Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Encrypted files and infected computer : |


  • This topic is locked This topic is locked
2 replies to this topic

#1 Wentbareback

Wentbareback

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:34 AM

Posted 08 February 2015 - 03:32 AM

When I start up my computer I automatically get directed to my photos with the virus asking me to pay to decrypt my files, I get directed via internet explorer and or chrome I cant view any old photos specifically if I'm in them. I feel like someone is spying on me. Or I'm just paranoid someone help me.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by leaAnn (administrator) on LEELEESBABI on 08-02-2015 03:16:15
Running from C:\Users\leaAnn\Downloads
Loaded Profiles: leaAnn (Available profiles: leaAnn)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Samsung) C:\Program Files (x86)\Samsung\PC Auto Backup\AutoBackup.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Samsung\iLauncher\iLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Wondershare Software) C:\Program Files (x86)\Wondershare\Video Editor\VideoEditor.exe
() C:\Program Files (x86)\Wondershare\Video Editor\CrashService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2572790-1686662415-3100893241-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-17] (Electronic Arts)
HKU\S-1-5-21-2572790-1686662415-3100893241-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2572790-1686662415-3100893241-1001\...\Run: [KipiqArmir] => regsvr32.exe "C:\ProgramData\KipiqArmir\EawyEjmeb.ncr"
HKU\S-1-5-21-2572790-1686662415-3100893241-1001\...\MountPoints2: {20745e55-fafb-11e3-beda-1867b0238cf7} - "D:\LG_PC_Programs.exe" 
HKU\S-1-5-21-2572790-1686662415-3100893241-1001\...\MountPoints2: {adc5f7b0-d2c5-11e2-be95-1867b0238cf7} - "D:\LGAutoRun.exe" 
HKU\S-1-5-21-2572790-1686662415-3100893241-1001\...\MountPoints2: {c25c8256-58a3-11e3-beb0-c8f7339191a4} - "D:\iLinker.exe" 
HKU\S-1-5-21-2572790-1686662415-3100893241-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PC Auto Backup.lnk
ShortcutTarget: PC Auto Backup.lnk -> C:\Program Files (x86)\Samsung\PC Auto Backup\AutoBackup.exe (Samsung)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {6AF85F20-08A3-40CC-A1C2-2542F76FBFD2} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {6AF85F20-08A3-40CC-A1C2-2542F76FBFD2} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2572790-1686662415-3100893241-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-2572790-1686662415-3100893241-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-2572790-1686662415-3100893241-1001 -> DefaultScope {7A3B19AE-668C-422A-8C71-FD6B4E88A2A3} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2572790-1686662415-3100893241-1001 -> {7A3B19AE-668C-422A-8C71-FD6B4E88A2A3} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2572790-1686662415-3100893241-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (From Dust) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-08-03]
CHR Extension: (Google Docs) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-30]
CHR Extension: (Google Drive) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-30]
CHR Extension: (Google Search) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-30]
CHR Extension: (AdBlock) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-14]
CHR Extension: (Do Not Disturb!) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-07-12]
CHR Extension: (Water's Valley) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpodmbdlgmgffpgbennemfkjhhaocfl [2014-11-20]
CHR Extension: (Google Wallet) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Gmail) - C:\Users\leaAnn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-05] (Adobe Systems Incorporated)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4362056 2014-11-18] (Symantec Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-10-21] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-05-31] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-26] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-28] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-08-18] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-18] (ESET)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X]
S3 SBIOSIO; \??\C:\Users\leaAnn\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 03:16 - 2015-02-08 03:16 - 00020289 _____ () C:\Users\leaAnn\Downloads\FRST.txt
2015-02-08 03:15 - 2015-02-08 03:16 - 00000000 ____D () C:\FRST
2015-02-08 03:15 - 2015-02-08 03:15 - 02132992 _____ (Farbar) C:\Users\leaAnn\Downloads\FRST64.exe
2015-02-07 21:38 - 2015-02-07 21:38 - 00392012 _____ () C:\Users\leaAnn\Downloads\rannohdecryptor (1).zip
2015-02-07 21:37 - 2015-02-07 21:37 - 00380753 _____ () C:\Users\leaAnn\Downloads\rannohdecryptor.zip
2015-02-07 18:28 - 2015-02-07 18:28 - 00000000 ____D () C:\ProgramData\Wondershare
2015-02-07 16:54 - 2015-02-07 16:54 - 00000000 ____D () C:\Users\leaAnn\AppData\Local\Wondershare
2015-02-07 16:54 - 2014-07-15 17:24 - 02140712 _____ (MainConcept GmbH) C:\windows\SysWOW64\mcmpgvout.004
2015-02-07 16:54 - 2014-07-15 17:24 - 00531496 _____ (MainConcept GmbH) C:\windows\SysWOW64\mcmpeg2mux.ax
2015-02-07 16:54 - 2014-07-15 17:24 - 00375848 _____ (MainConcept GmbH) C:\windows\SysWOW64\mcm2ve.ax
2015-02-07 16:54 - 2014-07-15 17:24 - 00257064 _____ (MainConcept GmbH) C:\windows\SysWOW64\mcl2ae.ax
2015-02-07 16:54 - 2014-07-15 17:24 - 00244776 _____ (MainConcept GmbH) C:\windows\SysWOW64\mcmpgaout.dll
2015-02-07 16:54 - 2014-07-15 17:24 - 00020520 _____ (MainConcept GmbH) C:\windows\SysWOW64\mcmpgvout.dll
2015-02-07 16:53 - 2015-02-07 18:28 - 00000000 ____D () C:\Users\leaAnn\Documents\Wondershare Video Editor
2015-02-07 16:53 - 2015-02-07 16:53 - 00001198 _____ () C:\Users\Public\Desktop\Wondershare Video Editor.lnk
2015-02-07 16:53 - 2015-02-07 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-02-07 16:53 - 2015-02-07 16:53 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-02-07 16:42 - 2015-02-07 16:53 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2015-02-07 16:42 - 2015-02-07 16:42 - 01067592 _____ (Wondershare) C:\Users\leaAnn\Downloads\video-editor_setup_full1107.exe
2015-02-06 01:21 - 2015-02-06 01:21 - 00000508 _____ () C:\Users\leaAnn\Downloads\Backup-codes-leaannll.txt
2015-02-05 20:01 - 2015-02-05 20:01 - 00131808 _____ () C:\Users\leaAnn\Downloads\FLVPlayer-Chrome.exe
2015-02-05 20:01 - 2015-02-05 20:01 - 00131808 _____ () C:\Users\leaAnn\Downloads\FLVPlayer-Chrome (1).exe
2015-02-03 17:59 - 2015-02-03 17:59 - 01661128 _____ (ESET) C:\Users\leaAnn\Downloads\eset_smart_security_live_installer (1).exe
2015-02-03 13:55 - 2015-02-03 13:55 - 03433144 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-02 16:50 - 2015-02-02 16:50 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-02 16:43 - 2015-02-02 16:43 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\leaAnn\Downloads\tdsskiller.exe
2015-02-02 16:42 - 2015-02-05 20:01 - 00002186 _____ () C:\Users\leaAnn\Desktop\Rkill.txt
2015-02-02 16:42 - 2015-02-02 16:42 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\leaAnn\Downloads\rkill.exe
2015-02-02 16:42 - 2015-02-02 16:42 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\leaAnn\Downloads\rkill64.exe
2015-02-02 16:41 - 2015-02-02 16:41 - 00000000 ____D () C:\Users\leaAnn\AppData\Roaming\ESET
2015-02-02 16:41 - 2015-02-02 16:41 - 00000000 ____D () C:\Users\leaAnn\AppData\Local\ESET
2015-02-02 16:18 - 2015-02-02 16:31 - 00072795 _____ () C:\Users\leaAnn\Downloads\B21C.tmp
2015-02-02 16:18 - 2015-02-02 16:18 - 00071335 _____ () C:\Users\leaAnn\Downloads\B2FC.tmp
2015-02-02 15:54 - 2015-02-02 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-02-02 15:54 - 2015-02-02 15:54 - 00000000 ____D () C:\ProgramData\ESET
2015-02-02 15:54 - 2015-02-02 15:54 - 00000000 ____D () C:\Program Files\ESET
2015-02-02 15:51 - 2015-02-02 15:51 - 01661128 _____ (ESET) C:\Users\leaAnn\Downloads\eset_smart_security_live_installer.exe
2015-02-02 15:50 - 2015-02-08 00:45 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 15:50 - 2015-02-02 15:50 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-02 15:50 - 2015-02-02 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-02 15:49 - 2015-02-02 15:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-02 15:49 - 2015-02-02 15:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 15:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-02 15:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-02 15:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-02 15:46 - 2015-02-02 15:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\leaAnn\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-02-02 15:45 - 2015-02-02 15:46 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\leaAnn\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-02 15:09 - 2015-02-02 15:09 - 00004272 _____ () C:\Users\Public\HELP_DECRYPT.TXT
2015-02-02 15:09 - 2015-02-02 15:09 - 00000304 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-02-02 14:39 - 2015-02-02 15:26 - 00000000 ____D () C:\Users\leaAnn\AppData\Roaming\Local Store
2015-02-02 14:28 - 2015-02-02 14:28 - 130151664 _____ (Microsoft Corporation) C:\Users\leaAnn\Downloads\msert (1).exe
2015-01-30 20:29 - 2015-01-30 20:31 - 00000197 _____ () C:\windows\system32\2015-01-31-01-29-25.076-AvastVBoxSVC.exe-3504.log
2015-01-30 19:48 - 2015-02-02 14:29 - 00000000 ____D () C:\windows\system32\MpEngineStore
2015-01-30 17:07 - 2015-01-30 17:08 - 130066672 _____ (Microsoft Corporation) C:\Users\leaAnn\Downloads\msert.exe
2015-01-30 16:28 - 2015-02-03 12:52 - 00000000 ____D () C:\Users\Public\leaAnn
2015-01-30 16:24 - 2015-01-30 16:24 - 00000794 _____ () C:\windows\setupact.log
2015-01-30 16:24 - 2015-01-30 16:24 - 00000000 _____ () C:\windows\setuperr.log
2015-01-30 15:40 - 2015-01-30 15:41 - 00000197 _____ () C:\windows\system32\2015-01-30-20-40-49.017-AvastVBoxSVC.exe-3720.log
2015-01-28 15:26 - 2015-01-28 16:17 - 01949338 _____ () C:\ProgramData\xghpcqn.html
2015-01-27 20:10 - 2015-01-31 20:10 - 00003746 _____ () C:\windows\System32\Tasks\GoogleUpdater
2015-01-27 20:01 - 2015-01-27 20:01 - 00001392 _____ () C:\Users\leaAnn\AppData\Roaming\HELP_DECRYPT.TXT.vjddcnj
2015-01-27 20:01 - 2015-01-27 20:01 - 00001392 _____ () C:\Users\leaAnn\AppData\HELP_DECRYPT.TXT.vjddcnj
2015-01-27 20:01 - 2015-01-27 20:01 - 00000276 _____ () C:\Users\leaAnn\AppData\Roaming\HELP_DECRYPT.URL
2015-01-27 20:01 - 2015-01-27 20:01 - 00000276 _____ () C:\Users\leaAnn\AppData\HELP_DECRYPT.URL
2015-01-27 20:00 - 2015-01-27 20:00 - 00001392 _____ () C:\Users\leaAnn\AppData\Local\HELP_DECRYPT.TXT.vjddcnj
2015-01-27 20:00 - 2015-01-27 20:00 - 00000276 _____ () C:\Users\leaAnn\AppData\Local\HELP_DECRYPT.URL
2015-01-27 19:54 - 2015-01-27 19:54 - 00001392 _____ () C:\ProgramData\HELP_DECRYPT.TXT.vjddcnj
2015-01-27 19:54 - 2015-01-27 19:54 - 00000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-27 19:13 - 2015-02-02 14:34 - 00000696 _____ () C:\ProgramData\@system.temp
2015-01-27 19:13 - 2015-02-02 14:34 - 00000432 ____H () C:\ProgramData\@system3.att
2015-01-27 19:12 - 2015-01-27 19:12 - 00000480 ____H () C:\Users\leaAnn\AppData\Roaming\麽鎒駓覜
2015-01-27 19:12 - 2015-01-27 19:12 - 00000000 ____D () C:\Users\leaAnn\AppData\Roaming\FrameworkUpdate
2015-01-27 18:58 - 2015-01-27 18:58 - 00000197 _____ () C:\windows\system32\2015-01-27-23-58-20.081-AvastVBoxSVC.exe-1264.log
2015-01-22 15:49 - 2015-01-22 15:54 - 00000197 _____ () C:\windows\system32\2015-01-22-20-49-10.055-AvastVBoxSVC.exe-3744.log
2015-01-20 21:27 - 2015-01-20 21:27 - 00000197 _____ () C:\windows\system32\2015-01-21-02-27-17.040-AvastVBoxSVC.exe-2056.log
2015-01-20 21:23 - 2015-02-05 12:51 - 00424560 _____ () C:\windows\PFRO.log
2015-01-16 21:41 - 2015-01-16 21:41 - 00002123 _____ () C:\Users\Public\Desktop\Norton Online Backup.lnk
2015-01-16 21:41 - 2015-01-16 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2015-01-16 21:40 - 2015-01-16 21:40 - 00000000 ____D () C:\Program Files (x86)\Symantec
2015-01-16 18:34 - 2015-02-08 02:39 - 01799941 _____ () C:\windows\WindowsUpdate.log
2015-01-16 13:08 - 2015-01-16 13:08 - 00000197 _____ () C:\windows\system32\2015-01-16-18-08-16.008-AvastVBoxSVC.exe-3680.log
2015-01-14 20:34 - 2015-01-14 20:34 - 00000197 _____ () C:\windows\system32\2015-01-15-01-34-00.068-AvastVBoxSVC.exe-3368.log
2015-01-13 16:49 - 2015-01-13 16:51 - 00000197 _____ () C:\windows\system32\2015-01-13-21-49-00.036-AvastVBoxSVC.exe-4092.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-08 03:14 - 2013-05-30 12:11 - 00000930 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 03:00 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2015-02-07 18:14 - 2013-05-30 12:11 - 00000926 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 16:27 - 2012-07-26 02:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-07 16:24 - 2013-12-02 20:49 - 00000000 ____D () C:\Users\leaAnn\AppData\Roaming\iLauncher
2015-02-07 16:12 - 2014-07-26 23:07 - 00000000 ____D () C:\Users\leaAnn\Desktop\WTF
2015-02-07 16:12 - 2014-07-01 20:50 - 00000000 ____D () C:\Users\leaAnn\Desktop\art crap
2015-02-07 16:11 - 2014-07-26 23:08 - 00000000 ____D () C:\Users\leaAnn\Desktop\Errors
2015-02-07 16:11 - 2014-04-14 15:09 - 00000000 ____D () C:\Users\leaAnn\Desktop\New folder
2015-02-07 16:10 - 2013-05-30 12:02 - 00000000 ____D () C:\Users\leaAnn
2015-02-07 15:43 - 2013-01-04 21:25 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-07 13:30 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2015-02-06 01:15 - 2013-05-30 12:11 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 15:02 - 2013-01-04 21:36 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-02-05 15:00 - 2014-10-19 10:10 - 00000442 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-02-05 14:59 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-05 14:50 - 2012-07-26 00:26 - 00786432 ___SH () C:\windows\system32\config\BBI
2015-02-05 14:05 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2015-02-05 13:22 - 2013-05-30 14:00 - 00000000 ____D () C:\Users\leaAnn\AppData\Local\CrashDumps
2015-02-03 23:17 - 2014-07-22 14:03 - 00000000 ____D () C:\Users\leaAnn\Downloads\World of Warcraft - Mists of Pandaria 5.4.2 (17688)
2015-02-03 23:17 - 2014-05-26 18:09 - 00000000 ____D () C:\Users\leaAnn\Downloads\WTF
2015-02-03 23:17 - 2014-05-10 21:04 - 00000000 ____D () C:\Users\leaAnn\Downloads\SZA - Z
2015-02-03 23:17 - 2014-05-10 21:03 - 00000000 ____D () C:\Users\leaAnn\Downloads\SZA - S (EP)
2015-02-03 23:17 - 2014-04-13 12:13 - 00000000 ____D () C:\Users\leaAnn\Downloads\World of Warcraft - Cataclysm 4.3.4 (15595)
2015-02-03 23:17 - 2014-03-16 13:56 - 00000000 ____D () C:\Users\leaAnn\Downloads\Télépopmusik - Genetic World
2015-02-03 23:17 - 2014-03-16 13:53 - 00000000 ____D () C:\Users\leaAnn\Downloads\Yuna-Yuna-2012-C4
2015-02-03 23:17 - 2014-02-03 01:29 - 00000000 ____D () C:\Users\leaAnn\Downloads\The_Weeknd-Trilogy-3CD-2012-pLAN9
2015-02-03 23:17 - 2014-01-12 13:41 - 00000000 ____D () C:\Users\leaAnn\Downloads\Two Door Cinema Club- Beacon [2012 mp3]
2015-02-03 23:17 - 2013-12-15 13:53 - 00000000 ____D () C:\Users\leaAnn\Downloads\Yuna - Nocturnal [2013] 320
2015-02-03 23:17 - 2013-12-15 13:53 - 00000000 ____D () C:\Users\leaAnn\Downloads\Yuna
2015-02-03 23:17 - 2013-09-17 22:22 - 00000000 ____D () C:\Users\leaAnn\Downloads\TOKiMONSTA - Midnight Menu
2015-02-03 23:17 - 2013-07-10 22:55 - 00000000 ____D () C:\Users\leaAnn\Downloads\Various Artists - Indie Rock Playlist July 2012
2015-02-03 23:17 - 2013-05-31 23:45 - 00000000 ____D () C:\Users\leaAnn\Downloads\The Killers - Hot Fuss
2015-02-03 23:16 - 2014-10-19 22:55 - 00000000 ____D () C:\Users\leaAnn\Downloads\Gwen Stefani - Love Angel Music Baby [ChattChitto RG]
2015-02-03 23:16 - 2014-10-19 22:54 - 00000000 ____D () C:\Users\leaAnn\Downloads\No Doubt - Tragic Kingdom[mp3 320 Kbps][The Raven]
2015-02-03 23:16 - 2014-09-22 00:54 - 00000000 ____D () C:\Users\leaAnn\Downloads\Broods - Evergreen
2015-02-03 23:16 - 2014-09-22 00:54 - 00000000 ____D () C:\Users\leaAnn\Downloads\Broods - EP
2015-02-03 23:16 - 2014-09-22 00:10 - 00000000 ____D () C:\Users\leaAnn\Downloads\Sia - 1000 Forms of Fear (2014) CBR 320 KBPS [AryaN_L33T]
2015-02-03 23:16 - 2014-09-11 15:02 - 00000000 ____D () C:\Users\leaAnn\Downloads\Kaskade– Fire and Ice- (Deluxe Edition)- [2011]- Mp3ViLLe
2015-02-03 23:16 - 2014-09-02 18:41 - 00000000 ____D () C:\Users\leaAnn\Downloads\Jhene Aiko - Souled Out [Deluxe][320 Kbps Mp3]~eMiNigo3~UpZ
2015-02-03 23:16 - 2014-06-06 22:51 - 00000000 ____D () C:\Users\leaAnn\Downloads\Major Lazer - Apocalypse Soon (2014) - WEB MP3 V0
2015-02-03 23:16 - 2014-05-02 16:28 - 00000000 ____D () C:\Users\leaAnn\Downloads\PARTYNEXTDOOR - PARTYNEXTDOOR-2013-MIXFIEND
2015-02-03 23:16 - 2014-03-16 15:57 - 00000000 ____D () C:\Users\leaAnn\Downloads\Samantha James
2015-02-03 23:16 - 2014-02-20 02:14 - 00000000 ____D () C:\Users\leaAnn\Downloads\Marina & The Diamonds - The Family Jewels 2010 only1joe 320kbsMP3
2015-02-03 23:16 - 2014-02-13 00:45 - 00000000 ____D () C:\Users\leaAnn\Downloads\Jhene Aiko - Sail Out [2013] [CBR@320]
2015-02-03 23:16 - 2014-02-07 15:21 - 00000000 ____D () C:\Users\leaAnn\Downloads\Marina and the Diamonds - Electra Heart (US Deluxe) Mp3 320kbs cT
2015-02-03 23:16 - 2014-02-07 15:21 - 00000000 ____D () C:\Users\leaAnn\Downloads\Marina & the Diamonds - Radioactive
2015-02-03 23:16 - 2014-01-28 18:06 - 00000000 ____D () C:\Users\leaAnn\Downloads\Skrillex - Leaving (EP)-2013-MIXFIEND
2015-02-03 23:16 - 2014-01-28 18:04 - 00000000 ____D () C:\Users\leaAnn\Downloads\Pure Heroine (Extended)
2015-02-03 23:16 - 2014-01-13 11:50 - 00000000 ____D () C:\Users\leaAnn\Downloads\Kendrick Lamar - Section.80
2015-02-03 23:16 - 2014-01-12 13:42 - 00000000 ____D () C:\Users\leaAnn\Downloads\Beacon - The Ways We Separate (2013) - MP3
2015-02-03 23:16 - 2013-11-09 18:41 - 00000000 ____D () C:\Users\leaAnn\Downloads\Katy Perry - One Of The Boys
2015-02-03 23:16 - 2013-10-30 20:50 - 00000000 ____D () C:\Users\leaAnn\Downloads\Justin Timberlake - The 20-20 Experience_The Complete Experience [Deluxe Edition] 2CD @ MP3_2013
2015-02-03 23:16 - 2013-10-12 14:05 - 00000000 ____D () C:\Users\leaAnn\Downloads\Red Hot Chili Peppers-Californication
2015-02-03 23:16 - 2013-09-26 15:10 - 00000000 ____D () C:\Users\leaAnn\Downloads\Kings of Leon - Mechanical Bull (Deluxe Version) [iTunes]
2015-02-03 23:16 - 2013-09-22 22:42 - 00000000 ___RD () C:\Users\leaAnn\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2015-02-03 23:16 - 2013-09-17 21:43 - 00000000 ____D () C:\Users\leaAnn\Downloads\Marina and the Diamonds - The Crown Jewels EP
2015-02-03 23:16 - 2013-09-17 18:56 - 00000000 ____D () C:\Users\leaAnn\Downloads\Drake - Nothing Was the Same (Album-192 kbps) LittleFairy RG
2015-02-03 23:16 - 2013-09-17 18:53 - 00000000 ____D () C:\Users\leaAnn\Downloads\Atmosphere (Deluxe Version)
2015-02-03 23:16 - 2013-09-17 18:33 - 00000000 ____D () C:\Users\leaAnn\Downloads\Lorde
2015-02-03 23:16 - 2013-09-17 12:47 - 00000000 ____D () C:\Users\leaAnn\Downloads\Marina & The Diamonds - The Family Jewels
2015-02-03 23:16 - 2013-08-08 12:48 - 00000000 ____D () C:\Users\leaAnn\Downloads\CapitalCitiesSafeAndSound_201305
2015-02-03 23:16 - 2013-08-03 19:39 - 00000000 ____D () C:\Users\leaAnn\Downloads\Pimsleur Quick & Simple Spanish Disc Set 1-4 (mp3)
2015-02-03 23:16 - 2013-07-15 23:46 - 00000000 ____D () C:\Users\leaAnn\Downloads\Imagine Dragons - Night Visions (Deluxe Version) 2013 Indie Rock 320kbps CBR MP3 [VX] [P2PDL]
2015-02-03 23:16 - 2013-07-09 22:10 - 00000000 ____D () C:\Users\leaAnn\Downloads\Surgeon Simulator 2013
2015-02-03 23:16 - 2013-06-16 23:16 - 00000000 ____D () C:\Users\leaAnn\Downloads\Macklemore - The Language Of My World [2005]
2015-02-03 23:16 - 2013-06-04 22:54 - 00000000 ____D () C:\Users\leaAnn\Downloads\Maroon 5 Discography.(4 Albums).moXXon
2015-02-03 23:16 - 2013-05-31 23:47 - 00000000 ____D () C:\Users\leaAnn\Downloads\Kaskade - Strobelite Seduction
2015-02-03 23:16 - 2013-05-31 23:12 - 00000000 ____D () C:\Users\leaAnn\Downloads\Samantha James - Subconscious (2010)
2015-02-03 23:16 - 2013-05-31 15:34 - 00000000 ____D () C:\Users\leaAnn\Downloads\Kings Of Leon - Only By The Night[2008][MP3@320kbps]-antecho
2015-02-03 23:16 - 2013-05-31 15:34 - 00000000 ____D () C:\Users\leaAnn\Downloads\Kings Of Leon - Come Around Sundown [2010-MP3-Cov][Bubanee]
2015-02-03 23:16 - 2013-05-30 14:05 - 00000000 ____D () C:\Users\leaAnn\Downloads\BitTorrent-Kaskade-FreaksOfNature-Unlocked
2015-02-03 23:15 - 2013-07-20 15:08 - 00000000 ____D () C:\Users\leaAnn\Documents\LDW
2015-02-03 23:15 - 2013-07-01 01:05 - 00000000 ____D () C:\Users\leaAnn\Documents\My Received Files
2015-02-03 22:53 - 2013-05-30 23:59 - 00000000 ____D () C:\Users\leaAnn\Documents\Electronic Arts
2015-02-03 22:52 - 2014-05-29 08:54 - 00000000 ____D () C:\Users\leaAnn\Desktop\fk
2015-02-03 22:49 - 2013-05-30 12:38 - 00000000 ____D () C:\Users\leaAnn\AppData\Local\Origin
2015-02-03 22:39 - 2014-11-05 13:44 - 00000000 ____D () C:\Users\leaAnn\AppData\Local\Battle.net
2015-02-03 22:39 - 2014-07-08 23:01 - 00000000 ____D () C:\Users\leaAnn\AppData\Local\Apple Computer
2015-02-03 22:39 - 2013-10-03 01:43 - 00000000 ____D () C:\Users\leaAnn\AppData\Local\Blizzard Entertainment
2015-02-03 22:39 - 2013-05-30 12:10 - 00000000 ____D () C:\Users\leaAnn\AppData\Local\Google
2015-02-03 18:09 - 2013-05-30 12:11 - 00003902 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 18:09 - 2013-05-30 12:11 - 00003666 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 16:37 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2015-02-03 13:52 - 2012-07-26 03:12 - 00000000 ___RD () C:\windows\ToastData
2015-02-03 13:51 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-03 13:51 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-03 13:51 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-03 13:51 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\WinStore
2015-02-03 13:51 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2015-02-03 13:51 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-03 13:51 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-02-03 13:51 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-03 13:50 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-03 13:50 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-03 13:50 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-03 13:50 - 2012-07-26 00:38 - 00000000 ____D () C:\windows\system32\oobe
2015-02-03 12:52 - 2015-01-02 21:39 - 00000000 ____D () C:\Users\leaAnn\AppData\Roaming\Dropbox
2015-02-03 12:52 - 2015-01-02 21:29 - 00000000 ____D () C:\Users\leaAnn\AppData\Roaming\AVAST Software
2015-02-03 12:52 - 2014-05-05 21:41 - 00000000 ____D () C:\ProgramData\DDNi
2015-02-03 12:52 - 2013-05-31 00:17 - 00000000 __RHD () C:\Users\leaAnn\AppData\Roaming\SecuROM
2015-02-03 12:52 - 2013-05-30 14:03 - 00000000 ____D () C:\Users\leaAnn\AppData\Roaming\uTorrent
2015-02-03 12:52 - 2013-05-30 12:38 - 00000000 ____D () C:\Users\leaAnn\AppData\Roaming\Origin
2015-02-03 12:52 - 2013-05-30 12:05 - 00000000 ____D () C:\Users\leaAnn\AppData\Roaming\Adobe
2015-02-03 12:42 - 2013-05-30 12:36 - 00000000 ____D () C:\ProgramData\Battle.net
2015-02-03 12:42 - 2013-05-30 12:22 - 00000000 ____D () C:\ProgramData\Origin
2015-02-03 12:42 - 2013-01-04 21:29 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-02 18:16 - 2012-07-25 21:26 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2015-02-02 17:19 - 2013-07-13 21:54 - 00000000 ____D () C:\windows\system32\MRT
2015-02-02 16:51 - 2013-01-04 21:37 - 00000000 ____D () C:\Program Files\Bitcasa
2015-02-02 16:41 - 2015-01-02 20:59 - 00000000 ____D () C:\ProgramData\KipiqArmir
2015-02-02 16:39 - 2014-04-14 12:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-28 16:40 - 2013-05-30 12:12 - 00003594 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2572790-1686662415-3100893241-1001
2015-01-28 15:37 - 2014-11-05 13:44 - 00000000 ____D () C:\Users\leaAnn\AppData\Roaming\Battle.net
2015-01-28 15:28 - 2014-07-22 14:04 - 00000000 ____D () C:\Users\leaAnn\Downloads\World of Warcraft - Mist of Pandaria
2015-01-28 15:24 - 2013-01-04 21:36 - 00000000 ____D () C:\ProgramData\Symantec
2015-01-28 15:17 - 2013-05-30 12:22 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-28 15:14 - 2014-05-05 21:41 - 00000000 __HDC () C:\ProgramData\{5B130DD6-48E9-4E5E-A5BD-45F6B4DF0602}
2015-01-27 20:00 - 2013-05-30 12:03 - 00000000 ____D () C:\Users\leaAnn\AppData\Local\VirtualStore
2015-01-19 23:52 - 2013-01-04 21:23 - 00000000 ____D () C:\ProgramData\Temp
2015-01-16 15:30 - 2015-01-01 14:34 - 00000000 ____D () C:\windows\Minidump
2015-01-16 13:34 - 2013-01-04 19:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-12 22:56 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\migwiz
2015-01-11 20:05 - 2014-10-19 22:48 - 00126976 ___SH () C:\Users\leaAnn\Desktop\Thumbs.db
2015-01-11 00:20 - 2013-05-31 23:32 - 01160192 ___SH () C:\Users\leaAnn\Downloads\Thumbs.db
 
==================== Files in the root of some directories =======
 
2015-01-02 21:37 - 2015-01-02 21:37 - 0000288 _____ () C:\Users\leaAnn\AppData\Roaming\930BD368.reg
2015-01-05 15:15 - 2015-01-05 15:15 - 0015872 _____ () C:\Users\leaAnn\AppData\Roaming\cowitches.d
2015-01-27 20:01 - 2015-01-27 20:01 - 0045432 _____ () C:\Users\leaAnn\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-27 20:01 - 2015-01-27 20:01 - 0001392 _____ () C:\Users\leaAnn\AppData\Roaming\HELP_DECRYPT.TXT.vjddcnj
2015-01-27 20:01 - 2015-01-27 20:01 - 0000276 _____ () C:\Users\leaAnn\AppData\Roaming\HELP_DECRYPT.URL
2015-01-02 21:37 - 2015-01-02 21:37 - 0009728 _____ () C:\Users\leaAnn\AppData\Roaming\mcp.ico
2013-05-31 10:23 - 2013-04-08 18:39 - 0053248 ___SH () C:\Users\leaAnn\AppData\Roaming\msvjbp.exe
2015-01-27 19:12 - 2015-01-27 19:12 - 0000480 ____H () C:\Users\leaAnn\AppData\Roaming\麽鎒駓覜
2015-01-27 20:00 - 2015-01-27 20:00 - 0045432 _____ () C:\Users\leaAnn\AppData\Local\HELP_DECRYPT.PNG
2015-01-27 20:00 - 2015-01-27 20:00 - 0001392 _____ () C:\Users\leaAnn\AppData\Local\HELP_DECRYPT.TXT.vjddcnj
2015-01-27 20:00 - 2015-01-27 20:00 - 0000276 _____ () C:\Users\leaAnn\AppData\Local\HELP_DECRYPT.URL
2015-01-27 19:13 - 2015-02-02 14:34 - 0000696 _____ () C:\ProgramData\@system.temp
2015-01-27 19:13 - 2015-02-02 14:34 - 0000432 ____H () C:\ProgramData\@system3.att
2015-01-27 19:54 - 2015-01-27 19:54 - 0045432 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-27 19:54 - 2015-01-27 19:54 - 0001392 _____ () C:\ProgramData\HELP_DECRYPT.TXT.vjddcnj
2015-01-27 19:54 - 2015-01-27 19:54 - 0000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
2013-01-04 21:20 - 2013-02-21 15:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-01-04 21:20 - 2013-01-12 22:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
2015-01-28 15:26 - 2015-01-28 16:17 - 1949338 _____ () C:\ProgramData\xghpcqn.html
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-06 14:47
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:34 AM

Posted 12 February 2015 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKU\S-1-5-21-2572790-1686662415-3100893241-1001\...\Run: [KipiqArmir] => regsvr32.exe "C:\ProgramData\KipiqArmir\EawyEjmeb.ncr"
HKU\S-1-5-21-2572790-1686662415-3100893241-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis64.sys [X]
S3 SBIOSIO; \??\C:\Users\leaAnn\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:34 AM

Posted 17 February 2015 - 09:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users