Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DECRYPT_INSTRUCTION unable to open files


  • This topic is locked This topic is locked
16 replies to this topic

#1 Jay88p

Jay88p

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 30 September 2014 - 03:07 PM

Hi All,
 
Please help, I'm unable to open any of my important documents or pictures.
 
Is there any way to get these corrupted files back?
 
Many Thanks in advance
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 1.6.0_29
Run by P-jizzle at 20:56:09 on 2014-09-30
#Option MBR scan  is disabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.3070.1505 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\lxbkcoms.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Users\P-jizzle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\P-jizzle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\P-jizzle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\P-jizzle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{06F0C44D-D426-4FDC-A33D-59B5FFE4AA63} : DHCPNameServer = 82.132.254.2 82.132.254.3
TCP: Interfaces\{1D91C794-8673-4E59-B939-81CC2425922C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1D91C794-8673-4E59-B939-81CC2425922C}\F42377962756C6563737138393039333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1D91C794-8673-4E59-B939-81CC2425922C}\F42377962756C6563737438333132323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1D91C794-8673-4E59-B939-81CC2425922C}\F42377962756C6563737642353735423 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5C34C993-81FA-492B-847F-DA47002F8FB1} : DHCPNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\p-jizzle\appdata\roaming\mozilla\firefox\profiles\rlc8f4j8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxps://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\p-jizzle\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\p-jizzle\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-3-19 64800]
R1 MpKsl1ea9e8a0;MpKsl1ea9e8a0;c:\programdata\microsoft\microsoft antimalware\definition updates\{2b8b9099-6031-41cd-9ca3-73c140d7d871}\MpKsl1ea9e8a0.sys [2014-9-30 39464]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-12-7 202328]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 95920]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-12 247968]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-12 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-11 108032]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-15 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-09-30 17:52:31 8806800 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{366686d5-0023-4f29-8dc9-e79b18cd68ab}\mpengine.dll
2014-09-30 17:40:00 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2b8b9099-6031-41cd-9ca3-73c140d7d871}\offreg.dll
2014-09-30 17:40:00 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2b8b9099-6031-41cd-9ca3-73c140d7d871}\MpKsl1ea9e8a0.sys
2014-09-29 16:49:41 8806800 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-09-29 16:49:41 8806800 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2b8b9099-6031-41cd-9ca3-73c140d7d871}\mpengine.dll
2014-09-27 09:31:37 908840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4b3a2112-5cf3-4b05-993b-e682c2145a3d}\gapaengine.dll
2014-09-25 20:11:14 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-25 19:59:17 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-25 19:59:17 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-25 19:59:16 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-24 08:52:41 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-12 09:43:10 227728 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-09-12 09:43:10 227728 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-09-11 11:14:59 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-11 11:11:10 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 22:15:43 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 22:15:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 22:15:36 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 22:15:13 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 22:15:05 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 22:15:02 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-07 12:04:20 -------- d-----w- c:\users\p-jizzle\appdata\local\Skype
.
==================== Find3M  ====================
.
2014-09-22 06:41:56 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-07-25 01:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 17:05:08 95920 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-17 17:05:08 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-09 01:29:32 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
.
============= FINISH: 20:57:55.46 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:21 AM

Posted 05 October 2014 - 03:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/550337 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Jay88p

Jay88p
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 05 October 2014 - 03:16 PM

Hi,

 

Yes I'm still receiving this issue and no i do not have the original windows CD any more.

 

Please see below log as requested:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 1.6.0_29
Run by P-jizzle at 21:13:34 on 2014-10-05
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.3070.1829 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\lxbkcoms.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\P-jizzle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\P-jizzle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\P-jizzle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{06F0C44D-D426-4FDC-A33D-59B5FFE4AA63} : DHCPNameServer = 82.132.254.2 82.132.254.3
TCP: Interfaces\{1D91C794-8673-4E59-B939-81CC2425922C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1D91C794-8673-4E59-B939-81CC2425922C}\F42377962756C6563737138393039333 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1D91C794-8673-4E59-B939-81CC2425922C}\F42377962756C6563737438333132323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1D91C794-8673-4E59-B939-81CC2425922C}\F42377962756C6563737642353735423 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5C34C993-81FA-492B-847F-DA47002F8FB1} : DHCPNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\p-jizzle\appdata\roaming\mozilla\firefox\profiles\rlc8f4j8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxps://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\p-jizzle\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\p-jizzle\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-3-19 64800]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-12-7 202328]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 95920]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-12 247968]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-12 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-11 108032]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-4-15 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-10-05 11:30:14 8806800 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ac794fd-6267-4022-8b28-ae35cefe2f90}\mpengine.dll
2014-10-01 21:25:33 908840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6a88ed96-dc2e-4499-bbc5-475a382566d0}\gapaengine.dll
2014-10-01 21:23:54 8806800 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-10-01 18:20:05 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 20:11:14 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-25 19:59:17 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-25 19:59:17 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-25 19:59:16 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-24 08:52:41 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-12 09:43:10 227728 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-09-12 09:43:10 227728 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-09-11 11:14:59 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-11 11:11:10 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 22:15:43 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 22:15:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 22:15:36 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 22:15:13 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 22:15:05 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 22:15:02 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-07 12:04:20 -------- d-----w- c:\users\p-jizzle\appdata\local\Skype
.
==================== Find3M  ====================
.
2014-09-22 06:41:56 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-07-25 01:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 17:05:08 95920 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-07-17 17:05:08 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-09 01:29:32 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
.
============= FINISH: 21:15:25.36 ===============


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:21 AM

Posted 12 October 2014 - 11:04 AM

You may be the victim of Ransom Malware for which there still no solution for.

 

Could you be more specific as to the error message? Submit a screen shot of any pupup received. 

 

  • You can do this by pressing the PrintScreen key.
  • Then go to Start > All Programs > Accessories > Paint
  • In Paint, go up to Edit > Paste
  • Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it on the desktop.
  • Then click Add Reply in this topic.
  • Scroll down to Attach Files
  • Click the Choose File button.
  • Locate the file you just saved, click on it, then click Open, then Attach this file.
  • You can attach it anywhere on the window..
  • Add a Reply
 
Download this tool and save it on your desktop. Extract its contens and click on the IDTool.exe. Post its report

Edited by JSntgRvr, 12 October 2014 - 11:47 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Jay88p

Jay88p
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 12 October 2014 - 04:08 PM

I think you're right it is ransom malware. Is there anyway to get my files back or see which ones have not been effected yet?

 

I'm no longer receiving any messages, just these 3 files saved everywhere. I believe Malwarebytes and MSE may have got rid of the virus - is my computer now safe to use?

 

Please see screen shots attached and report below. 

 

Many thanks for your response.

 

Infection Detection Tool v1.0 - Nathan Scott
--------------------------------------------
Date/Time: 12/10/2014 21:58:30
Operating System: Windows 7
Service Pack: Service Pack 1
Version Number: 6.1
Product Type: Workstation
--------------------------------------------
[Detected Flags]
1.|  Possible CryptoWall Flag , HKCU\Software\32594B0F1CC72A93B707A3280EFA21BE\001223778AABBEEF
2.|  Possible CryptoWall Flag , C:\Users\P-jizzle\Pictures\DECRYPT_INSTRUCTION.HTML

Attached Files

  • Attached File  1.jpg   89.09KB   0 downloads
  • Attached File  2.jpg   24.24KB   0 downloads


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:21 AM

Posted 12 October 2014 - 06:40 PM

Read here for information regarding Cryptowall. The most we have achieved in attempting to restore these files is included therein. Attempt to restore those files from the shadow copy if available.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Jay88p

Jay88p
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 13 October 2014 - 11:37 AM

Thanks,

 

Is there a way make sure the malware is no longer on my computer and no further files will be affected?



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:21 AM

Posted 13 October 2014 - 06:46 PM

Lets scan the computer.
 
thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Download the latest version of AdwCleaner from here. Save the file to the desktop.
 
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
 
Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

You will see the following console:
 
AdwScan.jpg?

  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

bf_new.gif Please download Malwarebytes' Anti-Malware from Here
 
Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)

  • Select the language and click OK.
  • Accept the agreement
  • Make sure a checkmark is placed next to Enable the Free Trial and LaunchMalwarebytes' Anti-Malware
  • Then click on finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Scan Now".
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click on Quanrantee All,.
  • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History.
  • Double click on the last scan done, then on Copy to Clipboard.
  • Right click on your next reply and select Paste.
  • Submit your reply.

Edited by JSntgRvr, 13 October 2014 - 06:55 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Jay88p

Jay88p
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 14 October 2014 - 03:12 PM

Hi JSntgRVr,
 
Thank you for your help with this, i really appreciate it.
 
I have completed the requested scans, please see below, is it safe to use the PC as normal again?
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Professional x86
Ran by P-jizzle on 14/10/2014 at 20:03:02.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{11ADA67C-F57E-4BDA-A890-0B8B8848E3F5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{32EA9B26-3866-4BA3-92F8-31A583119456}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93413D4F-F2AB-4415-ACA9-6E2529EA9BAE}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\P-jizzle\AppData\Roaming\coupons"
Successfully deleted: [Folder] "C:\Users\P-jizzle\AppData\Roaming\search protection"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/10/2014 at 20:05:00.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v3.010 - Report created 31/10/2013 at 21:19:18
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : P-jizzle - P-JIZZLE-PC
# Running from : C:\Users\P-jizzle\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\P-jizzle\AppData\Local\Conduit
Folder Deleted : C:\Users\P-jizzle\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\P-jizzle\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\P-jizzle\AppData\Roaming\Mozilla\Firefox\Profiles\rlc8f4j8.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\P-jizzle\AppData\Roaming\Mozilla\Firefox\Profiles\rlc8f4j8.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297951
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Mozilla Firefox v20.0.1 (en-GB)
 
[ File : C:\Users\P-jizzle\AppData\Roaming\Mozilla\Firefox\Profiles\rlc8f4j8.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\P-jizzle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3579 octets] - [31/10/2013 20:27:30]
AdwCleaner[S0].txt - [3576 octets] - [31/10/2013 21:19:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3636 octets] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 14/10/2014
Scan Time: 20:29:28
Logfile: maleware.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.14.11
Rootkit Database: v2014.10.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: P-jizzle
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346368
Time Elapsed: 13 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.WiseConvert.A, HKU\S-1-5-21-3569515612-4175067792-3796432290-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\WiseConvert_B2, , [3e653cd8c8b489ada2aa8b8cee15da26], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.WiseConvert.A, C:\Users\P-jizzle\AppData\LocalLow\WiseConvert_B2, , [7b28be566517e84e2d0fb2619d66956b], 
PUP.Optional.WiseConvert.A, C:\Users\P-jizzle\AppData\LocalLow\WiseConvert_B2\Logs, , [7b28be566517e84e2d0fb2619d66956b], 
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:21 AM

Posted 14 October 2014 - 03:53 PM

is it safe to use the PC as normal again?

 

 

I believe so.

 

We need to remove the tools we've used during cleaning your machine
 
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
  • Also tick:
    • Create registry backup
  • Purge system restore
  • delfix.jpg
     
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

    No request for help throughout private messaging will be attended.

    If I have helped you, consider making a donation to help me continue the fight against Malware!
    btn_donate_SM.gif


    #11 Jay88p

    Jay88p
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Local time:04:21 AM

    Posted 16 October 2014 - 03:47 PM

    Thanks again. Please see below log:

     

    # DelFix v10.8 - Logfile created 16/10/2014 at 21:45:37
    # Updated 29/07/2014 by Xplode
    # Username : P-jizzle - P-JIZZLE-PC
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
     
    ~ Removing disinfection tools ...
     
    Deleted : C:\Qoobox
    Deleted : C:\AdwCleaner
    Deleted : C:\ComboFix.txt
    Deleted : C:\rkill.log
    Deleted : C:\Users\P-jizzle\Desktop\dds.txt
    Deleted : C:\Users\P-jizzle\Desktop\JRT.txt
    Deleted : C:\Users\P-jizzle\Desktop\unhide.exe
    Deleted : C:\Users\P-jizzle\Downloads\adwcleaner_4.000.exe
    Deleted : C:\Users\P-jizzle\Downloads\dds.com
    Deleted : C:\Users\P-jizzle\Downloads\JRT.exe
    Deleted : C:\Windows\grep.exe
    Deleted : C:\Windows\PEV.exe
    Deleted : C:\Windows\NIRCMD.exe
    Deleted : C:\Windows\MBR.exe
    Deleted : C:\Windows\SED.exe
    Deleted : C:\Windows\SWREG.exe
    Deleted : C:\Windows\SWSC.exe
    Deleted : C:\Windows\SWXCACLS.exe
    Deleted : C:\Windows\Zip.exe
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
     
    ~ Creating registry backup ... OK
     
    ~ Cleaning system restore ...
     
    Deleted : RP #986 [Windows Update | 09/24/2014 12:23:23]
    Deleted : RP #987 [Windows Update | 09/28/2014 13:55:26]
    Deleted : RP #988 [Windows Update | 10/01/2014 21:23:03]
    Deleted : RP #989 [Windows Update | 10/02/2014 17:07:46]
    Deleted : RP #990 [Windows Update | 10/06/2014 19:01:06]
    Deleted : RP #991 [Windows Update | 10/09/2014 19:35:00]
     
    New restore point created !
     
    ########## - EOF - ##########


    #12 JSntgRvr

    JSntgRvr

      Master Surgeon General


    • Malware Response Team
    • 11,635 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Puerto Rico
    • Local time:12:21 AM

    Posted 16 October 2014 - 05:09 PM

    Outstanding. How is the computer doing?


    No request for help throughout private messaging will be attended.

    If I have helped you, consider making a donation to help me continue the fight against Malware!
    btn_donate_SM.gif


    #13 Jay88p

    Jay88p
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Local time:04:21 AM

    Posted 18 October 2014 - 06:13 AM

    It seems to be fine now, thank you very much for your help. :D

     

    Any advice on how i remove all these decrypt html files in every folder?

    Is there a way to find out any files were missed and still usable?

    One more thing :), any idea on how to replace all infected itunes files on my computer with the decent files on my phone?

     

    Many thanks



    #14 JSntgRvr

    JSntgRvr

      Master Surgeon General


    • Malware Response Team
    • 11,635 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Puerto Rico
    • Local time:12:21 AM

    Posted 18 October 2014 - 01:19 PM

    Do they all have a .htlm extension?

    No request for help throughout private messaging will be attended.

    If I have helped you, consider making a donation to help me continue the fight against Malware!
    btn_donate_SM.gif


    #15 Jay88p

    Jay88p
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Local time:04:21 AM

    Posted 18 October 2014 - 04:27 PM

    There are 3 files HTML, text and then a short cut of the HTML






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users