Windows 7: Ukash virus simply won't go away - help pleeeaase

darrenj1471 · 28 Aug 2012

Hello
Firstly , I am new here so if I'm in wrong area or miss some etiquette I whole heartedly apologise up front but I'm panicking and need help.

I have a windows 7 64 bit Samsung laptop which has contracted The ukash virus and I'm having to type this from my phone. I have watched many vids and seen forum posts and while I consider myself ok at following instruction I'm stuck. Fyi it's the metropolitan police version which cleverly also takes a pic of you which I have got. I will describe symptoms and what I've tried and REALLY hope you can help:

Normal mode goes direct to virus screen and gives me no time to do anything at all not even a few seconds. Safe mode and safe mode with networking go direct to a white screen and I can't do anything but safe mode with command prompt seems to be my only life line.

I used command explore to open win explorer and did a search on my computer for *.exe and found one with random numbers installed today (time of virus) I deleted this and emptied recycle bin but alas no change. I have tried following some YouTube videos to edit registry but all seem to show removal of run entries for current user under windows and nt but I can't find any strange entries???

Finally I have used command msconfig and on the startup tab disabled everything and chosen selective start up and restarted ....still no joy

Please please help me , thanks in advance

Golden · 28 Aug 2012

Hi and welcome,

You will need to scan from outside the Windows environment to start tackling this. On a known clean computer, burn Windows Defender Offline to a DVD, and then boot your infected computer from this DVD to scan it. This tutorial will guide you through that process:

Windows Defender Offline

Post back if you need more help.

Regards,
Golden

shawn77 · 28 Aug 2012

If windows defender doesnt work

Download Farbar Recovery Scan Tool

Farbar Recovery Scan Tool Download

and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:[list]

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter
The notepad opens. Under File menu select Open
Select "Computer" and find your flash drive letter and close the notepad
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive
The tool will start to run
When the tool opens click Yes to disclaimer
Press Scan button
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

darrenj1471 · 28 Aug 2012

Ok thanks thus far, however I don't currently have access to another computer

will have to call some friends if these are my only avenues

darrenj1471 · 28 Aug 2012

Stupid question , can I use an external hard drive instead of usb pen drive ? Ie I have a terabyte drive but no little flash drives

darrenj1471 · 28 Aug 2012

Ignore my last message, I realised of course I can use harddrive. I used Farbar and have run the scan and result is below

Code:

Scan result of Farbar Recovery Scan Tool Version: 28-08-2012
Ran by SYSTEM at 28-08-2012 18:27:54
Running from H:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKU\darren\...\Winlogon: [Shell] explorer.exe,C:\Users\darren\AppData\Roaming\msconfig.dat [84480 2011-11-16] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\windows\system32\nvinitx.dll
Lsa: [Authentication Packages] msv1_0
relog_ap
==================== Services (Whitelisted) ======
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-29] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-07] ()
2 SgtSch2Svc; "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe" [606048 2009-10-16] (Seagate)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [427880 2009-03-29] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-02-03] (Intel Corporation)
==================== Drivers (Whitelisted) ===================
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [235040 2012-01-29] (Acronis)
0 tdrpman; C:\Windows\System32\Drivers\tdrpman.sys [593952 2012-01-29] (Acronis)
2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [81952 2012-01-29] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [711712 2012-01-29] (Acronis)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================
2012-08-28 06:19 - 2012-08-28 06:20 - 00007799 ____A C:\Windows\WindowsUpdate.log
2012-08-28 05:20 - 2012-08-28 07:22 - 00000392 ____A C:\Windows\setupact.log
2012-08-28 05:20 - 2012-08-28 05:20 - 00000000 ____A C:\Windows\setuperr.log
2012-08-28 04:58 - 2012-08-28 05:18 - 00005136 ____A C:\Windows\System32\avgrep.txt
2012-08-28 03:57 - 2012-08-28 04:47 - 00000000 ____D C:\Windows\pss
2012-08-28 03:43 - 2012-08-28 07:32 - 00000045 ____A C:\Users\darren\AppData\Roaming\msconfig.ini
2012-08-28 03:41 - 2012-08-28 03:41 - 00224557 ____A C:\Users\darren\Desktop\ILP-FDE Weekly Reports we 24th Aug 12.pptx
2012-08-28 03:41 - 2012-08-28 03:41 - 00000165 ___AH C:\Users\darren\Desktop\~$ILP-FDE Weekly Reports we 24th Aug 12.pptx
2012-08-28 00:24 - 2012-08-28 00:24 - 00000000 ____D C:\Users\darren\AppData\Local\{288F60F6-1181-456C-B2F5-05153BBCBB3C}
2012-08-27 18:08 - 2012-08-27 18:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-08-27 18:08 - 2012-08-27 18:08 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-27 18:08 - 2012-08-27 18:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-27 18:08 - 2012-08-27 18:08 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-08-27 18:08 - 2012-08-27 18:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-08-27 18:07 - 2012-08-27 18:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-27 18:07 - 2012-08-27 18:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-27 18:07 - 2012-08-27 18:07 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-27 18:07 - 2012-08-27 18:07 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-27 18:07 - 2012-08-27 18:07 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-08-27 18:07 - 2012-08-27 18:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-27 12:17 - 2012-08-27 12:17 - 00000000 ____D C:\Users\darren\AppData\Local\{06909F12-84B6-4E03-8073-D99BA89729E0}
2012-08-26 14:50 - 2012-08-25 03:33 - 1653435119 ____A C:\Users\darren\Desktop\Game.of.Thrones.S02E10.720p.HDTV.x264-IMMERSE.mkv
2012-08-25 04:33 - 2012-08-25 04:33 - 00000000 ____D C:\Users\darren\AppData\Local\{EED81363-A654-4B2A-B312-85C95F190BE7}
2012-08-23 04:23 - 2012-08-23 04:23 - 00323657 ____A C:\Users\darren\Desktop\SMSVarMachinDetail.xlsx
2012-08-23 02:55 - 2012-08-23 02:55 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-23 02:54 - 2012-08-23 02:54 - 03907920 ____A (Piriform Ltd) C:\Users\darren\Downloads\ccsetup321.exe
2012-08-18 06:08 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-16 14:29 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-16 14:29 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-16 14:29 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-16 14:29 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-16 14:29 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-16 14:29 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-16 14:29 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-16 14:28 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-16 14:28 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-16 14:28 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-16 14:28 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-16 14:28 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-16 14:28 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-14 08:55 - 2012-08-14 08:55 - 00001848 ____A C:\Users\Public\Desktop\Vuze.lnk
2012-08-14 08:54 - 2012-08-14 08:54 - 00000009 ____A C:\END
2012-08-14 08:54 - 2012-08-14 08:54 - 00000000 ____D C:\Users\darren\AppData\Local\CRE
2012-08-14 05:01 - 2012-08-14 07:50 - 00000000 ____D C:\Users\darren\Desktop\Sziget2012
2012-08-13 14:47 - 2012-08-13 14:47 - 00000000 ____D C:\Users\darren\AppData\Local\{BBB11281-D78D-4FC8-9DBB-C6DA167661EB}
2012-08-13 14:47 - 2012-08-13 14:47 - 00000000 ____D C:\Users\darren\AppData\Local\{0A064342-A3F3-467D-B8DB-336A972592B8}
2012-08-04 07:59 - 2012-08-04 07:59 - 00000000 ____D C:\Users\darren\AppData\Local\{54DBF924-627B-40C8-AEF8-C959E65C0013}
2012-08-04 07:58 - 2012-08-04 07:59 - 00000000 ____D C:\Users\darren\AppData\Local\{E9481FDA-2661-4E37-BE43-7E7CF59DFBE7}
2012-08-02 12:32 - 2012-08-02 12:32 - 00000000 ____D C:\Users\darren\Documents\samsung
2012-08-02 12:32 - 2012-08-02 12:32 - 00000000 ____D C:\Users\darren\AppData\Local\Samsung
2012-08-02 12:31 - 2012-08-02 12:31 - 00001953 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2012-08-02 12:03 - 2012-06-03 23:59 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-08-02 12:03 - 2012-06-03 23:59 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-08-02 12:01 - 2012-08-02 12:01 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-08-02 12:01 - 2012-06-26 07:03 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-08-02 12:01 - 2012-06-26 07:02 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-08-02 11:50 - 2012-08-02 11:50 - 00000000 ____D C:\Users\darren\AppData\Local\Downloaded Installations
2012-08-01 15:15 - 2012-08-01 15:15 - 00000000 ____D C:\Users\darren\AppData\Local\{7C0F2526-CFAB-4C98-93B2-343235893A8A}
2012-08-01 15:14 - 2012-08-01 15:15 - 00000000 ____D C:\Users\darren\AppData\Local\{3C3A368A-2A2B-4D50-A6CC-2F14E34C3EC9}

==================== 3 Months Modified Files ================================
2012-08-28 07:32 - 2012-08-28 03:43 - 00000045 ____A C:\Users\darren\AppData\Roaming\msconfig.ini
2012-08-28 07:30 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-28 07:30 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-28 07:26 - 2012-08-28 06:19 - 00007799 ____A C:\Windows\WindowsUpdate.log
2012-08-28 07:22 - 2012-08-28 05:20 - 00000392 ____A C:\Windows\setupact.log
2012-08-28 07:22 - 2012-03-17 04:19 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3471356370-426161678-982001811-1001UA.job
2012-08-28 07:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-28 05:20 - 2012-08-28 05:20 - 00000000 ____A C:\Windows\setuperr.log
2012-08-28 05:18 - 2012-08-28 04:58 - 00005136 ____A C:\Windows\System32\avgrep.txt
2012-08-28 03:41 - 2012-08-28 03:41 - 00224557 ____A C:\Users\darren\Desktop\ILP-FDE Weekly Reports we 24th Aug 12.pptx
2012-08-28 03:41 - 2012-08-28 03:41 - 00000165 ___AH C:\Users\darren\Desktop\~$ILP-FDE Weekly Reports we 24th Aug 12.pptx
2012-08-28 02:53 - 2012-04-11 12:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-27 20:36 - 2012-03-17 04:19 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3471356370-426161678-982001811-1001Core.job
2012-08-27 18:08 - 2012-08-27 18:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-08-27 18:08 - 2012-08-27 18:08 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-27 18:08 - 2012-08-27 18:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-27 18:08 - 2012-08-27 18:08 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-08-27 18:08 - 2012-08-27 18:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-08-27 18:07 - 2012-08-27 18:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-27 18:07 - 2012-08-27 18:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-27 18:07 - 2012-08-27 18:07 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-27 18:07 - 2012-08-27 18:07 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-27 18:07 - 2012-08-27 18:07 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-08-27 18:07 - 2012-08-27 18:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-25 03:33 - 2012-08-26 14:50 - 1653435119 ____A C:\Users\darren\Desktop\Game.of.Thrones.S02E10.720p.HDTV.x264-IMMERSE.mkv
2012-08-23 04:23 - 2012-08-23 04:23 - 00323657 ____A C:\Users\darren\Desktop\SMSVarMachinDetail.xlsx
2012-08-23 02:55 - 2012-08-23 02:55 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-23 02:54 - 2012-08-23 02:54 - 03907920 ____A (Piriform Ltd) C:\Users\darren\Downloads\ccsetup321.exe
2012-08-21 04:48 - 2012-04-11 12:39 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-21 04:48 - 2011-07-22 16:57 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-19 15:48 - 2009-07-13 20:45 - 00309424 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-18 06:06 - 2011-12-06 11:12 - 00000039 ____A C:\Windows\vbaddin.ini
2012-08-18 06:02 - 2011-07-17 12:26 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 08:55 - 2012-08-14 08:55 - 00001848 ____A C:\Users\Public\Desktop\Vuze.lnk
2012-08-14 08:54 - 2012-08-14 08:54 - 00000009 ____A C:\END
2012-08-02 12:31 - 2012-08-02 12:31 - 00001953 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2012-08-02 11:58 - 2011-08-18 00:26 - 00858750 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-02 11:58 - 2009-07-13 21:13 - 00858750 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 10:15 - 2012-08-16 14:28 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 10:30 - 2012-07-16 10:30 - 00001862 ____A C:\Users\darren\Desktop\mkvmerge GUI.lnk
2012-07-06 12:07 - 2012-08-18 06:08 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 14:16 - 2012-08-16 14:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-16 14:29 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-16 14:29 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-16 14:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-16 14:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-26 07:03 - 2012-08-02 12:01 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-06-26 07:02 - 2012-08-02 12:01 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00974848 ____A C:\Windows\SysWOW64\cis-2.4.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00569344 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzdecode.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00352256 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00258048 ____A ((c) PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00245760 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00200704 ____A ( (c) MusicCity) C:\Windows\SysWOW64\muzwmts.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2012-06-26 07:02 - 2012-06-26 07:02 - 00155648 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00143360 ____A C:\Windows\SysWOW64\3DAudio.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00131072 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00122880 ____A ((c) MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00118784 ____A ((?)????) C:\Windows\SysWOW64\MaDRM.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00110592 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
2012-06-26 07:02 - 2012-06-26 07:02 - 00081920 ____A C:\Windows\SysWOW64\issacapi_bs-2.3.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00065536 ____A C:\Windows\SysWOW64\issacapi_pe-2.3.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00057344 ____A C:\Windows\SysWOW64\issacapi_se-2.3.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00057344 ____A (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00057344 ____A (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00049152 ____A ((?) ????) C:\Windows\SysWOW64\MaJGUILib.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MaXMLProto.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MACXMLProto.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00040960 ____A (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe
2012-06-23 01:45 - 2012-06-23 01:44 - 03862112 ____A (Piriform Ltd) C:\Users\darren\Downloads\ccsetup319.exe
2012-06-08 21:43 - 2012-07-10 15:56 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 15:56 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 15:56 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 15:56 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 15:56 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 15:56 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 15:56 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 15:56 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-03 23:59 - 2012-08-02 12:03 - 00203320 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-06-03 23:59 - 2012-08-02 12:03 - 00099384 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
2012-06-02 14:19 - 2012-06-21 15:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 15:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 15:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 15:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 15:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 15:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 15:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 15:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 15:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-10 15:56 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 15:56 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 15:56 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 15:56 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 15:56 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 15:56 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 15:56 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 15:56 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 15:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points  =========================
Restore point made on: 2012-08-18 06:02:19
Restore point made on: 2012-08-23 03:02:30
Restore point made on: 2012-08-27 18:00:44
==================== Memory info =========================== 
Percentage of memory in use: 16%
Total physical RAM: 3882.09 MB
Available physical RAM: 3247.74 MB
Total Pagefile: 3880.23 MB
Available Pagefile: 3242.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions ============================
1 Drive c: () (Fixed) (Total:111 GB) (Free:31.6 GB) NTFS
2 Drive d: () (Fixed) (Total:165.82 GB) (Free:30.15 GB) NTFS
3 Drive f: (SAMSUNG_REC) (Fixed) (Total:21.17 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (FAT32 HDD) (Fixed) (Total:931.28 GB) (Free:723.96 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB  1024 KB         
  Disk 1    Online          931 GB      0 B         
Partitions of Disk 0:
===============
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary            111 GB   101 MB
  Partition 0    Extended           165 GB   111 GB
  Partition 4    Logical            165 GB   111 GB
  Partition 3    Recovery            21 GB   276 GB
==================================================================================
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    100 MB  Healthy            
==================================================================================
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    111 GB  Healthy            
==================================================================================
Disk: 0
Partition 4
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D                NTFS   Partition    165 GB  Healthy            
==================================================================================
Disk: 0
Partition 3
Type  : 27
Hidden: Yes
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   SAMSUNG_REC  NTFS   Partition     21 GB  Healthy    Hidden  
==================================================================================
Partitions of Disk 1:
===============
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            931 GB    31 KB
==================================================================================
Disk: 1
Partition 1
Type  : 0C
Hidden: No
Active: Yes
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H   FAT32 HDD    FAT32  Partition    931 GB  Healthy            
==================================================================================
Last Boot: 2012-08-27 04:54
==================== End Of Log =============================

darrenj1471 · 28 Aug 2012

No help ?

shawn77 · 28 Aug 2012

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Code:

start
HKU\darren\...\Winlogon: [Shell] explorer.exe,C:\Users\darren\AppData\Roaming\msconfig.dat 
2012-08-28 03:43 - 2012-08-28 07:32 - 00000045 ____A C:\Users\darren\AppData\Roaming\msconfig.ini
end

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

darrenj1471 · 28 Aug 2012

Ok created fixlist file and saved it to flash drive , opened frst64 and clicked fix , a log has been created and is on flash drive....but I can't paste it here because after restarting I get the same police warning screen

I'm posting this from my phone as housemate has taken his laptop to bed so I can't post to internet from external harddrive
Guess the log may help you (I hope) and no joy so far , thanks though thus far

darrenj1471 · 28 Aug 2012

I'm able to obviously view the fixlog in safe mode though and I can type what it says as very brief.it says :

2011-11-16]() not found.

====End of Fixlog====

Hmm perhaps pasting the text contained an additional carriage return ? Safe to try again if I remove any carriage returns from your code ? Ie I guess 2011 just follows straight on from the other number ?

Windows 7: Ukash virus simply won't go away - help pleeeaase

Ukash virus simply won't go away - help pleeeaase problems?