Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomeware Crypted files virus v2.


  • This topic is locked This topic is locked
34 replies to this topic

#1 Wunderkid

Wunderkid

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 15 July 2014 - 12:11 PM

Mod edit: moved to Malware Removal Logs forum ~~ booopme


In previous topic didn't help me, so this is second topic.
First topic ( there you can find some infomartion what I did - which programms used ) http://www.bleepingcomputer.com/forums/t/540823/crypted-files-virus/?view=getnewpost
 
Picture of virus https://d3j5vwomefv46c.cloudfront.net/photos/large/860196405.jpg
 
I didn't find where I can attach here, because it writes there is no media to attach so I uploaded it to my e-mail
 
DDS Tool
http://files.inbox.lv/ticket/d21f572190c87ef57e7d75ec80c952179fbe740c/attach.txt
http://files.inbox.lv/ticket/0aef68b333bb96c53509b97a8133e04f7e0abc5d/dds.txt
 
there is button Lejupieladet (Download)
 
So as I said in previous topic I need only my pictures...
 
BIG THANK YOU! 
 
P.S. If you need some additional information please reply for this topic and I will answer ASAP.
 
I have question - if I will delete all files (exept pictures) by miniXP explorer, and install OS without formating HDD. It could work and I could get my pictures back? Because then there all registry files will be deleted and installed new OS.

Edited by boopme, 20 July 2014 - 08:58 PM.


BC AdBot (Login to Remove)

 


#2 Wunderkid

Wunderkid
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 19 July 2014 - 01:56 AM

DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 8.0.7601.17514
Run by klibais at 19:56:06 on 2014-07-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3003.1526 [GMT 3:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\klibais\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [Google Update] "C:\Users\klibais\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [uTorrent] "C:\Users\klibais\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [] C:\Users\klibais\Local Settings\Application Data\zlrjljdk.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\klibais\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\klibais\AppData\Local\Temp\_uninst_.bat
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 89.254.128.17 8.8.8.8
TCP: Interfaces\{6CF43E3D-1F03-446F-A01C-BC6C92C2BF9B} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A6029F32-7D41-4D4F-A50B-90FE4C16CC6F} : DHCPNameServer = 89.254.128.17 8.8.8.8
TCP: Interfaces\{A6029F32-7D41-4D4F-A50B-90FE4C16CC6F}\4556F6 : DHCPNameServer = 80.232.230.242 195.122.12.242
TCP: Interfaces\{A6029F32-7D41-4D4F-A50B-90FE4C16CC6F}\A5978554C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A6029F32-7D41-4D4F-A50B-90FE4C16CC6F}\B427573747160213 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 74.208.10.249 gs.apple.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-12 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-12 912504]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\Run\a2ddax64.sys [2014-7-14 26176]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-23 1151096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-12-5 283064]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110728.031\IDSviA64.sys [2011-7-29 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-12 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-12 386168]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-8-17 98208]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-20 315392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-29 136824]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-17 347680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-17 1093152]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w --> c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2010-1-5 1847296]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-7-14 57024]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-19 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-9 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-07-15 04:06:30 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-15 04:06:19 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-15 04:06:19 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-15 04:06:19 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-15 04:06:18 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-15 04:06:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-15 03:55:31 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-07-14 19:11:16 -------- d-----w- C:\Users\klibais\AppData\Roaming\Wise Registry Cleaner
2014-07-14 19:11:10 -------- d-----w- C:\Program Files (x86)\Wise
2014-07-14 05:32:34 -------- d-----w- C:\EEK
2014-07-14 05:10:56 -------- d-----w- C:\AdwCleaner
2014-07-14 04:53:30 -------- d-----w- C:\Windows\ERUNT
2014-07-13 21:38:26 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2014-07-12 17:00:55 -------- d-----w- C:\Program Files\TNod User & Password Finder
2014-07-12 16:30:43 -------- d-----w- C:\ProgramData\Alwil Software
2014-06-28 15:16:50 -------- d-----w- C:\Users\klibais\AppData\Local\AuxClient
2014-06-24 18:42:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-24 18:42:16 -------- d-----w- C:\Program Files\iPod
2014-06-24 18:42:15 -------- d-----w- C:\Program Files\iTunes
2014-06-24 18:42:15 -------- d-----w- C:\Program Files (x86)\iTunes
2014-06-24 18:27:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2014-06-24 18:27:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2014-06-24 18:27:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2014-06-24 18:27:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2014-06-24 18:27:47 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2014-06-19 15:12:45 -------- d-----w- C:\Users\klibais\AppData\Local\Titan Poker
.
==================== Find3M  ====================
.
.
============= FINISH: 19:57:24.18 ===============
 
 
Attach.txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 05/06/2011 13:27:08
System Uptime: 15/07/2014 19:26:48 (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 1605
Processor: Pentium® Dual-Core CPU       T4500  @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 38.675 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.201 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1765: 11/07/2014 09:59:27 - Windows Update
RP1766: 11/07/2014 18:11:29 - Windows Update
RP1767: 12/07/2014 16:42:42 - Windows Update
RP1768: 12/07/2014 18:46:05 - Windows Update
RP1769: 12/07/2014 19:25:06 - avast! Pro Antivirus Setup
RP1771: 13/07/2014 10:43:33 - Windows Update
RP1772: 13/07/2014 15:46:59 - Windows Update
RP1774: 13/07/2014 18:52:29 - Windows Update
RP1775: 14/07/2014 22:23:58 - Windows Update
RP1776: 15/07/2014 19:34:32 - Windows Update
.
==== Installed Programs ======================
.
 Leawo Video Converter version  5.2.0.1
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9.5.5 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Bejeweled 2 Deluxe
Betfred Poker
Blackhawk Striker 2
Bonjour
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Corel Paint Shop Pro Photo X2
CyberLink DVD Suite
CyberLink PowerDVD 9
CyberLink YouCam
DAEMON Tools Lite
Dora's Carnival Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Final Drive Nitro
Flvto Youtube Downloader
Full Tilt Poker
Full Tilt Poker.Eu
Google Chrome
Google Update Helper
Google+ Auto Backup
Holdem Manager 2
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Wireless Assistant
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java™ 6 Update 20 (64-bit)
Java™ 6 Update 37
Jewel Quest - Heritage
Junk Mail filter update
K-Lite Codec Pack 7.1.0 (Basic)
LabelPrint
Latvian (Apostrofs v0.3; komats)
LightScribe System Software
Magic Desktop
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton Online Backup
Penguins!
PhotoNow!
Picasa 3
Plants vs. Zombies
Poker Superstars III
PokerStars
PokerStrategy.com Equilab
Polar Bowler
Polar Golfer
PostgreSQL 8.4
Power2Go
PowerDirector
PowerISO
QuickTime 7
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Recovery Manager
RtVOsd
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Skype™ 6.11
Stronghold Crusader HD
Synaptics Pointing Device Driver
Titan Poker
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoLAN VLC media player 0.8.6d
Virtual Villagers - The Secret City
Warcraft III
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR 4.00 (64-bit)
Wise Registry Cleaner 8.22
Yahoo! Detect
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
15/07/2014 19:30:48, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  sptd
15/07/2014 19:26:50, Error: sptd [4]  - Driver detected an internal error in its data structures for .
15/07/2014 06:53:15, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
15/07/2014 06:53:14, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
15/07/2014 06:53:07, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
15/07/2014 06:52:58, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
15/07/2014 06:52:55, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 discache eeCtrl IDSVia64 SCDEmu spldr sptd SRTSPX SymIRON SymNetS Wanarpv6
15/07/2014 06:52:53, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
14/07/2014 22:36:04, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
14/07/2014 22:36:01, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
14/07/2014 22:36:01, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
14/07/2014 22:35:42, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr sptd SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
14/07/2014 22:35:42, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
14/07/2014 22:35:42, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
14/07/2014 22:35:42, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
14/07/2014 22:35:42, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
14/07/2014 22:35:42, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
14/07/2014 22:35:42, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
14/07/2014 22:35:42, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
14/07/2014 22:35:42, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
14/07/2014 22:35:42, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
14/07/2014 22:35:42, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
14/07/2014 22:16:51, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
14/07/2014 22:16:03, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
14/07/2014 22:16:03, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
14/07/2014 21:59:37, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
14/07/2014 08:29:11, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
14/07/2014 08:27:07, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
14/07/2014 08:25:33, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
.
==== End Of File ===========================


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 20 July 2014 - 09:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541054 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Wunderkid

Wunderkid
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 20 July 2014 - 11:53 PM

Answers to bot question...

1) in this link http://www.bleepingcomputer.com/forums/t/540823/crypted-files-virus/?view=getnewpost are all my steps...

2) DDS log you can use previously because I didn't do something new, because I have no idea what to do else...

3) Windows is genuiune, it was with my pc when I bought it, there is recovery partition.



#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:14 PM

Posted 21 July 2014 - 09:27 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Wunderkid

Wunderkid
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 21 July 2014 - 12:31 PM

Hi Machiavelli!

Thank you for your help!

If something will go wrong I cloned my HDD and we could try again.

If you need some additional information ask me please,  I will reply ASAP.

 

I have Windows Home Premium 64bit.

 

 

Edited:

I just take a minute to read the .txt and I saw the zlrjljdk.exe . It is the virus file. When I just started to remove by myself in the beginning there was a windows of virus, that my files are crypted. When I in task manager end this process, the window closed. Then I deleted it by Hirens CD miniXP in the appdata files and deleted temp files. But now I see it again....

 

Edited v2: 

I found it in regedit HKEY_USERS / S-1-5-21-3473252756-3935126852-435164757-1001 /Software / Microsoft / Windows / Run / Default

 

HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\Run: [] => C:\Users\klibais\Local Settings\Application Data\zlrjljdk.exe 

 

I'm waiting for your reply and I will delete it if you will tell me to delete it.

 

Hope to your help.

 

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014

Ran by klibais (administrator) on KLIBAIS-HP on 21-07-2014 20:21:37
Running from C:\Users\klibais\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6245408 2010-05-26] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [8192 2010-06-19] ()
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531272 2007-08-16] (Corel, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-06-02] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2012-02-09] (Power Software Ltd)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\Run: [Google Update] => C:\Users\klibais\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-05] (Google Inc.)
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-17] (Microsoft Corporation)
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\Run: [uTorrent] => "C:\Users\klibais\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED 
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\Run: [] => C:\Users\klibais\Local Settings\Application Data\zlrjljdk.exe  
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: H - H:\autoplay.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: {33b11930-b80c-11e1-819d-60eb69665358} - G:\AutoRun.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: {5a59499c-ffd6-11e0-b860-60eb69665358} - G:\AutoRun.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: {5a5949ab-ffd6-11e0-b860-60eb69665358} - F:\AutoRun.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: {5a594a1e-ffd6-11e0-b860-60eb69665358} - F:\AutoRun.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: {722f7294-5c52-11e3-87be-60eb69665358} - H:\autoplay.exe
Startup: C:\Users\klibais\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
ShortcutTarget: _uninst_.lnk -> C:\Users\klibais\AppData\Local\Temp\_uninst_.bat ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {AC8D8715-4469-42FC-BB40-DCCBFE059468} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {DA382020-C214-4970-BCAE-D57FA6C12098} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {DA382020-C214-4970-BCAE-D57FA6C12098} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKCU - F2949AEE73C08A25989A805799C22B19 URL = http://isearch.avg.com/search?cid={C88B5BE8-78FE-407B-8FDE-A3C4DE6AA74B}&mid=d60c53265cfc47d1b2abb1a22f82baab-b665f38ef37d525df96a60d08ffae021a26363bd&lang=en&ds=st011&pr=sa&d=2012-03-10 21:16:22&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {DA382020-C214-4970-BCAE-D57FA6C12098} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-12] (EasyBits Software Corp.)
Hosts: 74.208.10.249 gs.apple.com
Tcpip\Parameters: [DhcpNameServer] 89.254.128.17 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\klibais\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF Homepage: hxxp://www.yandex.ru/?win=118&clid=1200402
FF DefaultSearchEngine: ??????
FF SelectedSearchEngine: ??????
FF Keyword.URL: hxxp://yandex.ru/yandsearch?win=118&clid=1200406&text=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\klibais\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\klibais\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\klibais\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-232018.xml
FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\klibais\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack [2013-12-05]
FF Extension: No Name - C:\Users\klibais\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged [2013-04-28]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2011-06-05]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2014-07-14]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google maks) - C:\Users\klibais\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-13]
 
==================== Services (Whitelisted) =================
 
S2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-04-20] (Realtek Semiconductor Corp.) [File not signed]
S2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Atheros Communications, Inc.) [File not signed]
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [1151096 2011-07-23] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-05] (Disc Soft Ltd)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-07-28] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-07-28] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110728.031\IDSvia64.sys [488056 2011-07-07] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110728.024\ENG64.SYS [117880 2011-07-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110728.024\EX64.SYS [2011768 2011-07-03] (Symantec Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-03-10] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-05] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S1 A2DDA; \??\C:\EEK\RUN\a2ddax64.sys [X]
S3 cleanhlp; \??\C:\EEK\Run\cleanhlp64.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-21 20:21 - 2014-07-21 20:22 - 00018120 _____ () C:\Users\klibais\Downloads\FRST.txt
2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\FRST
2014-07-21 20:20 - 2014-07-21 20:21 - 02089984 _____ (Farbar) C:\Users\klibais\Downloads\FRST64.exe
2014-07-15 19:57 - 2014-07-15 19:58 - 00015065 _____ () C:\Users\klibais\Desktop\attach.txt
2014-07-15 19:57 - 2014-07-15 19:57 - 00018691 _____ () C:\Users\klibais\Desktop\dds.txt
2014-07-15 19:55 - 2014-07-15 19:55 - 00688992 ____R (Swearware) C:\Users\klibais\Downloads\dds.com
2014-07-15 07:06 - 2014-07-15 07:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 07:06 - 2014-07-15 07:06 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 07:06 - 2014-07-15 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 07:06 - 2014-07-15 07:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 07:06 - 2014-07-15 07:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-15 07:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 07:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-15 07:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-15 07:05 - 2014-07-15 07:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\klibais\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-15 06:55 - 2014-07-15 06:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-15 06:53 - 2014-07-15 06:54 - 143906824 _____ () C:\Users\klibais\Downloads\setup_11.0.3.7.x01_2014_07_15_05_57.exe
2014-07-14 22:11 - 2014-07-14 22:13 - 00000000 ____D () C:\Users\klibais\AppData\Roaming\Wise Registry Cleaner
2014-07-14 22:11 - 2014-07-14 22:11 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-07-14 22:10 - 2014-07-14 22:10 - 02128128 _____ (WiseCleaner.com ) C:\Users\klibais\Downloads\WRCFree.exe
2014-07-14 08:33 - 2014-07-14 08:33 - 00000546 _____ () C:\Users\klibais\Desktop\Emsisoft Emergency Kit.lnk
2014-07-14 08:27 - 2014-07-14 08:25 - 218418376 _____ () C:\Users\klibais\Desktop\EmsisoftEmergencyKit.exe
2014-07-14 08:21 - 2014-07-14 08:22 - 00031808 _____ () C:\Users\klibais\Desktop\Result.txt
2014-07-14 08:20 - 2014-07-13 21:50 - 00401920 _____ (Farbar) C:\Users\klibais\Desktop\MiniToolBox.exe
2014-07-14 08:10 - 2014-07-14 08:12 - 00000000 ____D () C:\AdwCleaner
2014-07-14 08:09 - 2014-07-14 08:09 - 00005921 _____ () C:\Users\klibais\Desktop\JRT.txt
2014-07-14 07:53 - 2014-07-14 07:53 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 07:46 - 2014-07-14 07:46 - 00113928 _____ () C:\Users\klibais\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-13 22:32 - 2014-07-13 22:32 - 00003224 ____N () C:\bootsqm.dat
2014-07-12 19:56 - 2014-07-12 19:57 - 00011914 _____ () C:\Users\klibais\Downloads\[rutor.org]ESET_NOD32_Antivirus_7.0.302.8_RePack_by_Smokie.torrent
2014-07-12 19:30 - 2014-07-12 19:41 - 00000000 ____D () C:\Program Files\Alwil Software
2014-07-12 19:30 - 2014-07-12 19:30 - 00000000 ____D () C:\ProgramData\Alwil Software
2014-07-11 19:08 - 2014-07-11 19:08 - 00018260 _____ () C:\Users\klibais\Downloads\Avast!.torrent
2014-07-10 22:50 - 2014-07-10 22:51 - 00014565 _____ () C:\Users\klibais\Downloads\K1rp1chn1e.0s0bn1yak1.2014.D.WEB-DLRip.1400Mb.a.torrent
2014-07-09 19:56 - 2014-07-09 19:57 - 00014533 _____ () C:\Users\klibais\Downloads\Prev0sh0dstv0.2014.D.HDRip.1400MB.avi.torrent
2014-07-08 22:14 - 2014-07-08 22:14 - 00014520 _____ () C:\Users\klibais\Downloads\Sabotage.2014.Dt.WEBDLRip.1400Mb.avi.torrent
2014-07-07 16:00 - 2014-07-07 16:00 - 00014492 _____ () C:\Users\klibais\Downloads\Noah.2014.D.HDRip.1400MB.avi.torrent
2014-07-06 21:53 - 2014-07-06 21:53 - 00011535 _____ () C:\Users\klibais\Downloads\%5B5D %%5DNoah.2013.Dt.HDRip.2100MB.avi.torrent
2014-07-02 20:04 - 2014-07-02 20:05 - 00011072 _____ () C:\Users\klibais\Downloads\M1lli0n.Sp0s0b0v.Poter9t.G0lovu.2014.P.WEBRip.2.torrent
2014-07-01 22:47 - 2014-07-01 22:47 - 00000000 ____D () C:\Users\klibais\Desktop\kāzas
2014-07-01 22:36 - 2014-07-01 22:45 - 531569026 _____ () C:\Users\klibais\Downloads\Pilna izmēra.rar
2014-06-29 20:27 - 2014-06-29 20:27 - 00015445 _____ () C:\Users\klibais\Downloads\Povar.na.Kolesah.2014.D.WEBRip.1.46Gb.avi.torrent
2014-06-29 16:41 - 2014-06-29 16:42 - 00015301 _____ () C:\Users\klibais\Downloads\import_1E61kD.torrent
2014-06-28 18:16 - 2014-06-28 18:16 - 00000000 ____D () C:\Users\klibais\AppData\Local\AuxClient
2014-06-28 14:19 - 2014-06-28 14:19 - 00014482 _____ () C:\Users\klibais\Downloads\Animal.2014.L1.WEBDLRip.1400Mb.avi.torrent
2014-06-28 00:58 - 2014-06-28 00:58 - 00012661 _____ () C:\Users\klibais\Downloads\btaw_courtney0.mp4.torrent
2014-06-28 00:57 - 2014-06-28 00:57 - 00010948 _____ () C:\Users\klibais\Downloads\bblib_christy_mack_kl063013_480p_2000.mp4.torrent
2014-06-28 00:55 - 2014-06-28 00:55 - 00011283 _____ () C:\Users\klibais\Downloads\di12212_1500.mp4.torrent
2014-06-27 21:32 - 2014-06-27 21:32 - 00015423 _____ () C:\Users\klibais\Downloads\import_fycCad.torrent
2014-06-27 17:01 - 2014-06-27 17:01 - 00014542 _____ () C:\Users\klibais\Downloads\Superbratja.Mario.1993.XviD.DVDRip.torrent
2014-06-26 18:45 - 2014-06-26 18:45 - 00011379 _____ () C:\Users\klibais\Downloads\Wer.2013.HDRip.avi .torrent
2014-06-26 18:08 - 2014-07-09 23:45 - 00052004 _____ () C:\Users\klibais\Downloads\Līga Stokker datu bāze.xls
2014-06-25 15:29 - 2014-06-25 15:29 - 00014573 _____ () C:\Users\klibais\Downloads\Podar0k.S.Harakterom.2014.O.WEBRip.1400Mb.avi.torrent
2014-06-25 15:26 - 2014-06-25 15:26 - 00014968 _____ () C:\Users\klibais\Downloads\%5B%5D UDDolgoe.Padenie.2014.D.WEB-DLRip.1400Mb.avi.torrent
2014-06-24 21:43 - 2014-06-24 21:43 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-24 21:43 - 2014-06-24 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-24 21:42 - 2014-06-24 21:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-24 21:42 - 2014-06-24 21:43 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-24 21:42 - 2014-06-24 21:42 - 00000000 ____D () C:\Program Files\iPod
2014-06-24 21:26 - 2014-06-24 21:26 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-24 21:26 - 2014-06-24 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-24 21:24 - 2014-06-24 21:27 - 00000000 ____D () C:\Program Files (x86)\QuickTime
 
==================== One Month Modified Files and Folders =======
 
2014-07-21 20:22 - 2014-07-21 20:21 - 00018120 _____ () C:\Users\klibais\Downloads\FRST.txt
2014-07-21 20:21 - 2014-07-21 20:21 - 00000000 ____D () C:\FRST
2014-07-21 20:21 - 2014-07-21 20:20 - 02089984 _____ (Farbar) C:\Users\klibais\Downloads\FRST64.exe
2014-07-19 11:30 - 2010-08-17 11:31 - 02063470 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 11:24 - 2009-07-14 07:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 11:24 - 2009-07-14 07:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 11:16 - 2011-11-30 22:39 - 00000000 ____D () C:\Users\klibais\Tracing
2014-07-19 11:15 - 2014-04-13 16:24 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 11:15 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 11:15 - 2009-07-14 07:51 - 00134528 _____ () C:\Windows\setupact.log
2014-07-19 11:01 - 2014-04-13 16:24 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 11:01 - 2011-06-05 13:35 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3473252756-3935126852-435164757-1001UA.job
2014-07-19 11:00 - 2011-06-05 13:39 - 00000000 ____D () C:\Users\klibais\AppData\Roaming\uTorrent
2014-07-19 10:47 - 2011-06-05 21:22 - 00072732 _____ () C:\Windows\PFRO.log
2014-07-15 19:58 - 2014-07-15 19:57 - 00015065 _____ () C:\Users\klibais\Desktop\attach.txt
2014-07-15 19:57 - 2014-07-15 19:57 - 00018691 _____ () C:\Users\klibais\Desktop\dds.txt
2014-07-15 19:55 - 2014-07-15 19:55 - 00688992 ____R (Swearware) C:\Users\klibais\Downloads\dds.com
2014-07-15 19:54 - 2014-04-14 14:45 - 00000372 _____ () C:\Windows\Tasks\updater.job
2014-07-15 19:20 - 2013-12-05 19:01 - 00000000 ____D () C:\Program Files (x86)\SqueakyChocolate
2014-07-15 07:07 - 2014-07-15 07:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 07:06 - 2014-07-15 07:06 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 07:06 - 2014-07-15 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 07:06 - 2014-07-15 07:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 07:06 - 2014-07-15 07:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-15 07:06 - 2014-07-15 07:05 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\klibais\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-15 06:55 - 2014-07-15 06:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-15 06:54 - 2014-07-15 06:53 - 143906824 _____ () C:\Users\klibais\Downloads\setup_11.0.3.7.x01_2014_07_15_05_57.exe
2014-07-14 22:13 - 2014-07-14 22:11 - 00000000 ____D () C:\Users\klibais\AppData\Roaming\Wise Registry Cleaner
2014-07-14 22:11 - 2014-07-14 22:11 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-07-14 22:11 - 2014-07-14 22:11 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-07-14 22:10 - 2014-07-14 22:10 - 02128128 _____ (WiseCleaner.com ) C:\Users\klibais\Downloads\WRCFree.exe
2014-07-14 10:35 - 2010-07-12 02:44 - 00000000 ____D () C:\ProgramData\Temp
2014-07-14 08:33 - 2014-07-14 08:33 - 00000546 _____ () C:\Users\klibais\Desktop\Emsisoft Emergency Kit.lnk
2014-07-14 08:25 - 2014-07-14 08:27 - 218418376 _____ () C:\Users\klibais\Desktop\EmsisoftEmergencyKit.exe
2014-07-14 08:22 - 2014-07-14 08:21 - 00031808 _____ () C:\Users\klibais\Desktop\Result.txt
2014-07-14 08:12 - 2014-07-14 08:10 - 00000000 ____D () C:\AdwCleaner
2014-07-14 08:09 - 2014-07-14 08:09 - 00005921 _____ () C:\Users\klibais\Desktop\JRT.txt
2014-07-14 07:54 - 2009-07-14 08:13 - 00789264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-14 07:53 - 2014-07-14 07:53 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 07:46 - 2014-07-14 07:46 - 00113928 _____ () C:\Users\klibais\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-13 22:32 - 2014-07-13 22:32 - 00003224 ____N () C:\bootsqm.dat
2014-07-13 21:50 - 2014-07-14 08:20 - 00401920 _____ (Farbar) C:\Users\klibais\Desktop\MiniToolBox.exe
2014-07-13 21:18 - 2011-06-05 13:27 - 00000000 ____D () C:\Users\klibais
2014-07-13 21:16 - 2014-02-05 01:27 - 00000000 ____D () C:\Users\klibais\AppData\Local\Hold'em_Manager
2014-07-13 21:16 - 2014-02-05 01:20 - 00000000 ____D () C:\Users\postgres
2014-07-13 21:16 - 2014-02-04 23:19 - 00000000 ____D () C:\Users\klibais\AppData\Local\Equilab
2014-07-13 21:16 - 2014-02-04 12:29 - 00000000 ____D () C:\Users\klibais\AppData\Local\Downloaded Installations
2014-07-13 21:16 - 2013-03-16 00:11 - 00000000 ____D () C:\Users\klibais\AppData\Local\FlvtoYoutubeDownloader
2014-07-13 21:16 - 2013-03-16 00:09 - 00000000 ____D () C:\Users\klibais\AppData\Local\Flvto Youtube Downloader
2014-07-13 21:16 - 2011-06-05 15:25 - 00000000 ____D () C:\Users\klibais\AppData\Local\PokerStars.EU
2014-07-13 21:16 - 2011-06-05 13:35 - 00000000 ____D () C:\Users\klibais\AppData\Local\Apps\2.0
2014-07-13 21:16 - 2011-06-05 13:31 - 00000000 ____D () C:\Users\klibais\AppData\Local\Hewlett-Packard
2014-07-13 21:16 - 2010-08-17 11:43 - 00000000 ____D () C:\ProgramData\Norton
2014-07-13 21:16 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration
2014-07-13 21:15 - 2013-04-28 22:31 - 00000000 ____D () C:\Users\klibais\AppData\Local\Opera
2014-07-13 21:15 - 2011-06-05 13:35 - 00000000 ____D () C:\Users\klibais\AppData\Local\Google
2014-07-12 19:57 - 2014-07-12 19:56 - 00011914 _____ () C:\Users\klibais\Downloads\[rutor.org]ESET_NOD32_Antivirus_7.0.302.8_RePack_by_Smokie.torrent
2014-07-12 19:41 - 2014-07-12 19:30 - 00000000 ____D () C:\Program Files\Alwil Software
2014-07-12 19:37 - 2011-06-05 21:37 - 00000000 ____D () C:\Users\klibais\AppData\Local\CrashDumps
2014-07-12 19:30 - 2014-07-12 19:30 - 00000000 ____D () C:\ProgramData\Alwil Software
2014-07-12 17:03 - 2014-03-12 17:26 - 00000000 ____D () C:\Users\klibais\Desktop\Monta
2014-07-11 19:08 - 2014-07-11 19:08 - 00018260 _____ () C:\Users\klibais\Downloads\Avast!.torrent
2014-07-11 11:21 - 2011-06-05 13:27 - 00000000 ____D () C:\Users\klibais\AppData\Local\VirtualStore
2014-07-10 22:51 - 2014-07-10 22:50 - 00014565 _____ () C:\Users\klibais\Downloads\K1rp1chn1e.0s0bn1yak1.2014.D.WEB-DLRip.1400Mb.a.torrent
2014-07-09 23:47 - 2014-04-03 19:28 - 00083748 _____ () C:\Users\klibais\Downloads\Valdis Bogdanovs_200 (Līga).xls
2014-07-09 23:47 - 2014-02-20 19:43 - 00029227 _____ () C:\Users\klibais\Downloads\Tele2_agentiem_FEB.ods
2014-07-09 23:47 - 2013-11-05 17:43 - 00027426 _____ () C:\Users\klibais\Downloads\TELE2_agentiem_OKTOBRIS (1).ods
2014-07-09 23:47 - 2013-11-05 17:34 - 00027127 _____ () C:\Users\klibais\Downloads\Tele2_statistika_agentiem_NOV (1).ods
2014-07-09 23:47 - 2013-11-05 17:31 - 00027127 _____ () C:\Users\klibais\Downloads\Tele2_statistika_agentiem_NOV.ods
2014-07-09 23:47 - 2013-09-25 14:59 - 00010647 _____ () C:\Users\klibais\Downloads\Slodze_oktobris (1).xlsx
2014-07-09 23:47 - 2013-09-25 14:58 - 00010652 _____ () C:\Users\klibais\Downloads\Slodze_oktobris.xlsx
2014-07-09 23:47 - 2013-06-20 12:41 - 00207652 _____ () C:\Users\klibais\Downloads\Tele2_atzvani_20jun.xls
2014-07-09 23:47 - 2013-05-28 15:51 - 00031524 _____ () C:\Users\klibais\Downloads\Rek.- Faktūra DARLY- 185 -  Līga Ragauša.xls
2014-07-09 23:47 - 2013-03-17 22:38 - 00838948 _____ () C:\Users\klibais\Downloads\zivsaimnieciba-projektu-pieteikumu-sagatavosana.xls
2014-07-09 23:46 - 2014-02-17 21:05 - 48007752 _____ () C:\Users\klibais\Downloads\Pildes.zip
2014-07-09 23:45 - 2014-06-26 18:08 - 00052004 _____ () C:\Users\klibais\Downloads\Līga Stokker datu bāze.xls
2014-07-09 23:45 - 2014-03-12 17:24 - 96507898 _____ () C:\Users\klibais\Downloads\Monta.rar
2014-07-09 23:45 - 2013-08-26 18:10 - 00359204 _____ () C:\Users\klibais\Downloads\EDS_paraksta_iegusana.ppt
2014-07-09 23:45 - 2013-06-20 19:06 - 00011430 _____ () C:\Users\klibais\Downloads\Mans_merkis.xlsx
2014-07-09 23:45 - 2013-06-09 17:22 - 00017368 _____ () C:\Users\klibais\Downloads\Liga, marta statistika.ods
2014-07-09 23:44 - 2013-07-24 15:40 - 41307930 _____ () C:\Users\klibais\Downloads\attachment.zip
2014-07-09 23:44 - 2013-06-09 17:23 - 00018141 _____ () C:\Users\klibais\Downloads\Copy of TELE2_stat_APRILIS_agentiem.ods
2014-07-09 23:43 - 2013-07-24 15:41 - 42396360 _____ () C:\Users\klibais\Downloads\attachment (2).zip
2014-07-09 23:42 - 2013-07-24 15:41 - 41381126 _____ () C:\Users\klibais\Downloads\attachment (1).zip
2014-07-09 19:57 - 2014-07-09 19:56 - 00014533 _____ () C:\Users\klibais\Downloads\Prev0sh0dstv0.2014.D.HDRip.1400MB.avi.torrent
2014-07-09 16:42 - 2011-06-05 13:35 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3473252756-3935126852-435164757-1001Core.job
2014-07-08 22:14 - 2014-07-08 22:14 - 00014520 _____ () C:\Users\klibais\Downloads\Sabotage.2014.Dt.WEBDLRip.1400Mb.avi.torrent
2014-07-07 16:00 - 2014-07-07 16:00 - 00014492 _____ () C:\Users\klibais\Downloads\Noah.2014.D.HDRip.1400MB.avi.torrent
2014-07-06 21:53 - 2014-07-06 21:53 - 00011535 _____ () C:\Users\klibais\Downloads\%5B5D %%5DNoah.2013.Dt.HDRip.2100MB.avi.torrent
2014-07-02 20:05 - 2014-07-02 20:04 - 00011072 _____ () C:\Users\klibais\Downloads\M1lli0n.Sp0s0b0v.Poter9t.G0lovu.2014.P.WEBRip.2.torrent
2014-07-01 22:47 - 2014-07-01 22:47 - 00000000 ____D () C:\Users\klibais\Desktop\kāzas
2014-07-01 22:45 - 2014-07-01 22:36 - 531569026 _____ () C:\Users\klibais\Downloads\Pilna izmēra.rar
2014-06-29 20:27 - 2014-06-29 20:27 - 00015445 _____ () C:\Users\klibais\Downloads\Povar.na.Kolesah.2014.D.WEBRip.1.46Gb.avi.torrent
2014-06-29 16:42 - 2014-06-29 16:41 - 00015301 _____ () C:\Users\klibais\Downloads\import_1E61kD.torrent
2014-06-28 20:14 - 2011-06-05 15:25 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-06-28 18:18 - 2014-01-24 21:12 - 00000000 ____D () C:\Users\klibais\AppData\Local\FullTiltPoker.eu
2014-06-28 18:18 - 2014-01-24 21:11 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker.Eu
2014-06-28 18:16 - 2014-06-28 18:16 - 00000000 ____D () C:\Users\klibais\AppData\Local\AuxClient
2014-06-28 14:19 - 2014-06-28 14:19 - 00014482 _____ () C:\Users\klibais\Downloads\Animal.2014.L1.WEBDLRip.1400Mb.avi.torrent
2014-06-28 00:58 - 2014-06-28 00:58 - 00012661 _____ () C:\Users\klibais\Downloads\btaw_courtney0.mp4.torrent
2014-06-28 00:57 - 2014-06-28 00:57 - 00010948 _____ () C:\Users\klibais\Downloads\bblib_christy_mack_kl063013_480p_2000.mp4.torrent
2014-06-28 00:55 - 2014-06-28 00:55 - 00011283 _____ () C:\Users\klibais\Downloads\di12212_1500.mp4.torrent
2014-06-27 21:32 - 2014-06-27 21:32 - 00015423 _____ () C:\Users\klibais\Downloads\import_fycCad.torrent
2014-06-27 18:11 - 2014-06-19 18:12 - 00000000 ____D () C:\Users\klibais\AppData\Local\Titan Poker
2014-06-27 17:01 - 2014-06-27 17:01 - 00014542 _____ () C:\Users\klibais\Downloads\Superbratja.Mario.1993.XviD.DVDRip.torrent
2014-06-26 18:45 - 2014-06-26 18:45 - 00011379 _____ () C:\Users\klibais\Downloads\Wer.2013.HDRip.avi .torrent
2014-06-25 15:29 - 2014-06-25 15:29 - 00014573 _____ () C:\Users\klibais\Downloads\Podar0k.S.Harakterom.2014.O.WEBRip.1400Mb.avi.torrent
2014-06-25 15:26 - 2014-06-25 15:26 - 00014968 _____ () C:\Users\klibais\Downloads\%5B%5D UDDolgoe.Padenie.2014.D.WEB-DLRip.1400Mb.avi.torrent
2014-06-24 21:43 - 2014-06-24 21:43 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-24 21:43 - 2014-06-24 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-24 21:43 - 2014-06-24 21:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-24 21:43 - 2014-06-24 21:42 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-24 21:42 - 2014-06-24 21:42 - 00000000 ____D () C:\Program Files\iPod
2014-06-24 21:33 - 2011-08-21 21:37 - 00000000 ____D () C:\ProgramData\Apple
2014-06-24 21:27 - 2014-06-24 21:24 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-24 21:26 - 2014-06-24 21:26 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-24 21:26 - 2014-06-24 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
 
Files to move or delete:
====================
C:\Users\klibais\Local Settings\Application Data\zlrjljdk.exe
 
 
Some content of TEMP:
====================
C:\Users\klibais\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-01-26 22:28
 
==================== End Of Log ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by klibais at 2014-07-21 20:23:28
Running from C:\Users\klibais\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
 Leawo Video Converter version  5.2.0.1 (HKLM-x32\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version:  - )
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Betfred Poker (HKCU\...\Betfred Poker) (Version:  - )
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.00.0000 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flvto Youtube Downloader (HKLM-x32\...\Flvto Youtube Downloader) (Version: 0.5.0 - Hotger)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.55.4.WIN.FullTilt.COM - )
Full Tilt Poker.Eu (HKLM-x32\...\{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}) (Version: 5.4.15.WIN.FullTilt.EU - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.141 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company) Hidden
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.370 - Oracle)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.1.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Latvian (Apostrofs v0.3; komats) (HKLM\...\{4876620D-206A-49CD-932B-9BFBED83D55D}) (Version: 1.0.3.40 - laacz unltd)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.0 - Power Software Ltd)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6122 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Stronghold Crusader HD (HKLM-x32\...\Stronghold Crusader HD_is1) (Version: 1.0 - compiled by testncrash)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
Titan Poker (HKCU\...\Titan Poker) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B5B7C5DB-74C3-43E0-8413-0C6C1CA4DED0}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VideoLAN VLC media player 0.8.6d (HKLM-x32\...\VLC media player) (Version: 0.8.6d - VideoLAN Team)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wise Registry Cleaner 8.22 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.22 - WiseCleaner.com, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
11-07-2014 06:59:27 Windows Update
11-07-2014 15:11:29 Windows Update
12-07-2014 13:42:42 Windows Update
12-07-2014 15:46:05 Windows Update
12-07-2014 16:25:06 avast! Pro Antivirus Setup
12-07-2014 17:01:29 Установлен ESET NOD32 Antivirus
13-07-2014 07:43:33 Windows Update
13-07-2014 12:46:59 Windows Update
13-07-2014 15:43:36 Установлен ESET NOD32 Antivirus
13-07-2014 15:52:29 Windows Update
14-07-2014 19:23:58 Windows Update
15-07-2014 16:34:32 Windows Update
19-07-2014 07:55:24 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 05:34 - 2012-02-06 00:01 - 00000877 ____A C:\Windows\system32\Drivers\etc\hosts
74.208.10.249 gs.apple.com
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2052C194-52C5-4D4B-8E5F-D66C896FA1AB} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {35C78CBE-C967-4EAE-AEBF-E344A02B55FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {5B3D0A3F-4459-4DC8-B232-CCE992634EB6} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {7727C2A6-CD7A-4533-AE89-651493667F1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3473252756-3935126852-435164757-1001UA => C:\Users\klibais\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.)
Task: {797B7B67-2828-448D-BB12-275639C323F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {8323C7A3-F443-4AD9-9CF4-8F161D58C673} - System32\Tasks\updater => Rundll32.exe "C:\Users\klibais\AppData\Roaming\Updater\updater_task.dll",schedule_task
Task: {BB0C6BB9-0601-497D-99CB-5121E68336A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3473252756-3935126852-435164757-1001Core => C:\Users\klibais\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-05] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3473252756-3935126852-435164757-1001Core.job => C:\Users\klibais\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3473252756-3935126852-435164757-1001UA.job => C:\Users\klibais\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForklibais.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\updater.job => C:\Users\klibais\AppData\Roaming\Updater\updater_task.dll
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-05 14:01 - 2011-03-02 14:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-06-13 18:24 - 2014-06-05 16:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 18:24 - 2014-06-05 16:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 18:24 - 2014-06-05 16:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-13 18:24 - 2014-06-05 16:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/19/2014 10:50:58 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: Timed out waiting for server startup
 
Error: (07/19/2014 10:47:54 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: postgres cannot access the server configuration file "c:/postgreSQL/data/postgresql.conf": No such file or directory
 
Error: (07/15/2014 07:30:45 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: Timed out waiting for server startup
 
Error: (07/15/2014 07:27:42 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: postgres cannot access the server configuration file "c:/postgreSQL/data/postgresql.conf": No such file or directory
 
Error: (07/15/2014 07:22:57 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: postgres cannot access the server configuration file "c:/postgreSQL/data/postgresql.conf": No such file or directory
 
Error: (07/14/2014 10:19:56 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: Timed out waiting for server startup
 
Error: (07/14/2014 10:16:52 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: postgres cannot access the server configuration file "c:/postgreSQL/data/postgresql.conf": No such file or directory
 
Error: (07/14/2014 09:54:59 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: Timed out waiting for server startup
 
Error: (07/14/2014 09:51:56 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: postgres cannot access the server configuration file "c:/postgreSQL/data/postgresql.conf": No such file or directory
 
Error: (07/14/2014 08:20:08 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: Timed out waiting for server startup
 
 
System errors:
=============
Error: (07/21/2014 08:18:43 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/21/2014 08:18:42 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (07/21/2014 08:18:31 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/21/2014 08:18:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
BHDrvx64
discache
eeCtrl
IDSVia64
SCDEmu
spldr
sptd
SRTSPX
SymIRON
SymNetS
Wanarpv6
 
Error: (07/21/2014 08:18:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/21/2014 08:18:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
%%1068
 
Error: (07/21/2014 08:17:57 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
Error: (07/19/2014 11:16:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sptd
 
Error: (07/19/2014 11:15:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The postgresql-8.4 - PostgreSQL Server 8.4 service failed to start due to the following error: 
%%2
 
Error: (07/19/2014 11:14:45 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 3002.92 MB
Available physical RAM: 2188.02 MB
Total Pagefile: 6004.03 MB
Available Pagefile: 5186.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:282.5 GB) (Free:127.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.29 GB) (Free:2.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 80F49AF4)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================

Edited by Wunderkid, 21 July 2014 - 01:11 PM.


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:14 PM

Posted 21 July 2014 - 01:28 PM

2014-07-12 19:56 - 2014-07-12 19:57 - 00011914 _____ () C:\Users\klibais\Downloads\[rutor.org]ESET_NOD32_Antivirus_7.0.302.8_RePack_by_Smokie.torrent

What's this?

First,
  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Next,
Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Attached Files


Edited by Machiavelli, 21 July 2014 - 01:28 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Wunderkid

Wunderkid
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 21 July 2014 - 02:42 PM

Thank you for fast reply!
 
FIXLOG.txt
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by klibais at 2014-07-21 22:30:19 Run:1
Running from C:\Users\klibais\Desktop\bleeping\frst
Boot Mode: Safe Mode (with Networking)
==============================================
 
Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\Run: [] => C:\Users\klibais\Local Settings\Application Data\zlrjljdk.exe  
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: H - H:\autoplay.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: {33b11930-b80c-11e1-819d-60eb69665358} - G:\AutoRun.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: {5a59499c-ffd6-11e0-b860-60eb69665358} - G:\AutoRun.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: {5a5949ab-ffd6-11e0-b860-60eb69665358} - F:\AutoRun.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: {5a594a1e-ffd6-11e0-b860-60eb69665358} - F:\AutoRun.exe
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\...\MountPoints2: {722f7294-5c52-11e3-87be-60eb69665358} - H:\autoplay.exe
Startup: C:\Users\klibais\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
ShortcutTarget: _uninst_.lnk -> C:\Users\klibais\AppData\Local\Temp\_uninst_.bat ()
SearchScopes: HKLM - {DA382020-C214-4970-BCAE-D57FA6C12098} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {DA382020-C214-4970-BCAE-D57FA6C12098} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKCU - F2949AEE73C08A25989A805799C22B19 URL = http://isearch.avg.com/search?cid={C88B5BE8-78FE-407B-8FDE-A3C4DE6AA74B}&mid=d60c53265cfc47d1b2abb1a22f82baab-b665f38ef37d525df96a60d08ffae021a26363bd&lang=en&ds=st011&pr=sa&d=2012-03-10 21:16:22&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {DA382020-C214-4970-BCAE-D57FA6C12098} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} ->  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Homepage: hxxp://www.yandex.ru/?win=118&clid=1200402
FF DefaultSearchEngine: ??????
FF SelectedSearchEngine: ??????
FF Keyword.URL: hxxp://yandex.ru/yandsearch?win=118&clid=1200406&text=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
C:\Users\klibais\Local Settings\Application Data\zlrjljdk.exe
C:\Users\klibais\AppData\Local\Temp\Quarantine.exe
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully.
HKU\S-1-5-21-3473252756-3935126852-435164757-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
'HKU\S-1-5-21-3473252756-3935126852-435164757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3473252756-3935126852-435164757-1001'=> Key not found.
'HKU\S-1-5-21-3473252756-3935126852-435164757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3473252756-3935126852-435164757-1001'=> Key not found.
'HKU\S-1-5-21-3473252756-3935126852-435164757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33b11930-b80c-11e1-819d-60eb69665358}' => Key deleted successfully.
'HKCR\CLSID\{33b11930-b80c-11e1-819d-60eb69665358}'=> Key not found.
'HKU\S-1-5-21-3473252756-3935126852-435164757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a59499c-ffd6-11e0-b860-60eb69665358}' => Key deleted successfully.
'HKCR\CLSID\{5a59499c-ffd6-11e0-b860-60eb69665358}'=> Key not found.
'HKU\S-1-5-21-3473252756-3935126852-435164757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a5949ab-ffd6-11e0-b860-60eb69665358}' => Key deleted successfully.
'HKCR\CLSID\{5a5949ab-ffd6-11e0-b860-60eb69665358}'=> Key not found.
'HKU\S-1-5-21-3473252756-3935126852-435164757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a594a1e-ffd6-11e0-b860-60eb69665358}' => Key deleted successfully.
'HKCR\CLSID\{5a594a1e-ffd6-11e0-b860-60eb69665358}'=> Key not found.
'HKU\S-1-5-21-3473252756-3935126852-435164757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{722f7294-5c52-11e3-87be-60eb69665358}' => Key deleted successfully.
'HKCR\CLSID\{722f7294-5c52-11e3-87be-60eb69665358}'=> Key not found.
C:\Users\klibais\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk => Moved successfully.
C:\Users\klibais\AppData\Local\Temp\_uninst_.bat => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA382020-C214-4970-BCAE-D57FA6C12098}' => Key deleted successfully.
'HKCR\CLSID\{DA382020-C214-4970-BCAE-D57FA6C12098}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DA382020-C214-4970-BCAE-D57FA6C12098}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{DA382020-C214-4970-BCAE-D57FA6C12098}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\F2949AEE73C08A25989A805799C22B19' => Key deleted successfully.
'HKCR\CLSID\F2949AEE73C08A25989A805799C22B19'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\yandex.ru-232017' => Key deleted successfully.
'HKCR\CLSID\yandex.ru-232017'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA382020-C214-4970-BCAE-D57FA6C12098}' => Key deleted successfully.
'HKCR\CLSID\{DA382020-C214-4970-BCAE-D57FA6C12098}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
Firefox homepage deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
'HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File'=> Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File'=> Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
"C:\Users\klibais\Local Settings\Application Data\zlrjljdk.exe" => File/Directory not found.
C:\Users\klibais\AppData\Local\Temp\Quarantine.exe => Moved successfully.
 
==== End of Fixlog ====
 
CKfiles.txt
 
CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\holdem manager 2\keygenerateclasslibrary.dll
c:\program files (x86)\stronghold crusader extreme hd\gm\cracks.gm1
scanner sequence 3.LB.11.DWNASZ
 ----- EOF ----- 


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:14 PM

Posted 21 July 2014 - 02:45 PM

c:\program files (x86)\holdem manager 2\keygenerateclasslibrary.dll
c:\program files (x86)\stronghold crusader extreme hd\gm\cracks.gm1

What's this?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Wunderkid

Wunderkid
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 21 July 2014 - 02:47 PM

These are game cracks.
Delete them?

Thank you!



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:14 PM

Posted 21 July 2014 - 02:51 PM

Thanks for your honesty. Yes, please delete them. After that make a new CKScanner Scan.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 Wunderkid

Wunderkid
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 21 July 2014 - 03:02 PM

CKScanner 2.4 - Addition security risks - these are not necessarily bad

Scanner sequence 3.RP.11.CDNARZ

 ----- EOF -----



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:14 PM

Posted 21 July 2014 - 03:04 PM

Good! Is there ransomware now gone?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 Wunderkid

Wunderkid
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 21 July 2014 - 03:09 PM

Nope :( Still can't view my pictures...



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:14 PM

Posted 21 July 2014 - 03:12 PM

It may be that the ransom encrypted your pictures. But. is the main infection gone - do you still see the Ransom?
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users