Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dirty encrypt virus strikes again!


  • This topic is locked This topic is locked
26 replies to this topic

#1 Konig91

Konig91

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 13 December 2013 - 08:44 AM

Hello, I recently filmed some videos with my Olympus camera but as soon as I wanted to play the videos with VLC media player I get this message that I need to run dirtyencrypt.exe.

 

I recently found out it's a virus, so I'm asking for help to remove it. Thanks!

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514
Run by Aurel at 16:17:44 on 2013-12-13
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1911.742 [GMT 2:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\COMODO\COMMON\COSService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\COMODO\COMMON\SynchronizationService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Users\Aurel\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ro/
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [uTorrent] "c:\users\aurel\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [CCD] c:\program files\comodo\cdrive\cDrive.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [CCD] c:\program files\comodo\cdrive\cDrive.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7AAC1CE9-2A96-4E5B-8292-B7997481A329} : DHCPNameServer = 192.168.1.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aurel\appdata\roaming\mozilla\firefox\profiles\q0fkhscc.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cbvd;Comodo Backup Virtual Disk;c:\windows\system32\drivers\cbvd.sys [2013-11-29 564928]
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2013-9-17 49240]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2013-10-12 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2013-10-12 12464]
R0 Reparse;Reparse;c:\windows\system32\drivers\CBreparse.sys [2013-11-29 566360]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-9-17 188808]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2013-9-17 37416]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2013-9-25 81920]
R2 COSService.exe;COMODO Online Storage Service;c:\program files\comodo\common\COSService.exe [2013-11-29 3043520]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2013-9-12 1337752]
R2 SynchronizationService.exe;COMODO BackUp Service;c:\program files\comodo\common\SynchronizationService.exe [2013-11-29 2784960]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\drivers\bcmvwl32.sys [2013-9-24 17144]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-3-19 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-3-19 232960]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2013-9-25 197224]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-9-25 1343400]
.
=============== Created Last 30 ================
.
2013-12-13 13:26:44    --------    d-----w-    C:\AdwCleaner
2013-12-13 13:17:08    --------    d-----w-    C:\FRST
2013-12-12 10:14:27    --------    d-----w-    c:\windows\system32\appmgmt
2013-12-11 14:32:11    --------    d-----w-    c:\users\aurel\appdata\roaming\GameRanger
2013-12-11 14:19:56    2297552    ----a-w-    c:\windows\system32\d3dx9_26.dll
2013-12-10 14:58:37    --------    d-----w-    C:\DirectX
2013-12-10 14:53:17    --------    d-----w-    c:\program files\Microsoft
2013-12-10 14:52:12    --------    d-----w-    c:\windows\system32\directx
2013-12-09 08:03:23    --------    d-----w-    c:\windows\system32\sda
2013-12-07 10:56:42    60872    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{aa50e51b-5428-4075-b07e-446d84ff9525}\offreg.dll
2013-12-06 14:58:40    --------    d-----w-    c:\users\aurel\appdata\roaming\ESET
2013-12-06 14:50:05    --------    d-----w-    c:\program files\ESET
2013-11-29 20:10:04    564928    ----a-w-    c:\windows\system32\drivers\cbvd.sys
2013-11-29 20:09:46    566360    ----a-w-    c:\windows\system32\drivers\CBreparse.sys
2013-11-24 12:46:40    --------    d-----w-    c:\windows\ComodoVirtualDrives
2013-11-24 12:44:29    --------    d-----w-    c:\programdata\COMODO
2013-11-24 12:44:27    --------    d-----w-    c:\program files\COMODO
2013-11-24 12:44:19    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2013-11-24 12:44:19    1700352    ----a-w-    c:\windows\system32\gdiplus.dll
2013-11-24 12:44:19    1060864    ----a-w-    c:\windows\system32\mfc71.dll
.
==================== Find3M  ====================
.
2013-12-11 10:16:35    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 10:16:35    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-25 01:09:55    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2013-09-24 23:17:56    811520    ----a-w-    c:\windows\system32\user32.dll
2013-09-24 23:17:56    409088    ----a-w-    c:\windows\system32\systemcpl.dll
2013-09-24 23:17:56    13824    ----a-w-    c:\windows\system32\slwga.dll
2013-09-17 13:17:38    49240    ----a-w-    c:\windows\system32\drivers\epfwwfp.sys
2013-09-17 13:17:38    37416    ----a-w-    c:\windows\system32\drivers\EpfwLWF.sys
2013-09-17 13:17:38    188808    ----a-w-    c:\windows\system32\drivers\eamonm.sys
2013-09-17 13:17:38    174400    ----a-w-    c:\windows\system32\drivers\epfw.sys
2013-09-17 13:17:38    134248    ----a-w-    c:\windows\system32\drivers\ehdrv.sys
.
============= FINISH: 16:18:23,74 ===============

Attached Files


Edited by Konig91, 13 December 2013 - 09:21 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 18 December 2013 - 08:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517344 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 20 December 2013 - 07:01 PM

Greetings Konig91 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Konig91

Konig91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 21 December 2013 - 04:20 AM

Hmm only FRST.txt was created...

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by Aurel (administrator) on AUREL-PC on 21-12-2013 11:17:10
Running from C:\Users\Aurel\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\COSService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(BitTorrent Inc.) C:\Users\Aurel\AppData\Roaming\uTorrent\uTorrent.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(COMODO Security Solutions) C:\Program Files\COMODO\cDrive\cDrive.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE [5249024 2010-02-02] (Dell Inc.)
HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2013-07-22] (Power Software Ltd)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-02] (Nero AG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5110672 2013-09-12] (ESET)
HKCU\...\Run: [uTorrent] - C:\Users\Aurel\AppData\Roaming\uTorrent\uTorrent.exe [1130576 2013-09-25] (BitTorrent Inc.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKCU\...\Run: [CCD] - C:\Program Files\COMODO\cDrive\cDrive.exe [7447216 2013-12-19] (COMODO Security Solutions)
MountPoints2: F - F:\autorun.exe
MountPoints2: G - G:\Setup\rsrc\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ro/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x03C215B881B9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Aurel\AppData\Roaming\Mozilla\Firefox\Profiles\q0fkhscc.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipediaro.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR DefaultSearchKeyword: google.ro
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Users\Aurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\Aurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\Aurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\Aurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Google Wallet) - C:\Users\Aurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Aurel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

========================== Services (Whitelisted) =================

R2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3043520 2013-12-19] (COMODO Security Solutions)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1337752 2013-09-12] (ESET)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-06-17] (IDT, Inc.)
R2 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2783936 2013-12-19] (COMODO Security Solutions)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation)
R3 BcmVWL; C:\Windows\System32\DRIVERS\bcmvwl32.sys [17144 2010-02-02] (Broadcom Corporation)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [564928 2013-12-19] (COMODO Security Solutions Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [37416 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [49240 2013-09-17] (ESET)
R0 Reparse; C:\Windows\System32\DRIVERS\CBReparse.sys [566360 2013-12-19] (COMODO Security Solutions Inc.)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113336 2013-07-22] (Power Software Ltd)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-21 11:16 - 2013-12-21 11:17 - 00008257 _____ C:\Users\Aurel\Desktop\FRST.txt
2013-12-19 14:29 - 2013-12-19 14:29 - 00566360 _____ (COMODO Security Solutions Inc.) C:\Windows\system32\Drivers\CBreparse.sys
2013-12-19 14:29 - 2013-12-19 14:29 - 00564928 _____ (COMODO Security Solutions Inc.) C:\Windows\system32\Drivers\cbvd.sys
2013-12-18 06:33 - 2013-12-18 06:33 - 00000062 _____ C:\Users\Aurel\Downloads\listen.pls
2013-12-17 19:38 - 2013-12-19 20:51 - 00000918 _____ C:\Users\Public\Desktop\cDrive.lnk
2013-12-16 19:54 - 2013-12-16 19:54 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-16 16:17 - 2013-12-16 16:17 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-12-13 16:17 - 2013-12-13 16:17 - 00688992 ____R (Swearware) C:\Users\Aurel\Downloads\dds.com
2013-12-13 15:57 - 2013-12-21 11:09 - 00000000 ____D C:\Users\Aurel\Desktop\Programe
2013-12-13 15:49 - 2013-12-13 15:50 - 00000171 _____ C:\Users\Aurel\Desktop\New Internet Shortcut.url
2013-12-13 15:26 - 2013-12-13 15:29 - 00000000 ____D C:\AdwCleaner
2013-12-13 15:24 - 2013-12-21 11:09 - 01325858 _____ (Farbar) C:\Users\Aurel\Desktop\FRST.exe
2013-12-13 15:18 - 2013-12-13 15:18 - 00013132 _____ C:\Users\Aurel\Downloads\Addition.txt
2013-12-13 15:17 - 2013-12-21 11:09 - 00000000 ____D C:\FRST
2013-12-13 15:17 - 2013-12-13 15:18 - 00026286 _____ C:\Users\Aurel\Downloads\FRST.txt
2013-12-12 12:14 - 2013-12-12 12:14 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-11 17:28 - 2013-12-11 17:28 - 00024771 _____ C:\Users\Aurel\Downloads\Almost_Human_S01E05_HDTV_x264_LOL__Almost_Human_S01E05_720p_HDTV_X264_DIMENSION(2).zip
2013-12-11 17:25 - 2013-12-11 17:25 - 00024771 _____ C:\Users\Aurel\Downloads\Almost_Human_S01E05_HDTV_x264_LOL__Almost_Human_S01E05_720p_HDTV_X264_DIMENSION(1).zip
2013-12-11 16:36 - 2013-12-11 16:45 - 00000000 ____D C:\Users\Aurel\Documents\FIFA 11
2013-12-11 16:32 - 2013-12-11 16:32 - 00114352 _____ (GameRanger Technologies) C:\Users\Aurel\Downloads\GameRangerSetup.exe
2013-12-11 16:32 - 2013-12-11 16:32 - 00001018 _____ C:\Users\Aurel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2013-12-11 16:32 - 2013-12-11 16:32 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\GameRanger
2013-12-11 16:30 - 2013-12-11 16:30 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\Leadertech
2013-12-11 16:20 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-12-11 16:20 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-12-11 16:20 - 2009-03-16 14:18 - 00069448 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-12-11 16:20 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-12-11 16:20 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-12-11 16:20 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-12-11 16:20 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-12-11 16:20 - 2008-10-15 07:03 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-12-11 16:20 - 2008-10-15 07:03 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-12-11 16:20 - 2008-10-15 07:03 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-12-11 16:20 - 2008-10-15 07:03 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-12-11 16:20 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-12-11 16:20 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-12-11 16:20 - 2008-07-30 06:20 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-12-11 16:20 - 2008-07-30 06:20 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-12-11 16:20 - 2008-07-30 06:20 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-12-11 16:20 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-12-11 16:20 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-12-11 16:20 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-12-11 16:20 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-12-11 16:20 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-12-11 16:20 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-12-11 16:20 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-12-11 16:20 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-12-11 16:20 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-12-11 16:20 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-12-11 16:20 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-12-11 16:20 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-12-11 16:20 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-12-11 16:20 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-12-11 16:20 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-12-11 16:20 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-12-11 16:20 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-12-11 16:20 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-12-11 16:20 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-12-11 16:20 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-12-11 16:20 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-12-11 16:20 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-12-11 16:20 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-12-11 16:20 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-12-11 16:20 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-12-11 16:20 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-12-11 16:20 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-12-11 16:20 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-12-11 16:20 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-12-11 16:20 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-12-11 16:20 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-12-11 16:20 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-12-11 16:20 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-12-11 16:20 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-12-11 16:20 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-12-11 16:20 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-12-11 16:20 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-12-11 16:20 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-12-11 16:20 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-12-11 16:20 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-12-11 16:20 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-12-11 16:20 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-12-11 16:20 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-12-11 16:20 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-12-11 16:20 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-12-11 16:20 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-12-11 16:19 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-12-11 16:19 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-12-11 16:19 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-12-11 16:19 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-12-11 16:19 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-12-11 16:19 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-12-11 16:19 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-12-11 12:37 - 2013-12-11 12:37 - 00024771 _____ C:\Users\Aurel\Downloads\Almost_Human_S01E05_HDTV_x264_LOL__Almost_Human_S01E05_720p_HDTV_X264_DIMENSION.zip
2013-12-11 12:22 - 2013-12-11 12:23 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\dvdcss
2013-12-10 16:58 - 2013-12-10 16:58 - 00000000 ____D C:\DirectX
2013-12-10 16:55 - 2013-12-10 16:58 - 35113704 _____ (Microsoft Corporation) C:\Users\Aurel\Downloads\directx_9c_redist.exe
2013-12-10 16:52 - 2013-12-10 16:52 - 00292184 _____ (Microsoft Corporation) C:\Users\Aurel\Downloads\dxwebsetup.exe
2013-12-10 16:52 - 2013-12-10 16:52 - 00000000 ____D C:\Windows\system32\directx
2013-12-10 16:51 - 2013-12-10 16:51 - 00000000 ____D C:\Users\Aurel\Documents\FIFA 14
2013-12-09 10:03 - 2013-12-09 10:03 - 00000000 ____D C:\Windows\system32\sda
2013-12-08 20:37 - 2013-12-08 20:37 - 00328569 _____ C:\Users\Aurel\Downloads\Attachments_2013128.zip
2013-12-08 20:36 - 2013-12-08 20:36 - 00043520 _____ C:\Users\Aurel\Downloads\ANEXA 1.xls
2013-12-06 16:58 - 2013-12-06 16:58 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\ESET
2013-12-06 16:50 - 2013-12-06 16:50 - 00000000 ____D C:\ProgramData\ESET
2013-12-06 16:50 - 2013-12-06 16:50 - 00000000 ____D C:\Program Files\ESET
2013-12-06 16:43 - 2013-12-06 16:45 - 72884224 _____ C:\Users\Aurel\Downloads\ess_nt32_enu.msi
2013-12-02 14:19 - 2013-12-02 17:06 - 00000000 ____D C:\Users\Aurel\Desktop\AutoCAD Map_5
2013-11-24 14:46 - 2013-12-21 11:08 - 00000000 ____D C:\Windows\ComodoVirtualDrives
2013-11-24 14:44 - 2013-11-24 14:44 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2013-11-24 14:44 - 2013-11-24 14:44 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2013-11-24 14:44 - 2013-11-24 14:44 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2013-11-24 14:44 - 2013-11-24 14:44 - 00000000 ____D C:\ProgramData\COMODO
2013-11-24 14:44 - 2013-11-24 14:44 - 00000000 ____D C:\Program Files\COMODO
2013-11-24 14:39 - 2013-11-24 14:44 - 18577192 _____ (COMODO) C:\Users\Aurel\Downloads\cDrive_Setup.exe

==================== One Month Modified Files and Folders =======

2013-12-21 11:17 - 2013-12-21 11:16 - 00008257 _____ C:\Users\Aurel\Desktop\FRST.txt
2013-12-21 11:16 - 2013-09-26 02:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-21 11:16 - 2013-09-25 01:57 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-21 11:14 - 2013-09-25 02:00 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\uTorrent
2013-12-21 11:09 - 2013-12-13 15:57 - 00000000 ____D C:\Users\Aurel\Desktop\Programe
2013-12-21 11:09 - 2013-12-13 15:24 - 01325858 _____ (Farbar) C:\Users\Aurel\Desktop\FRST.exe
2013-12-21 11:09 - 2013-12-13 15:17 - 00000000 ____D C:\FRST
2013-12-21 11:09 - 2013-09-25 01:12 - 00279289 _____ C:\Windows\WindowsUpdate.log
2013-12-21 11:08 - 2013-11-24 14:46 - 00000000 ____D C:\Windows\ComodoVirtualDrives
2013-12-21 11:06 - 2013-09-25 01:57 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-21 11:06 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 11:06 - 2009-07-14 06:39 - 00048266 _____ C:\Windows\setupact.log
2013-12-20 19:17 - 2013-09-26 02:15 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\vlc
2013-12-20 07:57 - 2009-07-14 06:34 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 07:57 - 2009-07-14 06:34 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-20 07:32 - 2010-11-20 23:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 20:51 - 2013-12-17 19:38 - 00000918 _____ C:\Users\Public\Desktop\cDrive.lnk
2013-12-19 20:14 - 2013-10-04 21:25 - 00000400 __RSH C:\ProgramData\ntuser.pol
2013-12-19 14:29 - 2013-12-19 14:29 - 00566360 _____ (COMODO Security Solutions Inc.) C:\Windows\system32\Drivers\CBreparse.sys
2013-12-19 14:29 - 2013-12-19 14:29 - 00564928 _____ (COMODO Security Solutions Inc.) C:\Windows\system32\Drivers\cbvd.sys
2013-12-18 11:28 - 2010-11-21 02:46 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-12-18 06:33 - 2013-12-18 06:33 - 00000062 _____ C:\Users\Aurel\Downloads\listen.pls
2013-12-16 19:54 - 2013-12-16 19:54 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-16 16:43 - 2013-09-25 01:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-16 16:24 - 2013-10-12 18:40 - 00028173 _____ C:\Windows\DirectX.log
2013-12-16 16:17 - 2013-12-16 16:17 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-12-13 16:17 - 2013-12-13 16:17 - 00688992 ____R (Swearware) C:\Users\Aurel\Downloads\dds.com
2013-12-13 15:50 - 2013-12-13 15:49 - 00000171 _____ C:\Users\Aurel\Desktop\New Internet Shortcut.url
2013-12-13 15:29 - 2013-12-13 15:26 - 00000000 ____D C:\AdwCleaner
2013-12-13 15:18 - 2013-12-13 15:18 - 00013132 _____ C:\Users\Aurel\Downloads\Addition.txt
2013-12-13 15:18 - 2013-12-13 15:17 - 00026286 _____ C:\Users\Aurel\Downloads\FRST.txt
2013-12-13 14:47 - 2013-09-29 13:01 - 00000000 ____D C:\Users\Aurel\AppData\Local\Adobe
2013-12-12 12:14 - 2013-12-12 12:14 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-11 17:28 - 2013-12-11 17:28 - 00024771 _____ C:\Users\Aurel\Downloads\Almost_Human_S01E05_HDTV_x264_LOL__Almost_Human_S01E05_720p_HDTV_X264_DIMENSION(2).zip
2013-12-11 17:25 - 2013-12-11 17:25 - 00024771 _____ C:\Users\Aurel\Downloads\Almost_Human_S01E05_HDTV_x264_LOL__Almost_Human_S01E05_720p_HDTV_X264_DIMENSION(1).zip
2013-12-11 16:45 - 2013-12-11 16:36 - 00000000 ____D C:\Users\Aurel\Documents\FIFA 11
2013-12-11 16:32 - 2013-12-11 16:32 - 00114352 _____ (GameRanger Technologies) C:\Users\Aurel\Downloads\GameRangerSetup.exe
2013-12-11 16:32 - 2013-12-11 16:32 - 00001018 _____ C:\Users\Aurel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2013-12-11 16:32 - 2013-12-11 16:32 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\GameRanger
2013-12-11 16:30 - 2013-12-11 16:30 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\Leadertech
2013-12-11 16:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-11 12:37 - 2013-12-11 12:37 - 00024771 _____ C:\Users\Aurel\Downloads\Almost_Human_S01E05_HDTV_x264_LOL__Almost_Human_S01E05_720p_HDTV_X264_DIMENSION.zip
2013-12-11 12:23 - 2013-12-11 12:22 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\dvdcss
2013-12-11 12:16 - 2013-09-26 02:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 12:16 - 2013-09-26 02:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 16:58 - 2013-12-10 16:58 - 00000000 ____D C:\DirectX
2013-12-10 16:58 - 2013-12-10 16:55 - 35113704 _____ (Microsoft Corporation) C:\Users\Aurel\Downloads\directx_9c_redist.exe
2013-12-10 16:52 - 2013-12-10 16:52 - 00292184 _____ (Microsoft Corporation) C:\Users\Aurel\Downloads\dxwebsetup.exe
2013-12-10 16:52 - 2013-12-10 16:52 - 00000000 ____D C:\Windows\system32\directx
2013-12-10 16:51 - 2013-12-10 16:51 - 00000000 ____D C:\Users\Aurel\Documents\FIFA 14
2013-12-09 10:03 - 2013-12-09 10:03 - 00000000 ____D C:\Windows\system32\sda
2013-12-08 20:37 - 2013-12-08 20:37 - 00328569 _____ C:\Users\Aurel\Downloads\Attachments_2013128.zip
2013-12-08 20:36 - 2013-12-08 20:36 - 00043520 _____ C:\Users\Aurel\Downloads\ANEXA 1.xls
2013-12-06 16:58 - 2013-12-06 16:58 - 00000000 ____D C:\Users\Aurel\AppData\Roaming\ESET
2013-12-06 16:58 - 2013-10-04 19:13 - 00000000 ____D C:\Users\Aurel\AppData\Local\ESET
2013-12-06 16:50 - 2013-12-06 16:50 - 00000000 ____D C:\ProgramData\ESET
2013-12-06 16:50 - 2013-12-06 16:50 - 00000000 ____D C:\Program Files\ESET
2013-12-06 16:45 - 2013-12-06 16:43 - 72884224 _____ C:\Users\Aurel\Downloads\ess_nt32_enu.msi
2013-12-02 17:06 - 2013-12-02 14:19 - 00000000 ____D C:\Users\Aurel\Desktop\AutoCAD Map_5
2013-11-24 14:44 - 2013-11-24 14:44 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2013-11-24 14:44 - 2013-11-24 14:44 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2013-11-24 14:44 - 2013-11-24 14:44 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2013-11-24 14:44 - 2013-11-24 14:44 - 00000000 ____D C:\ProgramData\COMODO
2013-11-24 14:44 - 2013-11-24 14:44 - 00000000 ____D C:\Program Files\COMODO
2013-11-24 14:44 - 2013-11-24 14:39 - 18577192 _____ (COMODO) C:\Users\Aurel\Downloads\cDrive_Setup.exe

Some content of TEMP:
====================
C:\Users\Aurel\AppData\Local\Temp\AskSLib.dll
C:\Users\Aurel\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Aurel\AppData\Local\Temp\feedback.dll
C:\Users\Aurel\AppData\Local\Temp\InstHelper.exe
C:\Users\Aurel\AppData\Local\Temp\nsc32F4.tmp.exe
C:\Users\Aurel\AppData\Local\Temp\Quarantine.exe
C:\Users\Aurel\AppData\Local\Temp\safeguard.exe
C:\Users\Aurel\AppData\Local\Temp\utt2EC3.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-11 13:12

==================== End Of Log ============================



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 21 December 2013 - 09:32 PM

Greetings,

Sorry for the delay. I was never notified you posted. Are all of your documents encrypted and are you unable to access them?

Please rerun FRST and make sure the Addition.txt box is checked. You need only post that log.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Aurel\AppData\Local\Temp\AskSLib.dll
C:\Users\Aurel\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Aurel\AppData\Local\Temp\feedback.dll
C:\Users\Aurel\AppData\Local\Temp\InstHelper.exe
C:\Users\Aurel\AppData\Local\Temp\nsc32F4.tmp.exe
C:\Users\Aurel\AppData\Local\Temp\Quarantine.exe
C:\Users\Aurel\AppData\Local\Temp\safeguard.exe
C:\Users\Aurel\AppData\Local\Temp\utt2EC3.tmp.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Konig91

Konig91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 23 December 2013 - 12:39 PM

I can't acces just some of the infected files, thankfully not all of the files are infected. Now here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2013 01
Ran by Aurel at 2013-12-23 19:37:32 Run:2
Running from C:\Users\Aurel\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Aurel\AppData\Local\Temp\AskSLib.dll
C:\Users\Aurel\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Aurel\AppData\Local\Temp\feedback.dll
C:\Users\Aurel\AppData\Local\Temp\InstHelper.exe
C:\Users\Aurel\AppData\Local\Temp\nsc32F4.tmp.exe
C:\Users\Aurel\AppData\Local\Temp\Quarantine.exe
C:\Users\Aurel\AppData\Local\Temp\safeguard.exe
C:\Users\Aurel\AppData\Local\Temp\utt2EC3.tmp.exe
*****************

C:\Users\Aurel\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Aurel\AppData\Local\Temp\BingBarSetup-Partner.exe => Moved successfully.
C:\Users\Aurel\AppData\Local\Temp\feedback.dll => Moved successfully.
C:\Users\Aurel\AppData\Local\Temp\InstHelper.exe => Moved successfully.
C:\Users\Aurel\AppData\Local\Temp\nsc32F4.tmp.exe => Moved successfully.
C:\Users\Aurel\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Aurel\AppData\Local\Temp\safeguard.exe => Moved successfully.
C:\Users\Aurel\AppData\Local\Temp\utt2EC3.tmp.exe => Moved successfully.

==== End of Fixlog ====

 

And now the contents of the addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2013 01
Ran by Aurel at 2013-12-23 19:42:46
Running from C:\Users\Aurel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.1.30017)
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.05) - Romanian (Version: 11.0.05)
Bing Bar (Version: 7.1.362.0)
cDrive (Version: 1.0.5.2)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
DW WLAN Card Utility (Version: 5.60.48.35)
ESET Smart Security (Version: 7.0.302.26)
GameRanger
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
HitmanPro 3.7 (Version: 3.7.8.208)
IDT Audio (Version: 1.0.6289.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2104)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Mozilla Firefox 26.0 (x86 ro) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Ultra Edition (Version: 7.02.8631)
Nero Backup Drivers (Version: 1.0.10000.1.0)
neroxml (Version: 1.0.0)
NVIDIA Drivers
PowerISO (Version: 5.7)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30127)
SopCast 3.5.0 (Version: 3.5.0)
VLC media player 2.0.8 (Version: 2.0.8)
Widevine Media Optimizer Chrome 6.0.0 (HKCU Version: 6.0.0.12442)
Widevine Media Optimizer Chrome 6.0.0 (Version: 6.0.0.12442)
Winamp (Version: 5.666 )
WinRAR 5.00 (32-bit) (Version: 5.00.0)

==================== Restore Points  =========================

22-12-2013 05:55:58 Installed DirectX

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03AD0555-587C-425E-80C3-AE639C7F7052} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-25] (Google Inc.)
Task: {7FD40BC4-6EB0-4776-9731-1740BD8CD981} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-25] (Google Inc.)
Task: {8072E5B8-5B14-4D1D-B10C-4019D66DDECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-21 16:08 - 2013-12-21 16:08 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2013 03:03:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2013 03:01:31 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/22/2013 06:51:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2013 06:49:18 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/22/2013 01:49:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2013 01:47:15 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/22/2013 07:59:31 AM) (Source: Application Hang) (User: )
Description: The program winamp.exe version 5.6.6.3516 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e9c

Start Time: 01cefedadcbdab52

Termination Time: 51

Application Path: C:\Program Files\Winamp\winamp.exe

Report Id: 36685cda-6ace-11e3-8d49-782bcbc7edb6

Error: (12/22/2013 07:55:58 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {925de0d1-c19d-4bfe-8a3f-dab6348f7832}

Error: (12/22/2013 07:33:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2013 07:31:52 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.


System errors:
=============
Error: (12/20/2013 09:10:26 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/20/2013 09:10:25 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/20/2013 09:10:24 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/20/2013 09:10:24 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/20/2013 03:09:13 PM) (Source: DCOM) (User: Aurel-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Aurel-PCAurelS-1-5-21-1687747692-2696497295-4279089546-1000LocalHost (Using LRPC)

Error: (12/19/2013 04:42:29 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/19/2013 04:42:29 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/19/2013 04:42:28 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/19/2013 04:42:27 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/19/2013 00:54:12 PM) (Source: DCOM) (User: )
Description: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding740{B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE}


Microsoft Office Sessions:
=========================
Error: (12/23/2013 03:03:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2013 03:01:31 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (12/22/2013 06:51:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2013 06:49:18 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (12/22/2013 01:49:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2013 01:47:15 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (12/22/2013 07:59:31 AM) (Source: Application Hang)(User: )
Description: winamp.exe5.6.6.3516e9c01cefedadcbdab5251C:\Program Files\Winamp\winamp.exe36685cda-6ace-11e3-8d49-782bcbc7edb6

Error: (12/22/2013 07:55:58 AM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {925de0d1-c19d-4bfe-8a3f-dab6348f7832}

Error: (12/22/2013 07:33:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2013 07:31:52 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 1910.69 MB
Available physical RAM: 912.86 MB
Total Pagefile: 3821.38 MB
Available Pagefile: 2565.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.85 GB) (Free:25.63 GB) NTFS
Drive d: (multimedia) (Fixed) (Total:122.19 GB) (Free:12.5 GB) NTFS
Drive e: (topocadastrale) (Fixed) (Total:126.95 GB) (Free:16.36 GB) NTFS
Drive i: (cDrive) (Removable) (Total:10 GB) (Free:9.98 GB) COSFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B480A2E5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=122 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=127 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by Konig91, 23 December 2013 - 12:45 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 23 December 2013 - 01:56 PM

How is your computer running? Are you having any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Konig91

Konig91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 23 December 2013 - 02:10 PM

Not really. Why?


Edited by Konig91, 23 December 2013 - 02:10 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 23 December 2013 - 02:22 PM

Because I need to know whether we have to address specific performance issues or just make sure there is no malware on your computer.

Please run these scans for me.

===================================================

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware Free and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • MBAM results
  • ESET results
  • How is your computer running now? Any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Konig91

Konig91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 24 December 2013 - 05:10 AM

The log from Malwarebytes:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.24.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Aurel :: AUREL-PC [administrator]

24.12.2013 09:18:54
mbam-log-2013-12-24 (09-18-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199895
Time elapsed: 10 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-1687747692-2696497295-4279089546-1000\$RWKH2OA.rar (PUP.Riskware.Patcher) -> Quarantined and deleted successfully.
C:\Users\Aurel\Downloads\PowerISO5.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)

 

The log from Eset Online Scanner:

 

C:\FRST\Quarantine\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
D:\$RECYCLE.BIN\S-1-5-21-1687747692-2696497295-4279089546-1000\$RV7TDJ3.exe    Win32/Keygen.AJ application    cleaned by deleting - quarantined
D:\$RECYCLE.BIN\S-1-5-21-4030561934-3054189974-4144296871-1000\$RG5HVXJ.iso    multiple threats    deleted - quarantined
D:\cult\MUZICA\audio\colinde\Liliana Balcan - Colinde (2003)\SOFT\SetupImgBurn_2.5.5.0.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
D:\cult\MUZICA\audio\colinde\Liliana Balcan - Colinde (2003)\SOFT\veetle-0.9.18.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
D:\descarcari\FreeYouTubeDownloaderInstaller.exe    a variant of Win32/Somoto.A application    cleaned by deleting - quarantined
D:\FILME\Falling.Skies.S03E05.720p.HDTV.x264-IMMERSE\falling.skies.s03e05.720p.hdtv.x264-immerse.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
D:\FILME\Falling.Skies.S03E05.720p.HDTV.x264-IMMERSE\Falling_Skies_S03E05_HDTV_x264_ASAP_Falling_Skies_S03E05_720p_HDTV_x264_IMMERSE.zip    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
D:\FILME\Revolution.2012.S01E18.HDTV.x264-LOL\revolution.2012.118.hdtv-lol.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
D:\Microsoft Windows 7 X64 64bit All Editions Activated\Microsoft Windows 7 X64 64bit All Editions.iso    Win32/HackTool.WinActivator.I application    deleted - quarantined
D:\SOFTURI\Setup-SopCast-3.4.0-2011-6-9.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
D:\SOFTURI\Setup-SopCast-3.8.3-2013-6-26.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
D:\SOFTURI\TNod-1.4.2.1-final-setup.exe    Win32/RiskWare.HackAV.JA application    cleaned by deleting - quarantined
D:\SOFTURI\winamp5601_full_emusic-7plus_en-us.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
D:\SOFTURI\Antivirus\TNod-1.4.2.1-final-setup.exe    Win32/RiskWare.HackAV.JA application    cleaned by deleting - quarantined
D:\SOFTURI\SopCast-3.5.0\SopCast-3.5.0.exe    multiple threats    cleaned by deleting - quarantined
E:\CADASTRU\CADASTRU-lucrari\MASURATORI 2012.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\COM.CATUNELE_CADASTRALE\digitale-com catunele\AGRICOL\DIVERSE_CADASTRALE\stick_02.03.2011\SOFTURI\NOD32 Antivirus System 2.70.39\NOD32 Antivirus System 2.70.39.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\COM.CATUNELE_CADASTRALE\digitale-com catunele\AGRICOL\DIVERSE_CADASTRALE\stick_02.03.2011\SOFTURI\NOD32 Antivirus System 2.70.39\NOD32view_2.10.1..exe    probably a variant of Win32/RiskWare.HackAV.GJ application    cleaned by deleting - quarantined
E:\COM.CATUNELE_CADASTRALE\digitale-com catunele\AGRICOL\DIVERSE_CADASTRALE\STÎLPI 110KW_CASTRU ROMAN\STÎLPI 110KW.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\COM.CATUNELE_CADASTRALE\digitale-com catunele\TISMANA\TISMANA.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\At.Any.Price.2012.LiMiTED.BDRip.X264-GECKOS\at.any.price.2012.bdrip.x264-geckos.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\At.Any.Price.2012.LiMiTED.BDRip.X264-GECKOS\Subs\at.any.price.2012.bdrip.x264-geckos.subs.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\Falling Skies Season 02 HDTV XviD-AFG - Sauron\Falling_Skies_S02_HDTV_XviD_AFG.zip    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\Falling.Skies.S03E03.720p.HDTV.x264-EVOLVE\falling.skies.s03e03.720p.hdtv.x264-evolve.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\Falling.Skies.S03E04.720p.HDTV.x264-EVOLVE\falling.skies.s03e04.720p.hdtv.x264-evolve.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\Falling.Skies.S03E04.720p.HDTV.x264-EVOLVE\Falling_Skies_S03E04_720p_HDTV_x264_EVOLVE.zip    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\Microsoft.Windows.XP.Professional.SP3.x86.Integrated.December.2012-Maherz\OEM\DPM1209.7z    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\Microsoft.Windows.XP.Professional.SP3.x86.Integrated.December.2012-Maherz\OEM\bin\DPsFnshr.7z    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\orphan black\Orphan.Black.S01E02.HDTV.x264-EVOLVE\orphan.black.s01e02.hdtv.x264-evolve.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\orphan black\Orphan.Black.S01E04.HDTV.x264-EVOLVE\orphan.black.s01e04.hdtv.x264-evolve.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\Orphan.Black.S01E01.HDTV.x264-2HD\orphan.black.s01e01.hdtv.x264-2hd.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\Orphan.Black.S01E01.HDTV.x264-2HD\Orphan.Black.S01E03.HDTV.x264-2HD\orphan.black.s01e03.hdtv.x264-2hd.rar    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
E:\media\revolution\Revolution 2012 S01E08. HDTV x264-SpeedME\www-titrari-ro-90879-Revolution_-_Sezonul_1_(2012)-23_97_FPS.zip    Win32/Filecoder.BH.Gen trojan    deleted - quarantined
 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 24 December 2013 - 09:00 AM

Looks like ESET cleaned up a lot of leftovers. Unfortunately there is no way to decrypt the encrypted files.

Is there anything else I might be able to help you with?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Konig91

Konig91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 24 December 2013 - 01:44 PM

Look mate, the video files themselves are not encrypted, they are infected with a virus, or malware, which just shows me on screen that I need to press a certain combination of keys, or to run a decrypt.exe executable (suspicious, I know). 

 

Before posting here in the first place, I lurked around the forums to look for a similar problem, and you helped a guy in the past who had the same problem as mine. I believe he had his username Monroe, or something like that. I thought that I should make a post here so you can provide me with a more personalized solution, based on the logs from my machine.

 

Thanks for your patience and commitment! 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 24 December 2013 - 02:05 PM

My fault, please run this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*dirty*
*decrypt*
:folderfind
*dirty*
*decrypt*
:regfind
*dirty*
*decrypt*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. If necessary please zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook log

Edited by Oh My, 24 December 2013 - 02:37 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Konig91

Konig91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 25 December 2013 - 07:33 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 14:27 on 25/12/2013 by Aurel
Administrator - Elevation successful

========== filefind ==========

Searching for "*dirty*"
No files found.

Searching for "*decrypt*"
No files found.

========== folderfind ==========

Searching for "*dirty*"
No folders found.

Searching for "*decrypt*"
No folders found.

========== regfind ==========

Searching for "*dirty*"
No data found.

Searching for "*decrypt*"
No data found.

-= EOF =-

 

It seems that nothing was found...do you know any different solutions?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 25 December 2013 - 09:19 AM

This was my fear and what led me to opine that your files could not be decrypted. The previous post you referenced involved a different version of DirtyDecrypt. The newer version, which you apparently have, is not so simple to reverse. If fact at this point experts have concluded the files can not be decrypted.
 
The only thing I can suggest is to right click on one of the files you can no longer open properly, select Properties, then click the Previous Versions tab.  If a previous version is present it may have escaped encryption. Try to access it and see if it will open.
 
Please let me know if you can locate and open any previous versions.  If not I am afraid you are out of luck.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users