Jump to content

cjaschek

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Everything posted by cjaschek

  1. cjaschek
    It's booting again! Thanks for your help!
  2. cjaschek
    Hi!!! I'm currently going crazy trying to fix my ransomwear issue and I have been reading all over and seeing different options and where I've ended up (for now) is in need of a fix log for FRST. Are any available for assistance? Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02 Ran by SYSTEM on 01-06-2013 15:50:51 Running from L:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-10] (Realtek Semiconductor) HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$7edea32feb1d704812007962a50e9b87\n. ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2011-12-16] (Renesas Electronics Corporation) HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKU\Corey\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3111744 2012-04-26] (DT Soft Ltd) HKU\Corey\...\Run: [steam] "I:\steam\steam.exe" -silent [x] HKU\Corey\...\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart [490880 2012-09-24] (IObit) HKU\Corey\...\Run: [bugSplat] RUNDLL32.EXE C:\Users\Corey\AppData\Local\BugSplat\ubwwqsxz.dll,DllCanUnloadNow [845824 2013-05-30] (Adobe Systems Incorporated) HKU\Corey\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Guest\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3111744 2012-04-26] (DT Soft Ltd) HKU\Guest\...\Run: [steam] "I:\steam\steam.exe" -silent [x] HKU\Guest\...\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart [490880 2012-09-24] (IObit) HKU\Guest\...\Run: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" [x] HKU\Guest\...\Run: [soundDrivers] "C:\ProgramData\f34rfcdsfwe.exe" [x] HKU\Guest\...\Run: [Google] rundll32 "C:\Users\Corey\AppData\Local\SWTOR\Google\rytxa.dll",SMStrequal [x] HKU\Guest\...\Run: [bugSplat] RUNDLL32.EXE C:\Users\Corey\AppData\Local\BugSplat\ubwwqsxz.dll,nfcsaxjnwaqjlzirbscihfd [845824 2013-05-30] (Adobe Systems Incorporated) HKU\Guest\...\Winlogon: [shell] explorer.exe Startup: C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File ==================== Services (Whitelisted) ================= S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [1026432 2012-10-12] (IObit) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-10] () S2 DefaultTabUpdate; C:\Users\Corey\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-04-30] () S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-03-28] (Wajam) S3 HitmanPro37Crusader; "C:\Program Files\HitmanPro\HitmanPro.exe" /crusader [x] S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x] ==================== Drivers (Whitelisted) ==================== S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices) S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-18] (DT Soft Ltd) S3 gdrv; C:\Windows\gdrv.sys [25640 2012-10-18] (Windows ® Server 2003 DDK provider) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 PGR1394b; C:\Windows\System32\DRIVERS\PGR1394.sys [88064 2008-03-14] (Point Grey Research) S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [73040 2012-10-10] (Dataram, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S2 STEC3; C:\Windows\SysWow64\STEC3.sys [2368 2012-07-16] (AntiCracking) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-01 15:44 - 2013-06-01 15:44 - 00000000 ____D C:\FRST 2013-06-01 12:41 - 2013-06-01 12:41 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Mozilla 2013-06-01 12:41 - 2013-06-01 12:41 - 00000000 ____D C:\Users\Guest\AppData\Local\Mozilla 2013-06-01 12:30 - 2013-06-01 12:30 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes 2013-06-01 12:27 - 2013-06-01 12:27 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Guest\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-01 12:27 - 2013-06-01 12:27 - 00001119 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-01 12:27 - 2013-06-01 12:27 - 00000000 ____D C:\Users\Corey\AppData\Roaming\Malwarebytes 2013-06-01 12:27 - 2013-06-01 12:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-01 12:27 - 2013-06-01 12:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-01 12:27 - 2013-04-04 13:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-06-01 12:26 - 2013-06-01 12:26 - 00000000 ____D C:\Users\Guest\AppData\Local\Google 2013-06-01 12:24 - 2013-06-01 12:24 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia 2013-06-01 12:24 - 2013-06-01 12:24 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe 2013-05-31 22:18 - 2013-05-31 22:18 - 00000000 ____D C:\Users\Guest\AppData\Local\BugSplat 2013-05-31 21:59 - 2013-05-31 22:54 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit 2013-05-31 21:59 - 2013-05-31 22:54 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit 2013-05-31 21:56 - 2013-05-31 21:56 - 00275960 ____A C:\Windows\Minidump\053113-28329-01.dmp 2013-05-30 20:57 - 2013-05-30 20:57 - 00027806 ____A C:\Users\Corey\Desktop\hs_err_pid4540.log 2013-05-30 20:57 - 2013-05-30 20:57 - 00000008 _RASH C:\Users\Guest\ntuser.pol 2013-05-30 20:57 - 2013-05-30 20:57 - 00000000 ____D C:\Users\Guest\AppData\Roaming\IObit 2013-05-30 16:33 - 2013-05-30 16:34 - 00276016 ____A C:\Windows\Minidump\053013-28314-01.dmp 2013-05-29 20:30 - 2013-05-29 20:30 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2013-05-29 20:29 - 2012-06-19 00:54 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys 2013-05-29 20:29 - 2012-06-18 21:31 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT 2013-05-29 20:29 - 2012-06-13 21:43 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat 2013-05-29 20:29 - 2012-06-08 00:18 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll 2013-05-29 20:29 - 2012-06-05 18:44 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll 2013-05-29 20:29 - 2012-06-04 21:45 - 00237968 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtHDMIVX.sys 2013-05-29 20:29 - 2012-05-31 17:37 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll 2013-05-29 20:29 - 2012-05-31 02:08 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll 2013-05-29 20:29 - 2012-05-16 19:29 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64H.dll 2013-05-29 20:29 - 2012-05-16 19:29 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll 2013-05-29 20:29 - 2012-05-16 19:29 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64H.dll 2013-05-29 20:29 - 2012-05-16 19:29 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll 2013-05-29 20:29 - 2012-05-16 19:29 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64H.dll 2013-05-29 20:29 - 2012-05-16 19:29 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll 2013-05-29 20:29 - 2012-05-16 19:29 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64H.dll 2013-05-29 20:29 - 2012-05-16 19:29 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll 2013-05-29 20:29 - 2012-05-16 19:29 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64H.dll 2013-05-29 20:29 - 2012-05-16 19:29 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll 2013-05-29 20:29 - 2012-05-09 23:22 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll 2013-05-29 20:29 - 2012-04-03 02:42 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll 2013-05-29 20:29 - 2012-04-03 02:42 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll 2013-05-29 20:29 - 2012-02-21 03:45 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll 2013-05-29 20:29 - 2012-02-16 23:54 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll 2013-05-29 20:29 - 2012-02-13 08:05 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll 2013-05-29 20:29 - 2012-01-29 19:43 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll 2013-05-29 20:29 - 2012-01-09 18:20 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll 2013-05-29 20:29 - 2011-12-19 23:32 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll 2013-05-29 20:29 - 2011-12-19 13:43 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll 2013-05-29 20:29 - 2011-12-18 01:58 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll 2013-05-29 20:29 - 2011-12-13 00:58 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl 2013-05-29 20:29 - 2011-11-22 00:28 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll 2013-05-29 20:29 - 2011-09-01 22:21 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll 2013-05-29 20:29 - 2011-09-01 22:21 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll 2013-05-29 20:29 - 2011-09-01 22:21 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll 2013-05-29 20:29 - 2011-08-23 01:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll 2013-05-29 20:29 - 2011-03-16 20:17 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll 2013-05-29 20:29 - 2011-03-07 01:11 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll 2013-05-29 20:29 - 2010-11-07 15:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll 2013-05-29 20:29 - 2010-11-07 15:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll 2013-05-29 20:29 - 2010-11-07 15:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll 2013-05-29 20:29 - 2010-11-07 15:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll 2013-05-29 20:29 - 2010-11-07 15:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll 2013-05-29 20:29 - 2010-11-07 15:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll 2013-05-29 20:29 - 2010-11-03 02:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll 2013-05-29 20:29 - 2010-10-02 21:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll 2013-05-29 20:29 - 2010-09-26 17:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll 2013-05-29 20:29 - 2010-07-22 00:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll 2013-05-29 20:29 - 2009-11-23 17:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll 2013-05-29 20:29 - 2009-11-23 17:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll 2013-05-29 20:29 - 2009-11-23 17:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll 2013-05-29 20:29 - 2009-11-23 17:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll 2013-05-29 20:28 - 2012-04-09 22:40 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll 2013-05-29 20:28 - 2012-03-07 19:47 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll 2013-05-29 20:28 - 2012-03-07 19:47 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll 2013-05-29 20:28 - 2012-01-23 06:30 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll 2013-05-29 20:28 - 2012-01-23 06:30 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll 2013-05-29 20:28 - 2012-01-23 06:30 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll 2013-05-29 20:28 - 2011-05-30 17:42 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll 2013-05-28 20:41 - 2013-05-28 20:41 - 00000000 ____D C:\Users\Corey\Desktop\HD_Audio 2013-05-28 20:12 - 2013-05-28 20:41 - 124038686 ____A C:\Users\Corey\Desktop\mb_driver_audio_realtek_azalia-amd.exe 2013-05-24 20:07 - 2013-05-24 20:07 - 00000015 ____A C:\Users\Corey\Desktop\DCUO.txt 2013-05-23 16:38 - 2013-05-23 16:39 - 00275976 ____A C:\Windows\Minidump\052313-22198-01.dmp 2013-05-22 18:37 - 2013-05-22 18:37 - 00275976 ____A C:\Windows\Minidump\052213-23836-01.dmp 2013-05-20 16:04 - 2013-05-20 16:05 - 00275976 ____A C:\Windows\Minidump\052013-28984-01.dmp 2013-05-16 16:32 - 2013-05-16 16:32 - 00275976 ____A C:\Windows\Minidump\051613-24024-01.dmp 2013-05-15 18:01 - 2013-05-15 18:02 - 00275976 ____A C:\Windows\Minidump\051513-24866-01.dmp 2013-05-12 08:12 - 2013-05-12 08:12 - 00275976 ____A C:\Windows\Minidump\051213-23010-01.dmp 2013-05-11 08:04 - 2013-05-11 08:04 - 00275976 ____A C:\Windows\Minidump\051113-58500-01.dmp 2013-05-10 17:10 - 2013-05-10 17:10 - 00275976 ____A C:\Windows\Minidump\051013-29515-01.dmp 2013-05-09 15:12 - 2013-05-09 15:12 - 00275976 ____A C:\Windows\Minidump\050913-28953-01.dmp 2013-05-09 00:25 - 2013-05-09 00:25 - 00275976 ____A C:\Windows\Minidump\050913-27846-01.dmp 2013-05-07 09:23 - 2013-05-07 09:23 - 00280344 ____A C:\Windows\Minidump\050713-25053-01.dmp 2013-05-05 15:02 - 2013-05-05 15:02 - 00275976 ____A C:\Windows\Minidump\050513-29312-01.dmp 2013-05-04 19:08 - 2013-05-04 19:08 - 00000562 ____A C:\Windows\wmsetup.log 2013-05-04 19:08 - 2013-05-04 19:08 - 00000000 ____D C:\Users\Corey\Documents\DeadIsland 2013-05-03 10:58 - 2013-05-03 10:58 - 00001246 ____A C:\Users\Corey\Desktop\Neverwinter.lnk 2013-05-03 10:54 - 2013-05-03 10:54 - 00000000 ____D C:\Users\Public\Games 2013-05-02 22:10 - 2013-05-03 10:49 - 3375724358 ____A C:\Program Files\Neverwinter NW.1.20130416a.3.rar 2013-05-02 22:07 - 2013-05-02 22:07 - 00000000 ____D C:\Users\Corey\Downloads\Neverwinter NW.1.20130416a.6 2013-05-02 20:32 - 2013-05-02 20:33 - 01812872 ____A C:\Users\Corey\Downloads\Neverwinter_NW.1.20130416a.6.exe 2013-05-02 11:53 - 2013-05-02 11:53 - 00000405 ____A C:\Users\Corey\Documents\unempapr29.txt 2013-05-02 00:23 - 2013-05-02 00:23 - 00000202 ____A C:\Users\Corey\Desktop\Mars War Logs.url ==================== One Month Modified Files and Folders ======= 2013-06-01 15:44 - 2013-06-01 15:44 - 00000000 ____D C:\FRST 2013-06-01 14:39 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-01 14:39 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-01 14:35 - 2012-04-24 05:37 - 01061918 ____A C:\Windows\WindowsUpdate.log 2013-06-01 14:32 - 2012-04-28 14:35 - 00000344 ____A C:\Windows\Tasks\RegistryBooster.job 2013-06-01 14:32 - 2012-04-24 17:06 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-01 14:31 - 2013-02-04 09:59 - 00080054 ____A C:\Windows\setupact.log 2013-06-01 14:31 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-01 14:13 - 2012-04-24 17:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-01 13:40 - 2012-04-24 17:06 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-01 12:41 - 2013-06-01 12:41 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Mozilla 2013-06-01 12:41 - 2013-06-01 12:41 - 00000000 ____D C:\Users\Guest\AppData\Local\Mozilla 2013-06-01 12:35 - 2013-02-04 09:59 - 00116156 ____A C:\Windows\PFRO.log 2013-06-01 12:30 - 2013-06-01 12:30 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Malwarebytes 2013-06-01 12:27 - 2013-06-01 12:27 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Guest\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-01 12:27 - 2013-06-01 12:27 - 00001119 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-01 12:27 - 2013-06-01 12:27 - 00000000 ____D C:\Users\Corey\AppData\Roaming\Malwarebytes 2013-06-01 12:27 - 2013-06-01 12:27 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-01 12:27 - 2013-06-01 12:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-01 12:26 - 2013-06-01 12:26 - 00000000 ____D C:\Users\Guest\AppData\Local\Google 2013-06-01 12:26 - 2013-04-07 19:36 - 00002265 ____A C:\Users\Guest\Desktop\Google Chrome.lnk 2013-06-01 12:24 - 2013-06-01 12:24 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia 2013-06-01 12:24 - 2013-06-01 12:24 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe 2013-06-01 12:23 - 2009-07-13 21:13 - 00781124 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-31 22:54 - 2013-05-31 21:59 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit 2013-05-31 22:54 - 2013-05-31 21:59 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit 2013-05-31 22:32 - 2012-04-28 14:32 - 00000000 ____D C:\Users\Corey\AppData\Roaming\uTorrent 2013-05-31 22:20 - 2013-04-29 21:56 - 00000000 ____D C:\Users\Corey\AppData\Local\BugSplat 2013-05-31 22:18 - 2013-05-31 22:18 - 00000000 ____D C:\Users\Guest\AppData\Local\BugSplat 2013-05-31 21:56 - 2013-05-31 21:56 - 00275960 ____A C:\Windows\Minidump\053113-28329-01.dmp 2013-05-31 21:56 - 2013-03-29 18:34 - 327892987 ____A C:\Windows\MEMORY.DMP 2013-05-31 21:56 - 2012-04-26 09:24 - 00000000 ____D C:\Windows\Minidump 2013-05-30 20:57 - 2013-05-30 20:57 - 00027806 ____A C:\Users\Corey\Desktop\hs_err_pid4540.log 2013-05-30 20:57 - 2013-05-30 20:57 - 00000008 _RASH C:\Users\Guest\ntuser.pol 2013-05-30 20:57 - 2013-05-30 20:57 - 00000000 ____D C:\Users\Guest\AppData\Roaming\IObit 2013-05-30 20:57 - 2013-04-07 19:36 - 00000000 ____D C:\users\Guest 2013-05-30 20:55 - 2012-07-28 22:17 - 00000000 ____D C:\Users\Corey\AppData\Local\Deployment 2013-05-30 20:31 - 2013-04-30 10:49 - 00000000 ____A C:\end 2013-05-30 16:34 - 2013-05-30 16:33 - 00276016 ____A C:\Windows\Minidump\053013-28314-01.dmp 2013-05-29 20:30 - 2013-05-29 20:30 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2013-05-29 20:28 - 2012-04-24 16:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-05-28 20:42 - 2012-08-18 15:55 - 00000000 ____D C:\Program Files (x86)\Realtek 2013-05-28 20:41 - 2013-05-28 20:41 - 00000000 ____D C:\Users\Corey\Desktop\HD_Audio 2013-05-28 20:41 - 2013-05-28 20:12 - 124038686 ____A C:\Users\Corey\Desktop\mb_driver_audio_realtek_azalia-amd.exe 2013-05-25 09:22 - 2012-04-30 08:11 - 00000000 ____D C:\Users\Corey\AppData\Roaming\vlc 2013-05-24 20:07 - 2013-05-24 20:07 - 00000015 ____A C:\Users\Corey\Desktop\DCUO.txt 2013-05-23 21:29 - 2012-04-24 08:38 - 00000000 ____D C:\users\Corey 2013-05-23 16:39 - 2013-05-23 16:38 - 00275976 ____A C:\Windows\Minidump\052313-22198-01.dmp 2013-05-22 18:37 - 2013-05-22 18:37 - 00275976 ____A C:\Windows\Minidump\052213-23836-01.dmp 2013-05-20 16:05 - 2013-05-20 16:04 - 00275976 ____A C:\Windows\Minidump\052013-28984-01.dmp 2013-05-16 16:32 - 2013-05-16 16:32 - 00275976 ____A C:\Windows\Minidump\051613-24024-01.dmp 2013-05-15 18:02 - 2013-05-15 18:01 - 00275976 ____A C:\Windows\Minidump\051513-24866-01.dmp 2013-05-14 22:13 - 2012-04-24 17:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-14 22:13 - 2012-04-24 17:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-12 08:12 - 2013-05-12 08:12 - 00275976 ____A C:\Windows\Minidump\051213-23010-01.dmp 2013-05-11 08:04 - 2013-05-11 08:04 - 00275976 ____A C:\Windows\Minidump\051113-58500-01.dmp 2013-05-10 17:10 - 2013-05-10 17:10 - 00275976 ____A C:\Windows\Minidump\051013-29515-01.dmp 2013-05-09 15:12 - 2013-05-09 15:12 - 00275976 ____A C:\Windows\Minidump\050913-28953-01.dmp 2013-05-09 00:25 - 2013-05-09 00:25 - 00275976 ____A C:\Windows\Minidump\050913-27846-01.dmp 2013-05-07 09:23 - 2013-05-07 09:23 - 00280344 ____A C:\Windows\Minidump\050713-25053-01.dmp 2013-05-05 15:02 - 2013-05-05 15:02 - 00275976 ____A C:\Windows\Minidump\050513-29312-01.dmp 2013-05-04 19:08 - 2013-05-04 19:08 - 00000562 ____A C:\Windows\wmsetup.log 2013-05-04 19:08 - 2013-05-04 19:08 - 00000000 ____D C:\Users\Corey\Documents\DeadIsland 2013-05-04 19:07 - 2013-02-06 14:17 - 00135621 ____A C:\Windows\DirectX.log 2013-05-04 09:09 - 2012-09-28 09:46 - 00000000 ____D C:\smc 2013-05-03 15:54 - 2013-04-20 17:27 - 00001744 ____A C:\Users\Corey\Documents\bioshockinfreview ideas.txt 2013-05-03 10:58 - 2013-05-03 10:58 - 00001246 ____A C:\Users\Corey\Desktop\Neverwinter.lnk 2013-05-03 10:54 - 2013-05-03 10:54 - 00000000 ____D C:\Users\Public\Games 2013-05-03 10:49 - 2013-05-02 22:10 - 3375724358 ____A C:\Program Files\Neverwinter NW.1.20130416a.3.rar 2013-05-02 22:07 - 2013-05-02 22:07 - 00000000 ____D C:\Users\Corey\Downloads\Neverwinter NW.1.20130416a.6 2013-05-02 20:33 - 2013-05-02 20:32 - 01812872 ____A C:\Users\Corey\Downloads\Neverwinter_NW.1.20130416a.6.exe 2013-05-02 11:53 - 2013-05-02 11:53 - 00000405 ____A C:\Users\Corey\Documents\unempapr29.txt 2013-05-02 00:23 - 2013-05-02 00:23 - 00000202 ____A C:\Users\Corey\Desktop\Mars War Logs.url ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$7edea32feb1d704812007962a50e9b87 ZeroAccess: C:\$Recycle.Bin\S-1-5-21-1314818881-2846700638-563477614-1001\$7edea32feb1d704812007962a50e9b87 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$7edea32feb1d704812007962a50e9b87 Files to move or delete: ==================== C:\Users\Corey\World of Warcraft Beta Setup.exe C:\Users\Corey\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8190.49 MB Available physical RAM: 7374.89 MB Total Pagefile: 8188.64 MB Available Pagefile: 7381.87 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (New Volume) (Fixed) (Total:310.48 GB) (Free:61.12 GB) NTFS (Disk=1 Partition=3) Drive d: (Tera1 Anime) (Fixed) (Total:310.54 GB) (Free:11.4 GB) NTFS (Disk=1 Partition=1) Drive e: () (Fixed) (Total:55.87 GB) (Free:11.33 GB) NTFS (Disk=2 Partition=1) Drive f: () (Fixed) (Total:143.75 GB) (Free:1.63 GB) NTFS (Disk=3 Partition=1) Drive g: (New Volume) (Fixed) (Total:100.22 GB) (Free:12.7 GB) NTFS (Disk=0 Partition=2) Drive h: (New Volume) (Fixed) (Total:310.48 GB) (Free:17.7 GB) NTFS (Disk=1 Partition=2) Drive j: (RECOVERY) (Fixed) (Total:5.28 GB) (Free:1.68 GB) FAT32 (Disk=3 Partition=2) Drive l: (HP v125w) (Removable) (Total:14.92 GB) (Free:1.42 GB) FAT32 (Disk=4 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:48.83 GB) (Free:6.3 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: EDAAEDAA) Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 932 GB) (Disk ID: B02CB02C) Partition 1: (Not Active) - (Size=311 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=310 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=310 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 56 GB) (Disk ID: 277BC722) Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 149 GB) (Disk ID: C484E3ED) Partition 1: (Active) - (Size=144 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=5 GB) - (Type=0B) ======================================================== Disk: 4 (Size: 15 GB) (Disk ID: 04030201) Partition 1: (Not Active) - (Size=15 GB) - (Type=0C) Last Boot: 2013-05-23 23:19 ==================== End Of Log ============================ Any help would be appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.