Jump to content

Help please Cryptolocker removal, cant boot from cd on Sony Laptop Windows 8


Recommended Posts

Hi ,I made a kaspersky virus 10 rescue disc , the disc works on my desktop , but will not boot on my laptop , i have changed the boot sequence in the bios

 

The virus/malware/ransom ware is on my laptop HD

 

The laptop is around 2 years old , i have tried booting from holding down the assist button , this allowed me into extra menu options , i tried to restore windows to a past restore from 2 weeks ago....the restore went through the motions but at the end said it had failed , due to a virus program running , i am not sure how that would affect a restore when not fully running windows...the sony assist button pulls up sonys kind of safemode,but its all menu driven.

 

The laptop will not go into safe mode...so i googled how to go into safe mode in windows 8 on a sony , i pulled up this link :-

 

https://us.en.kb.sony.com/app/answers/detail/a_id/37848/~/how-to-access-safe-mode-when-you-cannot-access-the-operating-system.

 

if you read down to this line :-

 

  1. In the Command Prompt window, type "bcdedit /set {default} bootmenupolicy legacy" and then press theEnter key.

i have tried this , double checked that i am spelling everything correctly....but it will not accept the what it says i should type...

so why Sony has made it by default to not be able to access safemode is beyond my logic !!

 

I have also tried to make a USB Kasperksky Boot USB , i must admit this did not work on my desktop when tested , i did use the latest download and also the Kasperksky USB boot disc maker....i might have another usb stick i can try this on , it was a fairly old one , but 16gb and i formatted to fat 32 first.

 

SOOOO i did attempt to hook up the laptop harddrive to my desktop , i thought hey just boot from the working CD Kasperksky boot disc as it works on my desktop and attack the problem from there , but when i choose my laptop harddrive via my desktop computer (using sata) and also tried a usb hd enclosure , Kasperksky , gives me a message along the lines of " your windows was not shut down correctly " and basically says it is likely to cause a issue with that drive !!! sorry i dont have the exact message that Kasperksy showed on the screen.....(this is with my desktop computer main harddrive as c and the laptop hd i guess as D )

 

SOOOOOOOOO i am kinda stuck , the crytolock kicked in when i updated to windows 8.1 .

Is it safe to run the Rescue disk on my laptop harddrive via my desktop regardless of the warning message ? 

 

When i try to boot the windows 8.1 laptop hd on my desktop , it says no valid image , yet when i boot the HD on my laptop it boots up windows no issues other than the cryptolock situation , i assume sony bios and sony hd have some kind of extra boot strap / procedure in place.......

 

I am feeling pretty stuck at this point.........Please can anyone help me ......based on the fact i cant get into safemode (pressed f8 plenty of times and googled as above) plus the Kasperksky rescue disc will not boot even though i have changed the dvd rom drive to be the first drive to boot from , i have tried the rescue disk on a dvdr and a cdr , both work fine on my desktop , so i know the discs are working fine.....

 

I have plenty of pc experience , i can usually Google my way around most situations ....but i feel i have hit a wall with this one..........HEELLLLPPPP please :-/

Link to post
Share on other sites

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Have you tried "refreshing at boot" instructions here if required.... http://www.eightforums.com/tutorials/2293-refresh-windows-8-a.html

If that fails try the following to run FRST from command prompt at boot.... You will need access to another PC and a flash drive...

Download Farbar Recovery Scan Tool from here:
                                                                  
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

Next,

Boot the PC to command prompt from the advanced options menu, instructions at the following link if required:

http://www.eightforums.com/tutorials/2755-command-prompt-boot-startup-windows-8-a.html

  • At the Command Prompt do the following:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" or "This PC" for W8.1 and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Kevin...
 

Link to post
Share on other sites

Hi Kevin , Thank you for your reply , i shall also try the refeshing at boot , one thing i did try as well , is a malwarebytes scan on my HD while it was attached to my desktop , it only found 1 pup file.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by SYSTEM on MININT-OMB32VP on 20-07-2014 07:51:37
Running from D:\
Platform: WIN_8 (X64) OS Language: English (United States)
Boot Mode: Recovery
Attention: Could not load system hive.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is not loaded.

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 07:51 - 2014-07-20 07:51 - 00000000 ____D () C:\FRST
2014-07-17 20:37 - 2014-07-17 20:37 - 00000144 _____ () C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-17 20:23 - 2014-07-17 20:23 - 00000451 _____ () C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-17 19:51 - 2014-05-14 22:47 - 04720640 _____ (Microsoft Corporation) C:\Windows\System32\SyncEngine.dll
2014-07-17 19:51 - 2014-05-13 07:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\BulkOperationHost.exe
2014-07-17 19:51 - 2014-05-13 05:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2014-07-17 19:51 - 2014-05-13 04:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\winbici.dll
2014-07-17 19:51 - 2014-05-13 04:27 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveTelemetry.dll
2014-07-17 19:51 - 2014-05-13 04:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveShell.dll
2014-07-17 19:51 - 2014-05-13 03:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-07-17 19:51 - 2014-05-13 03:41 - 01118720 _____ (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
2014-07-17 19:51 - 2014-05-13 03:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-07-17 19:51 - 2014-05-03 11:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2014-07-17 19:51 - 2014-05-03 09:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-17 19:51 - 2014-05-03 05:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2014-07-17 19:51 - 2014-05-03 05:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\ncobjapi.dll
2014-07-17 19:51 - 2014-05-03 05:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\System32\framedynos.dll
2014-07-17 19:51 - 2014-05-03 05:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\System32\framedyn.dll
2014-07-17 19:51 - 2014-05-03 04:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-07-17 19:51 - 2014-05-03 04:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-07-17 19:51 - 2014-05-03 04:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-07-17 19:51 - 2014-05-03 03:30 - 02641920 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-07-17 19:51 - 2014-05-03 03:27 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-07-17 19:51 - 2014-05-02 23:26 - 00050745 _____ () C:\Windows\System32\srms.dat
2014-07-17 19:51 - 2014-05-01 05:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2014-07-17 19:51 - 2014-04-30 06:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2014-07-17 19:51 - 2014-04-30 06:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2014-07-17 19:51 - 2014-04-30 06:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2014-07-17 19:51 - 2014-04-30 06:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2014-07-17 19:51 - 2014-04-30 05:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2014-07-17 19:51 - 2014-04-30 04:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-17 19:51 - 2014-04-30 04:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2014-07-17 19:51 - 2014-04-30 04:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore.dll
2014-07-17 19:51 - 2014-04-30 04:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2014-07-17 19:51 - 2014-04-30 04:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc.dll
2014-07-17 19:51 - 2014-04-30 04:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2014-07-17 19:51 - 2014-04-30 03:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2014-07-17 19:51 - 2014-04-30 03:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-07-17 19:51 - 2014-04-30 03:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-07-17 19:51 - 2014-04-30 03:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-07-17 19:51 - 2014-04-30 03:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-07-17 19:51 - 2014-04-30 03:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\System32\vpnike.dll
2014-07-17 19:51 - 2014-04-28 22:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\System32\fveapi.dll
2014-07-17 19:51 - 2014-04-26 22:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2014-07-17 19:51 - 2014-04-26 20:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-07-17 19:51 - 2014-04-26 16:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\System32\bdesvc.dll
2014-07-17 19:51 - 2014-04-14 09:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\System32\d3d9.dll
2014-07-17 19:51 - 2014-04-14 08:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-07-17 19:51 - 2014-04-14 05:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-07-17 19:51 - 2014-04-09 06:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2014-07-17 19:51 - 2014-04-09 05:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-07-17 19:50 - 2014-06-05 14:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2014-07-17 19:50 - 2014-06-05 13:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-07-17 19:50 - 2014-06-02 02:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2014-07-17 19:50 - 2014-05-31 10:07 - 00467800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2014-07-17 19:50 - 2014-05-31 10:07 - 00440664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2014-07-17 19:50 - 2014-05-31 10:07 - 00419672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2014-07-17 19:50 - 2014-05-31 10:07 - 00089944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2014-07-17 19:50 - 2014-05-31 10:07 - 00027480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2014-07-17 19:50 - 2014-05-31 06:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-07-17 19:50 - 2014-05-31 06:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2014-07-17 19:50 - 2014-05-31 06:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2014-07-17 19:50 - 2014-05-31 04:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2014-07-17 19:50 - 2014-05-31 04:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2014-07-17 19:50 - 2014-05-31 04:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2014-07-17 19:50 - 2014-05-27 15:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-07-17 19:50 - 2014-05-27 09:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\System32\DaOtpCredentialProvider.dll
2014-07-17 19:50 - 2014-05-27 09:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-07-17 19:50 - 2014-05-17 04:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2014-07-17 19:50 - 2014-05-17 04:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-07-17 19:49 - 2014-05-31 06:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2014-07-14 12:09 - 2014-07-14 17:18 - 00211968 _____ () C:\Users\Morag\Documents\Alabastor pot.wps
2014-07-14 12:08 - 2014-07-14 12:08 - 00216064 _____ () C:\Users\Morag\Documents\Untitled Document.wps
2014-07-12 05:05 - 2014-06-26 20:55 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 05:05 - 2014-06-26 20:55 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 02:20 - 2014-04-14 03:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-07-09 04:51 - 2014-06-16 22:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 04:51 - 2014-06-16 22:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-09 04:51 - 2014-06-06 14:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-09 04:51 - 2014-05-30 03:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-09 04:50 - 2014-06-19 01:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-09 04:50 - 2014-06-18 23:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-09 04:50 - 2014-06-18 22:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 04:50 - 2014-05-29 12:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2014-07-09 04:50 - 2014-05-29 07:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-07-09 04:50 - 2014-05-29 06:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 04:50 - 2014-05-29 06:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2014-07-09 04:50 - 2014-05-29 05:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 04:50 - 2014-05-29 05:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-07-09 04:49 - 2014-06-19 00:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-09 04:49 - 2014-06-19 00:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 04:49 - 2014-06-19 00:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-09 04:49 - 2014-06-18 23:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-09 04:49 - 2014-06-18 23:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-09 04:49 - 2014-06-18 23:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-09 04:49 - 2014-06-18 23:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-09 04:49 - 2014-06-18 23:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-09 04:49 - 2014-06-18 23:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 04:49 - 2014-06-18 23:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-09 04:49 - 2014-06-18 23:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 04:49 - 2014-06-18 22:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 04:49 - 2014-06-18 22:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-09 04:49 - 2014-06-18 22:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 04:49 - 2014-06-18 22:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 04:49 - 2014-06-18 22:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-09 04:49 - 2014-06-18 22:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 04:49 - 2014-06-18 22:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 04:49 - 2014-06-18 22:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 04:49 - 2014-06-18 22:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-09 04:49 - 2014-06-18 22:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-09 04:49 - 2014-06-18 22:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 04:49 - 2014-06-18 22:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 04:49 - 2014-06-18 22:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 04:49 - 2014-06-06 13:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-09 04:49 - 2014-06-06 12:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 04:49 - 2014-05-31 10:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-07-09 04:49 - 2014-05-31 10:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.appcore.dll
2014-07-09 04:49 - 2014-05-31 03:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2014-07-09 04:49 - 2014-05-31 03:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 04:49 - 2014-05-31 03:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 04:49 - 2014-05-31 03:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-07-09 04:49 - 2014-05-31 03:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-07-09 04:49 - 2014-05-31 03:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 04:49 - 2014-05-31 02:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 04:49 - 2014-05-31 02:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 04:49 - 2014-05-31 02:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-07-09 04:49 - 2014-05-31 02:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\System32\twinui.appcore.dll
2014-07-09 04:49 - 2014-05-31 02:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2014-07-09 04:49 - 2014-05-31 02:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 04:49 - 2014-05-31 02:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 04:40 - 2014-07-09 04:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\WSReset.exe
2014-06-30 18:43 - 2014-07-09 11:13 - 00212992 _____ () C:\ProgramData\UqocaZyisu.dat
2014-06-30 04:19 - 2014-06-30 04:19 - 00000000 ____D () C:\ProgramData\Sony
2014-06-27 15:40 - 2014-06-27 15:40 - 00659786 _____ () C:\Users\Morag\Documents\TRUCK BLACE.skp
2014-06-27 12:13 - 2014-06-27 12:13 - 00010240 _____ () C:\Users\Morag\Documents\Invitation.wps
2014-06-20 17:09 - 2014-06-20 17:10 - 00012334 _____ () C:\Users\Morag\Documents\Answers to the search for regions.odt
2014-06-20 17:04 - 2014-06-20 17:04 - 00012709 _____ () C:\Users\Morag\Documents\Trouvez les regions du France.odt
2014-06-20 13:14 - 2014-06-20 13:14 - 00240701 _____ () C:\Users\Morag\Documents\Map of France.htm
2014-06-20 13:14 - 2014-06-20 13:14 - 00000000 ____D () C:\Users\Morag\Documents\Map of France_files
2014-06-20 06:50 - 2014-06-20 06:50 - 00166722 _____ () C:\Users\Morag\Documents\Corrieshalloch Gorge And Falls Of Measach National Nature Reserve - Braemore, - VisitScotland.htm
2014-06-20 06:50 - 2014-06-20 06:50 - 00000000 ____D () C:\Users\Morag\Documents\Corrieshalloch Gorge And Falls Of Measach National Nature Reserve - Braemore, - VisitScotland_files

==================== One Month Modified Files and Folders =======

2014-07-20 07:51 - 2014-07-20 07:51 - 00000000 ____D () C:\FRST
2014-07-19 22:33 - 2013-08-22 14:46 - 00291899 _____ () C:\Windows\setupact.log
2014-07-19 22:32 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 22:05 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\sru
2014-07-19 22:05 - 2013-02-23 10:04 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 22:05 - 2013-02-23 10:03 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 22:04 - 2014-04-18 13:08 - 00000000 __RDO () C:\Users\Morag\OneDrive
2014-07-19 22:03 - 2013-02-23 10:03 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 16:07 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-19 16:06 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\FileManager
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\Camera
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SystemResources
2014-07-19 15:52 - 2013-08-22 13:36 - 00000000 ____D () C:\Windows\System32\Sysprep
2014-07-19 14:00 - 2014-06-08 07:00 - 00000810 _____ () C:\Windows\Tasks\Security Center Update - 720143176.job
2014-07-19 13:36 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-07-19 08:59 - 2012-09-28 06:33 - 00000000 ____D () C:\ProgramData\MOCP
2014-07-19 08:58 - 2012-11-02 16:23 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2432231455-94151114-2206579565-1001
2014-07-19 08:56 - 2014-04-18 13:10 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63EB5B52-3F94-427E-96E5-80EDEEF37E3E}
2014-07-19 08:55 - 2014-04-18 12:17 - 01547966 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 20:37 - 2014-07-17 20:37 - 00000144 _____ () C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-17 20:34 - 2014-03-18 09:54 - 00008978 _____ () C:\Windows\PFRO.log
2014-07-17 20:34 - 2013-08-22 13:25 - 00524288 ___SH () C:\Windows\System32\config\BBI
2014-07-17 20:23 - 2014-07-17 20:23 - 00000451 _____ () C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-17 20:23 - 2014-04-18 11:49 - 00000000 ____D () C:\users\Morag
2014-07-17 20:22 - 2013-02-09 13:16 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-17 19:56 - 2012-07-26 07:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-17 19:49 - 2014-03-18 10:13 - 00233912 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-07-17 19:47 - 2014-05-24 12:01 - 00428888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-07-17 16:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-14 17:18 - 2014-07-14 12:09 - 00211968 _____ () C:\Users\Morag\Documents\Alabastor pot.wps
2014-07-14 17:18 - 2014-03-15 16:34 - 00000546 _____ () C:\Users\Morag\AppData\Roaming\wklnhst.dat
2014-07-14 14:14 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-07-14 12:08 - 2014-07-14 12:08 - 00216064 _____ () C:\Users\Morag\Documents\Untitled Document.wps
2014-07-14 11:49 - 2013-08-19 07:42 - 00000000 ____D () C:\Update
2014-07-12 05:03 - 2013-08-22 14:44 - 00429424 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-11 04:43 - 2013-08-16 20:40 - 00000000 ____D () C:\Windows\System32\MRT
2014-07-11 04:43 - 2013-01-22 16:25 - 96441528 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-07-09 11:13 - 2014-06-30 18:43 - 00212992 _____ () C:\ProgramData\UqocaZyisu.dat
2014-07-09 04:40 - 2014-07-09 04:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\WSReset.exe
2014-07-08 17:01 - 2013-12-08 23:22 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-30 04:19 - 2014-06-30 04:19 - 00000000 ____D () C:\ProgramData\Sony
2014-06-30 04:19 - 2012-09-28 06:41 - 00000000 ____D () C:\Program Files\Sony
2014-06-30 04:19 - 2012-09-28 06:11 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-06-27 15:40 - 2014-06-27 15:40 - 00659786 _____ () C:\Users\Morag\Documents\TRUCK BLACE.skp
2014-06-27 12:13 - 2014-06-27 12:13 - 00010240 _____ () C:\Users\Morag\Documents\Invitation.wps
2014-06-26 20:55 - 2014-07-12 05:05 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 20:55 - 2014-07-12 05:05 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-21 04:58 - 2013-02-23 10:03 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 04:58 - 2013-02-23 10:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 17:10 - 2014-06-20 17:09 - 00012334 _____ () C:\Users\Morag\Documents\Answers to the search for regions.odt
2014-06-20 17:04 - 2014-06-20 17:04 - 00012709 _____ () C:\Users\Morag\Documents\Trouvez les regions du France.odt
2014-06-20 13:14 - 2014-06-20 13:14 - 00240701 _____ () C:\Users\Morag\Documents\Map of France.htm
2014-06-20 13:14 - 2014-06-20 13:14 - 00000000 ____D () C:\Users\Morag\Documents\Map of France_files
2014-06-20 12:51 - 2013-11-27 14:42 - 00098712 _____ () C:\Users\Morag\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-20 06:50 - 2014-06-20 06:50 - 00166722 _____ () C:\Users\Morag\Documents\Corrieshalloch Gorge And Falls Of Measach National Nature Reserve - Braemore, - VisitScotland.htm
2014-06-20 06:50 - 2014-06-20 06:50 - 00000000 ____D () C:\Users\Morag\Documents\Corrieshalloch Gorge And Falls Of Measach National Nature Reserve - Braemore, - VisitScotland_files

Files to move or delete:
====================
C:\ProgramData\UqocaZyisu.dat
C:\Users\Morag\setup.exe


Some content of TEMP:
====================
C:\Users\Morag\AppData\Local\Temp\2tokinau.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-06-25 07:56:47
Restore point made on: 2014-07-04 10:12:25
Restore point made on: 2014-07-10 02:10:38
Restore point made on: 2014-07-17 05:00:18

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3975.27 MB
Available physical RAM: 3291.66 MB
Total Pagefile: 3975.27 MB
Available Pagefile: 3297.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:566.1 GB) (Free:518.94 GB) NTFS
Drive d: (USB STICK) (Removable) (Total:14.9 GB) (Free:14.49 GB) FAT32
Hi Kevin , Thank you for your reply , i shall also try the refeshing at boot , one thing i did try as well , is a malwarebytes scan on my HD while it was attached to my desktop , it only found 1 pup file.

Drive e: (KRD10) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 06E9C9DF)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 86CC9DD4)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2014-07-17 04:41

==================== End Of Log ============================

Link to post
Share on other sites

I have just had a quick look at the refresh instructions , it says it removes any programs i have installed etc , ideally i would like to try and remove the malware and keep my current installs intact , but will of course use the refresh option if all else failed...ideally a couple of downloads and a few scans will do the trick..hopefully :)

Link to post
Share on other sites

Leave Refresh as a last resort if you would rather not lose any programs/apps etc... continue:

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Re-boot when complete, does windows boot to normal mode now?

 

Kevin....

fixlist.txt

Link to post
Share on other sites

Hi , thank you for your reply , i ran as per your instructions , it took around 3 minutes or so for the program to process , i went to reboot , windows came up with a message saying it need to go into repair mode , so it scanned windows , then loaded , but windows still has the same issue , the same warning messages come with regards to crypto lock.

 

below is a copy of the fix log file

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2014
Ran by SYSTEM at 2014-07-20 12:46:32 Run:1
Running from E:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Start
C:\ProgramData\UqocaZyisu.dat
C:\Users\Morag\setup.exe
C:\Users\Morag\AppData\Local\Temp\2tokinau.exe
LastRegBack: 2014-07-17 04:41
End
*****************
 
C:\ProgramData\UqocaZyisu.dat => Moved successfully.
C:\Users\Morag\setup.exe => Moved successfully.
C:\Users\Morag\AppData\Local\Temp\2tokinau.exe => Moved successfully.
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====
Link to post
Share on other sites

Hi , Thank you for all your help , here is the latest scan.

 

Paul :-

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by SYSTEM on MININT-KDDB25M on 20-07-2014 22:31:19
Running from E:\
Platform: WIN_8 (X64) OS Language: English (United States)
Boot Mode: Recovery
Attention: Could not load system hive.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is not loaded.

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 12:46 - 2014-07-20 12:46 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-07-20 11:55 - 2014-07-20 11:55 - 00003232 ____N () C:\bootsqm.dat
2014-07-20 07:51 - 2014-07-20 22:31 - 00000000 ____D () C:\FRST
2014-07-17 20:37 - 2014-07-17 20:37 - 00000144 _____ () C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-17 20:23 - 2014-07-17 20:23 - 00000451 _____ () C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-17 19:51 - 2014-05-14 22:47 - 04720640 _____ (Microsoft Corporation) C:\Windows\System32\SyncEngine.dll
2014-07-17 19:51 - 2014-05-13 07:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\BulkOperationHost.exe
2014-07-17 19:51 - 2014-05-13 05:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2014-07-17 19:51 - 2014-05-13 04:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\winbici.dll
2014-07-17 19:51 - 2014-05-13 04:27 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveTelemetry.dll
2014-07-17 19:51 - 2014-05-13 04:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveShell.dll
2014-07-17 19:51 - 2014-05-13 03:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-07-17 19:51 - 2014-05-13 03:41 - 01118720 _____ (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
2014-07-17 19:51 - 2014-05-13 03:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-07-17 19:51 - 2014-05-03 11:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2014-07-17 19:51 - 2014-05-03 09:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-17 19:51 - 2014-05-03 05:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2014-07-17 19:51 - 2014-05-03 05:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\ncobjapi.dll
2014-07-17 19:51 - 2014-05-03 05:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\System32\framedynos.dll
2014-07-17 19:51 - 2014-05-03 05:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\System32\framedyn.dll
2014-07-17 19:51 - 2014-05-03 04:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-07-17 19:51 - 2014-05-03 04:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-07-17 19:51 - 2014-05-03 04:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-07-17 19:51 - 2014-05-03 03:30 - 02641920 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-07-17 19:51 - 2014-05-03 03:27 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-07-17 19:51 - 2014-05-02 23:26 - 00050745 _____ () C:\Windows\System32\srms.dat
2014-07-17 19:51 - 2014-05-01 05:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2014-07-17 19:51 - 2014-04-30 06:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2014-07-17 19:51 - 2014-04-30 06:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2014-07-17 19:51 - 2014-04-30 06:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2014-07-17 19:51 - 2014-04-30 06:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2014-07-17 19:51 - 2014-04-30 05:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2014-07-17 19:51 - 2014-04-30 04:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-17 19:51 - 2014-04-30 04:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2014-07-17 19:51 - 2014-04-30 04:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore.dll
2014-07-17 19:51 - 2014-04-30 04:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2014-07-17 19:51 - 2014-04-30 04:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc.dll
2014-07-17 19:51 - 2014-04-30 04:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2014-07-17 19:51 - 2014-04-30 03:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2014-07-17 19:51 - 2014-04-30 03:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-07-17 19:51 - 2014-04-30 03:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-07-17 19:51 - 2014-04-30 03:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-07-17 19:51 - 2014-04-30 03:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-07-17 19:51 - 2014-04-30 03:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\System32\vpnike.dll
2014-07-17 19:51 - 2014-04-28 22:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\System32\fveapi.dll
2014-07-17 19:51 - 2014-04-26 22:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2014-07-17 19:51 - 2014-04-26 20:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-07-17 19:51 - 2014-04-26 16:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\System32\bdesvc.dll
2014-07-17 19:51 - 2014-04-14 09:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\System32\d3d9.dll
2014-07-17 19:51 - 2014-04-14 08:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-07-17 19:51 - 2014-04-14 05:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-07-17 19:51 - 2014-04-09 06:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2014-07-17 19:51 - 2014-04-09 05:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-07-17 19:50 - 2014-06-05 14:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2014-07-17 19:50 - 2014-06-05 13:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-07-17 19:50 - 2014-06-02 02:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2014-07-17 19:50 - 2014-05-31 10:07 - 00467800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2014-07-17 19:50 - 2014-05-31 10:07 - 00440664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2014-07-17 19:50 - 2014-05-31 10:07 - 00419672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2014-07-17 19:50 - 2014-05-31 10:07 - 00089944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2014-07-17 19:50 - 2014-05-31 10:07 - 00027480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2014-07-17 19:50 - 2014-05-31 06:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-07-17 19:50 - 2014-05-31 06:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2014-07-17 19:50 - 2014-05-31 06:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2014-07-17 19:50 - 2014-05-31 04:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2014-07-17 19:50 - 2014-05-31 04:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2014-07-17 19:50 - 2014-05-31 04:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2014-07-17 19:50 - 2014-05-27 15:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-07-17 19:50 - 2014-05-27 09:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\System32\DaOtpCredentialProvider.dll
2014-07-17 19:50 - 2014-05-27 09:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-07-17 19:50 - 2014-05-17 04:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2014-07-17 19:50 - 2014-05-17 04:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-07-17 19:49 - 2014-05-31 06:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2014-07-14 12:09 - 2014-07-14 17:18 - 00211968 _____ () C:\Users\Morag\Documents\Alabastor pot.wps
2014-07-14 12:08 - 2014-07-14 12:08 - 00216064 _____ () C:\Users\Morag\Documents\Untitled Document.wps
2014-07-12 05:05 - 2014-06-26 20:55 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 05:05 - 2014-06-26 20:55 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 02:20 - 2014-04-14 03:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-07-09 04:51 - 2014-06-16 22:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 04:51 - 2014-06-16 22:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-09 04:51 - 2014-06-06 14:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-09 04:51 - 2014-05-30 03:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-09 04:50 - 2014-06-19 01:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-09 04:50 - 2014-06-18 23:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-09 04:50 - 2014-06-18 22:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 04:50 - 2014-05-29 12:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2014-07-09 04:50 - 2014-05-29 07:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-07-09 04:50 - 2014-05-29 06:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 04:50 - 2014-05-29 06:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2014-07-09 04:50 - 2014-05-29 05:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 04:50 - 2014-05-29 05:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-07-09 04:49 - 2014-06-19 00:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-09 04:49 - 2014-06-19 00:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 04:49 - 2014-06-19 00:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-09 04:49 - 2014-06-18 23:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-09 04:49 - 2014-06-18 23:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-09 04:49 - 2014-06-18 23:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-09 04:49 - 2014-06-18 23:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-09 04:49 - 2014-06-18 23:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-09 04:49 - 2014-06-18 23:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 04:49 - 2014-06-18 23:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-09 04:49 - 2014-06-18 23:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 04:49 - 2014-06-18 22:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 04:49 - 2014-06-18 22:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-09 04:49 - 2014-06-18 22:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 04:49 - 2014-06-18 22:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 04:49 - 2014-06-18 22:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-09 04:49 - 2014-06-18 22:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 04:49 - 2014-06-18 22:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 04:49 - 2014-06-18 22:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 04:49 - 2014-06-18 22:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-09 04:49 - 2014-06-18 22:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-09 04:49 - 2014-06-18 22:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 04:49 - 2014-06-18 22:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 04:49 - 2014-06-18 22:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 04:49 - 2014-06-06 13:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-09 04:49 - 2014-06-06 12:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 04:49 - 2014-05-31 10:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-07-09 04:49 - 2014-05-31 10:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.appcore.dll
2014-07-09 04:49 - 2014-05-31 03:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2014-07-09 04:49 - 2014-05-31 03:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 04:49 - 2014-05-31 03:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 04:49 - 2014-05-31 03:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-07-09 04:49 - 2014-05-31 03:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-07-09 04:49 - 2014-05-31 03:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 04:49 - 2014-05-31 02:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 04:49 - 2014-05-31 02:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 04:49 - 2014-05-31 02:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-07-09 04:49 - 2014-05-31 02:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\System32\twinui.appcore.dll
2014-07-09 04:49 - 2014-05-31 02:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2014-07-09 04:49 - 2014-05-31 02:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 04:49 - 2014-05-31 02:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 04:40 - 2014-07-09 04:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\WSReset.exe
2014-06-30 04:19 - 2014-06-30 04:19 - 00000000 ____D () C:\ProgramData\Sony
2014-06-27 15:40 - 2014-06-27 15:40 - 00659786 _____ () C:\Users\Morag\Documents\TRUCK BLACE.skp
2014-06-27 12:13 - 2014-06-27 12:13 - 00010240 _____ () C:\Users\Morag\Documents\Invitation.wps
2014-06-20 17:09 - 2014-06-20 17:10 - 00012334 _____ () C:\Users\Morag\Documents\Answers to the search for regions.odt
2014-06-20 17:04 - 2014-06-20 17:04 - 00012709 _____ () C:\Users\Morag\Documents\Trouvez les regions du France.odt
2014-06-20 13:14 - 2014-06-20 13:14 - 00240701 _____ () C:\Users\Morag\Documents\Map of France.htm
2014-06-20 13:14 - 2014-06-20 13:14 - 00000000 ____D () C:\Users\Morag\Documents\Map of France_files
2014-06-20 06:50 - 2014-06-20 06:50 - 00166722 _____ () C:\Users\Morag\Documents\Corrieshalloch Gorge And Falls Of Measach National Nature Reserve - Braemore, - VisitScotland.htm
2014-06-20 06:50 - 2014-06-20 06:50 - 00000000 ____D () C:\Users\Morag\Documents\Corrieshalloch Gorge And Falls Of Measach National Nature Reserve - Braemore, - VisitScotland_files

==================== One Month Modified Files and Folders =======

2014-07-20 22:31 - 2014-07-20 07:51 - 00000000 ____D () C:\FRST
2014-07-20 12:46 - 2014-07-20 12:46 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-07-20 12:46 - 2014-04-18 11:49 - 00000000 ____D () C:\users\Morag
2014-07-20 12:05 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\sru
2014-07-20 12:04 - 2014-04-18 13:10 - 00003766 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63EB5B52-3F94-427E-96E5-80EDEEF37E3E}
2014-07-20 12:04 - 2014-04-18 13:08 - 00000000 ___DO () C:\Users\Morag\OneDrive
2014-07-20 12:03 - 2013-02-23 10:04 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-20 12:03 - 2013-02-23 10:03 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 12:03 - 2013-02-23 10:03 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 12:00 - 2014-06-08 07:00 - 00000810 _____ () C:\Windows\Tasks\Security Center Update - 720143176.job
2014-07-20 12:00 - 2012-09-28 06:33 - 00000000 ____D () C:\ProgramData\MOCP
2014-07-20 11:58 - 2014-04-18 12:17 - 01581968 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 11:56 - 2014-03-18 09:54 - 00010522 _____ () C:\Windows\PFRO.log
2014-07-20 11:56 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 11:55 - 2014-07-20 11:55 - 00003232 ____N () C:\bootsqm.dat
2014-07-19 22:33 - 2013-08-22 14:46 - 00291899 _____ () C:\Windows\setupact.log
2014-07-19 16:07 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-19 16:07 - 2012-09-28 06:01 - 00000000 ____D () C:\Program Files\Intel
2014-07-19 16:06 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 __RSD () C:\Windows\Media
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\FileManager
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\Camera
2014-07-19 15:53 - 2014-03-18 09:45 - 00000000 ____D () C:\Windows\ShellNew
2014-07-19 15:53 - 2013-08-22 13:36 - 00000000 ____D () C:\Windows\servicing
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SystemResources
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\Macromed
2014-07-19 15:52 - 2013-08-22 13:36 - 00000000 ____D () C:\Windows\System32\Sysprep
2014-07-19 13:36 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-07-19 08:58 - 2012-11-02 16:23 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2432231455-94151114-2206579565-1001
2014-07-17 20:37 - 2014-07-17 20:37 - 00000144 _____ () C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-17 20:34 - 2013-08-22 13:25 - 00524288 ___SH () C:\Windows\System32\config\BBI
2014-07-17 20:23 - 2014-07-17 20:23 - 00000451 _____ () C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-17 20:22 - 2013-02-09 13:16 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-17 19:56 - 2012-07-26 07:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-17 19:49 - 2014-03-18 10:13 - 00233912 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-07-17 19:47 - 2014-05-24 12:01 - 00428888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-07-17 16:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-14 17:18 - 2014-07-14 12:09 - 00211968 _____ () C:\Users\Morag\Documents\Alabastor pot.wps
2014-07-14 17:18 - 2014-03-15 16:34 - 00000546 _____ () C:\Users\Morag\AppData\Roaming\wklnhst.dat
2014-07-14 14:14 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-07-14 12:08 - 2014-07-14 12:08 - 00216064 _____ () C:\Users\Morag\Documents\Untitled Document.wps
2014-07-14 11:49 - 2013-08-19 07:42 - 00000000 ____D () C:\Update
2014-07-12 05:03 - 2013-08-22 14:44 - 00429424 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-11 04:43 - 2013-08-16 20:40 - 00000000 ____D () C:\Windows\System32\MRT
2014-07-11 04:43 - 2013-01-22 16:25 - 96441528 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-07-09 04:40 - 2014-07-09 04:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\WSReset.exe
2014-07-08 17:01 - 2013-12-08 23:22 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-30 04:19 - 2014-06-30 04:19 - 00000000 ____D () C:\ProgramData\Sony
2014-06-30 04:19 - 2012-09-28 06:41 - 00000000 ____D () C:\Program Files\Sony
2014-06-30 04:19 - 2012-09-28 06:11 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-06-27 15:40 - 2014-06-27 15:40 - 00659786 _____ () C:\Users\Morag\Documents\TRUCK BLACE.skp
2014-06-27 12:13 - 2014-06-27 12:13 - 00010240 _____ () C:\Users\Morag\Documents\Invitation.wps
2014-06-26 20:55 - 2014-07-12 05:05 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 20:55 - 2014-07-12 05:05 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-21 04:58 - 2013-02-23 10:03 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 04:58 - 2013-02-23 10:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 17:10 - 2014-06-20 17:09 - 00012334 _____ () C:\Users\Morag\Documents\Answers to the search for regions.odt
2014-06-20 17:04 - 2014-06-20 17:04 - 00012709 _____ () C:\Users\Morag\Documents\Trouvez les regions du France.odt
2014-06-20 13:14 - 2014-06-20 13:14 - 00240701 _____ () C:\Users\Morag\Documents\Map of France.htm
2014-06-20 13:14 - 2014-06-20 13:14 - 00000000 ____D () C:\Users\Morag\Documents\Map of France_files
2014-06-20 12:51 - 2013-11-27 14:42 - 00098712 _____ () C:\Users\Morag\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-20 06:50 - 2014-06-20 06:50 - 00166722 _____ () C:\Users\Morag\Documents\Corrieshalloch Gorge And Falls Of Measach National Nature Reserve - Braemore, - VisitScotland.htm
2014-06-20 06:50 - 2014-06-20 06:50 - 00000000 ____D () C:\Users\Morag\Documents\Corrieshalloch Gorge And Falls Of Measach National Nature Reserve - Braemore, - VisitScotland_files

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3975.27 MB
Available physical RAM: 3295.29 MB
Total Pagefile: 3975.27 MB
Available Pagefile: 3300.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:566.1 GB) (Free:518.83 GB) NTFS
Drive e: (USB STICK) (Removable) (Total:14.9 GB) (Free:14.49 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 06E9C9DF)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 86CC9DD4)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2014-07-17 04:41

==================== End Of Log ============================

Link to post
Share on other sites

I have run the task , it took around 4 hours , below is a brief summary of each stage :-

 

Stage 1  415744 files processed

0 bad files processed

Stage 2 513164 index entries processed

Complete

0 unindexed scanned or recovered

Stage 3 security description verification complete

Usn journal verification complete

Stage 4

Replaced bad clusters

Stage 5

Discovered free space marked as allocated in the volume bitmap.

Windows has made corrections In the file system

Link to post
Share on other sites

I then ran the computer again , same issues still appearing / ransom ware etc.

 

So i have re-run the frst64 and below is the latest scan.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by SYSTEM on MININT-8605CS8 on 21-07-2014 05:59:54
Running from D:\
Platform: WIN_8 (X64) OS Language: English (United States)
Boot Mode: Recovery
Attention: Could not load system hive.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is not loaded.

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 12:46 - 2014-07-20 12:46 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-07-20 11:55 - 2014-07-20 11:55 - 00003232 ____N () C:\bootsqm.dat
2014-07-20 07:51 - 2014-07-21 05:59 - 00000000 ____D () C:\FRST
2014-07-17 20:37 - 2014-07-17 20:37 - 00000144 _____ () C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-17 20:23 - 2014-07-17 20:23 - 00000451 _____ () C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-17 19:51 - 2014-05-14 22:47 - 04720640 _____ (Microsoft Corporation) C:\Windows\System32\SyncEngine.dll
2014-07-17 19:51 - 2014-05-13 07:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\BulkOperationHost.exe
2014-07-17 19:51 - 2014-05-13 05:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2014-07-17 19:51 - 2014-05-13 04:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\winbici.dll
2014-07-17 19:51 - 2014-05-13 04:27 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveTelemetry.dll
2014-07-17 19:51 - 2014-05-13 04:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\SkyDriveShell.dll
2014-07-17 19:51 - 2014-05-13 03:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-07-17 19:51 - 2014-05-13 03:41 - 01118720 _____ (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
2014-07-17 19:51 - 2014-05-13 03:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-07-17 19:51 - 2014-05-03 11:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2014-07-17 19:51 - 2014-05-03 09:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-17 19:51 - 2014-05-03 05:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2014-07-17 19:51 - 2014-05-03 05:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\ncobjapi.dll
2014-07-17 19:51 - 2014-05-03 05:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\System32\framedynos.dll
2014-07-17 19:51 - 2014-05-03 05:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\System32\framedyn.dll
2014-07-17 19:51 - 2014-05-03 04:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-07-17 19:51 - 2014-05-03 04:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-07-17 19:51 - 2014-05-03 04:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-07-17 19:51 - 2014-05-03 03:30 - 02641920 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-07-17 19:51 - 2014-05-03 03:27 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-07-17 19:51 - 2014-05-02 23:26 - 00050745 _____ () C:\Windows\System32\srms.dat
2014-07-17 19:51 - 2014-05-01 05:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2014-07-17 19:51 - 2014-04-30 06:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys
2014-07-17 19:51 - 2014-04-30 06:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2014-07-17 19:51 - 2014-04-30 06:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys
2014-07-17 19:51 - 2014-04-30 06:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys
2014-07-17 19:51 - 2014-04-30 05:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2014-07-17 19:51 - 2014-04-30 04:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-17 19:51 - 2014-04-30 04:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2014-07-17 19:51 - 2014-04-30 04:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore.dll
2014-07-17 19:51 - 2014-04-30 04:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2014-07-17 19:51 - 2014-04-30 04:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\dhcpcsvc.dll
2014-07-17 19:51 - 2014-04-30 04:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2014-07-17 19:51 - 2014-04-30 03:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2014-07-17 19:51 - 2014-04-30 03:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-07-17 19:51 - 2014-04-30 03:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-07-17 19:51 - 2014-04-30 03:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-07-17 19:51 - 2014-04-30 03:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-07-17 19:51 - 2014-04-30 03:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\System32\vpnike.dll
2014-07-17 19:51 - 2014-04-28 22:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\System32\fveapi.dll
2014-07-17 19:51 - 2014-04-26 22:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2014-07-17 19:51 - 2014-04-26 20:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-07-17 19:51 - 2014-04-26 16:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\System32\bdesvc.dll
2014-07-17 19:51 - 2014-04-14 09:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\System32\d3d9.dll
2014-07-17 19:51 - 2014-04-14 08:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-07-17 19:51 - 2014-04-14 05:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-07-17 19:51 - 2014-04-09 06:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2014-07-17 19:51 - 2014-04-09 05:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-07-17 19:50 - 2014-06-05 14:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2014-07-17 19:50 - 2014-06-05 13:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-07-17 19:50 - 2014-06-02 02:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2014-07-17 19:50 - 2014-05-31 10:07 - 00467800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2014-07-17 19:50 - 2014-05-31 10:07 - 00440664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2014-07-17 19:50 - 2014-05-31 10:07 - 00419672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2014-07-17 19:50 - 2014-05-31 10:07 - 00089944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2014-07-17 19:50 - 2014-05-31 10:07 - 00027480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2014-07-17 19:50 - 2014-05-31 06:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-07-17 19:50 - 2014-05-31 06:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2014-07-17 19:50 - 2014-05-31 06:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2014-07-17 19:50 - 2014-05-31 04:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2014-07-17 19:50 - 2014-05-31 04:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2014-07-17 19:50 - 2014-05-31 04:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2014-07-17 19:50 - 2014-05-27 15:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-07-17 19:50 - 2014-05-27 09:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\System32\DaOtpCredentialProvider.dll
2014-07-17 19:50 - 2014-05-27 09:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-07-17 19:50 - 2014-05-17 04:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2014-07-17 19:50 - 2014-05-17 04:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-07-17 19:49 - 2014-05-31 06:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2014-07-14 12:09 - 2014-07-14 17:18 - 00211968 _____ () C:\Users\Morag\Documents\Alabastor pot.wps
2014-07-14 12:08 - 2014-07-14 12:08 - 00216064 _____ () C:\Users\Morag\Documents\Untitled Document.wps
2014-07-12 05:05 - 2014-06-26 20:55 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 05:05 - 2014-06-26 20:55 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 02:20 - 2014-04-14 03:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-07-09 04:51 - 2014-06-16 22:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 04:51 - 2014-06-16 22:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-09 04:51 - 2014-06-06 14:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-09 04:51 - 2014-05-30 03:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-09 04:50 - 2014-06-19 01:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-09 04:50 - 2014-06-18 23:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-09 04:50 - 2014-06-18 22:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 04:50 - 2014-05-29 12:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2014-07-09 04:50 - 2014-05-29 07:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-07-09 04:50 - 2014-05-29 06:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 04:50 - 2014-05-29 06:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2014-07-09 04:50 - 2014-05-29 05:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 04:50 - 2014-05-29 05:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-07-09 04:49 - 2014-06-19 00:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-09 04:49 - 2014-06-19 00:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 04:49 - 2014-06-19 00:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-09 04:49 - 2014-06-18 23:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-09 04:49 - 2014-06-18 23:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-09 04:49 - 2014-06-18 23:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-09 04:49 - 2014-06-18 23:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-09 04:49 - 2014-06-18 23:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-09 04:49 - 2014-06-18 23:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 04:49 - 2014-06-18 23:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-09 04:49 - 2014-06-18 23:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 04:49 - 2014-06-18 22:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 04:49 - 2014-06-18 22:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-09 04:49 - 2014-06-18 22:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 04:49 - 2014-06-18 22:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 04:49 - 2014-06-18 22:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-09 04:49 - 2014-06-18 22:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 04:49 - 2014-06-18 22:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 04:49 - 2014-06-18 22:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 04:49 - 2014-06-18 22:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-09 04:49 - 2014-06-18 22:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-09 04:49 - 2014-06-18 22:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 04:49 - 2014-06-18 22:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 04:49 - 2014-06-18 22:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 04:49 - 2014-06-06 13:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-09 04:49 - 2014-06-06 12:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 04:49 - 2014-05-31 10:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-07-09 04:49 - 2014-05-31 10:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.appcore.dll
2014-07-09 04:49 - 2014-05-31 03:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2014-07-09 04:49 - 2014-05-31 03:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 04:49 - 2014-05-31 03:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 04:49 - 2014-05-31 03:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-07-09 04:49 - 2014-05-31 03:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-07-09 04:49 - 2014-05-31 03:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 04:49 - 2014-05-31 02:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 04:49 - 2014-05-31 02:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 04:49 - 2014-05-31 02:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-07-09 04:49 - 2014-05-31 02:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\System32\twinui.appcore.dll
2014-07-09 04:49 - 2014-05-31 02:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2014-07-09 04:49 - 2014-05-31 02:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 04:49 - 2014-05-31 02:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 04:40 - 2014-07-09 04:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\WSReset.exe
2014-06-30 04:19 - 2014-06-30 04:19 - 00000000 ____D () C:\ProgramData\Sony
2014-06-27 15:40 - 2014-06-27 15:40 - 00659786 _____ () C:\Users\Morag\Documents\TRUCK BLACE.skp
2014-06-27 12:13 - 2014-06-27 12:13 - 00010240 _____ () C:\Users\Morag\Documents\Invitation.wps

==================== One Month Modified Files and Folders =======

2014-07-21 05:59 - 2014-07-20 07:51 - 00000000 ____D () C:\FRST
2014-07-21 04:52 - 2014-04-18 12:17 - 01592941 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 04:52 - 2014-04-18 11:49 - 00000000 ____D () C:\users\Morag
2014-07-21 04:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-21 04:52 - 2013-02-23 10:04 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-21 04:52 - 2013-02-23 10:03 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 04:51 - 2014-04-18 13:08 - 00000000 __RDO () C:\Users\Morag\OneDrive
2014-07-21 04:50 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 12:46 - 2014-07-20 12:46 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-07-20 12:05 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\sru
2014-07-20 12:04 - 2014-04-18 13:10 - 00003766 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63EB5B52-3F94-427E-96E5-80EDEEF37E3E}
2014-07-20 12:03 - 2013-02-23 10:03 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 12:00 - 2014-06-08 07:00 - 00000810 _____ () C:\Windows\Tasks\Security Center Update - 720143176.job
2014-07-20 12:00 - 2012-09-28 06:33 - 00000000 ____D () C:\ProgramData\MOCP
2014-07-20 11:56 - 2014-03-18 09:54 - 00010522 _____ () C:\Windows\PFRO.log
2014-07-20 11:55 - 2014-07-20 11:55 - 00003232 ____N () C:\bootsqm.dat
2014-07-19 22:33 - 2013-08-22 14:46 - 00291899 _____ () C:\Windows\setupact.log
2014-07-19 16:07 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-19 16:07 - 2012-09-28 06:01 - 00000000 ____D () C:\Program Files\Intel
2014-07-19 16:06 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 __RSD () C:\Windows\Media
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\FileManager
2014-07-19 15:54 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\Camera
2014-07-19 15:53 - 2014-03-18 09:45 - 00000000 ____D () C:\Windows\ShellNew
2014-07-19 15:53 - 2013-08-22 13:36 - 00000000 ____D () C:\Windows\servicing
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SystemResources
2014-07-19 15:52 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\Macromed
2014-07-19 15:52 - 2013-08-22 13:36 - 00000000 ____D () C:\Windows\System32\Sysprep
2014-07-19 13:36 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-07-19 08:58 - 2012-11-02 16:23 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2432231455-94151114-2206579565-1001
2014-07-17 20:37 - 2014-07-17 20:37 - 00000144 _____ () C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-07-17 20:34 - 2013-08-22 13:25 - 00524288 ___SH () C:\Windows\System32\config\BBI
2014-07-17 20:23 - 2014-07-17 20:23 - 00000451 _____ () C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-07-17 20:22 - 2013-02-09 13:16 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-17 19:56 - 2012-07-26 07:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-17 19:49 - 2014-03-18 10:13 - 00233912 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-07-17 19:47 - 2014-05-24 12:01 - 00428888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-07-14 17:18 - 2014-07-14 12:09 - 00211968 _____ () C:\Users\Morag\Documents\Alabastor pot.wps
2014-07-14 17:18 - 2014-03-15 16:34 - 00000546 _____ () C:\Users\Morag\AppData\Roaming\wklnhst.dat
2014-07-14 14:14 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-07-14 12:08 - 2014-07-14 12:08 - 00216064 _____ () C:\Users\Morag\Documents\Untitled Document.wps
2014-07-14 11:49 - 2013-08-19 07:42 - 00000000 ____D () C:\Update
2014-07-12 05:03 - 2013-08-22 14:44 - 00429424 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-11 04:43 - 2013-08-16 20:40 - 00000000 ____D () C:\Windows\System32\MRT
2014-07-11 04:43 - 2013-01-22 16:25 - 96441528 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-07-09 04:40 - 2014-07-09 04:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\WSReset.exe
2014-07-08 17:01 - 2013-12-08 23:22 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-30 04:19 - 2014-06-30 04:19 - 00000000 ____D () C:\ProgramData\Sony
2014-06-30 04:19 - 2012-09-28 06:41 - 00000000 ____D () C:\Program Files\Sony
2014-06-30 04:19 - 2012-09-28 06:11 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-06-27 15:40 - 2014-06-27 15:40 - 00659786 _____ () C:\Users\Morag\Documents\TRUCK BLACE.skp
2014-06-27 12:13 - 2014-06-27 12:13 - 00010240 _____ () C:\Users\Morag\Documents\Invitation.wps
2014-06-26 20:55 - 2014-07-12 05:05 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 20:55 - 2014-07-12 05:05 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-21 04:58 - 2013-02-23 10:03 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 04:58 - 2013-02-23 10:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3975.27 MB
Available physical RAM: 3297.8 MB
Total Pagefile: 3975.27 MB
Available Pagefile: 3302.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:566.1 GB) (Free:518.83 GB) NTFS
Drive d: (USB STICK) (Removable) (Total:14.9 GB) (Free:14.49 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 06E9C9DF)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 86CC9DD4)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2014-07-17 04:41

==================== End Of Log ============================

Link to post
Share on other sites

The best option is to run "Refresh" that option is the quickest and safest way forward. There will be sacrifices to make but a small price to pay in these circumstances.

 

Go to the following link: http://www.eightforums.com/tutorials/2293-refresh-windows-8-a.html use option one.

 

When the system is back up, missing programs will have to be re-installed. After you have the system back to normal it is beneficial to create a Custom Recovery Image as opposed to the original default image. That will ensure nothing is lost if "REFRESH" is needed again in the future....

 

Kevin...

Link to post
Share on other sites

Hi Kevin , thank you for all your help , before i do a refresh , is it worth trying these options from another thread on here :-

 

Posted 19 July 2014 - 03:16 PM

Let's do a final check up:

Step 1

Download mbar.PNGMalwarebytes Anti-Rootkit to your desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

Step 2


Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Link to post
Share on other sites

Any and all data such as you mention will be encrypted, REFESH does put them aside until the new OS is installed, that data is then put back. Those folders will have to be emptied later as there is no way to decrypt them.

 

For future it is essential to have all USB flash drives Vaccinated via software such as PandaUSB Vaccine, that stops autorun being used by malware. Also if you make a Custom Refresh Image and save to an external Hard drive or similar media all saved data etc is safe for a future refresh action....

 

Kevin

 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.