UKASH VIRUS - PLEASE HELP! :) FRST Code posted ready for fixlist.txt

[chrisds84]

Hi

Hope this is posted in the correct place.

This evening, my computer screen went white and I get a screen by the Ukash virus saying that the Swiss police needs me to pay a fine to regain access to my computer. It won't let me start up in safe mode or access the desktop at all, so everytime I turn the computer on, I just have the virus page and can't do anything!!

I did some research on another thread about the virus and I followed the described procedures (my computer has Windows 7 and is 64 bit):

- I have downloaded the Farber Recovery Scan Tool and saved it to a flash drive, and plugged the flash drive into my infected PC.

- I restarted the computer, pressing F8 to reach the Advanced Boot Options. I chose Repair Your Computer. I could then chose from two users to repair: dasilvz (only user),

- In the System Recovery Options menu, I chose Command Prompt. I knew that my flash drive letter was G, so I typed g:\frst64 and pressed Enter. I clicked yes to the disclaimer and clicked the Scan button.

- This is the FRST.txt log that it saved to my flash drive:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 26 days old)

Ran by SYSTEM at 08-04-2013 01:11:25

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-26] (IDT, Inc.)

HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)

HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)

HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-19] ()

HKLM-x32\...\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKU\da Silvz\...\Run: [TpScrex] C:\ProgramData\TpScrex\TpScrex.exe /somering [11776 2012-09-07] ()

HKU\da Silvz\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1602984 2013-02-25] (Valve Corporation)

HKU\da Silvz\...\CurrentVersion\Windows: [Load] C:\Users\DASILV~1\LOCALS~1\Temp\msaouk.exe

HKU\da Silvz\...\Winlogon: [shell] explorer.exe,C:\Users\da Silvz\AppData\Roaming\skype.dat [94208 2011-11-17] ()

HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)

HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-05-21] ()

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

Startup: C:\Users\da Silvz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\da Silvz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

ShortcutTarget: runctf.lnk -> C:\Users\DASILV~1\296255274.exe (No File)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)

3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.)

4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241016 2012-12-26] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-12-26] (McAfee, Inc.)

2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [182312 2012-12-26] (McAfee, Inc.)

2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)

2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)

2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1021888 2012-10-10] (Enigma Software Group USA, LLC.)

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-26] (IDT, Inc.)

2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-19] ()

3 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [109064 2013-01-09] (Wajam)

==================== Drivers (Whitelisted) =====================

1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-19] (AVG Technologies)

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-12-26] (McAfee, Inc.)

3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()

3 EsgScanner; C:\Windows\System32\Drivers\EsgScanner.sys [22704 2012-06-22] ()

3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-12-26] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-12-26] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-12-26] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-12-26] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-12-26] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-12-26] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-04-08 00:42 - 2013-04-08 00:42 - 00000000 ____D C:\FRST

2013-04-07 17:59 - 2013-04-07 18:03 - 00000004 ____A C:\Users\da Silvz\Application Data\skype.ini

2013-04-07 17:59 - 2013-04-07 18:03 - 00000004 ____A C:\Users\da Silvz\AppData\Roaming\skype.ini

2013-04-07 03:23 - 2013-04-07 03:23 - 00000165 ___AH C:\Users\da Silvz\My Documents\~$James Stag List.xlsx

2013-04-07 03:23 - 2013-04-07 03:23 - 00000165 ___AH C:\Users\da Silvz\Documents\~$James Stag List.xlsx

2013-04-03 09:07 - 2013-04-07 18:02 - 00000486 ____A C:\Windows\Tasks\SDMsgUpdate (Local).job

2013-04-03 09:07 - 2013-04-03 09:07 - 00000984 ____A C:\Users\Public\Desktop\SmartDraw 2014.lnk

2013-04-03 09:07 - 2013-04-03 09:07 - 00000984 ____A C:\ProgramData\Desktop\SmartDraw 2014.lnk

2013-04-03 09:06 - 2013-04-03 09:07 - 00000000 ____D C:\Program Files (x86)\SmartDraw 2014

2013-04-03 09:05 - 2013-04-03 09:06 - 00523832 ____A C:\Users\da Silvz\Downloads\smartdraw_YM_VG2L1_A_setup.exe

2013-03-24 15:16 - 2013-02-12 09:02 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys

2013-03-22 11:40 - 2013-03-22 11:41 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2013-03-22 11:40 - 2013-03-22 11:41 - 00002016 ____A C:\ProgramData\Desktop\Adobe Reader 9.lnk

2013-03-22 11:40 - 2013-03-22 11:40 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-03-22 08:08 - 2013-03-22 08:16 - 00000000 ____D C:\Users\da Silvz\Desktop\Example Gardens

2013-03-18 22:04 - 2013-02-02 02:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-03-18 22:04 - 2013-02-02 01:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-03-18 22:04 - 2013-02-02 01:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-03-18 22:04 - 2013-02-02 01:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-03-18 22:04 - 2013-02-02 01:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-03-18 22:04 - 2013-02-02 01:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-03-18 22:04 - 2013-02-02 01:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-03-18 22:04 - 2013-02-02 01:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-03-18 22:04 - 2013-02-02 01:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-03-18 22:04 - 2013-02-02 01:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-03-18 22:04 - 2013-02-02 01:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-03-18 22:04 - 2013-02-02 01:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-03-18 22:04 - 2013-02-02 01:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-03-18 22:04 - 2013-02-02 01:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-03-18 22:04 - 2013-02-02 01:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-03-18 22:04 - 2013-02-02 01:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-03-18 22:04 - 2013-02-01 23:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-03-18 22:04 - 2013-02-01 22:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-03-18 22:04 - 2013-02-01 22:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-03-18 22:04 - 2013-02-01 22:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-03-18 22:04 - 2013-02-01 22:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-03-18 22:04 - 2013-02-01 22:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-03-18 22:04 - 2013-02-01 22:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-03-18 22:04 - 2013-02-01 22:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-03-18 22:04 - 2013-02-01 22:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-03-18 22:04 - 2013-02-01 22:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-03-18 22:04 - 2013-02-01 22:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-03-18 22:04 - 2013-02-01 22:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-03-18 22:04 - 2013-02-01 22:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-03-18 22:04 - 2013-02-01 22:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-03-18 22:04 - 2013-02-01 22:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-03-18 22:04 - 2013-02-01 22:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-03-18 22:02 - 2013-03-18 22:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-03-18 22:02 - 2013-03-18 22:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-03-17 19:26 - 2013-03-17 19:26 - 00015598 ____A C:\Users\da Silvz\Desktop\hs_err_pid6396.log

==================== One Month Modified Files and Folders =======

2013-04-08 00:42 - 2013-04-08 00:42 - 00000000 ____D C:\FRST

2013-04-07 18:03 - 2013-04-07 17:59 - 00000004 ____A C:\Users\da Silvz\Application Data\skype.ini

2013-04-07 18:03 - 2013-04-07 17:59 - 00000004 ____A C:\Users\da Silvz\AppData\Roaming\skype.ini

2013-04-07 18:02 - 2013-04-03 09:07 - 00000486 ____A C:\Windows\Tasks\SDMsgUpdate (Local).job

2013-04-07 18:02 - 2012-09-03 07:50 - 00000478 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job

2013-04-07 18:02 - 2012-09-03 07:42 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-04-07 18:02 - 2012-08-03 06:13 - 00000000 ____D C:\Users\da Silvz\Local Settings\SoftThinks

2013-04-07 18:02 - 2012-08-03 06:13 - 00000000 ____D C:\Users\da Silvz\Local Settings\Application Data\SoftThinks

2013-04-07 18:02 - 2012-08-03 06:13 - 00000000 ____D C:\Users\da Silvz\AppData\Local\SoftThinks

2013-04-07 18:01 - 2012-12-12 05:29 - 00003288 ____A C:\Windows\setupact.log

2013-04-07 18:01 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-04-07 17:58 - 2012-09-03 07:42 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-04-07 17:45 - 2009-07-14 00:10 - 01357988 ____A C:\Windows\WindowsUpdate.log

2013-04-07 17:12 - 2012-09-29 01:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-04-07 15:03 - 2012-08-23 08:12 - 00000000 ____D C:\Users\da Silvz\Application Data\Skype

2013-04-07 15:03 - 2012-08-23 08:12 - 00000000 ____D C:\Users\da Silvz\AppData\Roaming\Skype

2013-04-07 14:55 - 2012-08-26 11:14 - 00014738 ____A C:\Users\da Silvz\My Documents\James Stag List.xlsx

2013-04-07 14:55 - 2012-08-26 11:14 - 00014738 ____A C:\Users\da Silvz\Documents\James Stag List.xlsx

2013-04-07 14:04 - 2010-09-29 22:05 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-04-07 14:04 - 2010-09-29 22:04 - 00000000 ____D C:\ProgramData\Skype

2013-04-07 14:04 - 2010-09-29 22:04 - 00000000 ____D C:\ProgramData\Application Data\Skype

2013-04-07 03:23 - 2013-04-07 03:23 - 00000165 ___AH C:\Users\da Silvz\My Documents\~$James Stag List.xlsx

2013-04-07 03:23 - 2013-04-07 03:23 - 00000165 ___AH C:\Users\da Silvz\Documents\~$James Stag List.xlsx

2013-04-06 18:13 - 2012-09-03 09:07 - 00000000 ____D C:\Users\da Silvz\Application Data\BitComet

2013-04-06 18:13 - 2012-09-03 09:07 - 00000000 ____D C:\Users\da Silvz\AppData\Roaming\BitComet

2013-04-06 16:31 - 2012-08-23 11:21 - 00000000 ____D C:\Users\da Silvz\Application Data\vlc

2013-04-06 16:31 - 2012-08-23 11:21 - 00000000 ____D C:\Users\da Silvz\AppData\Roaming\vlc

2013-04-03 09:07 - 2013-04-03 09:07 - 00000984 ____A C:\Users\Public\Desktop\SmartDraw 2014.lnk

2013-04-03 09:07 - 2013-04-03 09:07 - 00000984 ____A C:\ProgramData\Desktop\SmartDraw 2014.lnk

2013-04-03 09:07 - 2013-04-03 09:06 - 00000000 ____D C:\Program Files (x86)\SmartDraw 2014

2013-04-03 09:07 - 2012-09-03 07:50 - 00000000 ____D C:\Users\da Silvz\Application Data\SmartDraw

2013-04-03 09:07 - 2012-09-03 07:50 - 00000000 ____D C:\Users\da Silvz\AppData\Roaming\SmartDraw

2013-04-03 09:06 - 2013-04-03 09:05 - 00523832 ____A C:\Users\da Silvz\Downloads\smartdraw_YM_VG2L1_A_setup.exe

2013-04-01 04:37 - 2009-07-14 00:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI

2013-03-28 09:39 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-03-28 09:39 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-03-27 08:05 - 2012-08-03 06:40 - 00000000 ____D C:\Users\da Silvz\Application Data\SoftGrid Client

2013-03-27 08:05 - 2012-08-03 06:40 - 00000000 ____D C:\Users\da Silvz\AppData\Roaming\SoftGrid Client

2013-03-25 12:11 - 2012-10-24 10:29 - 00000000 ____D C:\Program Files (x86)\Steam

2013-03-25 12:06 - 2010-09-29 23:39 - 00023934 ____A C:\Windows\PFRO.log

2013-03-22 11:41 - 2013-03-22 11:40 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2013-03-22 11:41 - 2013-03-22 11:40 - 00002016 ____A C:\ProgramData\Desktop\Adobe Reader 9.lnk

2013-03-22 11:40 - 2013-03-22 11:40 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-03-22 11:40 - 2010-09-29 21:51 - 00000000 ____D C:\ProgramData\Application Data\Adobe

2013-03-22 11:40 - 2010-09-29 21:51 - 00000000 ____D C:\ProgramData\Adobe

2013-03-22 11:39 - 2012-08-03 08:14 - 00000000 ____D C:\Users\da Silvz\Local Settings\Application Data\Adobe

2013-03-22 11:39 - 2012-08-03 08:14 - 00000000 ____D C:\Users\da Silvz\Local Settings\Adobe

2013-03-22 11:39 - 2012-08-03 08:14 - 00000000 ____D C:\Users\da Silvz\AppData\Local\Adobe

2013-03-22 08:16 - 2013-03-22 08:08 - 00000000 ____D C:\Users\da Silvz\Desktop\Example Gardens

2013-03-22 05:32 - 2012-09-03 06:51 - 00000000 ____D C:\Program Files (x86)\Google

2013-03-18 22:02 - 2013-03-18 22:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-03-18 22:02 - 2013-03-18 22:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-03-17 19:26 - 2013-03-17 19:26 - 00015598 ____A C:\Users\da Silvz\Desktop\hs_err_pid6396.log

2013-03-14 04:12 - 2012-08-04 14:12 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-03-14 04:12 - 2012-08-04 14:12 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-03-13 04:20 - 2013-02-13 03:18 - 00000000 ____D C:\Users\da Silvz\My Documents\Lyndhurst

2013-03-13 04:20 - 2013-02-13 03:18 - 00000000 ____D C:\Users\da Silvz\Documents\Lyndhurst

2013-03-12 14:43 - 2012-08-03 06:10 - 00058520 ____A C:\Users\da Silvz\Local Settings\GDIPFONTCACHEV1.DAT

2013-03-12 14:43 - 2012-08-03 06:10 - 00058520 ____A C:\Users\da Silvz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-03-12 14:43 - 2012-08-03 06:10 - 00058520 ____A C:\Users\da Silvz\AppData\Local\GDIPFONTCACHEV1.DAT

2013-03-10 05:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-30 04:56:11

Restore point made on: 2013-02-13 22:03:23

Restore point made on: 2013-03-18 22:01:20

Restore point made on: 2013-03-25 12:02:14

==================== Memory info ===========================

Percentage of memory in use: 17%

Total physical RAM: 3032.36 MB

Available physical RAM: 2493.13 MB

Total Pagefile: 3030.51 MB

Available Pagefile: 2491.85 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:286.61 GB) (Free:195.31 GB) NTFS

2 Drive d: (RECOVERY) (Fixed) (Total:11.44 GB) (Free:4.58 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive g: (USB DISK) (Fixed) (Total:0.47 GB) (Free:0.13 GB) FAT

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 Online 478 MB 0 B

Partitions of Disk 0:

===============

Disk ID: FC925462

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 11 GB 40 MB

Partition 3 Primary 286 GB 11 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D RECOVERY NTFS Partition 11 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 286 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Disk ID: C3072E18

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 477 MB 48 KB

==================================================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G USB DISK FAT Partition 477 MB Healthy

=========================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: FC925462

Partition 1:

=========

Hex: 00010100DEFE3F043F00000086390100

Active: NO

Type: DE

Size: 39 MB

Partition 2:

=========

Hex: 8019150507FEFFFF0040010000306E01

Active: YES

Type: 07 (NTFS)

Size: 11 GB

Partition 3:

=========

Hex: 00FEFFFF07FEFFFF00706F010070D323

Active: NO

Type: 07 (NTFS)

Size: 287 GB

==============================

Partitions of Disk 2:

===============

Disk ID: C3072E18

Partition 1:

=========

Hex: 800101000610E07D60000000A0EF0E00

Active: YES

Type: 06

Size: 478 MB

Last Boot: 2012-12-09 15:30

==================== End Of Log =============================

I believe i need a fixlist.txt in order to fix, and be able to get my computer working again.

Please can somebody help urgently.

Many thanks in advance

Chris.

[MrCharlie]

Looking at it now....MrC

[MrCharlie]

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

[chrisds84]

Hi MrCharlie,

Apologies for the late reply i had to head off to bed. Computer has started normally this morning, thankyou so much for your help!!!... LEGEND!

How smooth was that!? All about the prep and researching before you ask yourselves i say, makes your life a lot easier anyway!

Thanks again...

Chris

[MrCharlie]

That's Good, we should follow up with some additional scans though.

------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!