Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Cryptolocker


  • This topic is locked This topic is locked
2 replies to this topic

#1 Pchecoandres

Pchecoandres

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 11 January 2015 - 02:08 PM

Hi, yesterday 1/10/2015 I got infected with Cryptolocker, after a lot of research the Security Developer Fabian Wosar who is the one solving these problems, uploaded a decryptor which worked flawlessly, I know have recoverd hundreds of Gbs in data. Would like now to proceed in cleansing my PC

 

Note: I have MalwareBytes and apparenlty there are no malwares, but the wallpaper is there.. Need instructions please!!

 

Thanks in advance,

 

Here is the DDS text

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 11.25.2
Run by Home at 14:30:26 on 2015-01-11
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3965.1290 [GMT -4.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\ShadowExplorer\sesvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\igfxHK.exe
C:\Windows\system32\igfxTray.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\LogMeTT\LogMeTT.exe
C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\teraterm\ttpmenu.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Home\Downloads\decrypt_pclock2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Home\AppData\Local\IE Tab\7.12.10.1\ietabhelper.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://directxex.net/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [GoogleChromeAutoLaunch_F8F9C1389199C5D42EF0F1FE1D081D59] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [uTorrent] "C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Adkdworks] regsvr32.exe C:\Users\Home\AppData\Local\Adkdworks\AsyncUserSplsh.dll
uRun: [Orqmics] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Home\AppData\Local\YXLPack\divHelpTray.dll
uRun: [LogMeTT.exe] "C:\Program Files (x86)\LogMeTT\LogMeTT.exe" -startup
uRun: [f.lux] "C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [EnergyUtility] C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
mRun: [EnergyCut] C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TERATE~1.LNK - C:\Program Files (x86)\teraterm\ttpmenu.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.11.1
TCP: Interfaces\{39340EFE-3AE2-4BD1-9E61-778883DDDCDA} : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{6BB547C8-B163-40E4-ADAD-6C8A2E6D6403} : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{6BB547C8-B163-40E4-ADAD-6C8A2E6D6403}\030313630313938313333414 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{6BB547C8-B163-40E4-ADAD-6C8A2E6D6403}\36367626 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{6BB547C8-B163-40E4-ADAD-6C8A2E6D6403}\D454E425F4 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: Backup - wuauclt.exe
IFEO: Firewall.cpl - wuauclt.exe
IFEO: FirewallAPI.dll - wuauclt.exe
IFEO: MpAsDesc.dll - wuauclt.exe
IFEO: MpAsDesc.dll.mui - wuauclt.exe
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Cm112Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm112.dll,CMICtrlWnd
x64-Run: [Cm112GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cm112GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: Backup - wuauclt.exe
x64-IFEO: Firewall.cpl - wuauclt.exe
x64-IFEO: FirewallAPI.dll - wuauclt.exe
x64-IFEO: MpAsDesc.dll - wuauclt.exe
x64-IFEO: MpAsDesc.dll.mui - wuauclt.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-21 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-10-8 122072]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-10-8 388824]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-10-8 782040]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-10-1 319376]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-18 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-18 969016]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
R2 sesvc;ShadowExplorer Service;C:\Program Files (x86)\ShadowExplorer\sesvc.exe [2015-1-11 9216]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-21 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-21 789824]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-11-15 111216]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-12-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-12-18 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-18 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-10-8 409304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2014-12-18 33872]
S3 ASUSU1;ASUS Xonar U3 Audio Interface;C:\Windows\System32\drivers\cm11264.sys [2015-1-9 4135936]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-11-17 1436424]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-11-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2014-8-15 23040]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2015-01-11 16:11:24 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{629556AD-F8B8-48C2-BFC0-8E2E8847423C}\offreg.dll
2015-01-11 04:50:41 -------- d-----w- C:\Users\Home\AppData\Roaming\www.shadowexplorer.com
2015-01-11 04:50:30 -------- d-----w- C:\Program Files (x86)\ShadowExplorer
2015-01-11 02:19:18 -------- d-----w- C:\Users\Home\AppData\Local\TorrentUnlocker
2015-01-10 23:20:03 -------- d-----w- C:\Users\Home\AppData\Roaming\WinCL
2015-01-10 13:33:29 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2015-01-09 21:15:22 -------- d-----w- C:\ProgramData\Cisco Systems
2015-01-09 08:26:55 -------- d-----w- C:\Users\Home\AppData\Roaming\ASUS
2015-01-09 08:24:43 359424 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2015-01-09 08:24:37 524768 ----a-w- C:\Windows\difxapi.dll
2015-01-09 08:24:03 315392 ----a-w- C:\Windows\system\fltr112.dll
2015-01-09 08:24:01 4135936 ----a-w- C:\Windows\System32\drivers\cm11264.sys
2015-01-08 13:40:27 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fd1d770eae128471eaf90474121fb853\WMP x264 Codec Pack.exe
2015-01-08 13:14:44 12582912 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\data\fb0fff014dae76adbde07dd78235047a\AutoCAD Map 3D.exe
2015-01-08 13:08:51 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{67342C68-7DC8-49AA-86D5-A72BCF7CF76E}\gapaengine.dll
2015-01-08 13:07:43 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{629556AD-F8B8-48C2-BFC0-8E2E8847423C}\mpengine.dll
2015-01-02 04:47:36 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-01 04:39:47 129752 ----a-w- C:\Windows\System32\drivers\6BFA3814.sys
2014-12-29 13:12:18 -------- d-----w- C:\Users\Home\AppData\Local\{8C64C6BE-3FFD-4901-9ADA-859079346312}
2014-12-29 13:12:18 -------- d-----w- C:\Users\Home\AppData\Local\{71BFCF21-CA5C-40D5-8E85-4CC94B7C25F9}
2014-12-29 13:12:05 -------- d-----w- C:\Users\Home\AppData\Roaming\Windows Live Writer
2014-12-29 13:12:05 -------- d-----w- C:\Users\Home\AppData\Local\Windows Live Writer
2014-12-20 17:46:01 -------- d-----w- C:\ProgramData\Freemake
2014-12-20 17:45:42 -------- d-----w- C:\Program Files (x86)\Freemake
2014-12-19 04:15:56 -------- d-----w- C:\Users\Home\Andres
2014-12-19 01:13:02 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2014-12-18 17:34:29 -------- d-----w- C:\OutputFolder
2014-12-18 17:27:41 -------- d-----w- C:\Users\Home\AppData\Roaming\AnvSoft
2014-12-18 17:26:19 33872 ----a-w- C:\Windows\System32\drivers\anvsnddrv.sys
2014-12-18 17:25:51 -------- d-----w- C:\Program Files (x86)\AnvSoft
2014-12-18 16:23:36 -------- d-----w- C:\Users\Home\AppData\Local\Apple Computer
2014-12-18 16:23:23 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-12-18 16:21:00 -------- d-----w- C:\Program Files\iPod
2014-12-18 16:20:58 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-18 16:20:58 -------- d-----w- C:\Program Files\iTunes
2014-12-18 16:20:58 -------- d-----w- C:\Program Files (x86)\iTunes
2014-12-18 16:19:58 -------- d-----w- C:\Users\Home\AppData\Local\Apple
2014-12-18 16:19:16 -------- d-----w- C:\Program Files\Bonjour
2014-12-18 16:19:16 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-12-18 04:45:53 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-18 04:45:11 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-18 04:45:11 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-12-18 04:45:11 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-18 04:45:11 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-18 04:45:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 02:22:47 -------- d-----w- C:\Program Files (x86)\Lenovo
2014-12-14 15:05:49 1380135 ----a-w- C:\Windows\SysWow64\scrypt130511Intel® HD Graphics 4000glg2tc4000w256l4.bin
.
==================== Find3M  ====================
.
2014-12-09 18:08:41 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 18:08:41 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-19 14:58:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-18 19:26:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 14:33:08.86 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:45 PM

Posted 14 January 2015 - 10:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:45 PM

Posted 20 January 2015 - 08:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users