Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

being attacked by DirtyDecrypt.exe


  • This topic is locked This topic is locked
25 replies to this topic

#1 Samer11

Samer11

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 06 July 2013 - 01:38 PM

Hello everyone,

 

As the title says that my laptop has been attacked by that virus and now all my pictures and files can't be opened because of it 

 

I tried to get them back by reimage but it didn't work 

 

please anyone tell me how to get them back... they are very necessary 

 

waiting for the replies.

 

Thanks 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:55 PM

Posted 10 July 2013 - 05:26 PM

Greetings Samer11 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Samer11

Samer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 12 July 2013 - 07:34 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013 01
Ran by samer (administrator) on 12-07-2013 14:32:55
Running from C:\Users\samer\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-02-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-23] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-03-07] (Toshiba Europe GmbH)
HKLM\...\Run: [BCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] - C:\windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Runonce: [Uninstall Reimage] - "C:\Program Files\Reimage\Reimage Repair\uninst.exe" /AutoUninstall=True [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
HKCU\...\Run: [Messenger (Yahoo!)] - "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [VoipGain] - "C:\Program Files (x86)\VoipGain.com\VoipGain\VoipGain.exe" -nosplash -minimized [19425592 2013-06-21] (VoipGain)
HKCU\...\Run: [PCSpeedUp] - C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [188680 2012-06-05] ()
HKCU\...\Run: [DAEMON Tools Pro Agent] - "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3108480 2012-10-23] (DT Soft Ltd)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
MountPoints2: {2d8e8f55-29ab-11e2-81f9-00266c25b702} - E:\autorun.exe
MountPoints2: {607c68e7-f5a5-11e1-8983-00266c25b702} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] - "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1492264 2011-11-18] (Nero AG)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] - "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
HKLM-x32\...\Run: [ConnectionCenter] - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\Run: [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=7C0574E543717A2E
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org/?bsrc=4hixr&chid=c162341
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
HKCU SearchScopes: DefaultScope {21857FB3-54C9-4179-B4E8-D010D45FAEB8} URL = 
SearchScopes: HKCU - {21857FB3-54C9-4179-B4E8-D010D45FAEB8} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
 
FireFox:
========
FF ProfilePath: C:\Users\samer\AppData\Roaming\Mozilla\Firefox\Profiles\ht3rtbh0.default
FF user.js: detected! => C:\Users\samer\AppData\Roaming\Mozilla\Firefox\Profiles\ht3rtbh0.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\samer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @Skype.com/Skype Web Plugin - C:\Users\samer\AppData\Local\Skype\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF SearchPlugin: C:\Users\samer\AppData\Roaming\Mozilla\Firefox\Profiles\ht3rtbh0.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\samer\AppData\Roaming\Mozilla\Firefox\Profiles\ht3rtbh0.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\samer\AppData\Roaming\Mozilla\Firefox\Profiles\ht3rtbh0.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: DealPly Shopping - C:\Users\samer\AppData\Roaming\Mozilla\Firefox\Profiles\ht3rtbh0.default\Extensions\amo@dealplyshopping.com
FF Extension: pricepeep - C:\Users\samer\AppData\Roaming\Mozilla\Firefox\Profiles\ht3rtbh0.default\Extensions\pricepeep@getpricepeep.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\samer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Skype Web Plugin) - C:\Users\samer\AppData\Local\Skype\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
 
==================== Services (Whitelisted) =================
 
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2012-11-09] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [177680 2012-11-09] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [289544 2012-06-05] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [45856 2013-07-06] (AVG Technologies)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-10] (DT Soft Ltd)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-11-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [527872 2007-11-08] (PixArt Imaging Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2011-12-23] (Synaptics Incorporated)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
S3 VSPerfDrv100; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [68440 2010-03-17] (Microsoft Corporation)
R3 cpuz134; \??\C:\Users\samer\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-12 14:32 - 2013-07-12 14:32 - 01778143 _____ (Farbar) C:\Users\samer\Downloads\FRST64.exe
2013-07-12 14:32 - 2013-07-12 14:32 - 00000000 ____D C:\FRST
2013-07-12 14:24 - 2013-07-12 14:24 - 00275224 _____ (Doctor Web, Ltd.) C:\Users\samer\Downloads\te94decrypt (1).exe
2013-07-12 14:19 - 2013-07-12 14:19 - 00275224 _____ (Doctor Web, Ltd.) C:\Users\samer\Downloads\te94decrypt.exe
2013-07-12 12:30 - 2013-07-12 12:30 - 00013616 _____ C:\Users\samer\Downloads\Groep Merche Resultaten DELE A2 juli 2013.xlsx
2013-07-07 23:17 - 2013-07-07 23:17 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-07 23:17 - 2013-07-07 23:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-07 23:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-07 19:05 - 2013-07-07 19:05 - 00000000 ____D C:\Users\samer\Downloads\Kaspersky Rescue2Usb
2013-07-07 19:04 - 2013-07-07 19:04 - 00001056 _____ C:\windows\system32\SettingsFile
2013-07-07 19:02 - 2013-07-07 19:02 - 00387584 _____ C:\Users\samer\Downloads\rescue2usb.exe
2013-07-07 19:01 - 2013-07-07 19:05 - 330252288 _____ C:\Users\samer\Downloads\kav_rescue_10.iso
2013-07-07 15:53 - 2013-07-12 13:58 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-07 15:53 - 2013-07-11 19:51 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-07 15:53 - 2013-07-07 15:53 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-07 15:53 - 2013-07-07 15:53 - 00003640 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-07 14:38 - 2013-07-07 14:38 - 00000000 ____D C:\Users\samer\AppData\Local\visi_coupon
2013-07-07 14:13 - 2013-07-07 14:13 - 10063000 _____ (Malwarebytes Corporation                                    ) C:\Users\samer\Downloads\mbam-setup-1.61.0.1400.exe
2013-07-07 13:31 - 2013-07-07 13:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-07 13:31 - 2013-07-07 13:31 - 00000000 _____ C:\autoexec.bat
2013-07-07 13:30 - 2013-07-07 14:53 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-07 00:28 - 2013-07-07 00:32 - 00000426 _____ C:\Users\samer\Downloads\SystemLook.txt
2013-07-07 00:28 - 2013-07-07 00:28 - 00165376 _____ C:\Users\samer\Downloads\SystemLook_x64.exe
2013-07-06 21:34 - 2013-07-06 21:34 - 00000000 ____D C:\Users\samer\AppData\Roaming\Malwarebytes
2013-07-06 21:33 - 2013-07-06 21:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-06 21:32 - 2013-07-06 21:33 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\samer\Downloads\mbam2.exe
2013-07-06 21:31 - 2013-07-06 21:34 - 00003102 _____ C:\Users\samer\Desktop\Rkill.txt
2013-07-06 21:31 - 2013-07-06 21:31 - 01814144 _____ (Bleeping Computer, LLC) C:\Users\samer\Downloads\rkill.com
2013-07-06 21:31 - 2013-07-06 21:31 - 00000000 ____D C:\Users\samer\Desktop\rkill
2013-07-06 21:17 - 2013-02-17 01:40 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-07-06 21:14 - 2013-07-06 21:14 - 19233792 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 14327808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-06 21:14 - 2013-07-06 21:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-06 21:14 - 2013-07-06 21:14 - 02648064 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-07-06 21:14 - 2013-07-06 21:14 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-07-06 21:14 - 2013-07-06 21:14 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-07-06 21:14 - 2013-07-06 21:14 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-07-06 21:14 - 2013-07-06 21:14 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-07-06 21:14 - 2013-07-06 21:14 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-07-06 21:14 - 2013-07-06 21:14 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-07-06 21:14 - 2013-07-06 21:14 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-07-06 21:14 - 2013-07-06 21:14 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-07-06 21:11 - 2013-07-06 21:17 - 00009297 _____ C:\windows\IE10_main.log
2013-07-06 21:11 - 2013-07-06 21:11 - 00859648 _____ (Microsoft Corporation) C:\Users\samer\Downloads\IE10-Windows6.1-nl-nl.exe
2013-07-06 20:08 - 2013-07-06 20:08 - 00000000 _____ C:\windows\system32\reimage.rep
2013-07-06 19:53 - 2013-07-06 21:20 - 00001424 _____ C:\Users\samer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-06 19:51 - 2009-06-10 22:35 - 00145792 _____ (Intel Corporation) C:\windows\system32\Drivers\E1G6032E.sys
2013-07-06 19:49 - 2013-07-06 19:49 - 00000000 ____D C:\Recovery
2013-07-06 19:48 - 2013-07-06 20:06 - 00098304 _____ C:\windows\debugpack.cmp
2013-07-06 19:16 - 2013-07-06 19:16 - 00009728 _____ C:\windows\system32\Native.exe
2013-07-06 19:04 - 2013-07-06 19:04 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-07-06 19:03 - 2013-07-07 23:16 - 00000168 _____ C:\windows\Reimage.ini
2013-07-06 19:03 - 2013-07-06 19:03 - 00726472 _____ (Reimage®) C:\Users\samer\Downloads\ReimageRepair.exe
2013-07-05 21:06 - 2013-07-05 21:06 - 00092082 ____R C:\Users\samer\Downloads\cijfers spaans febr.2013.xls
2013-07-05 07:04 - 2013-07-05 07:04 - 00000000 ____D C:\Users\samer\AppData\Local\XBXkCtXH
2013-07-05 07:04 - 2013-07-05 07:04 - 00000000 ____D C:\Users\samer\AppData\Local\fIUqkYvM
2013-07-05 05:00 - 2013-07-05 05:07 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-06-28 20:52 - 2013-07-11 14:00 - 00000000 ____D C:\Users\samer\Desktop\و أنا معاه
2013-06-24 22:41 - 2013-06-24 22:41 - 00000000 ____D C:\ProgramData\APN
2013-06-18 00:15 - 2013-06-26 20:10 - 00000000 ____D C:\Users\samer\Desktop\Shayma.Helali.Wala.Yhemmak.2013.By.MaZiKha
2013-06-12 19:35 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-06-12 19:35 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-06-12 19:35 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-06-12 19:35 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2013-06-12 19:35 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-06-12 19:35 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-06-12 19:35 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-06-12 19:35 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2013-06-12 19:35 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2013-06-12 19:35 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2013-06-12 19:35 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2013-06-12 19:35 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2013-06-12 19:35 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-06-12 19:35 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-06-12 19:35 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2013-06-12 19:35 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2013-06-12 19:35 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2013-06-12 19:35 - 2010-11-20 19:24 - 00751104 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2013-06-12 19:35 - 2010-11-20 19:24 - 00492032 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
 
==================== One Month Modified Files and Folders =======
 
2013-07-12 14:32 - 2013-07-12 14:32 - 01778143 _____ (Farbar) C:\Users\samer\Downloads\FRST64.exe
2013-07-12 14:32 - 2013-07-12 14:32 - 00000000 ____D C:\FRST
2013-07-12 14:24 - 2013-07-12 14:24 - 00275224 _____ (Doctor Web, Ltd.) C:\Users\samer\Downloads\te94decrypt (1).exe
2013-07-12 14:23 - 2012-03-07 02:05 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 14:19 - 2013-07-12 14:19 - 00275224 _____ (Doctor Web, Ltd.) C:\Users\samer\Downloads\te94decrypt.exe
2013-07-12 14:11 - 2012-07-06 15:47 - 01529630 _____ C:\windows\WindowsUpdate.log
2013-07-12 13:58 - 2013-07-07 15:53 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-12 12:30 - 2013-07-12 12:30 - 00013616 _____ C:\Users\samer\Downloads\Groep Merche Resultaten DELE A2 juli 2013.xlsx
2013-07-12 11:57 - 2013-03-05 21:29 - 00000928 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497056324-820643363-412001110-1000UA.job
2013-07-12 00:41 - 2009-07-14 06:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 00:41 - 2009-07-14 06:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 20:34 - 2013-03-05 21:29 - 00000906 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497056324-820643363-412001110-1000Core.job
2013-07-11 19:51 - 2013-07-07 15:53 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-11 19:47 - 2009-07-14 06:51 - 00081058 _____ C:\windows\setupact.log
2013-07-11 14:02 - 2009-07-14 07:13 - 00879762 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-11 14:00 - 2013-06-28 20:52 - 00000000 ____D C:\Users\samer\Desktop\و أنا معاه
2013-07-09 00:04 - 2012-10-17 00:11 - 00000101 _____ C:\Users\samer\Desktop\movies.txt
2013-07-08 05:40 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\oobe
2013-07-07 23:17 - 2013-07-07 23:17 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-07 23:17 - 2013-07-07 23:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-07 23:16 - 2013-07-06 19:03 - 00000168 _____ C:\windows\Reimage.ini
2013-07-07 23:13 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-07 20:21 - 2013-05-10 19:23 - 00000000 ____D C:\Users\samer\AppData\Roaming\ViberPC
2013-07-07 20:21 - 2013-05-10 19:20 - 00000000 ____D C:\Users\samer\AppData\Local\Viber
2013-07-07 19:05 - 2013-07-07 19:05 - 00000000 ____D C:\Users\samer\Downloads\Kaspersky Rescue2Usb
2013-07-07 19:05 - 2013-07-07 19:01 - 330252288 _____ C:\Users\samer\Downloads\kav_rescue_10.iso
2013-07-07 19:04 - 2013-07-07 19:04 - 00001056 _____ C:\windows\system32\SettingsFile
2013-07-07 19:02 - 2013-07-07 19:02 - 00387584 _____ C:\Users\samer\Downloads\rescue2usb.exe
2013-07-07 16:06 - 2010-11-21 05:47 - 00040416 _____ C:\windows\PFRO.log
2013-07-07 15:54 - 2012-03-07 02:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-07 15:53 - 2013-07-07 15:53 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-07 15:53 - 2013-07-07 15:53 - 00003640 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-07 15:14 - 2012-09-02 02:59 - 00000000 ___RD C:\Users\samer\Desktop\New Briefcase
2013-07-07 14:56 - 2012-11-24 05:02 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-07-07 14:53 - 2013-07-07 13:30 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-07 14:38 - 2013-07-07 14:38 - 00000000 ____D C:\Users\samer\AppData\Local\visi_coupon
2013-07-07 14:38 - 2012-09-20 16:39 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-07-07 14:13 - 2013-07-07 14:13 - 10063000 _____ (Malwarebytes Corporation                                    ) C:\Users\samer\Downloads\mbam-setup-1.61.0.1400.exe
2013-07-07 13:31 - 2013-07-07 13:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-07 13:31 - 2013-07-07 13:31 - 00000000 _____ C:\autoexec.bat
2013-07-07 00:44 - 2013-02-20 00:16 - 00000000 ____D C:\Users\samer\Desktop\Spanish
2013-07-07 00:32 - 2013-07-07 00:28 - 00000426 _____ C:\Users\samer\Downloads\SystemLook.txt
2013-07-07 00:28 - 2013-07-07 00:28 - 00165376 _____ C:\Users\samer\Downloads\SystemLook_x64.exe
2013-07-07 00:06 - 2012-12-06 17:03 - 00000000 ____D C:\Users\samer\AppData\Local\{973C6064-1DD5-4830-A069-EB9B0E3843F2}
2013-07-06 23:20 - 2012-09-01 20:47 - 00110248 _____ C:\Users\samer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-06 23:19 - 2012-09-01 20:47 - 00000476 ___SH C:\Users\samer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2013-07-06 23:19 - 2012-09-01 20:47 - 00000174 ___SH C:\Users\samer\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2013-07-06 23:19 - 2012-09-01 20:47 - 00000000 ___RD C:\Users\samer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-06 23:19 - 2012-09-01 20:45 - 00000000 ___RD C:\Users\samer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-06 23:18 - 2009-07-14 06:45 - 00420944 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-06 23:15 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-06 21:34 - 2013-07-06 21:34 - 00000000 ____D C:\Users\samer\AppData\Roaming\Malwarebytes
2013-07-06 21:34 - 2013-07-06 21:31 - 00003102 _____ C:\Users\samer\Desktop\Rkill.txt
2013-07-06 21:33 - 2013-07-06 21:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-06 21:33 - 2013-07-06 21:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\samer\Downloads\mbam2.exe
2013-07-06 21:31 - 2013-07-06 21:31 - 01814144 _____ (Bleeping Computer, LLC) C:\Users\samer\Downloads\rkill.com
2013-07-06 21:31 - 2013-07-06 21:31 - 00000000 ____D C:\Users\samer\Desktop\rkill
2013-07-06 21:20 - 2013-07-06 19:53 - 00001424 _____ C:\Users\samer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-06 21:17 - 2013-07-06 21:11 - 00009297 _____ C:\windows\IE10_main.log
2013-07-06 21:17 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-07-06 21:14 - 2013-07-06 21:14 - 19233792 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 14327808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-06 21:14 - 2013-07-06 21:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-06 21:14 - 2013-07-06 21:14 - 02648064 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-07-06 21:14 - 2013-07-06 21:14 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-07-06 21:14 - 2013-07-06 21:14 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-07-06 21:14 - 2013-07-06 21:14 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-07-06 21:14 - 2013-07-06 21:14 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-07-06 21:14 - 2013-07-06 21:14 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-07-06 21:14 - 2013-07-06 21:14 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-07-06 21:14 - 2013-07-06 21:14 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-07-06 21:14 - 2013-07-06 21:14 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-07-06 21:14 - 2013-07-06 21:14 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-07-06 21:14 - 2013-07-06 21:14 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-07-06 21:11 - 2013-07-06 21:11 - 00859648 _____ (Microsoft Corporation) C:\Users\samer\Downloads\IE10-Windows6.1-nl-nl.exe
2013-07-06 20:08 - 2013-07-06 20:08 - 00000000 _____ C:\windows\system32\reimage.rep
2013-07-06 20:06 - 2013-07-06 19:48 - 00098304 _____ C:\windows\debugpack.cmp
2013-07-06 19:53 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Microsoft Games
2013-07-06 19:53 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-06 19:52 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\Recovery
2013-07-06 19:49 - 2013-07-06 19:49 - 00000000 ____D C:\Recovery
2013-07-06 19:16 - 2013-07-06 19:16 - 00009728 _____ C:\windows\system32\Native.exe
2013-07-06 19:04 - 2013-07-06 19:04 - 00045856 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2013-07-06 19:04 - 2012-09-14 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-06 19:03 - 2013-07-06 19:03 - 00726472 _____ (Reimage®) C:\Users\samer\Downloads\ReimageRepair.exe
2013-07-06 18:54 - 2012-09-01 20:45 - 00000000 ____D C:\Users\samer
2013-07-06 18:53 - 2012-09-01 20:47 - 00000000 ____D C:\Users\samer\AppData\Local\TOSHIBA
2013-07-06 18:53 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-07-06 18:53 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2013-07-05 21:06 - 2013-07-05 21:06 - 00092082 ____R C:\Users\samer\Downloads\cijfers spaans febr.2013.xls
2013-07-05 07:04 - 2013-07-05 07:04 - 00000000 ____D C:\Users\samer\AppData\Local\XBXkCtXH
2013-07-05 07:04 - 2013-07-05 07:04 - 00000000 ____D C:\Users\samer\AppData\Local\fIUqkYvM
2013-07-05 05:07 - 2013-07-05 05:00 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-07-05 00:02 - 2013-04-13 21:21 - 00000000 ____D C:\Users\samer\Desktop\T-mobile
2013-07-03 23:55 - 2013-01-27 01:45 - 00000000 ____D C:\Users\samer\AppData\Local\Windows Live
2013-07-01 18:27 - 2012-10-01 23:02 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-06-29 21:58 - 2012-09-02 03:57 - 00000000 ____D C:\Users\samer\AppData\Roaming\Skype
2013-06-29 21:55 - 2013-01-27 00:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-29 21:55 - 2012-03-07 02:22 - 00000000 ____D C:\ProgramData\Skype
2013-06-29 21:55 - 2012-03-07 02:10 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-26 23:55 - 2013-01-30 20:38 - 00000000 ____D C:\Program Files\McAfee
2013-06-26 20:10 - 2013-06-18 00:15 - 00000000 ____D C:\Users\samer\Desktop\Shayma.Helali.Wala.Yhemmak.2013.By.MaZiKha
2013-06-25 01:17 - 2012-09-29 00:02 - 00000000 ____D C:\Users\samer\AppData\Roaming\uTorrent
2013-06-24 22:41 - 2013-06-24 22:41 - 00000000 ____D C:\ProgramData\APN
2013-06-23 03:27 - 2009-07-14 05:20 - 00000000 ____D C:\windows\LiveKernelReports
2013-06-12 19:23 - 2012-03-07 02:05 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 19:23 - 2012-03-07 02:05 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 19:23 - 2012-03-07 02:05 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-06-09 13:44
 
==================== End Of Log ============================

 



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-07-2013 01
Ran by samer at 2013-07-12 14:33:29
Running from C:\Users\samer\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
µTorrent (x32 Version: 3.2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Aloha TriPeaks (x32 Version: 2.2.0.98)
AMD APP SDK Runtime (Version: 10.0.851.6)
AMD Catalyst Install Manager (Version: 3.0.859.0)
Atheros Bluetooth Filter Driver Package (Version: 1.0.0.12)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.12.13)
Atheros Driver Installation Program (x32 Version: 9.2)
Bejeweled 3 (x32 Version: 2.2.0.98)
Bluetooth Stack for Windows by Toshiba (Version: v9.00.00(T))
Bundled software uninstaller (x32)
Cake Mania (x32 Version: 2.2.0.98)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0120.420.7502)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0120.420.7502)
Catalyst Control Center InstallProxy (x32 Version: 2012.0120.420.7502)
Catalyst Control Center Localization All (x32 Version: 2012.0120.420.7502)
CCC Help Chinese Standard (x32 Version: 2012.0120.0419.7502)
CCC Help Chinese Traditional (x32 Version: 2012.0120.0419.7502)
CCC Help Czech (x32 Version: 2012.0120.0419.7502)
CCC Help Danish (x32 Version: 2012.0120.0419.7502)
CCC Help Dutch (x32 Version: 2012.0120.0419.7502)
CCC Help English (x32 Version: 2012.0120.0419.7502)
CCC Help Finnish (x32 Version: 2012.0120.0419.7502)
CCC Help French (x32 Version: 2012.0120.0419.7502)
CCC Help German (x32 Version: 2012.0120.0419.7502)
CCC Help Greek (x32 Version: 2012.0120.0419.7502)
CCC Help Hungarian (x32 Version: 2012.0120.0419.7502)
CCC Help Italian (x32 Version: 2012.0120.0419.7502)
CCC Help Japanese (x32 Version: 2012.0120.0419.7502)
CCC Help Korean (x32 Version: 2012.0120.0419.7502)
CCC Help Norwegian (x32 Version: 2012.0120.0419.7502)
CCC Help Polish (x32 Version: 2012.0120.0419.7502)
CCC Help Portuguese (x32 Version: 2012.0120.0419.7502)
CCC Help Russian (x32 Version: 2012.0120.0419.7502)
CCC Help Spanish (x32 Version: 2012.0120.0419.7502)
CCC Help Swedish (x32 Version: 2012.0120.0419.7502)
CCC Help Thai (x32 Version: 2012.0120.0419.7502)
CCC Help Turkish (x32 Version: 2012.0120.0419.7502)
ccc-utility64 (Version: 2012.0120.420.7502)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Citrix online plug-in - web (x32 Version: 12.1.44.1)
Citrix online plug-in (DV) (x32 Version: 12.1.44.1)
Citrix online plug-in (HDX) (x32 Version: 12.1.44.1)
Citrix online plug-in (USB) (x32 Version: 12.1.44.1)
Citrix online plug-in (Web) (x32 Version: 12.1.44.1)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Pro (x32 Version: 5.2.0.0348)
DealPly (remove only) (x32 Version: 4.8.6.1)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Derive 6 (x32 Version: 6.0)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fotogalerie (x32 Version: 16.4.3505.0912)
Galerie de photos (x32 Version: 16.4.3505.0912)
GOM Player (x32 Version: 2.1.50.5145)
Google Chrome (x32 Version: 28.0.1500.71)
Google Update Helper (x32 Version: 1.3.21.149)
High-Definition Video Playback (x32 Version: 11.1.10500.2.65)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel® Management Engine Components (x32 Version: 8.0.1.1399)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java™ 6 Update 30 (x32 Version: 6.0.300)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee SiteAdvisor (Version: 3.5.0.229)
McAfee SiteAdvisor (x32 Version: 3.6.168)
Media Player Codec Pack 4.2.2 (x32 Version: 4.2.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Ultimate - ENU (x32 Version: 10.0.30319)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 15.0.1 (x86 en-US) (x32 Version: 15.0.1)
Mozilla Maintenance Service (x32 Version: 15.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95)
Nero 11 Essentials (x32 Version: 11.0.00300)
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0)
Nero BackItUp 11 (x32 Version: 6.0.18000.19.100)
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10200)
Nero Backup Drivers (Version: 1.0.11100.8.0)
Nero BurnRights 11 (x32 Version: 5.0.10300.4.100)
Nero BurnRights 11 Help (CHM) (x32 Version: 11.0.10100)
Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27)
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Core Components 11 (x32 Version: 11.0.15500.1.16)
Nero Express 11 (x32 Version: 11.0.11900.24.100)
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Kwik Media (x32 Version: 1.10.24800.146.100)
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200)
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400)
Nero Update (x32 Version: 11.0.11400.27.0)
nero.prerequisites.msi (x32 Version: 11.0.20008)
PC Camera (x32 Version: 1.0.20)
PC Speed Up - Volledige uninstall (Version: 3.1.2)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.97)
Premium Sound HD (Version: 1.12.0300)
Pro Evolution Soccer 2013 (x32 Version: 1.00.0000)
Raccolta foto (x32 Version: 16.4.3505.0912)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6559)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7601.39013)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Shared C Run-time for x64 (Version: 10.0.0)
Skype Web Plugin 1.9.10772.12905 (x32 Version: 1.9.10772.12905)
Skype™ 6.5 (x32 Version: 6.5.158)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.39.0)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.10.64)
TOSHIBA Hardware Setup (x32 Version: 2.1.0.8)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.11)
Toshiba Manuals (x32 Version: 10.04)
TOSHIBA Media Controller (x32 Version: 1.0.87.4)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.7.7)
TOSHIBA Online Product Information (x32 Version: 4.01.0000)
TOSHIBA PC Health Monitor (Version: 1.7.15.64)
TOSHIBA Places Icon Utility (x32 Version: 1.1.1.4)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.6.52020009)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2004)
TOSHIBA Service Station (x32 Version: 2.2.13)
TOSHIBA Sleep Utility (x32 Version: 1.4.0022.000104)
TOSHIBA Supervisor Password (x32 Version: 2.1.0.3)
TOSHIBA TEMPRO (x32 Version: 3.35)
TOSHIBA Value Added Package (Version: 1.6.0021.640203)
TOSHIBA Value Added Package (x32 Version: 1.6.0021.640203)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.33)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update Installer for WildTangent Games App (x32)
Veetle TV (x32 Version: 0.9.19)
Viber (HKCU Version: 3.0.0.132799)
vice Pack 1 for SQL Server 2008 (KB968369) (64-bit) (Version: 10.1.2531.0)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0)
VoipGain (x32 Version: 4.11 build 687)
Web Deployment Tool (Version: 1.1.0618)
welcome (x32 Version: 11.0.22500.0.0)
WildTangent Games (x32 Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36)
Windows Live (x32 Version: 16.4.3505.0912)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Xvid Video Codec (x32 Version: 1.3.1)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
 
==================== Restore Points  =========================
 
05-07-2013 03:00:25 Installed DirectX
05-07-2013 03:06:16 Removed Microsoft LifeCam
05-07-2013 14:45:53 Windows Update
06-07-2013 12:31:28 Windows Update
06-07-2013 15:59:12 Restore Operation
06-07-2013 16:07:59 Windows Update
06-07-2013 16:50:57 Restore Operation
06-07-2013 16:59:55 Windows Update
06-07-2013 17:16:38 Reimage Repair Restore Point
06-07-2013 19:11:39 Windows Modules Installer
06-07-2013 20:58:51 Windows Update
06-07-2013 23:03:18 Windows Update
06-07-2013 23:35:29 Windows Update
06-07-2013 23:59:55 Windows Update
07-07-2013 00:13:45 Removed BlackBerry Device Manager 7.0.
07-07-2013 00:17:02 Windows Update
07-07-2013 11:30:40 Installed SpyHunter
07-07-2013 12:37:31 Removed SpyHunter
07-07-2013 12:51:02 Removed SpyHunter
11-07-2013 01:04:11 Windows Update
12-07-2013 01:04:10 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2808FB14-91DA-42F3-AFA6-79B5C7E7C4CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {42A278F3-7161-4FED-A4E0-E7A7B6F7B3BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {5472D688-6C8A-413F-B789-44183B357D32} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {68F89282-5087-4D2B-BE04-6CCE9A4DB443} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {6AB8D3F1-9602-437C-AE43-B6FC1E3F3E29} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {7F5D32D5-4234-4BDF-BCF0-05C55CEA802B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3497056324-820643363-412001110-1000UA => C:\Users\samer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-05] (Facebook Inc.)
Task: {B168CF8D-3872-4494-B4B6-8D671B47AC6F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3497056324-820643363-412001110-1000Core => C:\Users\samer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-05] (Facebook Inc.)
Task: {B585F6DA-0765-49F6-ACEC-ADAD60916C22} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {B7780EB6-E65A-4282-8A05-A69CFF5B62FD} - \DealPly No Task File
Task: {C066740D-58F6-4A13-90A8-C76A9BC91554} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {C73688D2-131C-41BF-9F13-2A9879CF5E3F} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2012-06-05] ()
Task: {D4060E79-0ADD-426C-9C87-0361CD96A19A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497056324-820643363-412001110-1000Core.job => C:\Users\samer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497056324-820643363-412001110-1000UA.job => C:\Users\samer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/07/2013 11:15:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 11:10:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 11:03:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 08:23:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 08:10:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 07:54:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 04:17:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 04:08:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 03:33:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 03:04:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/12/2013 02:33:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%32
 
Error: (07/12/2013 02:32:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%32
 
Error: (07/12/2013 02:32:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%32
 
Error: (07/12/2013 02:31:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%32
 
Error: (07/12/2013 02:31:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%32
 
Error: (07/12/2013 02:30:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%32
 
Error: (07/12/2013 02:30:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%32
 
Error: (07/12/2013 02:29:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%32
 
Error: (07/12/2013 02:29:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%32
 
Error: (07/12/2013 02:28:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%32
 
 
Microsoft Office Sessions:
=========================
Error: (07/07/2013 11:15:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 11:10:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 11:03:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 08:23:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 08:10:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 07:54:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 04:17:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 04:08:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 03:33:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/07/2013 03:04:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 6106.8 MB
Available physical RAM: 3474.17 MB
Total Pagefile: 12211.79 MB
Available Pagefile: 8943.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (TI30886900A) (Fixed) (Total:224.76 GB) (Free:146.73 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (Disk1) (CDROM) (Total:5.79 GB) (Free:0 GB) CDFS
Drive s: () (Fixed) (Total:223.66 GB) (Free:114.65 GB) NTFS (Disk=0 Partition=4)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 1780111D)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=225 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=16 GB) - (Type=17)
 
==================== End Of Log ============================

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:55 PM

Posted 12 July 2013 - 01:05 PM

Thank you for posting the logs. I have a step I would like you to take but I also want to let you know of the dangers using Peer 2 Peer networks. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Run: [] -  [x]
MountPoints2: {2d8e8f55-29ab-11e2-81f9-00266c25b702} - E:\autorun.exe
MountPoints2: {607c68e7-f5a5-11e1-8983-00266c25b702} - F:\LaunchU3.exe -a
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
2013-07-07 14:38 - 2013-07-07 14:38 - 00000000 ____D C:\Users\samer\AppData\Local\visi_coupon
2013-07-05 07:04 - 2013-07-05 07:04 - 00000000 ____D C:\Users\samer\AppData\Local\XBXkCtXH
2013-07-05 07:04 - 2013-07-05 07:04 - 00000000 ____D C:\Users\samer\AppData\Local\fIUqkYvM
Task: {B7780EB6-E65A-4282-8A05-A69CFF5B62FD} - \DealPly No Task File
Task: {C066740D-58F6-4A13-90A8-C76A9BC91554} - System32\Tasks\DealPlyUpdate => C:\Program No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check to see if you can access your files
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Farbar log
  • Can you access your files?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Samer11

Samer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 13 July 2013 - 08:06 AM

Before I do anything , I can open my files but this message appears : 

 

File is encrypted

This file can be decrypted using the program DirtyDecrypt.exe

Press CTRL+ALT+D to run DirtyDecrypt.exe

 

If DirtyDecrypt.exe not opened сheck the paths:

C:\Program Files\Dirty\DirtyDecrypt.exe

C:\Program Files (x86)\Dirty\DirtyDecrypt.exe

C:\Users\[YOUR USER]\AppData\Roaming\Dirty\DirtyDecrypt.exe

C:\Documents and Settings\[YOUR USER]\Application Data\Dirty\DirtyDecrypt.exe

C:\Documents and Settings\[YOUR USER]\Local Settings\Application Data\Dirty\DirtyDecrypt.exe



#6 Samer11

Samer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 13 July 2013 - 08:15 AM

That what I got as Fixlog.txt
And I still can't see the contents of my original files

 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-07-2013 01
Ran by samer at 2013-07-13 15:13:34 Run:1
Running from C:\Users\samer\Desktop
Boot Mode: Normal
==============================================
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d8e8f55-29ab-11e2-81f9-00266c25b702} => Key deleted successfully.
HKCR\CLSID\{2d8e8f55-29ab-11e2-81f9-00266c25b702} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{607c68e7-f5a5-11e1-8983-00266c25b702} => Key deleted successfully.
HKCR\CLSID\{607c68e7-f5a5-11e1-8983-00266c25b702} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
C:\Users\samer\AppData\Local\visi_coupon => Moved successfully.
C:\Users\samer\AppData\Local\XBXkCtXH => Moved successfully.
C:\Users\samer\AppData\Local\fIUqkYvM => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7780EB6-E65A-4282-8A05-A69CFF5B62FD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7780EB6-E65A-4282-8A05-A69CFF5B62FD} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C066740D-58F6-4A13-90A8-C76A9BC91554} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C066740D-58F6-4A13-90A8-C76A9BC91554} => Key not found.
C:\Windows\System32\Tasks\DealPlyUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate => Key deleted successfully.
 
==== End of Fixlog ====

Edited by Samer11, 13 July 2013 - 08:16 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:55 PM

Posted 13 July 2013 - 12:12 PM

Greetings,

Can you please clarify this for me.
 

Before I do anything , I can open my files but this message appears :


Are you getting the message immediately after trying to open your files but they don't open successfully?  You just get the decrypt screen instead?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Samer11

Samer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 13 July 2013 - 03:42 PM

If it's a picture, it show that immediately that message

But if it is a word file, at first show me a message says: "the file can not be opened because there are problems with the contents"

when I choose "ok" it shows another message says : "word found unreadable content, do you want to recover the contents of this document? if you trust the source of this document, click yes"

 

after pressing "yes" it shows that message that I told you before... then if I would like to open the same word file after closing it, the message will be shown immediately without showing those messages.  

 

by the way the encrypting screen shows inside the word file or the picture 


Edited by Samer11, 13 July 2013 - 03:43 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:55 PM

Posted 13 July 2013 - 04:02 PM

Thank for the explanation.

Please run this for me.

===================================================

Farbar's MiniRegTool

--------------------

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Samer11

Samer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 14 July 2013 - 01:43 PM

this is the result : 

 

 

Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Online Product Information\\topi.exe /STAR"
"Messenger (Yahoo!)"="\"C:\\PROGRA~2\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"RESTART_STICKY_NOTES"="C:\\Windows\\System32\\StikyNot.exe"
"VoipGain"="\"C:\\Program Files (x86)\\VoipGain.com\\VoipGain\\VoipGain.exe\" -nosplash -minimized"
"PCSpeedUp"="C:\\Program Files (x86)\\PC Speed Up\\PCSUNotifier.exe"
"DAEMON Tools Pro Agent"="\"C:\\Program Files (x86)\\DAEMON Tools Pro\\DTAgent.exe\" -autorun"
@="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:55 PM

Posted 14 July 2013 - 02:58 PM

Greetings,

Let's run this decryption tool please.

===================================================

Emsisoft Decryptor

--------------------
  • Boot your computer into Safe Mode with Networking
  • Please download decrypt_harasom.exe and save it to your desktop.
  • For Windows 8, 7, Vista, right click on the icon and selet Run as Administrator. For Windows XP double click the icon
  • You will be presented with the screen below:

EmsisoftDecrypter.jpg

  • Click Decrypt and allow the program to run without interruption
  • Once the program has finished running, check to see if you can open the decrypted files
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Samer11

Samer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 15 July 2013 - 03:25 PM

I have done that and the files still encrypted :s 

 

the program did not detect any encrypted file as well 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:55 PM

Posted 15 July 2013 - 03:39 PM

This is not looking good.

Do you have any clean backup copies of some of the encrypted files?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Samer11

Samer11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 16 July 2013 - 03:23 AM

at first when I had the virus, I back up my laptop to one week ago and the files still encrypted

I don't know if you that what you mean 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:55 PM

Posted 16 July 2013 - 07:23 AM

I was wondering if you have clean backup files and it appears you don't. Unfortunately I do not think there is any way for us to reverse what has been done.

I wish I had better news but we are at a dead end. I can't say for certain but the probabilities are this infection was delivered via peer to peer file sharing, like µTorrent :(.

Apart from this, is there anything else I might be able to assist you with?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users