Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I was hit by unidentified ransomeware, not sure. Need to decrypt files.


  • This topic is locked This topic is locked
56 replies to this topic

#1 manfredmanfrog

manfredmanfrog

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 13 June 2013 - 02:14 PM

Hi,

 

A few days ago, I was working when I noticed my work drive was getting very slow. Thinking the drive was dying, I began backing all of the files up to my backup drive. This took forever (overnight). When it had finished, and I restarted the machine, most of the files on my work drive and all of the files on my backup drive were unreadable. The filenames and sizes are all the same, but they will not open. Infected text files open as gibberish or chinese characters.

 

I ran AVG and it identified several of the files as: "Virus identified - Exploit.RAR" and quarantined them.

 

Malwarebytes didn't find anything.

 

After some googling, I began to think I had been infected with some kind of ransomeware, even though no "Ransom note" had appeared. I tried three decryption tools from Kaspersky. XoristDecryptor, and RannohDecryptor found nothing and did nothing. RectorDecryptor did nothing, but the logfile identified all of the files as "known suspicious files" and then had the description: "Unknown Trojan-Ransom.Win32.Rector modification" at the end. I tried a few more things (DrWeb Cure-it, I think and some others) realized I was flailing, and then came here.

 

So If possible, I'd like to find out what happened and, more importantly, decrypt my files. Can you help?

 

here is my dds log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.21.2
Run by User at 14:34:07 on 2013-06-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12278.9826 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [AdobeBridge] <no file>
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABVAFMAUgAtAE4AQQBFADIAQQAtAFIAMwBXAEoANgAtAE4ATAAzAEQAQQAtAEMAQwBFAEUARQAtAEoAQgBaAE4ARgA"&"inst=NwA2AC0ANQAwADkAOAA5ADIANAA2ADYALQBVADkAMAArADEALQBUAFAAKwAxAC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwA0ADQAMAA3ADIALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUAA5ADAATQAxADIAQwArADEALQBVADkANQArADEALQBUAEIAKwAxAA"&"prod=51"&"ver=9.0.894
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{698E52EE-5977-44DB-8155-2D5128DC473E} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-10 55280]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-4-20 20968]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2009-11-5 145448]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-9-17 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-9-17 292128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2010-1-22 6245744]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-4 346144]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2009-9-17 58792]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 L6PODX3LV;POD X3 Live Service;C:\Windows\System32\drivers\L6PODX3LV64.sys [2010-4-2 894592]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-16 59392]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-22 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-11 1255736]
.
=============== Created Last 30 ================
.
2013-06-13 15:44:32    --------    d-----w-    C:\Users\User\Doctor Web
2013-06-13 00:08:19    236824    ----a-w-    C:\te215decrypt.exe
2013-06-12 23:56:13    379160    ----a-w-    C:\te102decrypt.exe
2013-06-12 23:37:55    272152    ----a-w-    C:\te94decrypt.exe
2013-06-11 22:12:33    --------    d-----w-    C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-06-11 22:12:28    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-06-11 22:12:28    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-06-11 18:38:49    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2013-06-11 18:38:49    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2013-06-11 02:53:07    --------    d-----w-    C:\Program Files (x86)\Repair File
2013-06-10 23:14:02    --------    d-----w-    C:\Users\User\AppData\Local\Programs
2013-05-16 13:37:25    --------    d-----w-    C:\Users\User\AppData\Roaming\Wings3D
2013-05-15 23:42:43    --------    d-----w-    C:\Program Files (x86)\wings3d_1.5.0.2013-05-10---17-35.mlab
.
==================== Find3M  ====================
.
2013-06-11 20:00:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:00:20    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 18:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-04 09:35:05    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-29 06:53:48    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-25 23:34:48    861088    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-03-25 23:34:48    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-21 07:08:24    240952    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 14:34:14.56 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 AM

Posted 18 June 2013 - 02:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/497966 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 manfredmanfrog

manfredmanfrog
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 18 June 2013 - 02:40 PM

HI, I still need help with this, if you can. I need help with determining what happened to my computer, whether it was malware, or some other event that encrypted/corrupted my files, and whether or not my files are recoverable.

 

Here is a new dds log:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.21.2
Run by User at 15:33:29 on 2013-06-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12278.8438 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\LogonUI.exe
E:\ProgramsE\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [AdobeBridge] <no file>
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABVAFMAUgAtAE4AQQBFADIAQQAtAFIAMwBXAEoANgAtAE4ATAAzAEQAQQAtAEMAQwBFAEUARQAtAEoAQgBaAE4ARgA"&"inst=NwA2AC0ANQAwADkAOAA5ADIANAA2ADYALQBVADkAMAArADEALQBUAFAAKwAxAC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwA0ADQAMAA3ADIALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUAA5ADAATQAxADIAQwArADEALQBVADkANQArADEALQBUAEIAKwAxAA"&"prod=51"&"ver=9.0.894
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{698E52EE-5977-44DB-8155-2D5128DC473E} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-10 55280]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-4-20 20968]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2009-11-5 145448]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-9-17 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-9-17 292128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2010-1-22 6245744]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-4 346144]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2009-9-17 58792]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 L6PODX3LV;POD X3 Live Service;C:\Windows\System32\drivers\L6PODX3LV64.sys [2010-4-2 894592]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-16 59392]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-22 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-11 1255736]
.
=============== Created Last 30 ================
.
2013-06-14 15:44:10    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-06-14 15:44:10    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-13 15:44:32    --------    d-----w-    C:\Users\User\Doctor Web
2013-06-13 00:08:19    236824    ----a-w-    C:\te215decrypt.exe
2013-06-12 23:56:13    379160    ----a-w-    C:\te102decrypt.exe
2013-06-12 23:37:55    272152    ----a-w-    C:\te94decrypt.exe
2013-06-11 22:12:33    --------    d-----w-    C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-06-11 22:12:28    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-06-11 22:12:28    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-06-11 18:38:49    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2013-06-11 18:38:49    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2013-06-11 02:53:07    --------    d-----w-    C:\Program Files (x86)\Repair File
2013-06-10 23:14:02    --------    d-----w-    C:\Users\User\AppData\Local\Programs
.
==================== Find3M  ====================
.
2013-06-11 20:00:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 20:00:20    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 09:35:05    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-29 06:53:48    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-25 23:34:48    861088    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-03-25 23:34:48    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-21 07:08:24    240952    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 15:33:50.75 ===============
 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:10 PM

Posted 19 June 2013 - 06:37 PM

Greetings manfredmanfrog and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

We are not always successful in decrypting files and since you have already tried several programs without success that makes your situation difficult. But we will give it our best shot.

Please do this.

===================================================

Running decrypt_mblblock.exe

--------------------

Running decrypt_mdblock.exe with one hard drive and one partition
  • Please download decrypt_mblblock.exe and save it to your desktop.
  • For Windows 8, 7, Vista, right click on the icon and selet Run as Administrator. For Windows XP double click the icon
  • The program will decrypt identified files while leaving the encrypted files on your computer
  • Once the program has finished running, check to see if you can open the decrypted files
  • Once you have verified the files are now accessible you may delete the encrypted copies if you would like
Running decrypt_mdblock.exe with more than one hard drive or partition
  • Please download decrypt_mblblock.exe and save it to your desktop
  • Right click on the icon and select Properties
  • Copy down the information contained in Location. You will use this information when you get to the command prompt
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type cmd and press Enter
  • At the command prompt type the following and press Enter

cd /d **Location path information** (i.e. cd /d C:\Users\Gary\Desktop)

  • Run the decryption tool with a list of all your drives you want the tool to scan. For example, if you have a C:, D: and E: drive you would type the following then press Enter

decrypt_mblblock.exe C:\ D:\ E:\

  • Allow the program to run unhindered
  • Once the program has finished running, check to see if you can open the decrypted files
  • Once you have verified the files are now accessible you may delete the encrypted copies if you would like
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are your files decrypted?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 manfredmanfrog

manfredmanfrog
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 19 June 2013 - 07:52 PM

Hi Gary,

 

I'm John. Thanks for helping me! I tried to run the decrypt_mblock.exe from the command line as instructed, with the decrypt_mblblock.exe D:\ command, because the encryted files are on the D drive, but it popped up a gui with C:\ D:\ and E:\ in a window labeled decrypter. Is this what is supposed to happen? Should I run it from the gui?

 

Also, I'm concerned that if it decrypts my files an puts them alongside the encrypted files, I will run out of space on that drive. It is about 80 percent full. Please advise.

 

Thanks!

 

John



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:10 PM

Posted 20 June 2013 - 11:18 AM

Hi John, nice to meet you.

Do you think you have more that 20 GB of information which has been encrypted?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 manfredmanfrog

manfredmanfrog
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 20 June 2013 - 11:28 AM

Hi Gary,

 

Yeah, Unfortunately at least half of the files on the drive are affected. Maybe 450 GB or so.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:10 PM

Posted 20 June 2013 - 11:37 AM

OK, let me think about it a bit. The author just updated the tool and made it much easier to use, including the GUI. You might have been the first to see it!

I will post back as soon as I figure out a workaround.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:10 PM

Posted 20 June 2013 - 11:43 AM

Well that didn't take long, I just needed to take a peek at the new GUI.

Before we try to tackle the entirety of the problem let's test something to see if the decryption tool is even going to help us. You have several drives on your computer. Can you tell me which drive DOES NOT have any of the encrypted files located on it?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 manfredmanfrog

manfredmanfrog
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 20 June 2013 - 12:02 PM

I'm pretty sure nothing on the C or E drives (which are both partitions of the same physical drive) are ok.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:10 PM

Posted 20 June 2013 - 12:12 PM

OK, please do this. These are new instructions tailored for your situation.


===================================================

Running decrypt_harasom.exe

--------------------
  • Please copy and paste 10 encrytped files onto your E: drive. If possible, get a variety of file types (even though they are now encrypted)
  • Download decrypt_harasom.exe and save it to your desktop.
  • For Windows 8, 7, Vista, right click on the icon and selet Run as Administrator. For Windows XP double click the icon
  • You will be presented with the screen below:

EmsisoftDecrypter.jpg

  • Highlight every drive letter except E: and select Remove Folder
  • Click Decrypt and allow the program to run without interruption
  • Once the program has finished running check to see if you are able to open any or all of those files
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 manfredmanfrog

manfredmanfrog
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 20 June 2013 - 12:25 PM

OK, I did that, but no joy. After it ran, (it went very quickly) the files still would not open. The log is pasted below.

 

 

Looking for active infection ...
No active infection was found!

Scanning 1 folder(s):
  E:\

Finished!
 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:10 PM

Posted 20 June 2013 - 12:29 PM

OK, please run this program. I would also like you to upload one of the encrypted files here.

EDIT: Please attempt to locate and attach the file similar to this:

C:\RectorDecryptor.2.3.7.0_10.02.2011_15.31.43_log.txt.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Were you able to upload the file?
  • FRST log
  • Addition log

Edited by Oh My, 20 June 2013 - 12:58 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 manfredmanfrog

manfredmanfrog
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 20 June 2013 - 12:57 PM

The file is uploaded.

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2013 01
Ran by User (administrator) on 20-06-2013 13:41:08
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\Winamp\winampa.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Adobe Systems, Incorporated) E:\ProgramsE\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
(Adobe Systems Incorporated) E:\ProgramsE\Adobe After Effects CS5\Support Files\AfterFX.exe
(Adobe Systems Incorporated ) C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS5\dynamiclinkmanager.exe
() E:\ProgramsE\Adobe After Effects CS5\Support Files\32\Adobe QT32 Server.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2011-10-10] (Adobe Systems Incorporated)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABVAFMAUgAtAE4AQQBFADIAQQAtAFIAMwBXAEoANgAtAE4ATAAzAEQAQQAtAEMAQwBFAEUARQAtAEoAQgBaAE4ARgA"&"inst=NwA2AC0ANQAwADkAOAA5ADIANAA2ADYALQBVADkAMAArADEALQBUAFAAKwAxAC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwA0ADQAMAA3ADIALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUAA5ADAATQAxADIAQwArADEALQBVADkANQArADEALQBUAEIAKwAxAA"&"prod=51"&"ver=9.0.894 [x]
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1840424 2008-06-24] (Nero AG)
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2387968 2009-02-25] (Hewlett-Packard Company)
HKCU\...\Run: [AdobeBridge]  [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [ROC_ROC_APR2013_AV] C:\Users\User\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 866a21963dd9447d3418edc994687c80-d7a4abd22d56847a305caa90615666e31972a04e --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 [x]
HKCU\...\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun [202328 2012-12-07] (Kaspersky Lab ZAO)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABVAFMAUgAtAE4AQQBFADIAQQAtAFIAMwBXAEoANgAtAE4ATAAzAEQAQQAtAEMAQwBFAEUARQAtAEoAQgBaAE4ARgA"&"inst=NwA2AC0ANQAwADkAOAA5ADIANAA2ADYALQBVADkAMAArADEALQBUAFAAKwAxAC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwA0ADQAMAA3ADIALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUAA5ADAATQAxADIAQwArADEALQBVADkANQArADEALQBUAEIAKwAxAA"&"prod=51"&"ver=9.0.894 [x]
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [37888 2009-07-01] ()
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKCU - {AA6827FB-7DE2-418E-AFAE-8951B76148FD} URL = http://search.avg.com/route/?d=4af22620&v=6.103.18.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.11.3088 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.11.3006 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Extension: FEBE - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Firefox Throttle - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\Extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
FF Extension: Bitdefender QuickScan - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4okjvyx2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] ()
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2009-11-06] (NVIDIA)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [369952 2009-09-17] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1246496 2009-09-17] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2009-09-17] (SafeNet, Inc.)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [6245744 2010-03-08] (Wacom Technology, Corp.)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R2 cpuz133; C:\Windows\system32\drivers\cpuz133_x64.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
S3 L6PODX3LV; C:\Windows\System32\Drivers\L6PODX3LV64.sys [894592 2010-04-02] (Line 6)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-10-10] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
S3 GPU-Z; \??\C:\Users\User\AppData\Local\Temp\GPU-Z.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-20 13:40 - 2013-06-20 13:40 - 00000000 ____D C:\FRST
2013-06-20 13:38 - 2013-06-20 13:39 - 01929538 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-06-20 13:20 - 2013-06-20 13:20 - 00752200 ____A (Emsisoft GmbH) C:\Users\User\Desktop\decrypt_harasom.exe
2013-06-19 20:36 - 2013-06-19 20:36 - 00751176 ____A (Emsisoft GmbH) C:\Users\User\Desktop\decrypt_mblblock.exe
2013-06-19 14:08 - 2013-06-19 14:08 - 01177611 ____A C:\Users\User\Desktop\new  6.txt
2013-06-19 14:07 - 2013-06-19 14:07 - 03918358 ____A C:\Users\User\Desktop\new  2.txt
2013-06-18 07:44 - 2013-06-18 07:44 - 00007334 ____A C:\Users\User\Desktop\New OpenDocument Text (2).odt
2013-06-18 07:43 - 2013-06-18 07:43 - 00000000 ____A C:\Users\User\Desktop\New Text Document.txt
2013-06-14 11:44 - 2013-06-14 11:44 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-14 11:44 - 2013-06-14 11:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-14 11:44 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-14 11:43 - 2013-06-14 11:43 - 10284816 ____A (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-setup.exe
2013-06-14 10:12 - 2013-06-14 10:12 - 00151040 ____A C:\Users\User\Downloads\hexedit.exe
2013-06-14 08:11 - 2012-07-25 12:34 - 00787108 ____A C:\Users\User\Desktop\Complex4-shot-26-27proteins.lws
2013-06-13 20:39 - 2013-06-13 20:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2013-06-13 20:39 - 2013-06-13 20:39 - 00001051 ____A C:\Users\User\Desktop\Notepad++.lnk
2013-06-13 20:39 - 2013-06-13 20:39 - 00001051 ____A C:\Users\UpdatusUser\Desktop\Notepad++.lnk
2013-06-13 20:39 - 2013-06-13 20:39 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-06-13 14:28 - 2013-06-18 15:33 - 00014820 ____A C:\Users\User\Desktop\dds.txt
2013-06-13 14:28 - 2013-06-18 15:33 - 00008318 ____A C:\Users\User\Desktop\attach.txt
2013-06-13 14:26 - 2013-06-13 14:26 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2013-06-13 11:44 - 2013-06-13 11:44 - 00000000 ____D C:\Users\User\Doctor Web
2013-06-13 11:33 - 2013-06-13 11:39 - 121939584 ____A C:\Users\User\Downloads\cureit.exe
2013-06-12 20:08 - 2013-06-12 20:07 - 00236824 ____A (Doctor Web, Ltd.) C:\te215decrypt.exe
2013-06-12 19:56 - 2013-06-12 13:34 - 00379160 ____A (Doctor Web, Ltd.) C:\te102decrypt.exe
2013-06-12 19:37 - 2013-06-12 13:22 - 00272152 ____A (Doctor Web, Ltd.) C:\te94decrypt.exe
2013-06-12 16:03 - 2013-06-12 16:03 - 00605280 ____A (Kaspersky Lab ZAO) C:\Users\User\Downloads\xoristdecryptor.exe
2013-06-12 14:15 - 2013-06-12 14:15 - 00701060 ____A C:\Users\User\Desktop\comparison_files.zip
2013-06-12 14:13 - 2013-06-12 14:14 - 00000000 ____D C:\Users\User\Desktop\comparison_files
2013-06-12 10:18 - 2013-06-12 10:19 - 00000000 ____D C:\Users\User\Desktop\New folder
2013-06-12 10:15 - 2013-06-12 10:19 - 00003020 ____A C:\Users\User\Desktop\Rkill.txt
2013-06-12 10:15 - 2013-06-12 10:15 - 00000000 ____D C:\Users\User\Desktop\rkill
2013-06-11 20:07 - 2013-06-11 20:07 - 00447072 ____A (Kaspersky Lab ZAO) C:\Users\User\Downloads\rannohdecryptor.exe
2013-06-11 20:04 - 2013-06-11 20:04 - 00523872 ____A (Kaspersky Lab ZAO) C:\Users\User\Downloads\rectordecryptor.exe
2013-06-11 18:12 - 2013-06-11 18:12 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-11 18:12 - 2013-06-11 18:12 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-06-11 18:12 - 2013-06-11 18:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-11 18:12 - 2013-06-11 18:12 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-11 18:10 - 2013-06-11 18:11 - 26116264 ____A (SUPERAntiSpyware.com) C:\Users\User\Downloads\SAS_888E6.EXE
2013-06-11 14:39 - 2013-06-11 14:38 - 00001077 ____A C:\Users\User\Desktop\Kaspersky Security Scan.lnk
2013-06-11 14:38 - 2013-06-12 12:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-11 14:38 - 2013-06-11 14:38 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-06-11 14:33 - 2013-06-11 14:33 - 00180000 ____A (Kaspersky Lab) C:\Users\User\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2013-06-10 22:53 - 2013-06-10 22:53 - 00001195 ____A C:\Users\User\Desktop\File Repair.lnk
2013-06-10 22:53 - 2013-06-10 22:53 - 00000000 ____D C:\Program Files (x86)\Repair File
2013-06-10 22:52 - 2013-06-10 22:52 - 01319328 ____A (File Repair                                                 ) C:\Users\User\Downloads\file-repair-setup.exe
2013-06-10 14:50 - 2013-06-10 14:50 - 00310712 ____A C:\Users\User\Downloads\pear_images.zip
2013-06-10 14:50 - 2013-06-10 14:50 - 00046484 ____A C:\Users\User\Downloads\Pear.pst
2013-06-10 09:39 - 2013-06-10 09:42 - 00000840 ____A C:\Users\User\Desktop\2524_Modeler.lnk
2013-06-10 09:39 - 2013-06-10 09:41 - 00000837 ____A C:\Users\User\Desktop\2524-Layout.lnk
2013-06-09 12:26 - 2013-06-09 12:26 - 00262144 ____N C:\Windows\Minidump\060913-91463-01.dmp
2013-06-09 12:26 - 2013-06-09 12:26 - 00000000 ____D C:\Windows\Minidump
2013-06-09 11:23 - 2013-06-09 11:23 - 00642632 ____A (EFD Software                                                ) C:\Users\User\Downloads\hdtune_255.exe
2013-06-06 18:44 - 2013-06-06 18:44 - 00001104 ____A C:\Users\User\Desktop\LightWave Modeler.lnk
2013-06-06 18:44 - 2013-06-06 18:44 - 00001097 ____A C:\Users\User\Desktop\LightWave Layout.lnk
2013-06-06 18:11 - 2013-06-06 18:16 - 00000000 ____D C:\Users\User\Downloads\Lightwave_11_5_1_Win_32
2013-06-05 12:41 - 2013-06-05 12:41 - 00003910 ____A C:\Users\User\Downloads\PolySubDivide_lw8.zip
2013-06-04 09:44 - 2013-06-04 09:44 - 00000000 ____D C:\Users\User\Desktop\configsJL
2013-05-31 10:31 - 2013-05-31 10:31 - 09607467 ____A C:\Users\User\Downloads\Mobius_Net.zip
2013-05-31 10:28 - 2013-05-31 10:28 - 06998089 ____A C:\Users\User\Downloads\3D_Voronoi_Yoda_-_by_Dizingof_3dprinting.zip
2013-05-28 15:12 - 2013-05-28 15:12 - 00000000 ____D C:\Users\User\Downloads\TraceLine0_2_2
2013-05-23 21:04 - 2013-05-23 21:04 - 00104778 ____A C:\Users\User\Documents\test-deleteme.odp
2013-05-23 14:09 - 2013-05-23 14:09 - 05166398 ____A C:\Users\User\Downloads\k3dsurf-062.exe
2013-05-23 13:45 - 2013-05-23 13:45 - 00000000 ____D C:\Users\User\Downloads\wings3d_voronoi_sauermann
2013-05-23 13:45 - 2013-05-23 13:45 - 00000000 ____D C:\Users\User\Downloads\SmartSSAO_example
2013-05-22 10:00 - 2013-05-22 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-06-20 13:40 - 2013-06-20 13:40 - 00000000 ____D C:\FRST
2013-06-20 13:39 - 2013-06-20 13:38 - 01929538 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-06-20 13:22 - 2009-11-05 15:16 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2013-06-20 13:20 - 2013-06-20 13:20 - 00752200 ____A (Emsisoft GmbH) C:\Users\User\Desktop\decrypt_harasom.exe
2013-06-20 13:10 - 2010-05-14 11:54 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 13:00 - 2012-04-20 15:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-20 09:52 - 2011-11-08 13:51 - 00000000 ____D C:\ProgramData\MFAData
2013-06-20 08:58 - 2009-07-14 00:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 08:58 - 2009-07-14 00:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 08:50 - 2010-12-12 21:07 - 00000000 ____D C:\Users\User\AppData\Roaming\WTablet
2013-06-20 08:50 - 2010-05-14 11:54 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 08:50 - 2009-10-30 12:25 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-20 08:50 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 08:50 - 2009-07-14 00:51 - 00108710 ____A C:\Windows\setupact.log
2013-06-19 22:43 - 2009-10-30 12:13 - 01731888 ____A C:\Windows\WindowsUpdate.log
2013-06-19 20:36 - 2013-06-19 20:36 - 00751176 ____A (Emsisoft GmbH) C:\Users\User\Desktop\decrypt_mblblock.exe
2013-06-19 14:08 - 2013-06-19 14:08 - 01177611 ____A C:\Users\User\Desktop\new  6.txt
2013-06-19 14:07 - 2013-06-19 14:07 - 03918358 ____A C:\Users\User\Desktop\new  2.txt
2013-06-19 10:34 - 2012-02-29 16:29 - 00001456 ____A C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-06-19 07:00 - 2010-02-10 16:20 - 00000426 ____A C:\Windows\BRWMARK.INI
2013-06-18 15:33 - 2013-06-13 14:28 - 00014820 ____A C:\Users\User\Desktop\dds.txt
2013-06-18 15:33 - 2013-06-13 14:28 - 00008318 ____A C:\Users\User\Desktop\attach.txt
2013-06-18 07:44 - 2013-06-18 07:44 - 00007334 ____A C:\Users\User\Desktop\New OpenDocument Text (2).odt
2013-06-18 07:43 - 2013-06-18 07:43 - 00000000 ____A C:\Users\User\Desktop\New Text Document.txt
2013-06-14 11:44 - 2013-06-14 11:44 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-14 11:44 - 2013-06-14 11:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-14 11:43 - 2013-06-14 11:43 - 10284816 ____A (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-setup.exe
2013-06-14 10:12 - 2013-06-14 10:12 - 00151040 ____A C:\Users\User\Downloads\hexedit.exe
2013-06-13 20:41 - 2013-06-13 20:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2013-06-13 20:39 - 2013-06-13 20:39 - 00001051 ____A C:\Users\User\Desktop\Notepad++.lnk
2013-06-13 20:39 - 2013-06-13 20:39 - 00001051 ____A C:\Users\UpdatusUser\Desktop\Notepad++.lnk
2013-06-13 20:39 - 2013-06-13 20:39 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-06-13 18:07 - 2010-02-05 12:45 - 00048640 ____A C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-13 14:26 - 2013-06-13 14:26 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds.com
2013-06-13 12:51 - 2009-10-30 12:27 - 00120380 ____A C:\Windows\PFRO.log
2013-06-13 11:44 - 2013-06-13 11:44 - 00000000 ____D C:\Users\User\Doctor Web
2013-06-13 11:39 - 2013-06-13 11:33 - 121939584 ____A C:\Users\User\Downloads\cureit.exe
2013-06-12 20:07 - 2013-06-12 20:08 - 00236824 ____A (Doctor Web, Ltd.) C:\te215decrypt.exe
2013-06-12 19:59 - 2009-11-30 19:56 - 00000000 ____D C:\Users\User\dwhelper
2013-06-12 16:03 - 2013-06-12 16:03 - 00605280 ____A (Kaspersky Lab ZAO) C:\Users\User\Downloads\xoristdecryptor.exe
2013-06-12 14:15 - 2013-06-12 14:15 - 00701060 ____A C:\Users\User\Desktop\comparison_files.zip
2013-06-12 14:14 - 2013-06-12 14:13 - 00000000 ____D C:\Users\User\Desktop\comparison_files
2013-06-12 13:34 - 2013-06-12 19:56 - 00379160 ____A (Doctor Web, Ltd.) C:\te102decrypt.exe
2013-06-12 13:22 - 2013-06-12 19:37 - 00272152 ____A (Doctor Web, Ltd.) C:\te94decrypt.exe
2013-06-12 12:13 - 2013-06-11 14:38 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-12 10:19 - 2013-06-12 10:18 - 00000000 ____D C:\Users\User\Desktop\New folder
2013-06-12 10:19 - 2013-06-12 10:15 - 00003020 ____A C:\Users\User\Desktop\Rkill.txt
2013-06-12 10:15 - 2013-06-12 10:15 - 00000000 ____D C:\Users\User\Desktop\rkill
2013-06-11 20:07 - 2013-06-11 20:07 - 00447072 ____A (Kaspersky Lab ZAO) C:\Users\User\Downloads\rannohdecryptor.exe
2013-06-11 20:04 - 2013-06-11 20:04 - 00523872 ____A (Kaspersky Lab ZAO) C:\Users\User\Downloads\rectordecryptor.exe
2013-06-11 18:12 - 2013-06-11 18:12 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-11 18:12 - 2013-06-11 18:12 - 00000000 ____D C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2013-06-11 18:12 - 2013-06-11 18:12 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-11 18:12 - 2013-06-11 18:12 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-11 18:11 - 2013-06-11 18:10 - 26116264 ____A (SUPERAntiSpyware.com) C:\Users\User\Downloads\SAS_888E6.EXE
2013-06-11 16:00 - 2012-04-20 15:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 16:00 - 2011-10-17 11:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 14:38 - 2013-06-11 14:39 - 00001077 ____A C:\Users\User\Desktop\Kaspersky Security Scan.lnk
2013-06-11 14:38 - 2013-06-11 14:38 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-06-11 14:33 - 2013-06-11 14:33 - 00180000 ____A (Kaspersky Lab) C:\Users\User\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2013-06-11 09:02 - 2009-07-14 01:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-10 22:53 - 2013-06-10 22:53 - 00001195 ____A C:\Users\User\Desktop\File Repair.lnk
2013-06-10 22:53 - 2013-06-10 22:53 - 00000000 ____D C:\Program Files (x86)\Repair File
2013-06-10 22:52 - 2013-06-10 22:52 - 01319328 ____A (File Repair                                                 ) C:\Users\User\Downloads\file-repair-setup.exe
2013-06-10 14:50 - 2013-06-10 14:50 - 00310712 ____A C:\Users\User\Downloads\pear_images.zip
2013-06-10 14:50 - 2013-06-10 14:50 - 00046484 ____A C:\Users\User\Downloads\Pear.pst
2013-06-10 09:42 - 2013-06-10 09:39 - 00000840 ____A C:\Users\User\Desktop\2524_Modeler.lnk
2013-06-10 09:42 - 2012-04-24 12:25 - 00000000 ____D C:\Users\User\Desktop\Shortcuts
2013-06-10 09:41 - 2013-06-10 09:39 - 00000837 ____A C:\Users\User\Desktop\2524-Layout.lnk
2013-06-10 08:52 - 2012-09-26 21:17 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-09 12:26 - 2013-06-09 12:26 - 00262144 ____N C:\Windows\Minidump\060913-91463-01.dmp
2013-06-09 12:26 - 2013-06-09 12:26 - 00000000 ____D C:\Windows\Minidump
2013-06-09 11:23 - 2013-06-09 11:23 - 00642632 ____A (EFD Software                                                ) C:\Users\User\Downloads\hdtune_255.exe
2013-06-09 10:58 - 2012-04-27 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-07 11:02 - 2010-01-14 11:59 - 00000000 ____D C:\Users\User\Documents\3D-CoatV3
2013-06-06 19:29 - 2011-09-29 20:25 - 00000000 ____D C:\Users\User\Downloads\LWbeta
2013-06-06 19:26 - 2010-10-12 19:08 - 00000418 ____A C:\Users\User\AppData\Roaming\smclient.xml
2013-06-06 18:44 - 2013-06-06 18:44 - 00001104 ____A C:\Users\User\Desktop\LightWave Modeler.lnk
2013-06-06 18:44 - 2013-06-06 18:44 - 00001097 ____A C:\Users\User\Desktop\LightWave Layout.lnk
2013-06-06 18:16 - 2013-06-06 18:11 - 00000000 ____D C:\Users\User\Downloads\Lightwave_11_5_1_Win_32
2013-06-05 12:41 - 2013-06-05 12:41 - 00003910 ____A C:\Users\User\Downloads\PolySubDivide_lw8.zip
2013-06-04 09:44 - 2013-06-04 09:44 - 00000000 ____D C:\Users\User\Desktop\configsJL
2013-05-31 10:31 - 2013-05-31 10:31 - 09607467 ____A C:\Users\User\Downloads\Mobius_Net.zip
2013-05-31 10:28 - 2013-05-31 10:28 - 06998089 ____A C:\Users\User\Downloads\3D_Voronoi_Yoda_-_by_Dizingof_3dprinting.zip
2013-05-28 15:12 - 2013-05-28 15:12 - 00000000 ____D C:\Users\User\Downloads\TraceLine0_2_2
2013-05-23 21:04 - 2013-05-23 21:04 - 00104778 ____A C:\Users\User\Documents\test-deleteme.odp
2013-05-23 14:09 - 2013-05-23 14:09 - 05166398 ____A C:\Users\User\Downloads\k3dsurf-062.exe
2013-05-23 13:45 - 2013-05-23 13:45 - 00000000 ____D C:\Users\User\Downloads\wings3d_voronoi_sauermann
2013-05-23 13:45 - 2013-05-23 13:45 - 00000000 ____D C:\Users\User\Downloads\SmartSSAO_example
2013-05-22 10:00 - 2013-05-22 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 09:06 - 2013-05-20 19:56 - 00033072 ____A C:\Users\User\Desktop\HLW_AnimationNotes_ver2.odt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 08:52

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2013 01
Ran by User at 2013-06-20 13:41:36 Run:
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
ACDSee Photo Manager 2009 (Version: 11.0.113)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 5 Production Premium (Version: 5.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Media Player (Version: 1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
AJA Kona Software Codec (Version: 1.00.0000)
Apple Application Support (Version: 1.4.1)
ASUSUpdate
Audacity 1.3.12 (Unicode)
Auto Gordian Knot 2.55 (Version: 2.55)
AVG 2013 (Version: 13.0.3199)
AVG 2013 (Version: 13.0.3345)
AVG 2013 (Version: 2013.0.3345)
AviSynth 2.5
Brother MFL-Pro Suite MFC-7440N (Version: 1.0.1.0)
CDBurnerXP (Version: 4.2.7.1893)
Celtx (2.9.7) (Version: 2.9.7 (en-US))
Core FTP LE 2.1
CPUID CPU-Z 1.54
DVDFab 8.0.6.1 (18/12/2010)
Exact Audio Copy 0.99pb5 (Version: 0.99pb5)
ffdshow [rev 1324] [2007-07-01] (Version: 1.0)
FFmpeg for Audacity on Windows
File Repair
Foxit Reader (Version: 3.1.4.1125)
Freez FLV to MP3 Converter (Version: 1.5)
Garmin Communicator Plugin (Version: 2.9.2)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.4.2)
Google Earth (Version: 7.0.3.8542)
Google SketchUp 7 (Version: 2.1.6860)
Google Update Helper (Version: 1.3.21.145)
GoToMeeting 4.5.0.457
Guitar Pro 5.2
HandBrake 0.9.5 (Version: 0.9.5)
HFSExplorer 0.21 (Version: 0.21)
Ingram Media Manager (Version: 1.0.6.2438)
IZArc 4.1 (Version: 4.1)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 34 (Version: 6.0.340)
Kaspersky Security Scan (Version: 12.0.1.340)
K-Lite Codec Pack (64-bit) v3.1.1 (Version: 3.1.1)
LAME v3.98.2 for Audacity
LightScribe System Software (Version: 1.18.2.1)
LightWave 10.0 64-bit (Version: 10.0)
LightWave 10.1 (Version: 10.1)
LightWave 10.1 64-bit 64-bit (Version: 10.1)
LightWave 11.0 (Version: 11.0)
LightWave 11.0 64-bit (Version: 11.0)
LightWave 11.5 (Version: 11.5)
LightWave 11.5 64-bit (Version: 11.5)
LightWave 11.5.1 (Version: 11.5.1)
LightWave 11.5.1 64-bit (Version: 11.5.1)
LightWave CORE Q4R2 Win64 64-bit (Version: Q4R2)
Line 6 Uninstaller (Version: )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MeshLab_64b 1.3.2 (Version: 1.3.2)
messiahStudio5_64Bit (Version: 5.0.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Monkey's Audio
MozBackup 1.4.10
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird (3.1.2) (Version: 3.1.2 (en-US))
Mp3tag v2.45a (Version: v2.45a)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Neat Video v3.3.0 Pro plug-in for After Effects (64-bit)
Nero 8 Essentials (Version: 8.3.536)
neroxml (Version: 1.0.0)
Notepad++ (Version: 6.3.3)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA CUDA Toolkit (Version: 0.80.0000)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA Performance (Version: 6.5)
NVIDIA Photoshop Plug-ins (Version: 1.00.000)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA System Monitor (Version: 6.5)
NVIDIA System Update (Version: 3.00)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
Okino NuGraf/PolyTrans Demo Installer (32-bits) (Version: 4.4.14.6)
OpenOffice.org 3.1 (Version: 3.1.9420)
oZone3D.Net FurMark v1.8.2
PDF Settings CS5 (Version: 10.0)
PDFCreator (Version: 1.3.2)
PxMergeModule (Version: 1.00.0000)
PyMOL
QuickTime (Version: 7.69.80.9)
QuickTime Alternative 3.0.1 (Version: 3.0.1)
Radmin Viewer 3.4 (Version: 3.40.0000)
Real Alternative 1.7.5 (Version: 1.7.5)
Reference Image v1.5 (Version: 1.0.0)
Sentinel Protection Installer 7.6.1 (Version: 7.6.1)
Sentinel System Driver Installer 7.5.1 (Version: 7.5.1)
SpeedFan (remove only)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (Version: 12.0.0.1)
The FilmMachine 1.6.1
Trapcode Horizon (Version: 1.1.0)
Trapcode Particular (Version: 2.1.0)
Trapcode Particular v2
Trapcode Shine (Version: 1.6.0)
Trapcode Starglow (Version: 1.6.0)
tree[d] V3.1
UCSF Chimera 1.6.1
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 8.0.0.35)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.5 (Version: 2.0.5)
VOB2MPG v3 (Version: 3.2.2000)
VobSub v2.23 (Remove Only)
Wacom Tablet
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
WFret
Winamp (Version: 5.56 )
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Wings 3D 1.5.0.2013-05-10---17-35.mlab
WinX DVD Ripper Platinum 6.3.1
XviD MPEG4 Video Codec (remove only)
ZBrush 4 (Version: 4.0)
ZBrush 4R2 (Version: 4.2)

==================== Restore Points  =========================

14-06-2013 11:57:58 Scheduled Checkpoint

==================== Scheduled Tasks (whitelisted) =============

Task: {12207C7B-F45D-477F-8ABF-A5A2CF162C27} - System32\Tasks\{8F7D4D70-A8FD-47F5-AFCE-2B82E3CA61CE} => C:\Users\User\Downloads\storyboardtools\SETUP.EXE No File
Task: {3A0D33B3-1496-490A-B79A-534098354FEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {44775115-1C8F-4535-BE5F-1ADEEE192AD2} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-11] (Microsoft Corporation)
Task: {9356E636-CEB2-42CE-871B-3CE10441C438} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {9EED9588-F6EE-4B4D-8C7D-A50A264BAC7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14] (Google Inc.)
Task: {B4246152-CF90-4EB5-BFB1-F817E1D0B6C5} - System32\Tasks\{1D7D2790-3026-473D-93B2-3B579AA1CD14} => C:\Users\User\Downloads\epson12242.exe No File
Task: {BBC96EF1-3DB8-403F-A531-8F2A8AF52204} - System32\Tasks\{8B332755-75E4-4AF5-9BC3-D47B6F3CAD27} => C:\Program Files (x86)\Storyboard Tools\stryview.exe [2011-12-19] ()
Task: {BCDE7ADD-5B8E-46F4-B200-B8A606CEFFFA} - System32\Tasks\AdobeAAMUpdater-1.0-ALBATROSS-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-10-10] (Adobe Systems Incorporated)
Task: {C3E7EB38-2AEC-4F86-9672-9BA7D44C6945} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14] (Google Inc.)
Task: {C7E2FBDD-E137-42BE-A7A4-0F49B8087FC6} - System32\Tasks\{70859B9E-4D99-49CE-874E-1FFAD73875AA} => C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSee11.exe [2009-02-09] (ACD Systems)
Task: {E06B55BA-803A-4682-BA21-D606094382AB} - System32\Tasks\{2DBD1C97-F948-4671-BFAF-B97B6E7B1CA6} => C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSee11.exe [2009-02-09] (ACD Systems)

==================== Faulty Device Manager Devices =============

Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2013 10:53:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (06/20/2013 10:53:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/20/2013 10:52:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/19/2013 02:09:00 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/06/19 14:09:00.241]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:58 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/06/19 14:08:58.717]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:57 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/06/19 14:08:57.217]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:55 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/06/19 14:08:55.717]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:54 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/06/19 14:08:54.217]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:52 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/06/19 14:08:52.717]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:51 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/06/19 14:08:51.216]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2


System errors:
=============
Error: (06/19/2013 10:43:41 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/19/2013 08:33:47 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{698E52EE-5977-44DB-8155-2D5128DC473E}.
The backup browser is stopping.

Error: (06/19/2013 08:28:45 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/19/2013 08:27:51 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{698E52EE-5977-44DB-8155-2D5128DC473E}.
The backup browser is stopping.

Error: (06/19/2013 02:27:13 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/19/2013 02:17:58 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/19/2013 02:09:08 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/17/2013 11:09:40 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/15/2013 04:54:43 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (06/15/2013 01:11:37 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{698E52EE-5977-44DB-8155-2D5128DC473E}.
The backup browser is stopping.


Microsoft Office Sessions:
=========================
Error: (06/20/2013 10:53:32 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\mozbackup\dll\DelZip179.dllc:\program files (x86)\mozbackup\dll\DelZip179.dll8

Error: (06/20/2013 10:53:05 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/20/2013 10:52:10 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (06/19/2013 02:09:00 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/06/19 14:09:00.241]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:58 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/06/19 14:08:58.717]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:57 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/06/19 14:08:57.217]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:55 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/06/19 14:08:55.717]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:54 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/06/19 14:08:54.217]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:52 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/06/19 14:08:52.717]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/19/2013 02:08:51 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/06/19 14:08:51.216]: [00004800]: lperrcode->api = 1 , lperrcode->code = 2


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 12278.12 MB
Available physical RAM: 8027.32 MB
Total Pagefile: 24554.43 MB
Available Pagefile: 19999.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:25.69 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:931.51 GB) (Free:192.32 GB) NTFS (Disk=1 Partition=1)
Drive e: () (Fixed) (Total:368.1 GB) (Free:169.14 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 64EAB222)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 64EAB22B)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:10 PM

Posted 20 June 2013 - 12:59 PM

I just edit my previous post to ask for you to attach the file on your computer similar to this:

 

C:\RectorDecryptor.2.3.7.0_10.02.2011_15.31.43_log.txt.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users