Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: B59E0AF0)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

========================================================

Disk: 3 (MBR Code: Windows 7 or 8) (Size: 30 GB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=30 GB) - (Type=0C)

LastRegBack: 2013-06-13 14:00

==================== End Of Log ============================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.