Jump to content

Logs for MrC (FBI virus)

eg303
 Share

Recommended Posts

eg303

eg303

Posted
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02 (ATTENTION: FRST version is 35 days old)
Ran by SYSTEM on 06-07-2013 12:53:56
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x]
HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x]
HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11465832 2010-09-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2122344 2010-09-14] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] H.EXE [x]
HKLM\...\Run: [TpShocks] DOWS\SYSTEM32\TPSHOCKS.EXE [x]
HKLM\...\Run: [EnergyUtility] T\UTILITY.EXE [x]
HKLM\...\Run: [Energy Management] T.EXE [x]
HKLM\...\Runonce: [GrpConv] grpconv -o [x]
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1486392 2011-04-05] (McAfee, Inc.)
HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2011-04-04] (Lenovo)
HKLM-x32\...\Run: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [171104 2010-06-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-15] (Samsung Electronics Co., Ltd.)
HKU\Ed Greenslade\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Ed Greenslade\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKU\Ed Greenslade\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-15] ()
HKU\Ed Greenslade\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [975800 2012-07-15] (Samsung)
HKU\Ed Greenslade\...\Run: [spotify Web Helper] "C:\Users\Ed Greenslade\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-05] (Spotify Ltd)
HKU\Ed Greenslade\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\Ed Greenslade\...\Run: [spotify] "C:\Users\Ed Greenslade\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4640768 2013-07-05] (Spotify Ltd)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\Users\EDGREE~1\AppData\Local\Temp\uyuyicmbkoqfjrfymay.bfg (Microsoft Corporation)
Startup: C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk
ShortcutTarget: TimeLeft.lnk -> C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File

==================== Services (Whitelisted) =================

S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [903456 2010-04-20] (Broadcom Corporation.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2011-04-14] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2011-04-14] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2011-04-14] (McAfee, Inc.)
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [203320 2012-05-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 BcmSqlStartupSvc;
S3 IGRS;
S2 IviRegMgr;
S4 mbamswissarmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys [x]
S2 ReadyComm.DirectRouter;
S2 RichVideo;
S3 SQLWriter;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-06 03:03 - 2013-07-06 03:03 - 00000000 ____D C:\Users\Ed Greenslade\Downloads\mbar-1.06.0.1004
2013-07-06 03:01 - 2013-07-06 03:01 - 13399154 ____A C:\Users\Ed Greenslade\Downloads\mbar-1.06.0.1004.zip
2013-07-06 02:35 - 2013-07-06 02:35 - 00000165 ____A C:\ProgramData\yamyfrjfqokbmciyuyu.reg
2013-07-06 02:35 - 2013-07-06 02:35 - 00000070 ____A C:\ProgramData\yamyfrjfqokbmciyuyu.bat
2013-07-05 15:13 - 2013-07-05 15:14 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{11E69CC1-D6C2-4A92-8ADA-2A92035CCAE2}
2013-07-05 03:13 - 2013-07-05 03:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{7F9C033D-FC6C-4720-824E-DB7C71AE7844}
2013-07-04 03:12 - 2013-07-04 15:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{AB110009-74F7-4B40-90E2-C9D58E99D926}
2013-07-03 08:23 - 2013-07-04 06:42 - 00011890 ____A C:\Users\Ed Greenslade\Documents\Battle of the Goldroad.xlsx
2013-07-03 00:55 - 2013-07-03 00:55 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0B591B3E-EF44-45EE-A8E4-3C3A26154D57}
2013-07-02 05:46 - 2013-07-02 05:51 - 00013614 ____A C:\Users\Ed Greenslade\Documents\Army of King's Landing under Queen Rhaenyra.xlsx
2013-07-02 03:38 - 2013-07-02 03:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EECD98DE-3628-4708-A6CC-60D02BE1B717}
2013-07-01 15:38 - 2013-07-01 15:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{8ADC0B9D-A6B1-44CC-8F7F-36AE89F19C30}
2013-07-01 03:37 - 2013-07-01 03:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DDBF11DA-B37F-41C3-B8B6-3ADA58388916}
2013-06-30 15:37 - 2013-06-30 15:37 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A287BE2C-C528-46A0-8F5A-E7A6765B4497}
2013-06-30 03:37 - 2013-06-30 03:37 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5293C3A3-DFF2-4D4F-BE8C-325CE07179BD}
2013-06-29 15:36 - 2013-06-29 15:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0E833867-E945-43B1-8C0D-CD1FDF9AB813}
2013-06-29 03:22 - 2013-06-29 03:22 - 00011339 ____A C:\Users\Ed Greenslade\Documents\The North has suffered.xlsx
2013-06-29 03:03 - 2013-06-29 03:03 - 00886000 ____A C:\Users\Ed Greenslade\Documents\Brown.pptx
2013-06-29 01:44 - 2013-06-29 01:44 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{B7546FE9-50BC-4C54-A3C0-6FF57D8C7F2B}
2013-06-28 13:43 - 2013-06-28 13:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A77083AE-88B0-4384-A8FD-89CD6FB5D2D5}
2013-06-28 03:09 - 2013-07-04 06:53 - 00012989 ____A C:\Users\Ed Greenslade\Documents\The Ongoing Dance of the Dragons.xlsx
2013-06-28 02:06 - 2013-07-04 07:14 - 00014898 ____A C:\Users\Ed Greenslade\Documents\Battles of the Dance of the Dragons.xlsx
2013-06-28 01:43 - 2013-06-28 01:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{3C59EE9C-2D19-4F37-842D-B54E0B0A1D91}
2013-06-27 13:42 - 2013-06-27 13:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A99C3003-E3F2-48F2-8B4A-46A8E03DA66F}
2013-06-27 10:13 - 2013-07-04 08:46 - 00022423 ____A C:\Users\Ed Greenslade\Documents\Dance of the Dragons characters.xlsx
2013-06-27 01:42 - 2013-06-27 01:42 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0B82D516-E6A2-428A-BC59-FA52076643C2}
2013-06-26 04:03 - 2013-06-26 04:03 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{6B4FBA49-ED86-4C2C-BA3F-88C37F6BA26C}
2013-06-25 03:31 - 2013-06-25 03:31 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{F87EA818-780D-43E9-85C7-6B8A711A6C8F}
2013-06-24 14:28 - 2013-06-24 14:29 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{FD49AE58-9436-49C4-AC83-00E5B353FC80}
2013-06-22 05:29 - 2013-06-22 05:29 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{04E3F5C1-35C1-4828-909E-DB30A1A94F89}
2013-06-21 05:00 - 2013-06-21 05:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Roaming\Windows Live Writer
2013-06-21 05:00 - 2013-06-21 05:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\Windows Live Writer
2013-06-21 02:35 - 2013-06-21 02:35 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{32138C49-4012-46A4-9834-D29999C416EB}
2013-06-20 05:21 - 2013-07-04 07:17 - 01559204 ____A C:\Users\Ed Greenslade\Documents\The Dance of the Dragons map.pptx
2013-06-20 02:51 - 2013-06-20 02:51 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{7EBEB5B0-9385-4E83-830D-8D447C5707B2}
2013-06-18 07:28 - 2013-07-04 07:54 - 00028359 ____A C:\Users\Ed Greenslade\Documents\The Dance of the Dragons.xlsx
2013-06-18 06:18 - 2013-06-18 06:41 - 01484911 ____A C:\Users\Ed Greenslade\Documents\Robert's Rebellion.pptx
2013-06-18 05:19 - 2013-06-18 05:19 - 01439574 ____A C:\Users\Ed Greenslade\Documents\Red Lake Rebellion.pptx
2013-06-18 04:43 - 2013-06-18 04:53 - 00048420 ____A C:\Users\Ed Greenslade\Documents\Trident.pptx
2013-06-18 04:43 - 2013-06-18 04:43 - 00014674 ____A C:\Users\Ed Greenslade\Documents\Battle of the Trident.xlsx
2013-06-18 03:05 - 2013-06-18 03:05 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{76A0617E-E2AC-4ADA-A265-D4A2CC403A44}
2013-06-17 16:17 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-17 16:17 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-17 16:17 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-17 16:17 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-17 16:17 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-17 16:17 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-17 16:17 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-17 16:17 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-17 16:17 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-17 16:17 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-17 16:17 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-17 16:17 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-17 06:47 - 2013-06-17 06:48 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{89D6F479-FC57-415C-8D34-82470AC1882B}
2013-06-14 14:13 - 2013-06-14 14:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{1ECEE421-9ABF-4274-87FF-B85281A175F2}
2013-06-14 02:13 - 2013-06-14 02:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EB528CAB-CFF4-4777-8EA5-A8983B17845C}
2013-06-13 14:12 - 2013-06-13 14:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{9BD6A6ED-B898-4740-84F4-F9A5979C1D59}
2013-06-13 07:00 - 2013-06-13 07:00 - 00012098 ____A C:\Users\Ed Greenslade\Documents\War for Westeros.xlsx
2013-06-13 06:47 - 2013-06-13 06:59 - 01776573 ____A C:\Users\Ed Greenslade\Documents\War for Westeros 5 BC.pptx
2013-06-13 02:12 - 2013-06-13 02:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DB520329-E5C7-45E7-8974-C8F26954ED1F}
2013-06-12 06:56 - 2013-06-12 06:56 - 00361118 ____A C:\Users\Ed Greenslade\Documents\280 AL Conflict.pptx
2013-06-12 03:41 - 2013-06-12 03:41 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{E3D7FA79-FE17-43AE-BAB7-485033FEB4A7}
2013-06-11 23:24 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 23:24 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 23:24 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 23:24 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 23:24 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-11 23:24 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-11 23:24 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 23:24 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-11 23:24 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 23:24 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-11 23:24 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 23:24 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 23:24 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 23:24 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-11 23:24 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-11 23:24 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 23:24 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-11 23:24 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 23:24 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-11 22:51 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 22:51 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 22:51 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 22:51 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 22:51 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 22:50 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 22:50 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 22:50 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 22:50 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 22:50 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 22:50 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 22:50 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 22:50 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 22:50 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 22:50 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 22:50 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-11 22:50 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 22:49 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-11 22:49 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 13:01 - 2013-06-11 13:01 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{25472F93-2899-4F41-A657-D746E89CCD22}
2013-06-11 01:01 - 2013-06-11 01:01 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{9806C917-B29B-4850-9F9D-6712B65B24A8}
2013-06-10 03:07 - 2013-06-10 03:07 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{BD73BF6A-9CB6-4D63-AA74-6F7251EC6DA1}
2013-06-09 15:06 - 2013-06-09 15:07 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{29CB2AD0-DF06-4C83-B7B9-B8A2B6BF383B}
2013-06-09 04:13 - 2013-06-09 05:54 - 00016128 ____A C:\Users\Ed Greenslade\Documents\Icemark garrison.xlsx
2013-06-08 23:38 - 2013-06-08 23:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5DD8EF6F-C18E-4C01-86D4-192C01732652}
2013-06-08 08:12 - 2013-06-08 08:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5B79D989-46FA-401F-94FD-FF0C80A97A66}
2013-06-07 17:46 - 2013-06-07 17:46 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{CD852BE4-0E6D-4481-93A9-76B90E2EED65}
2013-06-07 03:48 - 2013-06-07 03:48 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{C9912FD3-AA12-4E58-8B57-C9EDFAE4C56A}
2013-06-06 15:18 - 2013-06-06 15:19 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{AE6374EE-C260-41E6-B481-21F8A0975160}
2013-06-06 00:20 - 2013-06-06 00:20 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{28B40AF9-CBEB-4D95-AFDD-AEAE5B693125}

==================== One Month Modified Files and Folders =======

2013-07-06 03:45 - 2013-06-01 08:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-06 03:03 - 2013-07-06 03:03 - 00000000 ____D C:\Users\Ed Greenslade\Downloads\mbar-1.06.0.1004
2013-07-06 03:01 - 2013-07-06 03:01 - 13399154 ____A C:\Users\Ed Greenslade\Downloads\mbar-1.06.0.1004.zip
2013-07-06 03:00 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-06 02:58 - 2011-05-18 12:23 - 00002130 ____A C:\Users\Ed Greenslade\Desktop\OneKey Recovery.lnk
2013-07-06 02:58 - 2011-04-04 07:11 - 01869651 ____A C:\Windows\WindowsUpdate.log
2013-07-06 02:55 - 2011-12-09 02:21 - 00001828 ____A C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-07-06 02:52 - 2011-05-19 09:26 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Roaming\Skype
2013-07-06 02:52 - 2011-05-18 14:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Roaming\Spotify
2013-07-06 02:51 - 2011-05-23 03:20 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 02:51 - 2011-05-18 14:50 - 00000000 ____D C:\Users\Ed Greenslade\Tracing
2013-07-06 02:51 - 2011-05-18 12:22 - 24262160 ____A C:\FaceProv.log
2013-07-06 02:51 - 2011-05-17 20:16 - 00053648 ____A C:\Windows\PFRO.log
2013-07-06 02:51 - 2011-04-04 07:29 - 00000000 ____D C:\ProgramData\VeriFace
2013-07-06 02:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 02:51 - 2009-07-13 20:51 - 00156869 ____A C:\Windows\setupact.log
2013-07-06 02:35 - 2013-07-06 02:35 - 00000165 ____A C:\ProgramData\yamyfrjfqokbmciyuyu.reg
2013-07-06 02:35 - 2013-07-06 02:35 - 00000070 ____A C:\ProgramData\yamyfrjfqokbmciyuyu.bat
2013-07-06 02:13 - 2011-05-23 03:20 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-06 01:50 - 2012-09-10 11:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 01:41 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 01:41 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-05 15:14 - 2013-07-05 15:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{11E69CC1-D6C2-4A92-8ADA-2A92035CCAE2}
2013-07-05 03:13 - 2013-07-05 03:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{7F9C033D-FC6C-4720-824E-DB7C71AE7844}
2013-07-04 15:13 - 2013-07-04 03:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{AB110009-74F7-4B40-90E2-C9D58E99D926}
2013-07-04 08:46 - 2013-06-27 10:13 - 00022423 ____A C:\Users\Ed Greenslade\Documents\Dance of the Dragons characters.xlsx
2013-07-04 07:54 - 2013-06-18 07:28 - 00028359 ____A C:\Users\Ed Greenslade\Documents\The Dance of the Dragons.xlsx
2013-07-04 07:17 - 2013-06-20 05:21 - 01559204 ____A C:\Users\Ed Greenslade\Documents\The Dance of the Dragons map.pptx
2013-07-04 07:14 - 2013-06-28 02:06 - 00014898 ____A C:\Users\Ed Greenslade\Documents\Battles of the Dance of the Dragons.xlsx
2013-07-04 06:53 - 2013-06-28 03:09 - 00012989 ____A C:\Users\Ed Greenslade\Documents\The Ongoing Dance of the Dragons.xlsx
2013-07-04 06:42 - 2013-07-03 08:23 - 00011890 ____A C:\Users\Ed Greenslade\Documents\Battle of the Goldroad.xlsx
2013-07-04 05:37 - 2011-05-18 14:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\Spotify
2013-07-04 04:15 - 2013-02-07 11:06 - 00000000 ____D C:\Users\Ed Greenslade\Documents\VirtualDJ
2013-07-03 00:55 - 2013-07-03 00:55 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0B591B3E-EF44-45EE-A8E4-3C3A26154D57}
2013-07-03 00:55 - 2011-08-20 02:50 - 00000000 ____D C:\Users\Ed Greenslade\Documents\Youcam
2013-07-02 05:51 - 2013-07-02 05:46 - 00013614 ____A C:\Users\Ed Greenslade\Documents\Army of King's Landing under Queen Rhaenyra.xlsx
2013-07-02 03:38 - 2013-07-02 03:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EECD98DE-3628-4708-A6CC-60D02BE1B717}
2013-07-01 15:38 - 2013-07-01 15:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{8ADC0B9D-A6B1-44CC-8F7F-36AE89F19C30}
2013-07-01 03:38 - 2013-07-01 03:37 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DDBF11DA-B37F-41C3-B8B6-3ADA58388916}
2013-07-01 00:31 - 2012-06-24 03:53 - 87340382 ____A C:\Users\Ed Greenslade\Documents\Trouble.pptx
2013-06-30 15:37 - 2013-06-30 15:37 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A287BE2C-C528-46A0-8F5A-E7A6765B4497}
2013-06-30 03:37 - 2013-06-30 03:37 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5293C3A3-DFF2-4D4F-BE8C-325CE07179BD}
2013-06-29 15:36 - 2013-06-29 15:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0E833867-E945-43B1-8C0D-CD1FDF9AB813}
2013-06-29 03:22 - 2013-06-29 03:22 - 00011339 ____A C:\Users\Ed Greenslade\Documents\The North has suffered.xlsx
2013-06-29 03:03 - 2013-06-29 03:03 - 00886000 ____A C:\Users\Ed Greenslade\Documents\Brown.pptx
2013-06-29 01:44 - 2013-06-29 01:44 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{B7546FE9-50BC-4C54-A3C0-6FF57D8C7F2B}
2013-06-28 13:43 - 2013-06-28 13:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A77083AE-88B0-4384-A8FD-89CD6FB5D2D5}
2013-06-28 13:13 - 2013-03-17 03:24 - 00011443 ____A C:\Users\Ed Greenslade\Documents\Helen's course.xlsx
2013-06-28 01:43 - 2013-06-28 01:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{3C59EE9C-2D19-4F37-842D-B54E0B0A1D91}
2013-06-27 13:43 - 2013-06-27 13:42 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A99C3003-E3F2-48F2-8B4A-46A8E03DA66F}
2013-06-27 10:42 - 2011-08-21 15:23 - 00068652 ____A C:\Users\Ed Greenslade\Documents\ASOIAF names.xlsx
2013-06-27 01:42 - 2013-06-27 01:42 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0B82D516-E6A2-428A-BC59-FA52076643C2}
2013-06-26 04:08 - 2011-04-04 07:24 - 00000000 ____D C:\Program Files\mcafee
2013-06-26 04:03 - 2013-06-26 04:03 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{6B4FBA49-ED86-4C2C-BA3F-88C37F6BA26C}
2013-06-25 03:31 - 2013-06-25 03:31 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{F87EA818-780D-43E9-85C7-6B8A711A6C8F}
2013-06-24 14:29 - 2013-06-24 14:28 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{FD49AE58-9436-49C4-AC83-00E5B353FC80}
2013-06-22 05:29 - 2013-06-22 05:29 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{04E3F5C1-35C1-4828-909E-DB30A1A94F89}
2013-06-21 05:00 - 2013-06-21 05:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Roaming\Windows Live Writer
2013-06-21 05:00 - 2013-06-21 05:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\Windows Live Writer
2013-06-21 05:00 - 2011-05-18 14:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\Windows Live
2013-06-21 02:35 - 2013-06-21 02:35 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{32138C49-4012-46A4-9834-D29999C416EB}
2013-06-20 02:51 - 2013-06-20 02:51 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{7EBEB5B0-9385-4E83-830D-8D447C5707B2}
2013-06-18 06:41 - 2013-06-18 06:18 - 01484911 ____A C:\Users\Ed Greenslade\Documents\Robert's Rebellion.pptx
2013-06-18 05:19 - 2013-06-18 05:19 - 01439574 ____A C:\Users\Ed Greenslade\Documents\Red Lake Rebellion.pptx
2013-06-18 04:55 - 2013-05-29 14:06 - 00017737 ____A C:\Users\Ed Greenslade\Documents\Ser Hostan's quests characters.xlsx
2013-06-18 04:53 - 2013-06-18 04:43 - 00048420 ____A C:\Users\Ed Greenslade\Documents\Trident.pptx
2013-06-18 04:43 - 2013-06-18 04:43 - 00014674 ____A C:\Users\Ed Greenslade\Documents\Battle of the Trident.xlsx
2013-06-18 03:05 - 2013-06-18 03:05 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{76A0617E-E2AC-4ADA-A265-D4A2CC403A44}
2013-06-17 06:48 - 2013-06-17 06:47 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{89D6F479-FC57-415C-8D34-82470AC1882B}
2013-06-14 14:13 - 2013-06-14 14:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{1ECEE421-9ABF-4274-87FF-B85281A175F2}
2013-06-14 02:13 - 2013-06-14 02:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EB528CAB-CFF4-4777-8EA5-A8983B17845C}
2013-06-13 14:12 - 2013-06-13 14:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{9BD6A6ED-B898-4740-84F4-F9A5979C1D59}
2013-06-13 07:00 - 2013-06-13 07:00 - 00012098 ____A C:\Users\Ed Greenslade\Documents\War for Westeros.xlsx
2013-06-13 06:59 - 2013-06-13 06:47 - 01776573 ____A C:\Users\Ed Greenslade\Documents\War for Westeros 5 BC.pptx
2013-06-13 03:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 02:12 - 2013-06-13 02:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DB520329-E5C7-45E7-8974-C8F26954ED1F}
2013-06-12 08:57 - 2013-05-22 05:06 - 00367640 ____A C:\Users\Ed Greenslade\Documents\Quest of Ser Hostan Ryle.pptx
2013-06-12 06:56 - 2013-06-12 06:56 - 00361118 ____A C:\Users\Ed Greenslade\Documents\280 AL Conflict.pptx
2013-06-12 05:34 - 2013-06-02 02:54 - 00320120 ____A C:\Users\Ed Greenslade\Documents\ASOIAF maps.pptx
2013-06-12 04:43 - 2013-04-24 12:54 - 00019202 ____A C:\Users\Ed Greenslade\Documents\Character chapters.xlsx
2013-06-12 03:50 - 2012-09-10 11:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 03:50 - 2011-05-18 14:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 03:41 - 2013-06-12 03:41 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{E3D7FA79-FE17-43AE-BAB7-485033FEB4A7}
2013-06-11 13:01 - 2013-06-11 13:01 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{25472F93-2899-4F41-A657-D746E89CCD22}
2013-06-11 01:01 - 2013-06-11 01:01 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{9806C917-B29B-4850-9F9D-6712B65B24A8}
2013-06-10 03:07 - 2013-06-10 03:07 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{BD73BF6A-9CB6-4D63-AA74-6F7251EC6DA1}
2013-06-09 15:07 - 2013-06-09 15:06 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{29CB2AD0-DF06-4C83-B7B9-B8A2B6BF383B}
2013-06-09 05:54 - 2013-06-09 04:13 - 00016128 ____A C:\Users\Ed Greenslade\Documents\Icemark garrison.xlsx
2013-06-08 23:38 - 2013-06-08 23:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5DD8EF6F-C18E-4C01-86D4-192C01732652}
2013-06-08 08:13 - 2013-06-08 08:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5B79D989-46FA-401F-94FD-FF0C80A97A66}
2013-06-08 06:08 - 2013-06-17 16:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-17 16:17 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-17 16:17 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-17 16:17 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-17 16:17 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-17 16:17 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-17 16:17 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-17 16:17 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-17 16:17 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-17 16:17 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-17 16:17 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-17 16:17 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 17:46 - 2013-06-07 17:46 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{CD852BE4-0E6D-4481-93A9-76B90E2EED65}
2013-06-07 03:48 - 2013-06-07 03:48 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{C9912FD3-AA12-4E58-8B57-C9EDFAE4C56A}
2013-06-06 15:19 - 2013-06-06 15:18 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{AE6374EE-C260-41E6-B481-21F8A0975160}
2013-06-06 00:20 - 2013-06-06 00:20 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{28B40AF9-CBEB-4D95-AFDD-AEAE5B693125}

Files to move or delete:
====================
C:\ProgramData\yamyfrjfqokbmciyuyu.bat
C:\ProgramData\yamyfrjfqokbmciyuyu.reg

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3893.86 MB
Available physical RAM: 3206.27 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3287.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:75.3 GB) (Free:3.07 GB) NTFS (Disk=0 Partition=2)
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.93 GB) NTFS (Disk=0 Partition=4)
Drive f: (Lexar) (Removable) (Total:14.61 GB) (Free:14.58 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 8BDC9C39)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 7198AF08)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)

Last Boot: 2013-07-03 01:43

==================== End Of Log ============================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites
eg303

eg303

Posted
  • Author
Posted

Computer booted up normally, running Malwarebytes Anti-Rootkit now. Again, thank you so much :)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2013 02
Ran by SYSTEM at 2013-07-06 15:38:19 Run:2
Running from F:\
Boot Mode: Recovery
==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\GrpConv => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value deleted successfully.
C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully.
ShortcutTarget: regmonstd.lnk ->(Microsoft Corporation) not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck => Value deleted successfully.
HKLM\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File => Value not found.
HKLM\Software\Wow6432Node\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} => Key not found.
C:\ProgramData\yamyfrjfqokbmciyuyu.bat => Moved successfully.
C:\ProgramData\yamyfrjfqokbmciyuyu.reg => Moved successfully.
C:\Users\EDGREE~1\AppData\Local\Temp\uyuyicmbkoqfjrfymay.bfg  => Moved successfully.
C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.