Win32.Load Money and Yandex removal advice please

**wendyseana** · 2014-04-13, 18:34

2014-03-21 04:03 - 2014-03-21 04:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-03-21 04:03 - 2014-03-21 04:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-03-21 04:03 - 2014-03-21 04:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-03-21 04:02 - 2014-03-21 04:02 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-20 04:25 - 2009-07-14 10:49 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-03-20 04:25 - 2009-07-14 07:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-03-20 04:25 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-03-20 04:25 - 2009-07-14 05:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-20 04:07 - 2009-07-14 05:05 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2014-03-20 04:02 - 2014-03-20 04:02 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-20 04:02 - 2014-03-20 04:02 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-03-20 04:02 - 2014-03-20 04:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 23:54 - 2014-03-19 23:54 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Media Player Classic
2014-03-19 18:28 - 2014-03-15 14:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-19 16:29 - 2014-03-16 00:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-19 16:29 - 2014-03-16 00:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-19 16:18 - 2014-03-16 00:29 - 00002012 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-19 16:17 - 2014-03-19 16:17 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-16 11:35 - 2014-03-16 10:58 - 00000000 ____D () C:\ProgramData\AnySend
2014-03-16 11:34 - 2014-03-16 10:58 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\AnySend
2014-03-16 11:15 - 2014-03-16 10:56 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\sweet-page
2014-03-16 11:04 - 2014-03-16 11:04 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-16 10:58 - 2014-03-16 10:31 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\DRPSu
2014-03-16 10:54 - 2014-03-16 10:55 - 01492336 _____ (Drivers For Free) C:\Users\gokarna\Downloads\DFFDriverDownloadManager.exe
2014-03-16 10:54 - 2014-03-16 10:54 - 00626056 _____ ( ) C:\Users\gokarna\Downloads\DriversForFreeSetup.exe
2014-03-16 10:36 - 2014-03-16 10:35 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Opera Software
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Opera
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Opera
2014-03-16 10:34 - 2014-03-16 10:34 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Chromium
2014-03-16 10:31 - 2014-03-16 10:31 - 00000000 ____D () C:\Program Files\DIFX
2014-03-16 10:31 - 2014-03-04 12:29 - 00017638 _____ () C:\Windows\DPINST.LOG
2014-03-16 10:29 - 2014-03-16 10:27 - 06782358 _____ (Kuzyakov Artur) C:\Users\gokarna\Downloads\2694_LAN_Win7-64_Win7_7006_.exe
2014-03-16 00:36 - 2014-03-16 00:36 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Macromedia
2014-03-16 00:29 - 2014-03-16 00:29 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-16 00:29 - 2014-03-16 00:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-16 00:24 - 2014-03-16 00:24 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-16 00:24 - 2014-03-15 15:22 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-15 21:41 - 2014-03-15 20:40 - 00000000 ____D () C:\Users\gokarna\Documents\Sexy Stockings and Smoking Girls_files
2014-03-15 21:25 - 2014-03-15 21:25 - 01069920 _____ (Solid State Networks) C:\Users\gokarna\Downloads\install_reader11_en_mssa_aaa_aih(1).exe
2014-03-15 20:40 - 2014-03-15 20:40 - 00101217 _____ () C:\Users\gokarna\Documents\Sexy Stockings and Smoking Girls.htm
2014-03-15 18:38 - 2014-03-08 11:09 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Microsoft Games
2014-03-15 15:38 - 2014-03-15 15:38 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-03-15 15:27 - 2009-07-14 05:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140328-215512.backup
2014-03-15 15:23 - 2014-03-15 15:23 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Apple Computer
2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\Program Files\iTunes
2014-03-15 15:22 - 2014-03-15 15:22 - 00000000 ____D () C:\Program Files\iPod
2014-03-15 15:22 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Users\gokarna\AppData\Local\Apple
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\ProgramData\Apple
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-15 15:02 - 2014-03-15 15:02 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-03-15 14:39 - 2014-03-15 14:34 - 137699152 _____ (Apple Inc.) C:\Users\gokarna\Downloads\iTunesSetup.exe
2014-03-15 14:33 - 2014-03-15 14:33 - 00559280 _____ (Safer-Networking Ltd. ) C:\Users\gokarna\Downloads\spybot2-license(1).exe
2014-03-15 14:33 - 2014-03-15 14:06 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-15 14:08 - 2014-03-15 14:08 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-15 14:04 - 2014-03-15 14:04 - 00559280 _____ (Safer-Networking Ltd. ) C:\Users\gokarna\Downloads\spybot2-license.exe
2014-03-15 12:33 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-15 10:37 - 2014-03-04 12:19 - 00109280 _____ () C:\Users\gokarna\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-15 08:33 - 2014-03-15 08:31 - 00003885 _____ () C:\Windows\IE9_main.log
2014-03-13 09:00 - 2014-03-04 12:55 - 00000000 ____D () C:\Program Files\Beetel Connection Manager

Some content of TEMP:
====================
C:\Users\gokarna\AppData\Local\Temp\ose00000.exe
C:\Users\gokarna\AppData\Local\Temp\Quarantine.exe
C:\Users\gokarna\AppData\Local\Temp\_is76F.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 08:51

==================== End Of Log ============================

Hoping this reveals my Winload Money and Yandex problems

Now moving on to safe mode JRT operation

Thread: Win32.Load Money and Yandex removal advice please

Thread Tools

Display

Threaded View

Fixlist.txt log 6th installment

Posting Permissions