Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoLocker


  • Please log in to reply
15 replies to this topic

#1 razvix2001

razvix2001

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 02 May 2015 - 07:20 AM

Hey guys can i get any help with this?

 

Was playing and got a window pop up with (this happened today)

 

" Your personal files encryption produced on this computer: photos, videos, documents, etc. Encryption was produced using a unique public key xxx generated for this computer."

 

At that time did not have a anti virus on my pc , got nod32 and started to disinfect it ...

Obviously did not work and started to brows the internet for solutions .

Went on the https://www.decryptcryptolocker.com/ but the files i tried to upload came back and said no encryption !

 

 ALSO HAVE A TIMER ON THE CRYPTOLOCKER WILL EXPIRE 09/05/2015

 

 

Discovered you guys from other forums and started to browse  throw the prior infected users  but could not figure it out how to solve it .

 Downloaded FRST64 and the log files are pasted below

 

 FRST Notepad :

 

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015

Ran by raz (administrator) on RAZ-PC on 02-05-2015 15:02:59
Running from C:\Users\raz\Downloads
Loaded Profiles: raz (Available profiles: raz)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
() C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Users\raz\AppData\Roaming\WinXdd\winxdd.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerofa.exe
() C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razertra.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2716216 2009-09-29] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Diamondback] => C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe [226816 2009-10-09] ()
HKU\S-1-5-21-354923509-2566438501-2684502570-1000\...\CurrentVersion\Windows: [Load] C:\Users\raz\LOCALS~1\Temp\ccwoii.exe <===== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 78.96.7.88 95.77.94.88
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-05-02]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ro/
CHR StartupUrls: Default -> "hxxp://www.google.ro/", "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (YouTube) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Google Search) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Sheets) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Bookmark Manager) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Gmail) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [23296 2009-09-29] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [735960 2009-09-29] (ESET)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [144824 2009-09-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [136584 2009-09-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123200 2009-09-29] (ESET)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-04-10] ()
R3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [37888 2009-03-18] (IC Plus Corp.                                                                                                                                                                                                                                                )
R3 Razerlow; C:\Windows\System32\drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 15:02 - 2015-05-02 15:03 - 00010405 _____ () C:\Users\raz\Downloads\FRST.txt
2015-05-02 15:02 - 2015-05-02 15:03 - 00000000 ____D () C:\FRST
2015-05-02 15:01 - 2015-05-02 15:01 - 02101248 _____ (Farbar) C:\Users\raz\Downloads\FRST64.exe
2015-05-02 13:58 - 2015-05-02 13:58 - 06752448 _____ () C:\Users\raz\Downloads\XorKey.Stream
2015-05-02 13:56 - 2015-05-02 13:56 - 00000000 ____D () C:\Users\raz\AppData\Local\TorrentUnlocker
2015-05-02 13:55 - 2015-05-02 13:55 - 03437489 _____ (NathanScott Apps) C:\Users\raz\Downloads\TorrentUnlocker.exe
2015-05-02 13:23 - 2015-05-02 13:24 - 00000000 ____D () C:\Users\raz\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-05-02 13:23 - 2015-05-02 13:23 - 00002470 _____ () C:\Users\raz\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-05-02 13:23 - 2015-05-02 13:23 - 00000000 ____D () C:\Users\raz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-05-02 13:14 - 2015-05-02 13:14 - 00028782 _____ () C:\Users\raz\Downloads\Windows 7 Professional SP1 32 Bit 64 Bit- NoGrp.torrent
2015-05-02 13:13 - 2015-05-02 13:13 - 00000000 ____D () C:\Users\raz\AppData\Local\ESET
2015-05-02 13:08 - 2015-05-02 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-05-02 13:08 - 2015-05-02 13:08 - 00000000 ____D () C:\ProgramData\ESET
2015-05-02 13:08 - 2015-05-02 13:08 - 00000000 ____D () C:\Program Files\ESET
2015-05-02 13:06 - 2015-05-02 13:06 - 00020884 _____ () C:\Users\raz\Downloads\ESET NOD 32 Anti-Virus 4.0.468.0.torrent
2015-05-02 12:42 - 2015-05-02 12:42 - 00000960 _____ () C:\Users\raz\Desktop\CryptoLocker.lnk
2015-05-02 11:47 - 2015-05-02 11:47 - 00028361 _____ () C:\Users\raz\Downloads\Windows_7_Ultimate _64_Bit _x86_November_2010-NW RG.torrent
2015-05-02 00:18 - 2015-05-02 00:18 - 00281745 _____ () C:\Users\raz\enc_files.txt
2015-05-02 00:17 - 2015-05-02 12:42 - 00000000 ____D () C:\Users\raz\AppData\Roaming\WinXdd
2015-05-02 00:17 - 2015-05-02 00:17 - 00000173 _____ () C:\Users\raz\AppData\Roaming\1.bat
2015-05-02 00:15 - 2015-05-02 13:10 - 00000000 _RSHD () C:\Windows\M-50502462522540258485045
2015-04-29 23:55 - 2015-05-02 13:10 - 00000000 _RSHD () C:\Windows\M-505034039586930203940876
2015-04-28 00:31 - 2015-04-28 00:31 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-28 00:30 - 2015-04-28 00:30 - 00003104 _____ () C:\Windows\System32\Tasks\{71B8F376-AB6F-4778-BD24-3D75BF430E3F}
2015-04-27 14:07 - 2015-05-02 13:10 - 00000000 _RSHD () C:\Windows\M-5050750405503593842050533740
2015-04-27 10:00 - 2015-04-27 10:00 - 00024969 _____ () C:\Users\raz\Downloads\Game.Of.Thrones.S05E03.1080p.HDTV.x264-BATV.torrent
2015-04-26 22:56 - 2015-04-26 22:56 - 00276440 _____ () C:\Windows\Minidump\042615-18439-01.dmp
2015-04-26 22:47 - 2015-04-26 22:47 - 00023009 _____ () C:\Users\raz\Downloads\Kidnapping.Freddy.Heineken.2015.BluRay.720p.AC3.x264.RoSubbed-MTeam.torrent
2015-04-26 19:16 - 2015-05-02 13:10 - 00000000 _RSHD () C:\Windows\M-50507504055035938420503740
2015-04-26 18:56 - 2015-05-02 11:27 - 00000000 ____H () C:\Users\raz\AppData\Roaming\winmgr.txt
2015-04-26 18:55 - 2015-05-02 13:10 - 00000000 _RSHD () C:\Windows\M-505024625225402584850
2015-04-25 00:58 - 2015-04-25 00:58 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-25 00:53 - 2015-04-25 00:53 - 00017705 _____ () C:\Users\raz\Downloads\Vikings.S03E10.The.Dead.1080p.WEB-DL.DD5.1.H.264-BS.torrent
2015-04-21 22:53 - 2015-04-21 22:53 - 00035522 _____ () C:\Users\raz\Downloads\Exodus.Gods.and.Kings.2014.PAL.DVD9.Ro-playON.torrent
2015-04-21 19:29 - 2015-04-21 19:29 - 00000690 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-21 19:28 - 2015-04-21 19:29 - 01142128 _____ () C:\Users\raz\Downloads\SteamSetup (1).exe
2015-04-20 23:22 - 2015-04-20 23:22 - 00026861 _____ () C:\Users\raz\Downloads\Family.Guy.S13E15.720p.HDTV.x264-KILLERS.torrent
2015-04-20 10:21 - 2015-04-20 10:21 - 00023092 _____ () C:\Users\raz\Downloads\Game.of.Thrones.S05E02.1080i.HDTV.H264.DD5.1.RoSubbed-playTV.torrent
2015-04-19 14:42 - 2015-04-19 14:42 - 00033257 _____ () C:\Users\raz\Downloads\Family.Guy.S13E14.720p.HDTV.x264-KILLERS.torrent
2015-04-18 22:17 - 2015-04-18 22:17 - 00070232 _____ () C:\Users\raz\Downloads\Vikings.S03E09.Breaking.Point.1080p.WEB-DL.DD5.1.H.264-BS.torrent
2015-04-15 13:34 - 2015-04-15 13:34 - 00543483 _____ () C:\Users\raz\Downloads\Windows6.1-KB2852386-x64.msu
2015-04-13 21:04 - 2015-04-13 21:04 - 00000219 _____ () C:\Users\raz\Desktop\Counter-Strike Global Offensive.url
2015-04-13 21:00 - 2015-04-13 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-13 20:59 - 2015-04-13 20:59 - 01142128 _____ () C:\Users\raz\Downloads\SteamSetup.exe
2015-04-13 08:56 - 2015-04-13 08:56 - 00020456 _____ () C:\Users\raz\Downloads\Game.of.Thrones.S05E01.1080i.HDTV.MPEG2.DD5.1-playTV.torrent
2015-04-12 21:05 - 2015-04-12 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-04-12 21:05 - 2015-04-12 21:05 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-04-12 21:05 - 2007-03-20 19:05 - 00073728 _____ (Razer Inc.) C:\Windows\SysWOW64\Diamondback.cpl
2015-04-12 21:04 - 2015-04-12 21:04 - 00000000 ____D () C:\Users\raz\AppData\Roaming\InstallShield
2015-04-11 23:49 - 2015-04-11 23:49 - 00044408 _____ () C:\Users\raz\Downloads\Inherent.Vice.2014.720p.BluRay.x264.DTS.RoSubbed-iFT.torrent
2015-04-11 12:20 - 2015-04-11 12:20 - 00005010 _____ () C:\Users\raz\Downloads\[kickass.to]vikings.s03e08.720p.hdtv.x264.killers.glodls.torrent
2015-04-10 19:03 - 2015-04-10 19:03 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-10 19:03 - 2014-11-25 12:21 - 00000000 ____D () C:\Users\raz\Downloads\chipset-win8
2015-04-10 19:03 - 2014-03-18 05:44 - 00906968 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-04-10 19:03 - 2014-03-18 05:44 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-04-10 19:03 - 2014-03-18 05:44 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-04-10 19:01 - 2014-06-09 13:26 - 00000000 ____D () C:\Users\raz\Downloads\lan-W7
2015-04-10 19:01 - 2014-04-22 14:53 - 03943384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-04-10 19:01 - 2014-04-22 12:25 - 01011171 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-04-10 19:01 - 2014-04-22 12:20 - 58487808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-04-10 19:01 - 2014-04-17 12:42 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-04-10 19:01 - 2014-04-17 12:42 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-04-10 19:01 - 2014-04-17 12:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-04-10 19:01 - 2014-04-17 09:46 - 02833112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-04-10 19:01 - 2014-04-17 09:46 - 02797784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-04-10 19:01 - 2014-04-17 09:28 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-04-10 19:01 - 2014-04-14 10:04 - 00948440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-04-10 19:01 - 2014-04-11 11:29 - 02111792 _____ () C:\Windows\system32\SStudio.dll
2015-04-10 19:01 - 2014-04-10 07:20 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-04-10 19:01 - 2014-04-10 07:20 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2015-04-10 19:01 - 2014-04-09 11:39 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2015-04-10 19:01 - 2014-04-09 11:38 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-04-10 19:01 - 2014-03-28 13:03 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-04-10 19:01 - 2014-03-21 09:17 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-04-10 19:01 - 2014-03-19 14:19 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-04-10 19:01 - 2014-03-06 11:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-04-10 19:01 - 2014-03-05 00:11 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-04-10 19:01 - 2014-03-05 00:11 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-04-10 19:01 - 2014-03-05 00:11 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-04-10 19:01 - 2014-03-05 00:11 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-04-10 19:01 - 2014-02-27 15:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-04-10 19:01 - 2014-02-18 12:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-04-10 19:01 - 2014-02-06 06:28 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-04-10 19:01 - 2014-01-31 12:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-04-10 19:01 - 2014-01-28 06:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-04-10 19:01 - 2013-10-11 06:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-04-10 19:01 - 2013-10-06 19:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-04-10 19:01 - 2013-10-06 19:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-04-10 19:01 - 2013-10-06 19:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-04-10 19:01 - 2013-09-09 23:02 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-04-10 19:01 - 2013-09-09 23:02 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-04-10 19:01 - 2013-09-09 23:01 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-04-10 19:01 - 2013-09-09 23:01 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-04-10 19:01 - 2013-08-20 12:37 - 00605496 _____ () C:\Windows\system32\audioLibVc.dll
2015-04-10 19:01 - 2013-08-14 10:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-04-10 19:01 - 2013-08-14 10:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-04-10 19:01 - 2013-06-25 07:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-04-10 19:01 - 2013-06-25 07:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-04-10 19:01 - 2013-06-25 07:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-04-10 19:01 - 2013-06-21 06:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-04-10 19:01 - 2013-04-03 09:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-04-10 19:01 - 2012-08-31 14:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-04-10 19:01 - 2012-08-31 14:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-04-10 19:01 - 2012-08-31 14:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-04-10 19:01 - 2012-08-31 14:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-04-10 19:01 - 2012-08-31 14:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-04-10 19:01 - 2012-01-30 06:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-04-10 19:01 - 2012-01-10 05:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-04-10 19:01 - 2011-09-02 09:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-04-10 19:01 - 2011-09-02 09:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-04-10 19:01 - 2011-09-02 09:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-04-10 19:01 - 2011-08-23 12:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-04-10 19:01 - 2011-03-17 07:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-04-10 19:01 - 2011-03-07 12:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-04-10 19:01 - 2010-07-22 11:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-04-10 18:59 - 2015-04-10 19:02 - 717891966 _____ (Igor Pavlov) C:\Users\raz\Downloads\mb_driver_chipset_fm2-plus_64bit_v1.8.exe
2015-04-10 18:59 - 2015-04-10 19:00 - 149881863 _____ (Igor Pavlov) C:\Users\raz\Downloads\mb_driver_audio_realtek_fm2+_v1.7.exe
2015-04-10 18:59 - 2015-04-10 18:59 - 03839028 _____ (Igor Pavlov) C:\Users\raz\Downloads\mb_driver_lan_realtek_8111_fm2+_w7_v1.7.exe
2015-04-10 18:55 - 2015-04-10 14:33 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2015-04-10 14:06 - 2012-08-28 15:27 - 00058536 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-04-10 14:04 - 2013-05-27 22:09 - 00227648 _____ (Advanced Micro Devices, INC.) C:\Windows\system32\Drivers\amdxhc.sys
2015-04-10 14:04 - 2013-05-27 22:09 - 00106816 _____ (Advanced Micro Devices, INC.) C:\Windows\system32\Drivers\amdhub30.sys
2015-04-06 00:20 - 2015-04-06 00:20 - 00003690 _____ () C:\Users\raz\Downloads\[kickass.to]vikings.s03e07.720p.hdtv.x264.killers.glodls.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 14:55 - 2014-11-04 14:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 13:40 - 2014-11-15 21:59 - 00001011 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-05-02 13:30 - 2009-07-14 08:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-02 13:26 - 2009-07-14 07:51 - 00122036 _____ () C:\Windows\setupact.log
2015-05-02 13:24 - 2014-11-09 14:30 - 00000000 ____D () C:\Users\raz\AppData\Roaming\BitTorrent
2015-05-02 13:16 - 2009-07-14 07:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 13:16 - 2009-07-14 07:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 13:13 - 2014-11-25 16:41 - 00000000 ____D () C:\ATI
2015-05-02 13:12 - 2014-11-04 14:30 - 00689282 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 11:55 - 2014-11-09 14:50 - 00000000 ____D () C:\Users\raz\AppData\Roaming\vlc
2015-05-02 11:26 - 2015-03-21 14:43 - 52308087 _____ () C:\Users\raz\Downloads\Nissan-2015-03-21.zip
2015-05-02 11:23 - 2014-11-04 14:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 11:23 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 00:18 - 2014-11-04 14:28 - 00000000 ____D () C:\Users\raz
2015-04-28 00:31 - 2014-12-14 04:57 - 00000000 ____D () C:\ProgramData\Skype
2015-04-28 00:30 - 2014-12-14 04:57 - 00000000 ____D () C:\Users\raz\AppData\Roaming\Skype
2015-04-26 22:56 - 2014-11-14 08:41 - 00000000 ____D () C:\Windows\Minidump
2015-04-21 19:33 - 2014-11-05 00:18 - 00101842 _____ () C:\Windows\DirectX.log
2015-04-13 20:44 - 2014-11-20 21:42 - 00007597 _____ () C:\Users\raz\AppData\Local\Resmon.ResmonCfg
2015-04-12 21:05 - 2014-11-04 15:14 - 00017708 _____ () C:\Windows\DPINST.LOG
2015-04-12 21:05 - 2014-11-04 15:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-10 19:03 - 2014-11-12 11:40 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-04-10 19:03 - 2014-11-12 11:40 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-10 19:02 - 2014-11-12 11:41 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-10 14:33 - 2014-11-25 19:54 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2015-04-10 14:33 - 2014-11-25 19:54 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys
2015-04-10 14:33 - 2014-11-25 16:52 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-04-10 14:06 - 2014-11-04 14:55 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
 
==================== Files in the root of some directories =======
 
2015-05-02 00:17 - 2015-05-02 00:17 - 0000173 _____ () C:\Users\raz\AppData\Roaming\1.bat
2015-01-15 02:38 - 2015-01-15 02:38 - 0033134 _____ () C:\Users\raz\AppData\Roaming\UserTile.png
2015-04-26 18:56 - 2015-05-02 11:27 - 0000000 ____H () C:\Users\raz\AppData\Roaming\winmgr.txt
2014-11-20 21:42 - 2015-04-13 20:44 - 0007597 _____ () C:\Users\raz\AppData\Local\Resmon.ResmonCfg
2015-04-10 19:03 - 2015-04-10 19:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\raz\AppData\Local\Temp\0002666f.exe
C:\Users\raz\AppData\Local\Temp\00450416.exe
C:\Users\raz\AppData\Local\Temp\ilkymdbnty.exe
C:\Users\raz\AppData\Local\Temp\rdivnapvxk.exe
C:\Users\raz\AppData\Local\Temp\tjsvrvkwlx.exe
C:\Users\raz\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-26 20:35
 
==================== End Of Log ============================
 
 
ADDITIONAL Notepad:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by raz at 2015-05-02 15:03:42
Running from C:\Users\raz\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-354923509-2566438501-2684502570-500 - Administrator - Disabled)
Guest (S-1-5-21-354923509-2566438501-2684502570-501 - Limited - Disabled)
raz (S-1-5-21-354923509-2566438501-2684502570-1000 - Administrator - Enabled) => C:\Users\raz
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.0 (Enabled - Up to date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET NOD32 Antivirus 4.0 (Enabled - Up to date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{B800192A-2B6D-7DF6-CC68-B3A1D3653E17}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.2.0 - AppEx Networks)
BitTorrent (HKU\S-1-5-21-354923509-2566438501-2684502570-1000\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Easy Tune 6 B14.1020.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B14.1020.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ESET NOD32 Antivirus (HKLM\...\{4183655A-5FC6-4A23-A804-7764145EC57C}) (Version: 4.0.468.0 - ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Razer Diamondback (HKLM-x32\...\{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}) (Version: 5.01 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-05-2015 13:22:58 Installed Windows 7 USB/DVD Download Tool
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08979D72-3827-4FF9-8B20-A6BCCF457109} - System32\Tasks\{71B8F376-AB6F-4778-BD24-3D75BF430E3F} => Chrome.exe http://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsProgressBar
Task: {93972E3B-488D-4CAB-B90F-3FC378B5B7B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {C19BCEF9-BC97-433F-8E9B-8761CB25A627} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-12 21:05 - 2009-10-09 20:11 - 00226816 _____ () C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
2015-05-02 00:17 - 2015-05-02 00:16 - 00225280 ___SH () C:\Users\raz\AppData\Roaming\WinXdd\winxdd.exe
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-04-12 21:05 - 2007-02-07 16:00 - 00131072 _____ () C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razertra.exe
2015-04-28 22:56 - 2015-04-28 05:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-28 22:56 - 2015-04-28 05:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-354923509-2566438501-2684502570-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\raz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 78.96.7.88 - 95.77.94.88
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
MSCONFIG\startupreg: Client Server Runtime Process => C:\Windows\system32\csrss.exe
MSCONFIG\startupreg: Host-process Windows (Rundll32.exe) => C:\Windows\SysWOW64\csrss.exe
MSCONFIG\startupreg: Microsoft Windows Manager => C:\Windows\M-50502462522540258485045\winmgr.exe
MSCONFIG\startupreg: Microsoft Windows Service => C:\Windows\M-5050750405503593842050533740\winsvc.exe
MSCONFIG\startupreg: Microsoft Windows Services => C:\Windows\M-505034039586930203940876\winsvc.exe
MSCONFIG\startupreg: Service Host Process for Windows => C:\Users\raz\AppData\Roaming\svchost.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "D:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: wincl => C:\Users\raz\AppData\Roaming\WinXdd\winxdd.exe
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{68C4F5FD-9621-4D99-9059-7A2A8E690C9D}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [{301BDE6E-BE3D-4739-82BA-E7C3A4675C1E}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E60842C7-2F5F-4043-A51B-DE963196EB4D}] => (Allow) D:\csgo\Steam\Steam.exe
FirewallRules: [{6E1F2886-42D7-4849-B75C-E915C3204376}] => (Allow) D:\csgo\Steam\Steam.exe
FirewallRules: [{215EB3F4-05B0-41B9-83D3-026943D045FF}] => (Allow) D:\csgo\Steam\bin\steamwebhelper.exe
FirewallRules: [{8583AEA3-3770-4477-8808-9A4CDEDDA9CA}] => (Allow) D:\csgo\Steam\bin\steamwebhelper.exe
FirewallRules: [{F822BA7B-36FC-486B-A390-7BE54A99B593}] => (Allow) C:\Users\raz\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F1EC0142-8583-4F9C-9579-76CBA640128E}] => (Allow) C:\Users\raz\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{51C44618-DF33-48C4-AA30-ABCA75B8A165}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{446A60EA-40AF-4AA6-B0A7-3D094788676B}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{946E9CBC-8AD9-4984-B7D3-C77A12772989}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4D46E3D2-BA43-40F5-BF70-C6E8C918FFF0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AC1E71B6-F113-4CB8-B53B-7099659E6D87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/02/2015 01:09:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (05/02/2015 01:09:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (05/02/2015 11:25:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.1.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.1.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x007ca10a
Faulting process id: 0xfac
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (04/30/2015 01:04:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winsvc.exe, version: 0.0.0.0, time stamp: 0x553e17d4
Faulting module name: DNSAPI.dll, version: 6.1.7600.16385, time stamp: 0x4a5bd9d9
Exception code: 0xc0000005
Fault offset: 0x00006b42
Faulting process id: 0xcc
Faulting application start time: 0xwinsvc.exe0
Faulting application path: winsvc.exe1
Faulting module path: winsvc.exe2
Report Id: winsvc.exe3
 
Error: (04/30/2015 01:02:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program csgo.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a164
 
Start Time: 01d082c1ae497441
 
Termination Time: 280
 
Application Path: D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Report Id:
 
Error: (04/27/2015 07:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hglxybogfe.exe, version: 0.0.0.0, time stamp: 0x553e3cbe
Faulting module name: hglxybogfe.exe, version: 0.0.0.0, time stamp: 0x553e3cbe
Exception code: 0x40000015
Fault offset: 0x000092b3
Faulting process id: 0x1238
Faulting application start time: 0xhglxybogfe.exe0
Faulting application path: hglxybogfe.exe1
Faulting module path: hglxybogfe.exe2
Report Id: hglxybogfe.exe3
 
Error: (04/21/2015 07:29:21 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/21/2015 04:02:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program csgo.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e5c
 
Start Time: 01d07c32fe93556f
 
Termination Time: 107
 
Application Path: D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Report Id:
 
Error: (04/15/2015 10:14:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program csgo.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e94
 
Start Time: 01d077b00392d7ff
 
Termination Time: 34
 
Application Path: D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Report Id:
 
Error: (04/15/2015 06:55:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program csgo.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b3c
 
Start Time: 01d0778a6b6fd715
 
Termination Time: 312
 
Application Path: D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Report Id:
 
 
System errors:
=============
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Connections service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Offline Files service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/02/2015 11:59:20 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (05/02/2015 01:09:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (05/02/2015 01:09:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (05/02/2015 11:25:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.2.1.000000004libqt4_plugin.dll2.2.1.00002000240000015007ca10afac01d084b171876615C:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dlld2278b7e-f0a4-11e4-be82-e8de2706e256
 
Error: (04/30/2015 01:04:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: winsvc.exe0.0.0.0553e17d4DNSAPI.dll6.1.7600.163854a5bd9d9c000000500006b42cc01d0832ba43d2603C:\Windows\M-5050750405503593842050533740\winsvc.exeC:\Windows\system32\DNSAPI.dll449e4c54-ef20-11e4-9add-e8de2706e256
 
Error: (04/30/2015 01:02:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: csgo.exe0.0.0.0a16401d082c1ae497441280D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Error: (04/27/2015 07:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hglxybogfe.exe0.0.0.0553e3cbehglxybogfe.exe0.0.0.0553e3cbe40000015000092b3123801d081098bf22e5fC:\Users\raz\AppData\Local\Temp\hglxybogfe.exeC:\Users\raz\AppData\Local\Temp\hglxybogfe.exeeea77d87-ecfc-11e4-ba00-e8de2706e256
 
Error: (04/21/2015 07:29:21 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall
 
Error: (04/21/2015 04:02:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: csgo.exe0.0.0.0e5c01d07c32fe93556f107D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Error: (04/15/2015 10:14:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: csgo.exe0.0.0.0e9401d077b00392d7ff34D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Error: (04/15/2015 06:55:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: csgo.exe0.0.0.0b3c01d0778a6b6fd715312D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-7300 APU with Radeon HD Graphics 
Percentage of memory in use: 49%
Total physical RAM: 4037.21 MB
Available physical RAM: 2036.53 MB
Total Pagefile: 8072.56 MB
Available Pagefile: 5790.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:29.29 GB) (Free:4.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (multimedia) (Fixed) (Total:203.58 GB) (Free:51.7 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 498FA908)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=203.6 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

 

Please help guys ! a nice day thou



BC AdBot (Login to Remove)

 


#2 razvix2001

razvix2001
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 02 May 2015 - 03:08 PM

found more on my problem .  

[Imgur](http://i.imgur.com/KgcI4Fe.jpg)


Edited by razvix2001, 02 May 2015 - 03:10 PM.


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:32 AM

Posted 03 May 2015 - 10:55 AM

Hi and welcome.

 

First, I have informed experts about your problem, as it seems as a new version, or perhaps a copycat version. This infection is no longer active. I should receive a response soon.

 

Meanwhile, you can read about the infection here , here. There is also information about PCClock Cryptolocker here .

 

To view the current status of your system, please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

The IDTool is used to detect which form has infected your computer.

Download, extract and run this tool to identify the ransomware that has infected your computer and post its report.


Edited by JSntgRvr, 03 May 2015 - 11:21 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 razvix2001

razvix2001
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 03 May 2015 - 11:30 AM

Hello mate thank you for the fast reply,

Done as told unpacked the id tool ran it but it seems that it can`t find any virus cause nothing appears int the dialog boxes 

 

<a href="http://imgur.com/6ir1X7u"><img src="http://i.imgur.com/6ir1X7u.jpg" title="source: imgur.com" /></a>

The second post is with a FRST64 report log from yesterday . will repeat it and post it next


Edited by razvix2001, 03 May 2015 - 11:31 AM.


#5 razvix2001

razvix2001
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 03 May 2015 - 11:35 AM

 FRST Notepad -

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by raz (administrator) on RAZ-PC on 03-05-2015 19:32:42
Running from C:\Users\raz\Downloads
Loaded Profiles: raz (Available profiles: raz)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
() C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Users\raz\AppData\Roaming\WinXdd\winxdd.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerofa.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razertra.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2716216 2009-09-29] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Diamondback] => C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe [226816 2009-10-09] ()
HKU\S-1-5-21-354923509-2566438501-2684502570-1000\...\CurrentVersion\Windows: [Load] C:\Users\raz\LOCALS~1\Temp\ccwoii.exe <===== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 78.96.7.88 95.77.94.88
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-05-02]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ro/
CHR StartupUrls: Default -> "hxxp://www.google.ro/", "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-04]
CHR Extension: (Google Docs) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-04]
CHR Extension: (YouTube) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-04]
CHR Extension: (Google Search) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-04]
CHR Extension: (Google Sheets) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-04]
CHR Extension: (Bookmark Manager) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (Gmail) - C:\Users\raz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [23296 2009-09-29] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [735960 2009-09-29] (ESET)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [144824 2009-09-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [136584 2009-09-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123200 2009-09-29] (ESET)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-04-10] ()
R3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [37888 2009-03-18] (IC Plus Corp.                                                                                                                                                                                                                                                )
R3 Razerlow; C:\Windows\System32\drivers\Razerlow.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 19:22 - 2015-05-03 19:22 - 00000000 ____D () C:\Users\raz\Downloads\idtool
2015-05-03 19:21 - 2015-05-03 19:21 - 02744965 _____ () C:\Users\raz\Downloads\idtool.zip
2015-05-02 15:03 - 2015-05-02 15:04 - 00022099 _____ () C:\Users\raz\Downloads\Addition.txt
2015-05-02 15:02 - 2015-05-03 19:33 - 00010575 _____ () C:\Users\raz\Downloads\FRST.txt
2015-05-02 15:02 - 2015-05-03 19:32 - 00000000 ____D () C:\FRST
2015-05-02 15:01 - 2015-05-02 15:01 - 02101248 _____ (Farbar) C:\Users\raz\Downloads\FRST64.exe
2015-05-02 13:58 - 2015-05-02 13:58 - 06752448 _____ () C:\Users\raz\Downloads\XorKey.Stream
2015-05-02 13:56 - 2015-05-02 13:56 - 00000000 ____D () C:\Users\raz\AppData\Local\TorrentUnlocker
2015-05-02 13:55 - 2015-05-02 13:55 - 03437489 _____ (NathanScott Apps) C:\Users\raz\Downloads\TorrentUnlocker.exe
2015-05-02 13:23 - 2015-05-02 13:24 - 00000000 ____D () C:\Users\raz\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-05-02 13:23 - 2015-05-02 13:23 - 00002470 _____ () C:\Users\raz\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-05-02 13:23 - 2015-05-02 13:23 - 00000000 ____D () C:\Users\raz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-05-02 13:14 - 2015-05-02 13:14 - 00028782 _____ () C:\Users\raz\Downloads\Windows 7 Professional SP1 32 Bit 64 Bit- NoGrp.torrent
2015-05-02 13:13 - 2015-05-02 13:13 - 00000000 ____D () C:\Users\raz\AppData\Local\ESET
2015-05-02 13:08 - 2015-05-02 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-05-02 13:08 - 2015-05-02 13:08 - 00000000 ____D () C:\ProgramData\ESET
2015-05-02 13:08 - 2015-05-02 13:08 - 00000000 ____D () C:\Program Files\ESET
2015-05-02 13:06 - 2015-05-02 13:06 - 00020884 _____ () C:\Users\raz\Downloads\ESET NOD 32 Anti-Virus 4.0.468.0.torrent
2015-05-02 12:42 - 2015-05-02 12:42 - 00000960 _____ () C:\Users\raz\Desktop\CryptoLocker.lnk
2015-05-02 11:47 - 2015-05-02 11:47 - 00028361 _____ () C:\Users\raz\Downloads\Windows_7_Ultimate _64_Bit _x86_November_2010-NW RG.torrent
2015-05-02 00:18 - 2015-05-02 00:18 - 00281745 _____ () C:\Users\raz\enc_files.txt
2015-05-02 00:17 - 2015-05-02 12:42 - 00000000 ____D () C:\Users\raz\AppData\Roaming\WinXdd
2015-05-02 00:17 - 2015-05-02 00:17 - 00000173 _____ () C:\Users\raz\AppData\Roaming\1.bat
2015-05-02 00:15 - 2015-05-02 13:10 - 00000000 _RSHD () C:\Windows\M-50502462522540258485045
2015-04-29 23:55 - 2015-05-02 13:10 - 00000000 _RSHD () C:\Windows\M-505034039586930203940876
2015-04-28 00:31 - 2015-04-28 00:31 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-28 00:30 - 2015-04-28 00:30 - 00003104 _____ () C:\Windows\System32\Tasks\{71B8F376-AB6F-4778-BD24-3D75BF430E3F}
2015-04-27 14:07 - 2015-05-02 13:10 - 00000000 _RSHD () C:\Windows\M-5050750405503593842050533740
2015-04-27 10:00 - 2015-04-27 10:00 - 00024969 _____ () C:\Users\raz\Downloads\Game.Of.Thrones.S05E03.1080p.HDTV.x264-BATV.torrent
2015-04-26 22:56 - 2015-04-26 22:56 - 00276440 _____ () C:\Windows\Minidump\042615-18439-01.dmp
2015-04-26 22:47 - 2015-04-26 22:47 - 00023009 _____ () C:\Users\raz\Downloads\Kidnapping.Freddy.Heineken.2015.BluRay.720p.AC3.x264.RoSubbed-MTeam.torrent
2015-04-26 19:16 - 2015-05-02 13:10 - 00000000 _RSHD () C:\Windows\M-50507504055035938420503740
2015-04-26 18:56 - 2015-05-02 11:27 - 00000000 ____H () C:\Users\raz\AppData\Roaming\winmgr.txt
2015-04-26 18:55 - 2015-05-02 13:10 - 00000000 _RSHD () C:\Windows\M-505024625225402584850
2015-04-25 00:58 - 2015-04-25 00:58 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-25 00:53 - 2015-04-25 00:53 - 00017705 _____ () C:\Users\raz\Downloads\Vikings.S03E10.The.Dead.1080p.WEB-DL.DD5.1.H.264-BS.torrent
2015-04-21 22:53 - 2015-04-21 22:53 - 00035522 _____ () C:\Users\raz\Downloads\Exodus.Gods.and.Kings.2014.PAL.DVD9.Ro-playON.torrent
2015-04-21 19:29 - 2015-04-21 19:29 - 00000690 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-04-21 19:28 - 2015-04-21 19:29 - 01142128 _____ () C:\Users\raz\Downloads\SteamSetup (1).exe
2015-04-20 23:22 - 2015-04-20 23:22 - 00026861 _____ () C:\Users\raz\Downloads\Family.Guy.S13E15.720p.HDTV.x264-KILLERS.torrent
2015-04-20 10:21 - 2015-04-20 10:21 - 00023092 _____ () C:\Users\raz\Downloads\Game.of.Thrones.S05E02.1080i.HDTV.H264.DD5.1.RoSubbed-playTV.torrent
2015-04-19 14:42 - 2015-04-19 14:42 - 00033257 _____ () C:\Users\raz\Downloads\Family.Guy.S13E14.720p.HDTV.x264-KILLERS.torrent
2015-04-18 22:17 - 2015-04-18 22:17 - 00070232 _____ () C:\Users\raz\Downloads\Vikings.S03E09.Breaking.Point.1080p.WEB-DL.DD5.1.H.264-BS.torrent
2015-04-15 13:34 - 2015-04-15 13:34 - 00543483 _____ () C:\Users\raz\Downloads\Windows6.1-KB2852386-x64.msu
2015-04-13 21:04 - 2015-04-13 21:04 - 00000219 _____ () C:\Users\raz\Desktop\Counter-Strike Global Offensive.url
2015-04-13 21:00 - 2015-04-13 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-13 20:59 - 2015-04-13 20:59 - 01142128 _____ () C:\Users\raz\Downloads\SteamSetup.exe
2015-04-13 08:56 - 2015-04-13 08:56 - 00020456 _____ () C:\Users\raz\Downloads\Game.of.Thrones.S05E01.1080i.HDTV.MPEG2.DD5.1-playTV.torrent
2015-04-12 21:05 - 2015-04-12 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-04-12 21:05 - 2015-04-12 21:05 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-04-12 21:05 - 2007-03-20 19:05 - 00073728 _____ (Razer Inc.) C:\Windows\SysWOW64\Diamondback.cpl
2015-04-12 21:04 - 2015-04-12 21:04 - 00000000 ____D () C:\Users\raz\AppData\Roaming\InstallShield
2015-04-11 23:49 - 2015-04-11 23:49 - 00044408 _____ () C:\Users\raz\Downloads\Inherent.Vice.2014.720p.BluRay.x264.DTS.RoSubbed-iFT.torrent
2015-04-11 12:20 - 2015-04-11 12:20 - 00005010 _____ () C:\Users\raz\Downloads\[kickass.to]vikings.s03e08.720p.hdtv.x264.killers.glodls.torrent
2015-04-10 19:03 - 2015-04-10 19:03 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-10 19:03 - 2014-11-25 12:21 - 00000000 ____D () C:\Users\raz\Downloads\chipset-win8
2015-04-10 19:03 - 2014-03-18 05:44 - 00906968 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-04-10 19:03 - 2014-03-18 05:44 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-04-10 19:03 - 2014-03-18 05:44 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-04-10 19:01 - 2014-06-09 13:26 - 00000000 ____D () C:\Users\raz\Downloads\lan-W7
2015-04-10 19:01 - 2014-04-22 14:53 - 03943384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-04-10 19:01 - 2014-04-22 12:25 - 01011171 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-04-10 19:01 - 2014-04-22 12:20 - 58487808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-04-10 19:01 - 2014-04-17 12:42 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-04-10 19:01 - 2014-04-17 12:42 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-04-10 19:01 - 2014-04-17 12:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-04-10 19:01 - 2014-04-17 09:46 - 02833112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-04-10 19:01 - 2014-04-17 09:46 - 02797784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-04-10 19:01 - 2014-04-17 09:28 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-04-10 19:01 - 2014-04-14 10:04 - 00948440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-04-10 19:01 - 2014-04-11 11:29 - 02111792 _____ () C:\Windows\system32\SStudio.dll
2015-04-10 19:01 - 2014-04-10 07:20 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-04-10 19:01 - 2014-04-10 07:20 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-04-10 19:01 - 2014-04-10 07:19 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2015-04-10 19:01 - 2014-04-09 11:39 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2015-04-10 19:01 - 2014-04-09 11:38 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-04-10 19:01 - 2014-03-28 13:03 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-04-10 19:01 - 2014-03-21 09:17 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-04-10 19:01 - 2014-03-19 14:19 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-04-10 19:01 - 2014-03-06 11:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-04-10 19:01 - 2014-03-05 00:11 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-04-10 19:01 - 2014-03-05 00:11 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-04-10 19:01 - 2014-03-05 00:11 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-04-10 19:01 - 2014-03-05 00:11 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-04-10 19:01 - 2014-02-27 15:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-04-10 19:01 - 2014-02-18 12:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-04-10 19:01 - 2014-02-06 06:28 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-04-10 19:01 - 2014-01-31 12:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-04-10 19:01 - 2014-01-28 06:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-04-10 19:01 - 2013-10-11 06:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-04-10 19:01 - 2013-10-06 19:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-04-10 19:01 - 2013-10-06 19:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-04-10 19:01 - 2013-10-06 19:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-04-10 19:01 - 2013-09-09 23:02 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-04-10 19:01 - 2013-09-09 23:02 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-04-10 19:01 - 2013-09-09 23:01 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-04-10 19:01 - 2013-09-09 23:01 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-04-10 19:01 - 2013-08-20 12:37 - 00605496 _____ () C:\Windows\system32\audioLibVc.dll
2015-04-10 19:01 - 2013-08-14 10:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-04-10 19:01 - 2013-08-14 10:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-04-10 19:01 - 2013-06-25 07:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-04-10 19:01 - 2013-06-25 07:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-04-10 19:01 - 2013-06-25 07:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-04-10 19:01 - 2013-06-21 06:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-04-10 19:01 - 2013-04-03 09:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-04-10 19:01 - 2012-08-31 14:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-04-10 19:01 - 2012-08-31 14:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-04-10 19:01 - 2012-08-31 14:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-04-10 19:01 - 2012-08-31 14:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-04-10 19:01 - 2012-08-31 14:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-04-10 19:01 - 2012-01-30 06:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-04-10 19:01 - 2012-01-10 05:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-04-10 19:01 - 2011-09-02 09:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-04-10 19:01 - 2011-09-02 09:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-04-10 19:01 - 2011-09-02 09:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-04-10 19:01 - 2011-08-23 12:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-04-10 19:01 - 2011-05-31 04:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-04-10 19:01 - 2011-03-17 07:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-04-10 19:01 - 2011-03-07 12:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-04-10 19:01 - 2010-07-22 11:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-04-10 18:59 - 2015-04-10 19:02 - 717891966 _____ (Igor Pavlov) C:\Users\raz\Downloads\mb_driver_chipset_fm2-plus_64bit_v1.8.exe
2015-04-10 18:59 - 2015-04-10 19:00 - 149881863 _____ (Igor Pavlov) C:\Users\raz\Downloads\mb_driver_audio_realtek_fm2+_v1.7.exe
2015-04-10 18:59 - 2015-04-10 18:59 - 03839028 _____ (Igor Pavlov) C:\Users\raz\Downloads\mb_driver_lan_realtek_8111_fm2+_w7_v1.7.exe
2015-04-10 18:55 - 2015-04-10 14:33 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2015-04-10 14:06 - 2012-08-28 15:27 - 00058536 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-04-10 14:04 - 2013-05-27 22:09 - 00227648 _____ (Advanced Micro Devices, INC.) C:\Windows\system32\Drivers\amdxhc.sys
2015-04-10 14:04 - 2013-05-27 22:09 - 00106816 _____ (Advanced Micro Devices, INC.) C:\Windows\system32\Drivers\amdhub30.sys
2015-04-06 00:20 - 2015-04-06 00:20 - 00003690 _____ () C:\Users\raz\Downloads\[kickass.to]vikings.s03e07.720p.hdtv.x264.killers.glodls.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 19:15 - 2014-11-04 14:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 19:15 - 2014-11-04 14:30 - 00704408 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 19:14 - 2009-07-14 07:51 - 00122932 _____ () C:\Windows\setupact.log
2015-05-03 11:41 - 2014-11-05 00:18 - 00120239 _____ () C:\Windows\DirectX.log
2015-05-03 02:28 - 2014-11-09 14:50 - 00000000 ____D () C:\Users\raz\AppData\Roaming\vlc
2015-05-02 20:55 - 2014-11-04 14:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 13:40 - 2014-11-15 21:59 - 00001011 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-05-02 13:30 - 2009-07-14 08:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-02 13:24 - 2014-11-09 14:30 - 00000000 ____D () C:\Users\raz\AppData\Roaming\BitTorrent
2015-05-02 13:16 - 2009-07-14 07:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 13:16 - 2009-07-14 07:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 13:13 - 2014-11-25 16:41 - 00000000 ____D () C:\ATI
2015-05-02 11:26 - 2015-03-21 14:43 - 52308087 _____ () C:\Users\raz\Downloads\Nissan-2015-03-21.zip
2015-05-02 11:23 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 00:18 - 2014-11-04 14:28 - 00000000 ____D () C:\Users\raz
2015-04-28 00:31 - 2014-12-14 04:57 - 00000000 ____D () C:\ProgramData\Skype
2015-04-28 00:30 - 2014-12-14 04:57 - 00000000 ____D () C:\Users\raz\AppData\Roaming\Skype
2015-04-26 22:56 - 2014-11-14 08:41 - 00000000 ____D () C:\Windows\Minidump
2015-04-13 20:44 - 2014-11-20 21:42 - 00007597 _____ () C:\Users\raz\AppData\Local\Resmon.ResmonCfg
2015-04-12 21:05 - 2014-11-04 15:14 - 00017708 _____ () C:\Windows\DPINST.LOG
2015-04-12 21:05 - 2014-11-04 15:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-10 19:03 - 2014-11-12 11:40 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-04-10 19:03 - 2014-11-12 11:40 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-10 19:02 - 2014-11-12 11:41 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-10 14:33 - 2014-11-25 19:54 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2015-04-10 14:33 - 2014-11-25 19:54 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys
2015-04-10 14:33 - 2014-11-25 16:52 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-04-10 14:06 - 2014-11-04 14:55 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
 
==================== Files in the root of some directories =======
 
2015-05-02 00:17 - 2015-05-02 00:17 - 0000173 _____ () C:\Users\raz\AppData\Roaming\1.bat
2015-01-15 02:38 - 2015-01-15 02:38 - 0033134 _____ () C:\Users\raz\AppData\Roaming\UserTile.png
2015-04-26 18:56 - 2015-05-02 11:27 - 0000000 ____H () C:\Users\raz\AppData\Roaming\winmgr.txt
2014-11-20 21:42 - 2015-04-13 20:44 - 0007597 _____ () C:\Users\raz\AppData\Local\Resmon.ResmonCfg
2015-04-10 19:03 - 2015-04-10 19:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\raz\AppData\Local\Temp\0002666f.exe
C:\Users\raz\AppData\Local\Temp\00450416.exe
C:\Users\raz\AppData\Local\Temp\ARS.exe
C:\Users\raz\AppData\Local\Temp\ilkymdbnty.exe
C:\Users\raz\AppData\Local\Temp\rdivnapvxk.exe
C:\Users\raz\AppData\Local\Temp\tjsvrvkwlx.exe
C:\Users\raz\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-26 20:35
 
==================== End Of Log ============================
 
 
 
 
ADDITIONAL --
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by raz at 2015-05-03 19:33:32
Running from C:\Users\raz\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-354923509-2566438501-2684502570-500 - Administrator - Disabled)
Guest (S-1-5-21-354923509-2566438501-2684502570-501 - Limited - Disabled)
raz (S-1-5-21-354923509-2566438501-2684502570-1000 - Administrator - Enabled) => C:\Users\raz
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.0 (Enabled - Up to date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET NOD32 Antivirus 4.0 (Enabled - Up to date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{B800192A-2B6D-7DF6-CC68-B3A1D3653E17}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.2.0 - AppEx Networks)
BitTorrent (HKU\S-1-5-21-354923509-2566438501-2684502570-1000\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Easy Tune 6 B14.1020.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B14.1020.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ESET NOD32 Antivirus (HKLM\...\{4183655A-5FC6-4A23-A804-7764145EC57C}) (Version: 4.0.468.0 - ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Razer Diamondback (HKLM-x32\...\{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}) (Version: 5.01 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-05-2015 11:40:08 Installed DirectX
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08979D72-3827-4FF9-8B20-A6BCCF457109} - System32\Tasks\{71B8F376-AB6F-4778-BD24-3D75BF430E3F} => Chrome.exe http://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?page=tsProgressBar
Task: {93972E3B-488D-4CAB-B90F-3FC378B5B7B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {C19BCEF9-BC97-433F-8E9B-8761CB25A627} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-12 21:05 - 2009-10-09 20:11 - 00226816 _____ () C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
2015-05-02 00:17 - 2015-05-02 00:16 - 00225280 ___SH () C:\Users\raz\AppData\Roaming\WinXdd\winxdd.exe
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-04-12 21:05 - 2007-02-07 16:00 - 00131072 _____ () C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razertra.exe
2015-04-21 19:29 - 2015-03-10 09:37 - 00775680 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2015-04-21 19:29 - 2014-12-02 03:29 - 05002752 _____ () D:\Program Files (x86)\Steam\v8.dll
2015-04-21 19:29 - 2014-12-02 03:29 - 01612800 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2015-04-21 19:29 - 2014-12-02 03:29 - 01210368 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2015-04-21 19:29 - 2015-04-14 02:44 - 02371776 _____ () D:\Program Files (x86)\Steam\video.dll
2015-04-21 19:29 - 2014-12-02 00:31 - 02396672 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-21 19:29 - 2014-12-02 00:31 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-21 19:29 - 2014-12-02 00:31 - 00479744 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-21 19:29 - 2014-12-02 00:31 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-21 19:29 - 2014-12-02 00:31 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-21 19:29 - 2015-04-14 02:44 - 00702656 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-04-21 19:29 - 2015-02-25 04:58 - 34641288 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-21 19:29 - 2015-02-25 04:58 - 01709960 _____ () D:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2015-04-28 22:56 - 2015-04-28 05:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-28 22:56 - 2015-04-28 05:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-28 22:56 - 2015-04-28 05:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-354923509-2566438501-2684502570-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\raz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 78.96.7.88 - 95.77.94.88
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AppEx Accelerator UI => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
MSCONFIG\startupreg: Client Server Runtime Process => C:\Windows\system32\csrss.exe
MSCONFIG\startupreg: Host-process Windows (Rundll32.exe) => C:\Windows\SysWOW64\csrss.exe
MSCONFIG\startupreg: Microsoft Windows Manager => C:\Windows\M-50502462522540258485045\winmgr.exe
MSCONFIG\startupreg: Microsoft Windows Service => C:\Windows\M-5050750405503593842050533740\winsvc.exe
MSCONFIG\startupreg: Microsoft Windows Services => C:\Windows\M-505034039586930203940876\winsvc.exe
MSCONFIG\startupreg: Service Host Process for Windows => C:\Users\raz\AppData\Roaming\svchost.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "D:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: wincl => C:\Users\raz\AppData\Roaming\WinXdd\winxdd.exe
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{68C4F5FD-9621-4D99-9059-7A2A8E690C9D}] => (Allow) C:\Program files (x86)\raidxpert2\apache\bin\httpd.exe
FirewallRules: [{301BDE6E-BE3D-4739-82BA-E7C3A4675C1E}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E60842C7-2F5F-4043-A51B-DE963196EB4D}] => (Allow) D:\csgo\Steam\Steam.exe
FirewallRules: [{6E1F2886-42D7-4849-B75C-E915C3204376}] => (Allow) D:\csgo\Steam\Steam.exe
FirewallRules: [{215EB3F4-05B0-41B9-83D3-026943D045FF}] => (Allow) D:\csgo\Steam\bin\steamwebhelper.exe
FirewallRules: [{8583AEA3-3770-4477-8808-9A4CDEDDA9CA}] => (Allow) D:\csgo\Steam\bin\steamwebhelper.exe
FirewallRules: [{F822BA7B-36FC-486B-A390-7BE54A99B593}] => (Allow) C:\Users\raz\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F1EC0142-8583-4F9C-9579-76CBA640128E}] => (Allow) C:\Users\raz\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{51C44618-DF33-48C4-AA30-ABCA75B8A165}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{446A60EA-40AF-4AA6-B0A7-3D094788676B}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{946E9CBC-8AD9-4984-B7D3-C77A12772989}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4D46E3D2-BA43-40F5-BF70-C6E8C918FFF0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AC1E71B6-F113-4CB8-B53B-7099659E6D87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/02/2015 01:09:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (05/02/2015 01:09:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (05/02/2015 11:25:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.1.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.1.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x007ca10a
Faulting process id: 0xfac
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (04/30/2015 01:04:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winsvc.exe, version: 0.0.0.0, time stamp: 0x553e17d4
Faulting module name: DNSAPI.dll, version: 6.1.7600.16385, time stamp: 0x4a5bd9d9
Exception code: 0xc0000005
Fault offset: 0x00006b42
Faulting process id: 0xcc
Faulting application start time: 0xwinsvc.exe0
Faulting application path: winsvc.exe1
Faulting module path: winsvc.exe2
Report Id: winsvc.exe3
 
Error: (04/30/2015 01:02:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program csgo.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a164
 
Start Time: 01d082c1ae497441
 
Termination Time: 280
 
Application Path: D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Report Id:
 
Error: (04/27/2015 07:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hglxybogfe.exe, version: 0.0.0.0, time stamp: 0x553e3cbe
Faulting module name: hglxybogfe.exe, version: 0.0.0.0, time stamp: 0x553e3cbe
Exception code: 0x40000015
Fault offset: 0x000092b3
Faulting process id: 0x1238
Faulting application start time: 0xhglxybogfe.exe0
Faulting application path: hglxybogfe.exe1
Faulting module path: hglxybogfe.exe2
Report Id: hglxybogfe.exe3
 
Error: (04/21/2015 07:29:21 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
 
Error: (04/21/2015 04:02:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program csgo.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e5c
 
Start Time: 01d07c32fe93556f
 
Termination Time: 107
 
Application Path: D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Report Id:
 
Error: (04/15/2015 10:14:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program csgo.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e94
 
Start Time: 01d077b00392d7ff
 
Termination Time: 34
 
Application Path: D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Report Id:
 
Error: (04/15/2015 06:55:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program csgo.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b3c
 
Start Time: 01d0778a6b6fd715
 
Termination Time: 312
 
Application Path: D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Report Id:
 
 
System errors:
=============
Error: (05/02/2015 05:11:14 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Connections service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Offline Files service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (05/02/2015 01:17:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (05/02/2015 01:09:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (05/02/2015 01:09:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (05/02/2015 11:25:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.2.1.000000004libqt4_plugin.dll2.2.1.00002000240000015007ca10afac01d084b171876615C:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dlld2278b7e-f0a4-11e4-be82-e8de2706e256
 
Error: (04/30/2015 01:04:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: winsvc.exe0.0.0.0553e17d4DNSAPI.dll6.1.7600.163854a5bd9d9c000000500006b42cc01d0832ba43d2603C:\Windows\M-5050750405503593842050533740\winsvc.exeC:\Windows\system32\DNSAPI.dll449e4c54-ef20-11e4-9add-e8de2706e256
 
Error: (04/30/2015 01:02:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: csgo.exe0.0.0.0a16401d082c1ae497441280D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Error: (04/27/2015 07:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hglxybogfe.exe0.0.0.0553e3cbehglxybogfe.exe0.0.0.0553e3cbe40000015000092b3123801d081098bf22e5fC:\Users\raz\AppData\Local\Temp\hglxybogfe.exeC:\Users\raz\AppData\Local\Temp\hglxybogfe.exeeea77d87-ecfc-11e4-ba00-e8de2706e256
 
Error: (04/21/2015 07:29:21 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall
 
Error: (04/21/2015 04:02:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: csgo.exe0.0.0.0e5c01d07c32fe93556f107D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Error: (04/15/2015 10:14:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: csgo.exe0.0.0.0e9401d077b00392d7ff34D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
Error: (04/15/2015 06:55:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: csgo.exe0.0.0.0b3c01d0778a6b6fd715312D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-7300 APU with Radeon HD Graphics 
Percentage of memory in use: 36%
Total physical RAM: 4037.21 MB
Available physical RAM: 2546.71 MB
Total Pagefile: 8072.56 MB
Available Pagefile: 5791.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:29.29 GB) (Free:4.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (multimedia) (Fixed) (Total:203.58 GB) (Free:51.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 498FA908)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=203.6 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#6 razvix2001

razvix2001
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 04 May 2015 - 08:23 AM

Nod32 finally woke up 

 

Untitled4.jpg



#7 razvix2001

razvix2001
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 04 May 2015 - 08:25 AM

Untitled1.jpg    CRYPTOLOCKER
 
Untitled3.jpg   the no result info in   ID Tool

Edited by razvix2001, 04 May 2015 - 08:26 AM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:32 AM

Posted 04 May 2015 - 10:07 AM

Try this tool by Emsisoft:

 

To decrypt your files, please download the Emsisoft Decryptor for PClock and save it to your desktop. Once downloaded, double-click on it and the program will open and automatically import the list of encrypted files from the %UserProfile%\enc_files.txt list. When you are ready to decrypt your files, simply click on the Decrypt button. More information about using this tool can be found in the post by Fabian Wosar here.

 

Please have these files uploaded here.

 

C:\Users\raz\AppData\Local\Temp\ccwoii.exe
C:\Users\raz\AppData\Roaming\WinXdd\winxdd.exe

 

Let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 razvix2001

razvix2001
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 04 May 2015 - 01:09 PM

The 

C:\Users\raz\AppData\Local\Temp\ccwoii.exe i could not find in my hdd :/ and the other one is feild to upload "not having permission"

 

Untitled5.jpg



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:32 AM

Posted 04 May 2015 - 02:30 PM

Did you use the Decryptor? Any problems experienced?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 razvix2001

razvix2001
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 04 May 2015 - 03:07 PM

i was thinking to backup the crypted files or to make a image of the hdd first .

Or should i go on like this?



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:32 AM

Posted 04 May 2015 - 03:18 PM

You know they are listed  in the C:\Users\raz\enc_files.txt and are quite a lot. Do not remove that file as the tool will use it in the process.

 

Let me know if you need help.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 razvix2001

razvix2001
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 06 May 2015 - 12:30 PM

Did not have any success . And appart from this my new antivirus(nod32) took control and quarantined the winxdd.exe file so i thing i`m lost (my files) .

Amd can`t be restored . 

Will start to spam the fu$%^ er with e-mails . Cause 1 bit coin is a month`s wage so cant affort it !!!!

Keep up the good job guys and hope something will come up eventually .



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:32 AM

Posted 07 May 2015 - 09:12 AM

Thanks for the feedback. Experts are trying hard to stop these hackers, but new variants are being produced constantly.
 
Sorry to know about your files.
 
Lets remove all remnants:
 
Please download this attached file [attachment=164561:Fixlist.txt] and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

To remove the tools used, follow these steps:

 

 

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    DelFix.png
  • Click Run

 

 

Again, thanks for the feedback.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 razvix2001

razvix2001
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 07 May 2015 - 01:28 PM

Should I upload any info given in the .txt ?

My hopes are very low, to get the files back :( approaching the dead line when he says he`ll delete the key for my virus version...

Have to buy another hdd to store the damaged files .

Also e-mailed the rusky mofo to tell him that his target is not a wealthy as he thought and my wage is 1bitcoin and will not pay and starve, but no response yet  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users