Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[explorer.exe] Unsupported 16 bit application malware


  • This topic is locked This topic is locked
5 replies to this topic

#1 xramber

xramber

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 11 September 2014 - 06:11 PM

Hello guys,

 

Recently, i've been having a box pop up on startup :

 

The program or feature "\??\C:\windows\explorer.exe" cannot start or run due to incompatibility with 64-bit versions of windows. please contact the software vendor to ask if a 64-bit Windows compatible version is avalable.

Find attached my "attach.txt" and "dds.txt" files.

 

Can anyone help me to solve this issue?

 

 

PS: I also tried to follow the steps mentionned in this topic (http://www.bleepingcomputer.com/forums/t/546880/unsupported-16-bit-aplication-malware-please-help/)

but it doesn't fix my issue.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Angela (administrator) on NERV on 12-09-2014 00:35:42
Running from G:\Téléchargements
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-11] (AVAST Software)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM\...\Winlogon: [Shell] explorer.exe [2872320 2010-11-21] ()
HKU\S-1-5-21-3331616377-1136805101-3296646260-1000\...\Run: [SuperCopier2.exe] => C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392 2009-08-16] (SFX TEAM)
HKU\S-1-5-21-3331616377-1136805101-3296646260-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [2177 2014-09-12] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2

FireFox:
========
FF ProfilePath: C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\mxekfunw.default
FF Homepage: google.fr
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Real-Debrid - Plugin - C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\mxekfunw.default\Extensions\real@debrid [2014-08-10]
FF Extension: Rikaichan Japanese-English Dictionary File - C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\mxekfunw.default\Extensions\rikaichan-jpen@polarcloud.com [2014-09-09]
FF Extension: Rikaichan Japanese-French Dictionary File - C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\mxekfunw.default\Extensions\rikaichan-jpfr@polarcloud.com [2014-09-09]
FF Extension: Rikaichan - C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\mxekfunw.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2014-09-09]
FF Extension: MEGA - C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\mxekfunw.default\Extensions\firefox@mega.co.nz.xpi [2014-08-12]
FF Extension: Adblock Plus - C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\mxekfunw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-11]
FF Extension: No Name - C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\mxekfunw.default\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}.xpi [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-11] (AVAST Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-11] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-05-13] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 00:35 - 2014-09-12 00:35 - 00000000 ____D () C:\FRST
2014-09-12 00:31 - 2014-09-12 00:31 - 00057634 _____ () C:\Users\Angela\bookmarks-2014-09-12.json
2014-09-12 00:27 - 2014-09-12 00:33 - 00000000 ____D () C:\AdwCleaner
2014-09-12 00:24 - 2014-09-12 00:34 - 00000448 _____ () C:\Windows\setupact.log
2014-09-11 23:59 - 2014-09-11 23:59 - 00072795 _____ () C:\ComboFix.txt
2014-09-11 23:55 - 2014-09-12 00:34 - 00001850 _____ () C:\Windows\PFRO.log
2014-09-11 23:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-11 23:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-11 23:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-11 23:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-11 23:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-11 23:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-11 23:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-11 23:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-11 23:11 - 2014-09-12 00:00 - 00000000 ____D () C:\Qoobox
2014-09-11 23:11 - 2014-09-11 23:34 - 00000000 ____D () C:\Windows\erdnt
2014-09-09 13:37 - 2014-09-09 15:43 - 00000069 _____ () C:\Users\Angela\Desktop\411.txt
2014-09-07 17:59 - 2014-09-07 17:59 - 00000000 ____D () C:\Users\J-M\AppData\Local\Adobe
2014-09-05 15:16 - 2014-09-05 15:16 - 00003637 _____ () C:\Users\Angela\AppData\Local\recently-used.xbel
2014-09-05 15:16 - 2014-09-05 15:16 - 00000000 ____D () C:\Users\Angela\AppData\Local\gtk-2.0
2014-09-03 12:54 - 2014-09-03 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-31 02:09 - 2014-08-31 02:09 - 00000000 ____D () C:\Users\Angela\Documents\Adobe
2014-08-30 18:02 - 2014-09-11 17:22 - 00000132 _____ () C:\Users\Angela\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-08-28 00:55 - 2014-06-16 08:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-08-28 00:55 - 2014-06-16 08:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-08-28 00:46 - 2014-08-28 00:46 - 00002006 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-08-28 00:45 - 2014-08-28 00:45 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-08-27 00:20 - 2014-08-27 00:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-08-27 00:20 - 2014-08-27 00:20 - 00000000 ____D () C:\Users\J-M\Documents\CyberLink
2014-08-27 00:18 - 2013-06-21 02:07 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-08-27 00:18 - 2013-06-21 02:07 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-08-27 00:17 - 2014-08-27 00:17 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-08-27 00:17 - 2014-08-27 00:17 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-08-27 00:17 - 2014-08-27 00:17 - 00000000 ____D () C:\Users\J-M\Documents\samsung
2014-08-27 00:17 - 2014-08-27 00:17 - 00000000 ____D () C:\Users\J-M\AppData\Roaming\Samsung
2014-08-27 00:17 - 2014-08-27 00:17 - 00000000 ____D () C:\Users\J-M\AppData\Local\Samsung
2014-08-27 00:09 - 2014-08-27 00:18 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-27 00:09 - 2014-08-27 00:12 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-27 00:09 - 2014-08-27 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-27 00:09 - 2013-07-18 14:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-08-27 00:09 - 2013-07-18 14:32 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2014-08-27 00:06 - 2014-08-27 00:07 - 00000000 ____D () C:\Users\J-M\AppData\OICE_15_974FA576_32C1D314_2B34
2014-08-27 00:06 - 2014-08-27 00:06 - 00000000 ____D () C:\Users\J-M\AppData\Local\Downloaded Installations
2014-08-25 17:04 - 2014-08-25 17:04 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-08-25 16:54 - 2014-08-25 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-25 16:54 - 2014-08-25 16:54 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-25 16:54 - 2014-08-25 16:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-08-25 16:54 - 2014-08-25 16:54 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-25 16:54 - 2014-08-25 16:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-08-25 16:53 - 2014-08-25 16:54 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-25 16:53 - 2014-08-25 16:53 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-08-25 16:53 - 2014-08-25 16:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-25 16:53 - 2014-08-25 16:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-08-25 16:52 - 2014-08-25 16:52 - 00003284 _____ () C:\Windows\System32\Tasks\{2267200B-A941-443C-82C7-7BE1ABE89245}
2014-08-25 16:52 - 2014-08-25 16:52 - 00000000 ___RD () C:\MSOCache
2014-08-20 21:13 - 2014-09-10 23:06 - 00000000 ____D () C:\Users\Angela\AppData\Roaming\Skype
2014-08-20 21:13 - 2014-08-20 21:13 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\Angela\AppData\Local\Skype
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-20 21:12 - 2014-08-20 21:13 - 00000000 ____D () C:\ProgramData\Skype
2014-08-20 16:49 - 2014-08-20 16:49 - 00000000 ____D () C:\Users\Angela\AppData\Local\twitter
2014-08-19 14:16 - 2014-08-31 02:08 - 00000000 ____D () C:\Users\Angela\AppData\Local\Adobe
2014-08-18 17:37 - 2014-08-18 20:38 - 00000892 _____ () C:\Users\Angela\Desktop\mail.txt
2014-08-18 13:43 - 2014-08-18 13:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-18 13:42 - 2014-08-19 14:55 - 00000000 ____D () C:\Users\Angela\AppData\Roaming\dvdcss
2014-08-18 13:36 - 2014-08-18 13:36 - 00000000 ____D () C:\Users\Angela\AppData\Local\Madcatz
2014-08-18 13:34 - 2014-08-18 13:44 - 00000000 ____D () C:\Program Files\SmartTechnology
2014-08-18 13:34 - 2014-08-18 13:34 - 00000000 ____D () C:\Users\Angela\AppData\Local\SmartTechnology
2014-08-14 23:14 - 2014-08-14 23:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-14 22:51 - 2014-09-07 17:57 - 00000000 ____D () C:\Users\J-M\AppData\Roaming\vlc
2014-08-13 17:21 - 2014-08-13 17:21 - 00000000 ____D () C:\Users\J-M\AppData\Roaming\CyberLink
2014-08-13 13:12 - 2014-08-13 13:12 - 00000000 ____D () C:\Users\Angela\.thumbnails
2014-08-13 13:10 - 2014-09-05 16:31 - 00000000 ____D () C:\Users\Angela\.gimp-2.8
2014-08-13 13:10 - 2014-08-13 13:10 - 00000000 ____D () C:\Users\Angela\AppData\Local\gegl-0.2
2014-08-13 11:01 - 2014-08-13 11:01 - 00000000 ____D () C:\Users\J-M\AppData\Local\twitter

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 00:35 - 2014-09-12 00:35 - 00000000 ____D () C:\FRST
2014-09-12 00:34 - 2014-09-12 00:24 - 00000448 _____ () C:\Windows\setupact.log
2014-09-12 00:34 - 2014-09-11 23:55 - 00001850 _____ () C:\Windows\PFRO.log
2014-09-12 00:34 - 2014-08-12 18:47 - 00002898 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-09-12 00:34 - 2014-08-12 18:47 - 00000268 _____ () C:\Windows\Tasks\AutoKMS.job
2014-09-12 00:34 - 2014-08-11 16:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-12 00:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 00:34 - 2009-07-14 06:45 - 00036336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 00:34 - 2009-07-14 06:45 - 00036336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 00:33 - 2014-09-12 00:27 - 00000000 ____D () C:\AdwCleaner
2014-09-12 00:31 - 2014-09-12 00:31 - 00057634 _____ () C:\Users\Angela\bookmarks-2014-09-12.json
2014-09-12 00:31 - 2014-08-12 02:05 - 00744714 _____ () C:\Windows\system32\perfh00C.dat
2014-09-12 00:31 - 2014-08-12 02:05 - 00148232 _____ () C:\Windows\system32\perfc00C.dat
2014-09-12 00:31 - 2014-08-11 16:15 - 00000000 ____D () C:\Users\Angela
2014-09-12 00:31 - 2009-07-14 07:13 - 01660386 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 00:00 - 2014-09-11 23:11 - 00000000 ____D () C:\Qoobox
2014-09-11 23:59 - 2014-09-11 23:59 - 00072795 _____ () C:\ComboFix.txt
2014-09-11 23:58 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-11 23:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-11 23:34 - 2014-09-11 23:11 - 00000000 ____D () C:\Windows\erdnt
2014-09-11 19:15 - 2014-08-11 18:22 - 00000000 ____D () C:\Users\Angela\AppData\Roaming\vlc
2014-09-11 17:22 - 2014-08-30 18:02 - 00000132 _____ () C:\Users\Angela\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-09-10 23:06 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\Angela\AppData\Roaming\Skype
2014-09-09 15:43 - 2014-09-09 13:37 - 00000069 _____ () C:\Users\Angela\Desktop\411.txt
2014-09-08 22:40 - 2014-08-11 17:41 - 00000000 ____D () C:\Users\Angela\AppData\Roaming\uTorrent
2014-09-07 20:08 - 2014-08-11 17:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-07 17:59 - 2014-09-07 17:59 - 00000000 ____D () C:\Users\J-M\AppData\Local\Adobe
2014-09-07 17:59 - 2014-08-11 19:56 - 00000000 ____D () C:\Users\J-M\AppData\Roaming\Adobe
2014-09-07 17:57 - 2014-08-14 22:51 - 00000000 ____D () C:\Users\J-M\AppData\Roaming\vlc
2014-09-06 20:47 - 2014-08-11 17:22 - 00000000 ____D () C:\Users\Angela\AppData\Roaming\Adobe
2014-09-05 16:31 - 2014-08-13 13:10 - 00000000 ____D () C:\Users\Angela\.gimp-2.8
2014-09-05 15:16 - 2014-09-05 15:16 - 00003637 _____ () C:\Users\Angela\AppData\Local\recently-used.xbel
2014-09-05 15:16 - 2014-09-05 15:16 - 00000000 ____D () C:\Users\Angela\AppData\Local\gtk-2.0
2014-09-04 09:45 - 2014-08-11 17:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 12:54 - 2014-09-03 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-03 11:40 - 2009-07-14 06:45 - 00467056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 22:53 - 2014-08-11 18:41 - 00118304 _____ () C:\Users\J-M\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-02 19:56 - 2014-08-11 16:59 - 00118304 _____ () C:\Users\Angela\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-31 02:09 - 2014-08-31 02:09 - 00000000 ____D () C:\Users\Angela\Documents\Adobe
2014-08-31 02:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-31 02:08 - 2014-08-19 14:16 - 00000000 ____D () C:\Users\Angela\AppData\Local\Adobe
2014-08-28 00:58 - 2014-08-11 16:16 - 00028058 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 00:46 - 2014-08-28 00:46 - 00002006 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-08-28 00:45 - 2014-08-28 00:45 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-08-27 00:20 - 2014-08-27 00:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-08-27 00:20 - 2014-08-27 00:20 - 00000000 ____D () C:\Users\J-M\Documents\CyberLink
2014-08-27 00:18 - 2014-08-27 00:09 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-27 00:17 - 2014-08-27 00:17 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-08-27 00:17 - 2014-08-27 00:17 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-08-27 00:17 - 2014-08-27 00:17 - 00000000 ____D () C:\Users\J-M\Documents\samsung
2014-08-27 00:17 - 2014-08-27 00:17 - 00000000 ____D () C:\Users\J-M\AppData\Roaming\Samsung
2014-08-27 00:17 - 2014-08-27 00:17 - 00000000 ____D () C:\Users\J-M\AppData\Local\Samsung
2014-08-27 00:12 - 2014-08-27 00:09 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-27 00:09 - 2014-08-27 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-08-27 00:09 - 2014-08-11 16:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-27 00:08 - 2014-08-11 16:53 - 01638172 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-27 00:07 - 2014-08-27 00:06 - 00000000 ____D () C:\Users\J-M\AppData\OICE_15_974FA576_32C1D314_2B34
2014-08-27 00:06 - 2014-08-27 00:06 - 00000000 ____D () C:\Users\J-M\AppData\Local\Downloaded Installations
2014-08-25 17:04 - 2014-08-25 17:04 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-08-25 16:59 - 2014-08-25 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-25 16:59 - 2014-08-11 17:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-25 16:57 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-08-25 16:54 - 2014-08-25 16:54 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-25 16:54 - 2014-08-25 16:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-08-25 16:54 - 2014-08-25 16:54 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-08-25 16:54 - 2014-08-25 16:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-08-25 16:54 - 2014-08-25 16:53 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-25 16:54 - 2010-11-21 09:17 - 00000000 ____D () C:\Windows\ShellNew
2014-08-25 16:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-25 16:53 - 2014-08-25 16:53 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-08-25 16:53 - 2014-08-25 16:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-25 16:53 - 2014-08-25 16:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-08-25 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-08-25 16:52 - 2014-08-25 16:52 - 00003284 _____ () C:\Windows\System32\Tasks\{2267200B-A941-443C-82C7-7BE1ABE89245}
2014-08-25 16:52 - 2014-08-25 16:52 - 00000000 ___RD () C:\MSOCache
2014-08-22 14:01 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-08-20 21:13 - 2014-08-20 21:13 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\Angela\AppData\Local\Skype
2014-08-20 21:13 - 2014-08-20 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-20 21:13 - 2014-08-20 21:12 - 00000000 ____D () C:\ProgramData\Skype
2014-08-20 16:49 - 2014-08-20 16:49 - 00000000 ____D () C:\Users\Angela\AppData\Local\twitter
2014-08-19 23:15 - 2014-08-11 18:13 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-19 23:15 - 2014-08-11 18:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-19 14:55 - 2014-08-18 13:42 - 00000000 ____D () C:\Users\Angela\AppData\Roaming\dvdcss
2014-08-18 20:38 - 2014-08-18 17:37 - 00000892 _____ () C:\Users\Angela\Desktop\mail.txt
2014-08-18 13:44 - 2014-08-18 13:34 - 00000000 ____D () C:\Program Files\SmartTechnology
2014-08-18 13:43 - 2014-08-18 13:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-18 13:36 - 2014-08-18 13:36 - 00000000 ____D () C:\Users\Angela\AppData\Local\Madcatz
2014-08-18 13:34 - 2014-08-18 13:34 - 00000000 ____D () C:\Users\Angela\AppData\Local\SmartTechnology
2014-08-16 18:50 - 2014-08-11 18:43 - 00000000 ____D () C:\Users\J-M\Documents\My Games
2014-08-14 23:14 - 2014-08-14 23:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-13 17:21 - 2014-08-13 17:21 - 00000000 ____D () C:\Users\J-M\AppData\Roaming\CyberLink
2014-08-13 17:20 - 2014-08-12 22:25 - 00000655 _____ () C:\Users\J-M\Desktop\lol.launcher - Raccourci.lnk
2014-08-13 13:12 - 2014-08-13 13:12 - 00000000 ____D () C:\Users\Angela\.thumbnails
2014-08-13 13:10 - 2014-08-13 13:10 - 00000000 ____D () C:\Users\Angela\AppData\Local\gegl-0.2
2014-08-13 11:01 - 2014-08-13 11:01 - 00000000 ____D () C:\Users\J-M\AppData\Local\twitter
2014-08-13 10:51 - 2014-08-12 18:47 - 00000000 ____D () C:\Windows\AutoKMS

Some content of TEMP:
====================
C:\Users\Angela\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2010-11-21 05:24] - [2010-11-21 05:24] - 2872320 ____A () A3AADECCAE999310CFA65AEFA180857F

C:\Windows\explorer.exe No Company Name <===== ATTENTION!

C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-07 01:06

==================== End Of Log ============================

Attached File  attach.txt   7KB   2 downloads

 

Attached Files


Edited by xramber, 12 September 2014 - 02:20 AM.


BC AdBot (Login to Remove)

 


m

#2 xramber

xramber
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 12 September 2014 - 02:21 AM

Updated the topic after running Adwcleaner and Farbar recovery scan tool.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 AM

Posted 16 September 2014 - 06:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/547821 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:42 AM

Posted 18 September 2014 - 11:24 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi xramber,

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
 
If you wish to keep it, please do not use it until your computer is cleaned.

--------------

We need to search for a file with FRST:

  • Double-click on FRST.exe/FRST64.exe on your desktop to open it, in the search box, type the following: explorer.exe
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Search.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:42 AM

Posted 21 September 2014 - 01:07 PM

Hi xramber,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:42 AM

Posted 24 September 2014 - 11:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users