Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptowall problem.


  • Please log in to reply
12 replies to this topic

#1 mihaipiratu

mihaipiratu

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 15 September 2015 - 02:21 AM

Hy all. Im new on this forum but I have a problem: im infected with Cryptowall. This raport will say about this problem:

 

Infection Detection Tool v1.6 - Nathan Scott
--------------------------------------------
Date/Time: 9/15/2015 10:15:43 AM
Operating System: Windows 7
Service Pack: Service Pack 1
Version Number: 6.1
Product Type: Workstation
--------------------------------------------
[Detected Flags]
1.|  Possible CryptoWall Flag , HKCU\Software\61546CC14F09D0973E3C2526DEC65C47\2233455667CCCDEE

 

 

Any hope to solve this problem????
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:40 PM

Posted 15 September 2015 - 10:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is the infection you are dealing with - CryptoWall and HELP_DECRYPT Ransomware Information Guide
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Other than paying the ransom if it's not too late there is nothing we can do to restore your files.
I know one thing I would not trust them, your call.

If you want us to clean what has been left over the the infections please run these tools and submit the logs for my review.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 mihaipiratu

mihaipiratu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 16 September 2015 - 08:57 AM

Ok. Ill do like u said and i will post those reports.

#4 mihaipiratu

mihaipiratu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 16 September 2015 - 01:19 PM

1. ADWCLEANER REPORT:

# AdwCleaner v5.007 - Logfile created 16/09/2015 at 21:10:03
# Updated 08/09/2015 by Xplode
# Database : 2015-09-15.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Acasa - ACASA-PC
# Running from : C:\Users\Acasa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHVSX2UE\adwcleaner_5.007.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\ParetoLogic
[-] Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkioblodjcgkdailhejgcocjkkoochj
[-] Folder Deleted : C:\Users\Acasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Acasa\daemonprocess.txt
[-] File Deleted : C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mnkioblodjcgkdailhejgcocjkkoochj_0.localstorage
[-] File Deleted : C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mnkioblodjcgkdailhejgcocjkkoochj_0.localstorage-journal
[-] File Deleted : C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\user.js

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : paretologic registration3
[-] Task Deleted : paretologic update version3
[-] Task Deleted : ParetoLogic Update Version3 Startup Task

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\uus3url-pl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1BA8C07D-D46C-444B-BF2C-577BD961D2E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2A5FB2EB-3559-4AD3-8D61-3CD3E8528FA6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4EC1AD3D-473F-4A35-9DF5-43675D4E7A17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5E302F1C-2E1F-4DF7-BB17-687CCF9A8DE2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5E579DB7-8E17-4137-B1E0-FD9DCB35F528}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C71DDEF-4C18-4FBC-AAC2-D397CA175626}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{896C118B-E30E-4079-A1D8-620D5C451BD1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B4C0E7E-23F4-419F-814E-957E905C31F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{970F08A0-2151-4F81-91D9-3C5E5C9A6861}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{98840585-A9CF-477A-B7D4-81CE1FB1C2E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC88EB5D-DE86-4519-8B73-A4D677965B8C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\GetPrivate
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
[!] Key Not Deleted : [x64] HKCU\Software\ParetoLogic
[!] Key Not Deleted : [x64] HKCU\Software\GetPrivate

***** [ Web browsers ] *****

[-] [C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "delta-homes");
[-] [C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.alias", "delta-homes");
[-] [C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://search.delta-homes.com/favicon.ico");
[-] [C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.name", "delta-homes");
[-] [C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.url", "hxxp://search.delta-homes.com/web/?type=ds&ts=1434054694&z=d6d05a32b6617ea04dcd71bgbzbcaz2e2g3bbb3gbz&from=ient06110&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F0248[...]
[-] [C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "delta-homes");
[-] [C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf.com
[-] [C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istartsurf
[-] [C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.istartsurf.com/webfavicon.ico
[-] [C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.istartsurf.com/web/?type=dspp&ts=1434054724&from=xtab&uid=DFB6B2D4EA21490884498992EB312E48&q={searchTerms}
[-] [C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mnkioblodjcgkdailhejgcocjkkoochj
[-] [C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.istartsurf.com/?type=hppp&ts=1434054724&from=xtab&uid=DFB6B2D4EA21490884498992EB312E48

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6552 bytes] ##########



#5 mihaipiratu

mihaipiratu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 16 September 2015 - 01:24 PM

2.FARBAR REPORT:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Acasa (administrator) on ACASA-PC (16-09-2015 21:22:32)
Running from C:\Users\Acasa\Desktop\FARBAR
Loaded Profiles: Acasa (Available Profiles: Acasa)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\Bitdefender\Tools\AntiCryptoWall\BDAntiCryptoWall.exe
() C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\3G Hostless Modem\CheckNDISPort_df.exe
() C:\Program Files (x86)\3G Hostless Modem\CancelAutoPlay_df.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-03] (Avast Software s.r.o.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [CheckNDISPort50ac54] => C:\Program Files (x86)\3G Hostless Modem\CheckNDISPort_df.exe [468736 2014-09-20] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\3G Hostless Modem\CancelAutoPlay_df.exe [447744 2014-09-20] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM Group Policy restriction on software: %appdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-07-12] (SteelSeries ApS)
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\...\Run: [TeamSpeak 3 Client] => "C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe"
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\...\Run: [IXsoft] => regsvr32.exe C:\Users\Acasa\AppData\Local\IXsoft\iFilterXARXarLibrary_in.dll <===== ATTENTION
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\...\Run: [uTorrent] => C:\Users\Acasa\AppData\Roaming\uTorrent\uTorrent.exe [1790816 2015-09-05] (BitTorrent Inc.)
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\...\Run: [ACDSeeCommanderUltimate8] => C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe [2054664 2015-02-03] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-02] (Avast Software s.r.o.)
BootExecute: autocheck autochk * bootdelete
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{24DC0E69-E36C-414B-ACED-EDDC26C0FBA5}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{5AA4736C-7DAD-4180-9054-6C1902C46089}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9C47C9B3-488B-4817-9392-B9B4D7D473FD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9FA7F911-C7BA-4EDB-A8C6-BFE71F4D1579}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cool-tvlive.net/terra
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ro/
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-02] (Avast Software s.r.o.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: DownloadHelper Class -> {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} -> C:\Program Files (x86)\Common Files\Download Helper\DownloadHelperx64.dll [2012-12-11] (IE Download Helper)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-02] (Avast Software s.r.o.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: DownloadHelper Class -> {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} -> C:\Program Files (x86)\Common Files\Download Helper\DownloadHelper.dll [2012-12-11] (IE Download Helper)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-1758092551-1004065782-3080703647-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hppp&ts=1434054724&from=xtab&uid=DFB6B2D4EA21490884498992EB312E48
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-10-01] (Nitro PDF)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Acasa\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Video DownloadHelper - C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-24]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-08]

Chrome:
=======
CHR Profile: C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentări Google) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-17]
CHR Extension: (Google Docs) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
CHR Extension: (Disc Google) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17]
CHR Extension: (YouTube) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17]
CHR Extension: (Google Search) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17]
CHR Extension: (Foi de calcul Google) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-17]
CHR Extension: (Avast Online Security) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]
CHR Extension: (Gmail) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]
CHR Profile: C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-14]
CHR Extension: (Disc Google) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-14]
CHR Extension: (YouTube) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-14]
CHR Extension: (Google Search) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-14]
CHR Extension: (Avast Online Security) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-14]
CHR Extension: (Google Wallet) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-14]
CHR Extension: (Gmail) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]

Opera:
=======
OPR Extension: (SaveFrom.net helper) - C:\Users\Acasa\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2015-03-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-02] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-02] (Avast Software)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2015-01-18] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230920 2012-10-01] (Nitro PDF Software)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-28] (Electronic Arts)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-29] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-08-29] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2008-10-23] () [File not signed]
S4 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-03] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-24] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-09-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-03-14] (Realtek Semiconductor Corporation                           )
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-06-25] (SteelSeries Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-02] (Avast Software)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\Acasa\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-16 21:22 - 2015-09-16 21:22 - 00000000 ____D C:\Users\Acasa\Desktop\FARBAR
2015-09-16 21:18 - 2015-09-16 21:18 - 01660416 _____ C:\Users\Acasa\Desktop\adwcleaner_5.007.exe
2015-09-16 21:14 - 2015-09-16 21:14 - 00000000 ____H C:\ProgramData\cm-lock
2015-09-16 21:07 - 2015-09-16 21:20 - 00000000 ____D C:\AdwCleaner
2015-09-16 21:06 - 2015-09-16 21:06 - 00002528 _____ C:\Users\Acasa\Desktop\New Text Document.txt
2015-09-16 21:04 - 2015-09-16 21:22 - 00000000 ____D C:\FRST
2015-09-16 14:22 - 2015-09-16 14:22 - 00001265 _____ C:\Users\Acasa\Desktop\Data Recovery Pro.lnk
2015-09-15 21:01 - 2015-09-15 21:01 - 00000000 ___HD C:\Users\Acasa\Desktop\[Originals]
2015-09-15 20:53 - 2015-09-15 20:53 - 00000000 ____D C:\Users\Acasa\AppData\Local\Adobe
2015-09-15 09:05 - 2015-09-15 09:05 - 00001240 _____ C:\Users\Acasa\Desktop\Recover My Files v5.lnk
2015-09-15 09:05 - 2015-09-15 09:05 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files v5
2015-09-15 09:05 - 2015-09-15 09:05 - 00000000 ____D C:\Program Files\CodeMeter
2015-09-15 09:05 - 2015-09-15 09:05 - 00000000 ____D C:\Program Files (x86)\GetData
2015-09-15 09:05 - 2015-09-15 09:05 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2015-09-15 09:05 - 2013-11-27 12:26 - 00917352 _____ (WIBU-SYSTEMS AG) C:\Windows\system32\WibuCm64.dll
2015-09-15 09:05 - 2013-11-27 12:26 - 00719720 _____ (WIBU-SYSTEMS AG) C:\Windows\SysWOW64\WibuCm32.dll
2015-09-15 08:40 - 2015-09-16 14:22 - 00000000 _____ C:\FileRecovery.log
2015-09-14 22:02 - 2015-09-14 22:02 - 00000000 ____D C:\Users\Acasa\Desktop\anexe
2015-09-14 22:01 - 2015-09-14 22:01 - 00000000 ____D C:\anexe
2015-09-14 22:00 - 2015-09-15 10:31 - 00000000 ____D C:\EEK
2015-09-14 22:00 - 2015-09-14 22:00 - 00000743 _____ C:\Users\Acasa\Desktop\Start Emsisoft Emergency Kit.lnk
2015-09-14 21:42 - 2015-09-14 21:43 - 00000080 _____ C:\Users\Public\Desktop\The Witcherr 3 - Wild Hunt.lnk
2015-09-14 21:42 - 2015-09-14 21:42 - 00000080 _____ C:\Users\Acasa\Desktop\The Witcherr 3 - Wild Hunt.lnk
2015-09-14 21:40 - 2015-09-14 21:40 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\R-TT
2015-09-14 21:39 - 2015-09-14 21:40 - 00000000 ____D C:\Users\Acasa\Documents\R-TT
2015-09-14 21:39 - 2015-09-14 21:39 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
2015-09-14 21:39 - 2015-09-14 21:39 - 00000000 ____D C:\Program Files (x86)\R-Studio
2015-09-14 21:35 - 2015-09-14 21:43 - 00001222 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard 6.0 .lnk
2015-09-14 21:35 - 2015-09-14 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 6.0
2015-09-14 21:35 - 2015-09-14 21:35 - 00000000 ____D C:\Program Files (x86)\EaseUS
2015-09-14 21:28 - 2015-09-14 21:28 - 00000000 ____D C:\Program Files\EaseUS
2015-09-14 21:08 - 2015-09-14 21:14 - 00000000 ____D C:\Users\Acasa\Desktop\1111111111111 RECOVERY
2015-09-14 21:08 - 2015-09-14 21:08 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\www.shadowexplorer.com
2015-09-14 21:07 - 2015-09-14 22:00 - 00001889 _____ C:\Users\Acasa\Desktop\ShadowExplorer.lnk
2015-09-14 21:07 - 2015-09-14 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-09-14 21:07 - 2015-09-14 22:00 - 00000000 ____D C:\Program Files (x86)\ShadowExplorer
2015-09-14 20:58 - 2015-09-15 09:49 - 00000000 ____D C:\Users\Acasa\AppData\Local\ACD Systems
2015-09-14 20:58 - 2015-09-14 20:58 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-09-14 20:56 - 2015-09-14 20:56 - 00442094 _____ C:\Windows\system32\.crusader
2015-09-14 20:48 - 2015-09-16 14:38 - 00003104 _____ C:\Windows\System32\Tasks\BDAntiCryptoWallTask
2015-09-14 20:44 - 2015-09-15 09:23 - 00000000 ____D C:\Program Files\Recuva
2015-09-14 20:44 - 2015-09-14 21:43 - 00001656 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-09-14 20:44 - 2015-09-14 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-09-14 20:43 - 2015-09-14 20:55 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-14 20:39 - 2015-09-16 21:15 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-14 20:39 - 2015-09-14 21:43 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-14 20:39 - 2015-09-14 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-14 20:39 - 2015-09-14 20:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 20:39 - 2015-09-14 20:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-14 20:39 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-14 20:39 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-14 20:39 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-14 20:35 - 2015-09-14 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiCryptoWall
2015-09-14 20:35 - 2015-09-14 20:35 - 00000000 ____D C:\Program Files\Bitdefender
2015-09-14 19:52 - 2015-09-14 19:52 - 00000000 ____D C:\Users\Acasa\Documents\HP Photosmart Projects
2015-09-14 19:49 - 2015-09-14 19:49 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\ACD Systems
2015-09-14 19:47 - 2015-09-14 21:43 - 00002235 _____ C:\Users\Public\Desktop\ACDSee Ultimate 8 (64-bit).lnk
2015-09-14 19:47 - 2015-09-14 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2015-09-14 19:47 - 2015-09-14 19:47 - 00000000 ____D C:\ProgramData\ACD Systems
2015-09-14 19:47 - 2015-09-14 19:47 - 00000000 ____D C:\Program Files\Common Files\ACD Systems
2015-09-14 19:47 - 2015-09-14 19:47 - 00000000 ____D C:\Program Files\ACD Systems
2015-09-14 19:46 - 2015-09-14 19:46 - 00000000 ____D C:\Users\Acasa\AppData\Local\Downloaded Installations
2015-09-14 16:19 - 2015-09-14 16:19 - 00008644 _____ C:\Users\HELP_DECRYPT.HTML
2015-09-14 16:19 - 2015-09-14 16:19 - 00004262 _____ C:\Users\HELP_DECRYPT.TXT
2015-09-14 16:19 - 2015-09-14 16:19 - 00000296 _____ C:\Users\HELP_DECRYPT.URL
2015-09-13 15:43 - 2015-09-13 16:21 - 00000000 ____D C:\Users\Acasa\Desktop\laptop lenovo
2015-09-13 13:03 - 2015-09-13 13:03 - 00215824 _____ C:\Users\Acasa\Desktop\convocator.zip
2015-09-12 14:09 - 2015-09-14 16:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVAST Software
2015-09-12 14:09 - 2015-09-14 16:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVAST Software
2015-09-09 07:20 - 2015-09-09 07:21 - 15454752 _____ C:\Users\Acasa\Desktop\YasenKrasen_SessionStatistics_9.10b.zip
2015-09-07 17:24 - 2015-09-07 17:27 - 85392384 _____ (by dimabal100000) C:\Users\Acasa\Desktop\[0.9.10] Svatekl2 Mod Pack v9.4.exe
2015-09-03 15:19 - 2015-09-03 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-26 13:03 - 2015-08-26 13:03 - 00275504 _____ C:\Windows\Minidump\082615-25802-01.dmp
2015-08-25 12:21 - 2015-08-25 12:21 - 00000000 ____D C:\ProgramData\ATI
2015-08-25 12:20 - 2015-08-25 12:20 - 00058661 _____ C:\Windows\SysWOW64\CCCInstall_201508251220375976.log
2015-08-25 12:20 - 2015-08-25 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-08-21 10:54 - 2015-08-21 10:54 - 02656584 _____ C:\Users\Acasa\Downloads\APP_IO_W7_W8_A00_Setup-9PPPW_ZPE.exe
2015-08-18 09:33 - 2015-08-18 09:33 - 00000000 ____D C:\Program Files (x86)\hardline
2015-08-17 08:16 - 2015-08-17 08:16 - 01356160 _____ C:\Users\Acasa\Downloads\4in1_XP_2K_ME_98(4.49).zip
2015-08-17 08:15 - 2015-09-14 15:24 - 00000000 ____D C:\drivere eugen

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-16 21:22 - 2009-07-13 21:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-16 21:22 - 2009-07-13 21:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-16 21:19 - 2009-07-13 22:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-16 21:17 - 2013-10-24 10:29 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-16 21:14 - 2015-07-28 10:45 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Raptr
2015-09-16 21:14 - 2013-10-24 10:46 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\uTorrent
2015-09-16 21:13 - 2014-12-17 09:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-16 21:11 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-16 21:11 - 2009-07-13 21:51 - 00392787 _____ C:\Windows\setupact.log
2015-09-16 21:10 - 2013-10-24 15:59 - 00000000 ____D C:\Users\Acasa
2015-09-16 21:05 - 2013-10-24 06:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-15 22:21 - 2013-10-29 07:35 - 00000000 ____D C:\ProgramData\Origin
2015-09-15 21:41 - 2014-12-17 09:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-15 14:47 - 2015-06-12 19:18 - 00000000 ____D C:\Users\Acasa\AppData\Local\CrashDumps
2015-09-15 14:47 - 2014-04-06 21:08 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-15 14:41 - 2010-11-20 20:47 - 00359826 _____ C:\Windows\PFRO.log
2015-09-15 10:32 - 2013-10-24 15:56 - 01723057 _____ C:\Windows\WindowsUpdate.log
2015-09-15 09:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-15 08:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-09-14 22:22 - 2015-06-11 19:05 - 00000000 ____D C:\Users\Acasa\AppData\Local\NPE
2015-09-14 22:01 - 2013-10-29 07:11 - 00000000 ____D C:\Users\Acasa\AppData\Local\GHISLER
2015-09-14 21:44 - 2015-02-05 12:03 - 00000943 _____ C:\Users\Acasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2015-09-14 21:44 - 2013-10-24 16:00 - 00001393 _____ C:\Users\Acasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-14 21:43 - 2015-07-29 13:24 - 00000760 _____ C:\Users\Public\Desktop\Sky Force Anniversary.lnk
2015-09-14 21:43 - 2015-07-09 16:39 - 00000427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO - The Hobbit.lnk
2015-09-14 21:43 - 2015-07-09 13:45 - 00000455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 4.lnk
2015-09-14 21:43 - 2015-06-19 08:16 - 00000457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Jurassic World.lnk
2015-09-14 21:43 - 2015-05-18 19:58 - 00000439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk
2015-09-14 21:43 - 2015-03-01 21:01 - 00000598 _____ C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
2015-09-14 21:43 - 2015-02-12 10:08 - 00000535 _____ C:\Users\Public\Desktop\World of Tanks 0.9.6.lnk
2015-09-14 21:43 - 2015-02-12 10:08 - 00000532 _____ C:\Users\Public\Desktop\World of Tanks Launcher 0.9.6.lnk
2015-09-14 21:43 - 2015-01-28 16:51 - 00002008 _____ C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
2015-09-14 21:43 - 2015-01-28 16:51 - 00002008 _____ C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
2015-09-14 21:43 - 2014-12-27 18:01 - 00000532 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2015-09-14 21:43 - 2014-12-23 13:38 - 00000556 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-09-14 21:43 - 2014-10-22 12:52 - 00000417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Evil Within.lnk
2015-09-14 21:43 - 2014-10-20 20:43 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
2015-09-14 21:43 - 2014-10-16 11:35 - 00000659 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Borderlands The Pre-Sequel.lnk
2015-09-14 21:43 - 2014-09-21 11:57 - 00000411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War Rome II.lnk
2015-09-14 21:43 - 2014-07-10 11:50 - 00000531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 3.lnk
2015-09-14 21:43 - 2014-04-06 21:08 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-09-14 21:43 - 2014-03-31 15:28 - 00000549 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Castlevania Lords of Shadow 2.lnk
2015-09-14 21:43 - 2014-02-28 21:20 - 00000583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thief.lnk
2015-09-14 21:43 - 2014-02-24 11:03 - 00002083 _____ C:\Users\Public\Desktop\CuteFTP 8 Professional.lnk
2015-09-14 21:43 - 2014-01-10 21:51 - 00001160 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-09-14 21:43 - 2014-01-09 09:04 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-14 21:43 - 2014-01-09 09:04 - 00002013 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-09-14 21:43 - 2014-01-05 21:25 - 00001064 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-09-14 21:43 - 2014-01-05 21:23 - 00001561 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool-Tv.Net.lnk
2015-09-14 21:43 - 2013-11-18 08:43 - 00000907 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-09-14 21:43 - 2013-11-13 07:49 - 00001192 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2015-09-14 21:43 - 2013-11-13 07:49 - 00001168 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
2015-09-14 21:43 - 2013-11-13 07:39 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-14 21:43 - 2013-11-11 11:02 - 00001046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-09-14 21:43 - 2013-11-06 06:57 - 00001133 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2015-09-14 21:43 - 2013-10-30 09:07 - 00000533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4.lnk
2015-09-14 21:43 - 2013-10-24 15:57 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-14 21:43 - 2013-10-24 15:56 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-14 21:43 - 2013-10-24 11:06 - 00001948 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-09-14 21:43 - 2013-10-24 10:51 - 00001869 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-09-14 21:43 - 2013-10-24 06:24 - 00000977 _____ C:\Users\Public\Desktop\Winamp.lnk
2015-09-14 21:43 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-14 21:43 - 2009-07-13 21:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-14 21:43 - 2009-07-13 21:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-09-14 21:43 - 2009-07-13 21:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-09-14 21:43 - 2009-07-13 21:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-09-14 21:42 - 2015-07-29 20:24 - 00000566 _____ C:\Users\Acasa\Desktop\World of Warships.lnk
2015-09-14 21:42 - 2015-07-29 15:20 - 00000756 _____ C:\Users\Acasa\Desktop\Luxor.lnk
2015-09-14 21:42 - 2015-04-30 07:27 - 00000850 _____ C:\Users\Acasa\Desktop\WorldOfTanks - Shortcut.lnk
2015-09-14 21:42 - 2015-01-21 20:38 - 00001011 _____ C:\Users\Acasa\Desktop\RaidCall.lnk
2015-09-14 21:42 - 2014-09-06 19:51 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-09-14 21:42 - 2014-04-01 08:15 - 00000967 _____ C:\Users\Acasa\Desktop\TechPowerUp GPU-Z.lnk
2015-09-14 21:42 - 2014-02-08 16:09 - 00001035 _____ C:\Users\Acasa\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
2015-09-14 21:42 - 2013-11-24 18:36 - 00000992 _____ C:\Users\Acasa\Desktop\Core Temp.lnk
2015-09-14 21:42 - 2013-11-11 11:02 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-09-14 21:42 - 2013-10-24 11:09 - 00001171 _____ C:\Users\Acasa\AppData\Roaming\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2015-09-14 21:42 - 2013-10-24 10:46 - 00000793 _____ C:\Users\Acasa\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-09-14 21:42 - 2009-07-13 22:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-09-14 21:42 - 2009-07-13 21:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-09-14 20:55 - 2014-10-20 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word
2015-09-14 20:55 - 2014-10-20 20:39 - 00000000 ____D C:\Program Files (x86)\PDF to Word
2015-09-14 20:55 - 2014-02-05 13:47 - 00000000 ____D C:\Users\Acasa\AppData\Local\IXsoft
2015-09-14 20:55 - 2013-11-13 07:39 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Mozilla
2015-09-14 20:55 - 2013-11-13 07:39 - 00000000 ____D C:\Users\Acasa\AppData\Local\Mozilla
2015-09-14 20:55 - 2013-11-11 11:06 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\HP
2015-09-14 20:55 - 2013-11-11 11:00 - 00000000 ____D C:\ProgramData\HP
2015-09-14 20:55 - 2013-11-07 21:00 - 00000000 ____D C:\Users\Acasa\AppData\Local\Google
2015-09-14 20:55 - 2013-10-24 06:22 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Adobe
2015-09-14 20:55 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default
2015-09-14 20:35 - 2014-01-28 16:22 - 00002180 __RSH C:\ProgramData\ntuser.pol
2015-09-14 19:48 - 2013-10-25 07:10 - 00270020 _____ C:\Windows\DirectX.log
2015-09-14 19:44 - 2010-11-21 00:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-14 18:41 - 2014-03-29 21:54 - 00000000 ____D C:\Users\Acasa\AppData\Local\Nero
2015-09-14 16:18 - 2015-05-20 07:23 - 00000000 ____D C:\Users\Acasa\Documents\The Witcher 3
2015-09-14 16:18 - 2014-10-20 20:39 - 00000000 ____D C:\Users\Acasa\Documents\Quick-PDF PDF to Word
2015-09-14 16:18 - 2014-02-12 08:56 - 00000000 ____D C:\Users\Acasa\Documents\OMC ModPack
2015-09-14 16:17 - 2013-11-11 11:09 - 00000000 ____D C:\Users\Acasa\Documents\My Scans
2015-09-14 16:16 - 2013-11-14 19:26 - 00000000 ____D C:\Users\Acasa\Documents\My Games
2015-09-14 16:15 - 2015-03-03 18:45 - 00000000 ____D C:\Users\Acasa\Documents\Image-Line
2015-09-14 16:15 - 2014-09-19 20:12 - 00000000 ____D C:\Users\Acasa\Desktop\uuuuu
2015-09-14 16:14 - 2015-07-31 13:33 - 00000000 ____D C:\Users\Acasa\Desktop\Un vis împlinit___ Pliant pentru început de an școlar_files
2015-09-14 16:14 - 2015-04-06 18:26 - 00000000 ____D C:\Users\Acasa\Desktop\scoala altfel  2015
2015-09-14 16:14 - 2014-04-15 10:32 - 00000000 ____D C:\Users\Acasa\Desktop\saptamana altfel
2015-09-14 16:13 - 2015-05-28 19:23 - 00000000 ____D C:\Users\Acasa\Desktop\prislop
2015-09-14 16:11 - 2014-10-01 06:49 - 00000000 ____D C:\Users\Acasa\Desktop\povesti
2015-09-14 16:11 - 2013-12-04 21:57 - 00000000 ____D C:\Users\Acasa\Desktop\poze gradi
2015-09-14 16:08 - 2014-09-15 20:41 - 00000000 ____D C:\Users\Acasa\Desktop\nicoleta
2015-09-14 16:03 - 2014-10-20 21:57 - 00000000 ____D C:\Users\Acasa\Desktop\ggggggggg
2015-09-14 15:55 - 2014-05-12 21:26 - 00000000 ____D C:\Users\Acasa\Desktop\constantin brancoveanu
2015-09-14 15:54 - 2014-06-03 06:58 - 00000000 ____D C:\Users\Acasa\Desktop\1 iunie 2014
2015-09-14 15:54 - 2013-12-19 08:54 - 00000000 ____D C:\Users\Acasa\Desktop\actiuni sociale Tamadau Mare
2015-09-14 15:53 - 2015-06-19 08:23 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Warner Bros. Interactive Entertainment
2015-09-14 15:53 - 2015-04-06 11:46 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\ttales
2015-09-14 15:53 - 2015-01-01 17:26 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Wargaming.net
2015-09-14 15:53 - 2014-01-10 21:52 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\TS3Client
2015-09-14 15:53 - 2013-10-24 06:23 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Winamp
2015-09-14 15:51 - 2014-05-27 09:23 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Tropico 5
2015-09-14 15:51 - 2014-04-10 18:09 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Samsung
2015-09-14 15:51 - 2014-03-18 13:18 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Sony
2015-09-14 15:50 - 2014-10-20 20:43 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Nitro
2015-09-14 15:50 - 2014-04-06 21:08 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Opera Software
2015-09-14 15:50 - 2014-03-27 21:56 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Nero
2015-09-14 15:50 - 2014-03-18 16:33 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Publish Providers
2015-09-14 15:50 - 2013-10-29 07:36 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Origin
2015-09-14 15:48 - 2014-10-20 20:43 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\FileOpen
2015-09-14 15:48 - 2013-11-23 19:23 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Azureus
2015-09-14 15:48 - 2013-10-24 11:07 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\BSplayer PRO
2015-09-14 15:48 - 2013-10-24 11:05 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\DAEMON Tools Lite
2015-09-14 15:48 - 2013-10-24 06:23 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\Macromedia
2015-09-14 15:47 - 2015-07-29 13:08 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\AMD
2015-09-14 15:47 - 2014-12-22 22:22 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\ActiveDossierUploader
2015-09-14 15:47 - 2013-10-25 20:38 - 00000000 ____D C:\Users\Acasa\AppData\Roaming\AVAST Software
2015-09-14 15:46 - 2014-03-18 13:18 - 00000000 ____D C:\Users\Acasa\AppData\Local\Sony
2015-09-14 15:46 - 2013-10-24 06:38 - 00000000 ____D C:\Users\Acasa\AppData\Local\WinAVI
2015-09-14 15:45 - 2014-01-10 21:52 - 00000000 ____D C:\Users\Acasa\AppData\Local\Overwolf
2015-09-14 15:45 - 2013-10-29 07:35 - 00000000 ____D C:\Users\Acasa\AppData\Local\Origin
2015-09-14 15:45 - 2013-10-27 05:12 - 00000000 ____D C:\Users\Acasa\AppData\Local\PunkBuster
2015-09-14 15:42 - 2014-03-03 06:35 - 00000000 ____D C:\Users\Acasa\AppData\Local\Cyberlink
2015-09-14 15:41 - 2015-02-03 13:32 - 00000000 ____D C:\releveu biserica
2015-09-14 15:41 - 2014-02-11 10:32 - 00000000 ____D C:\Users\Acasa\AppData\Local\Blizzard Entertainment
2015-09-14 15:41 - 2014-02-11 10:32 - 00000000 ____D C:\Users\Acasa\AppData\Local\Battle.net
2015-09-14 15:41 - 2013-11-28 12:05 - 00000000 ____D C:\Users\Acasa\AppData\Local\AMD
2015-09-14 15:41 - 2013-10-24 11:10 - 00000000 ____D C:\totalcmd
2015-09-14 15:41 - 2013-10-24 06:34 - 00000000 ____D C:\ProgramData\SteelSeries
2015-09-14 15:40 - 2015-05-18 20:27 - 00000000 ____D C:\ProgramData\Socialclub
2015-09-14 15:40 - 2014-04-15 20:42 - 00000000 ____D C:\ProgramData\PopCap Games
2015-09-14 15:40 - 2014-02-28 21:21 - 00000000 ____D C:\ProgramData\Steam
2015-09-14 15:37 - 2014-10-20 20:42 - 00000000 ____D C:\ProgramData\Nitro
2015-09-14 15:36 - 2014-03-18 13:26 - 00000000 ____D C:\ProgramData\MAGIX
2015-09-14 15:26 - 2014-02-08 20:23 - 00000000 ____D C:\ProgramData\Logishrd
2015-09-14 15:24 - 2015-01-21 07:57 - 00000000 ____D C:\foto
2015-09-14 15:24 - 2014-12-23 13:38 - 00000000 ____D C:\Fraps
2015-09-14 15:24 - 2014-02-11 10:31 - 00000000 ____D C:\ProgramData\Battle.net
2015-09-14 15:24 - 2013-11-28 11:59 - 00000000 ____D C:\ProgramData\AMD
2015-09-14 15:24 - 2013-10-24 11:14 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-14 15:23 - 2013-11-28 11:52 - 00000000 ____D C:\AMD
2015-09-07 17:34 - 2015-07-18 16:27 - 00000000 ____D C:\Users\Acasa\AppData\Local\by_dimabal100000
2015-09-04 08:24 - 2013-11-13 07:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-02 18:29 - 2015-08-01 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PROТанки MultiPack
2015-08-31 17:45 - 2013-12-12 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
2015-08-30 16:36 - 2014-12-17 09:09 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 16:36 - 2014-12-17 09:09 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 20:22 - 2013-10-27 05:11 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-08-26 13:03 - 2013-12-03 08:20 - 552841395 _____ C:\Windows\MEMORY.DMP
2015-08-26 13:03 - 2013-12-03 08:20 - 00000000 ____D C:\Windows\Minidump
2015-08-25 12:20 - 2013-11-28 12:01 - 00000000 ____D C:\Program Files\AMD
2015-08-21 10:35 - 2013-11-07 20:59 - 00000000 ____D C:\ProgramData\Adobe
2015-08-20 09:00 - 2014-06-03 19:35 - 00003830 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1396843686
2015-08-18 09:56 - 2013-11-13 07:49 - 00000000 ___HD C:\Program Files (x86)\Battlelog Web Plugins
2015-08-18 09:56 - 2013-10-29 07:37 - 00000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2014-05-12 23:22 - 2014-05-12 23:22 - 0003584 _____ () C:\Users\Acasa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-25 11:41 - 2013-11-28 12:07 - 1065984 _____ () C:\Users\Acasa\AppData\Local\file__0.localstorage
2014-03-01 08:00 - 2014-03-01 08:00 - 0007605 _____ () C:\Users\Acasa\AppData\Local\Resmon.ResmonCfg
2015-09-16 21:14 - 2015-09-16 21:14 - 0000000 ____H () C:\ProgramData\cm-lock
2013-11-11 11:00 - 2013-11-11 11:06 - 0000357 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Acasa\AppData\Local\Temp\0lazgdfj.dll
C:\Users\Acasa\AppData\Local\Temp\0qdzvclp.dll
C:\Users\Acasa\AppData\Local\Temp\1-61knae.dll
C:\Users\Acasa\AppData\Local\Temp\1v_bdp8i.dll
C:\Users\Acasa\AppData\Local\Temp\4jgvkba2.dll
C:\Users\Acasa\AppData\Local\Temp\6ysdv9yt.dll
C:\Users\Acasa\AppData\Local\Temp\6zsearjq.dll
C:\Users\Acasa\AppData\Local\Temp\7hopbjhm.dll
C:\Users\Acasa\AppData\Local\Temp\8pyxwnq7.dll
C:\Users\Acasa\AppData\Local\Temp\8rjpl1d5.dll
C:\Users\Acasa\AppData\Local\Temp\8x7xkgac.dll
C:\Users\Acasa\AppData\Local\Temp\9rv7zqkb.dll
C:\Users\Acasa\AppData\Local\Temp\adr0mxge.dll
C:\Users\Acasa\AppData\Local\Temp\afwwcazs.dll
C:\Users\Acasa\AppData\Local\Temp\ahq4vwg1.dll
C:\Users\Acasa\AppData\Local\Temp\aiaaoxtf.dll
C:\Users\Acasa\AppData\Local\Temp\amd-catalyst-15.7-without-dotnet45-win7-64bit.exe
C:\Users\Acasa\AppData\Local\Temp\app.exe
C:\Users\Acasa\AppData\Local\Temp\ARS.exe
C:\Users\Acasa\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Acasa\AppData\Local\Temp\b_3j9lf6.dll
C:\Users\Acasa\AppData\Local\Temp\can_goew.dll
C:\Users\Acasa\AppData\Local\Temp\cc-updater1xtv.exe
C:\Users\Acasa\AppData\Local\Temp\clwnnggx.dll
C:\Users\Acasa\AppData\Local\Temp\csfwxkrn.dll
C:\Users\Acasa\AppData\Local\Temp\cuj-c8xe.dll
C:\Users\Acasa\AppData\Local\Temp\drafput4.dll
C:\Users\Acasa\AppData\Local\Temp\eigy-1lw.dll
C:\Users\Acasa\AppData\Local\Temp\Execute2App.exe
C:\Users\Acasa\AppData\Local\Temp\f1solit5.dll
C:\Users\Acasa\AppData\Local\Temp\fnasjlp5.dll
C:\Users\Acasa\AppData\Local\Temp\fpnj4drq.dll
C:\Users\Acasa\AppData\Local\Temp\ft8rsqer.dll
C:\Users\Acasa\AppData\Local\Temp\ftsx3ezk.dll
C:\Users\Acasa\AppData\Local\Temp\g0w9eoxg.dll
C:\Users\Acasa\AppData\Local\Temp\g5k5e-9w.dll
C:\Users\Acasa\AppData\Local\Temp\gifzql-z.dll
C:\Users\Acasa\AppData\Local\Temp\guvtbhzz.dll
C:\Users\Acasa\AppData\Local\Temp\h1s96sv9.dll
C:\Users\Acasa\AppData\Local\Temp\h56jhdsb.dll
C:\Users\Acasa\AppData\Local\Temp\htmlayout.dll
C:\Users\Acasa\AppData\Local\Temp\hy7d3vmm.dll
C:\Users\Acasa\AppData\Local\Temp\ihnoifiw.dll
C:\Users\Acasa\AppData\Local\Temp\ijq7lgcl.dll
C:\Users\Acasa\AppData\Local\Temp\kcpgvhf9.dll
C:\Users\Acasa\AppData\Local\Temp\kijxmrfs.dll
C:\Users\Acasa\AppData\Local\Temp\kjuwex64.dll
C:\Users\Acasa\AppData\Local\Temp\kuuum4p4.dll
C:\Users\Acasa\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Acasa\AppData\Local\Temp\lxbfc1sw.dll
C:\Users\Acasa\AppData\Local\Temp\lzpwtun_.dll
C:\Users\Acasa\AppData\Local\Temp\msvcp90.dll
C:\Users\Acasa\AppData\Local\Temp\msvcr90.dll
C:\Users\Acasa\AppData\Local\Temp\mugrluiw.dll
C:\Users\Acasa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Acasa\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Acasa\AppData\Local\Temp\nvStInst.exe
C:\Users\Acasa\AppData\Local\Temp\nyotebyv.dll
C:\Users\Acasa\AppData\Local\Temp\nzptpdv4.dll
C:\Users\Acasa\AppData\Local\Temp\obdmzp54.dll
C:\Users\Acasa\AppData\Local\Temp\our5nsy8.dll
C:\Users\Acasa\AppData\Local\Temp\oxeuw1au.dll
C:\Users\Acasa\AppData\Local\Temp\pljtpyvs.dll
C:\Users\Acasa\AppData\Local\Temp\qa8wejyn.dll
C:\Users\Acasa\AppData\Local\Temp\raptr_stub.exe
C:\Users\Acasa\AppData\Local\Temp\reet4ysj.dll
C:\Users\Acasa\AppData\Local\Temp\rryhrric.dll
C:\Users\Acasa\AppData\Local\Temp\rzupj0bq.dll
C:\Users\Acasa\AppData\Local\Temp\s77feft1.dll
C:\Users\Acasa\AppData\Local\Temp\siinst.exe
C:\Users\Acasa\AppData\Local\Temp\sonarinst.exe
C:\Users\Acasa\AppData\Local\Temp\strings.dll
C:\Users\Acasa\AppData\Local\Temp\SymCCIS.dll
C:\Users\Acasa\AppData\Local\Temp\td5nzebh.dll
C:\Users\Acasa\AppData\Local\Temp\tmp737A.exe
C:\Users\Acasa\AppData\Local\Temp\tng_gn8s.dll
C:\Users\Acasa\AppData\Local\Temp\Tsu8C6AB709.dll
C:\Users\Acasa\AppData\Local\Temp\u1kudcys.dll
C:\Users\Acasa\AppData\Local\Temp\u2v7j9lv.dll
C:\Users\Acasa\AppData\Local\Temp\udngha5k.dll
C:\Users\Acasa\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Acasa\AppData\Local\Temp\winsvc.exe
C:\Users\Acasa\AppData\Local\Temp\wltcdkwj.dll
C:\Users\Acasa\AppData\Local\Temp\wulbtira.dll
C:\Users\Acasa\AppData\Local\Temp\x2blapi.dll
C:\Users\Acasa\AppData\Local\Temp\xbxgr7rb.dll
C:\Users\Acasa\AppData\Local\Temp\xhtjaoyh.dll
C:\Users\Acasa\AppData\Local\Temp\y2ab_htc.dll
C:\Users\Acasa\AppData\Local\Temp\yl-163nx.dll
C:\Users\Acasa\AppData\Local\Temp\yupo2wq1.dll
C:\Users\Acasa\AppData\Local\Temp\zozrn7_o.dll
C:\Users\Acasa\AppData\Local\Temp\zy0b8qdm.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-15 21:46

==================== End of FRST.txt ============================

3. Additions.txt is in attachment.

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:40 PM

Posted 17 September 2015 - 07:43 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %appdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-1758092551-1004065782-3080703647-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [No File]
FF Extension: Video DownloadHelper - C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-22]
CHR Extension: (Avast Online Security) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-17]
CHR Extension: (Avast Online Security) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\Acasa\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
CustomCLSID: HKU\S-1-5-21-1758092551-1004065782-3080703647-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\cnvfat.dll No File <==== ATTENTION
C:\Windows\MEMORY.DMP
C:\Users\HELP_DECRYPT.HTML
C:\Users\HELP_DECRYPT.TXT
C:\Users\HELP_DECRYPT.URL
C:\Users\Acasa\AppData\Local\Temp\0lazgdfj.dll
C:\Users\Acasa\AppData\Local\Temp\0qdzvclp.dll
C:\Users\Acasa\AppData\Local\Temp\1-61knae.dll
C:\Users\Acasa\AppData\Local\Temp\1v_bdp8i.dll
C:\Users\Acasa\AppData\Local\Temp\4jgvkba2.dll
C:\Users\Acasa\AppData\Local\Temp\6ysdv9yt.dll
C:\Users\Acasa\AppData\Local\Temp\6zsearjq.dll
C:\Users\Acasa\AppData\Local\Temp\7hopbjhm.dll
C:\Users\Acasa\AppData\Local\Temp\8pyxwnq7.dll
C:\Users\Acasa\AppData\Local\Temp\8rjpl1d5.dll
C:\Users\Acasa\AppData\Local\Temp\8x7xkgac.dll
C:\Users\Acasa\AppData\Local\Temp\9rv7zqkb.dll
C:\Users\Acasa\AppData\Local\Temp\adr0mxge.dll
C:\Users\Acasa\AppData\Local\Temp\afwwcazs.dll
C:\Users\Acasa\AppData\Local\Temp\ahq4vwg1.dll
C:\Users\Acasa\AppData\Local\Temp\aiaaoxtf.dll
C:\Users\Acasa\AppData\Local\Temp\amd-catalyst-15.7-without-dotnet45-win7-64bit.exe
C:\Users\Acasa\AppData\Local\Temp\app.exe
C:\Users\Acasa\AppData\Local\Temp\ARS.exe
C:\Users\Acasa\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Acasa\AppData\Local\Temp\b_3j9lf6.dll
C:\Users\Acasa\AppData\Local\Temp\can_goew.dll
C:\Users\Acasa\AppData\Local\Temp\cc-updater1xtv.exe
C:\Users\Acasa\AppData\Local\Temp\clwnnggx.dll
C:\Users\Acasa\AppData\Local\Temp\csfwxkrn.dll
C:\Users\Acasa\AppData\Local\Temp\cuj-c8xe.dll
C:\Users\Acasa\AppData\Local\Temp\drafput4.dll
C:\Users\Acasa\AppData\Local\Temp\eigy-1lw.dll
C:\Users\Acasa\AppData\Local\Temp\Execute2App.exe
C:\Users\Acasa\AppData\Local\Temp\f1solit5.dll
C:\Users\Acasa\AppData\Local\Temp\fnasjlp5.dll
C:\Users\Acasa\AppData\Local\Temp\fpnj4drq.dll
C:\Users\Acasa\AppData\Local\Temp\ft8rsqer.dll
C:\Users\Acasa\AppData\Local\Temp\ftsx3ezk.dll
C:\Users\Acasa\AppData\Local\Temp\g0w9eoxg.dll
C:\Users\Acasa\AppData\Local\Temp\g5k5e-9w.dll
C:\Users\Acasa\AppData\Local\Temp\gifzql-z.dll
C:\Users\Acasa\AppData\Local\Temp\guvtbhzz.dll
C:\Users\Acasa\AppData\Local\Temp\h1s96sv9.dll
C:\Users\Acasa\AppData\Local\Temp\h56jhdsb.dll
C:\Users\Acasa\AppData\Local\Temp\htmlayout.dll
C:\Users\Acasa\AppData\Local\Temp\hy7d3vmm.dll
C:\Users\Acasa\AppData\Local\Temp\ihnoifiw.dll
C:\Users\Acasa\AppData\Local\Temp\ijq7lgcl.dll
C:\Users\Acasa\AppData\Local\Temp\kcpgvhf9.dll
C:\Users\Acasa\AppData\Local\Temp\kijxmrfs.dll
C:\Users\Acasa\AppData\Local\Temp\kjuwex64.dll
C:\Users\Acasa\AppData\Local\Temp\kuuum4p4.dll
C:\Users\Acasa\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Acasa\AppData\Local\Temp\lxbfc1sw.dll
C:\Users\Acasa\AppData\Local\Temp\lzpwtun_.dll
C:\Users\Acasa\AppData\Local\Temp\msvcp90.dll
C:\Users\Acasa\AppData\Local\Temp\msvcr90.dll
C:\Users\Acasa\AppData\Local\Temp\mugrluiw.dll
C:\Users\Acasa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Acasa\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Acasa\AppData\Local\Temp\nvStInst.exe
C:\Users\Acasa\AppData\Local\Temp\nyotebyv.dll
C:\Users\Acasa\AppData\Local\Temp\nzptpdv4.dll
C:\Users\Acasa\AppData\Local\Temp\obdmzp54.dll
C:\Users\Acasa\AppData\Local\Temp\our5nsy8.dll
C:\Users\Acasa\AppData\Local\Temp\oxeuw1au.dll
C:\Users\Acasa\AppData\Local\Temp\pljtpyvs.dll
C:\Users\Acasa\AppData\Local\Temp\qa8wejyn.dll
C:\Users\Acasa\AppData\Local\Temp\raptr_stub.exe
C:\Users\Acasa\AppData\Local\Temp\reet4ysj.dll
C:\Users\Acasa\AppData\Local\Temp\rryhrric.dll
C:\Users\Acasa\AppData\Local\Temp\rzupj0bq.dll
C:\Users\Acasa\AppData\Local\Temp\s77feft1.dll
C:\Users\Acasa\AppData\Local\Temp\siinst.exe
C:\Users\Acasa\AppData\Local\Temp\sonarinst.exe
C:\Users\Acasa\AppData\Local\Temp\strings.dll
C:\Users\Acasa\AppData\Local\Temp\SymCCIS.dll
C:\Users\Acasa\AppData\Local\Temp\td5nzebh.dll
C:\Users\Acasa\AppData\Local\Temp\tmp737A.exe
C:\Users\Acasa\AppData\Local\Temp\tng_gn8s.dll
C:\Users\Acasa\AppData\Local\Temp\Tsu8C6AB709.dll
C:\Users\Acasa\AppData\Local\Temp\u1kudcys.dll
C:\Users\Acasa\AppData\Local\Temp\u2v7j9lv.dll
C:\Users\Acasa\AppData\Local\Temp\udngha5k.dll
C:\Users\Acasa\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Acasa\AppData\Local\Temp\winsvc.exe
C:\Users\Acasa\AppData\Local\Temp\wltcdkwj.dll
C:\Users\Acasa\AppData\Local\Temp\wulbtira.dll
C:\Users\Acasa\AppData\Local\Temp\x2blapi.dll
C:\Users\Acasa\AppData\Local\Temp\xbxgr7rb.dll
C:\Users\Acasa\AppData\Local\Temp\xhtjaoyh.dll
C:\Users\Acasa\AppData\Local\Temp\y2ab_htc.dll
C:\Users\Acasa\AppData\Local\Temp\yl-163nx.dll
C:\Users\Acasa\AppData\Local\Temp\yupo2wq1.dll
C:\Users\Acasa\AppData\Local\Temp\zozrn7_o.dll
C:\Users\Acasa\AppData\Local\Temp\zy0b8qdm.dll

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#7 mihaipiratu

mihaipiratu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 19 September 2015 - 11:57 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Acasa (2015-09-19 19:41:57) Run:1
Running from C:\Users\Acasa\Desktop\FARBAR
Loaded Profiles: Acasa (Available Profiles: Acasa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: %appdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-1758092551-1004065782-3080703647-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [No File]
FF Extension: Video DownloadHelper - C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-22]
CHR Extension: (Avast Online Security) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-17]
CHR Extension: (Avast Online Security) - C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz130; \??\C:\Users\Acasa\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
CustomCLSID: HKU\S-1-5-21-1758092551-1004065782-3080703647-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\cnvfat.dll No File <==== ATTENTION
C:\Windows\MEMORY.DMP
C:\Users\HELP_DECRYPT.HTML
C:\Users\HELP_DECRYPT.TXT
C:\Users\HELP_DECRYPT.URL
C:\Users\Acasa\AppData\Local\Temp\0lazgdfj.dll
C:\Users\Acasa\AppData\Local\Temp\0qdzvclp.dll
C:\Users\Acasa\AppData\Local\Temp\1-61knae.dll
C:\Users\Acasa\AppData\Local\Temp\1v_bdp8i.dll
C:\Users\Acasa\AppData\Local\Temp\4jgvkba2.dll
C:\Users\Acasa\AppData\Local\Temp\6ysdv9yt.dll
C:\Users\Acasa\AppData\Local\Temp\6zsearjq.dll
C:\Users\Acasa\AppData\Local\Temp\7hopbjhm.dll
C:\Users\Acasa\AppData\Local\Temp\8pyxwnq7.dll
C:\Users\Acasa\AppData\Local\Temp\8rjpl1d5.dll
C:\Users\Acasa\AppData\Local\Temp\8x7xkgac.dll
C:\Users\Acasa\AppData\Local\Temp\9rv7zqkb.dll
C:\Users\Acasa\AppData\Local\Temp\adr0mxge.dll
C:\Users\Acasa\AppData\Local\Temp\afwwcazs.dll
C:\Users\Acasa\AppData\Local\Temp\ahq4vwg1.dll
C:\Users\Acasa\AppData\Local\Temp\aiaaoxtf.dll
C:\Users\Acasa\AppData\Local\Temp\amd-catalyst-15.7-without-dotnet45-win7-64bit.exe
C:\Users\Acasa\AppData\Local\Temp\app.exe
C:\Users\Acasa\AppData\Local\Temp\ARS.exe
C:\Users\Acasa\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Acasa\AppData\Local\Temp\b_3j9lf6.dll
C:\Users\Acasa\AppData\Local\Temp\can_goew.dll
C:\Users\Acasa\AppData\Local\Temp\cc-updater1xtv.exe
C:\Users\Acasa\AppData\Local\Temp\clwnnggx.dll
C:\Users\Acasa\AppData\Local\Temp\csfwxkrn.dll
C:\Users\Acasa\AppData\Local\Temp\cuj-c8xe.dll
C:\Users\Acasa\AppData\Local\Temp\drafput4.dll
C:\Users\Acasa\AppData\Local\Temp\eigy-1lw.dll
C:\Users\Acasa\AppData\Local\Temp\Execute2App.exe
C:\Users\Acasa\AppData\Local\Temp\f1solit5.dll
C:\Users\Acasa\AppData\Local\Temp\fnasjlp5.dll
C:\Users\Acasa\AppData\Local\Temp\fpnj4drq.dll
C:\Users\Acasa\AppData\Local\Temp\ft8rsqer.dll
C:\Users\Acasa\AppData\Local\Temp\ftsx3ezk.dll
C:\Users\Acasa\AppData\Local\Temp\g0w9eoxg.dll
C:\Users\Acasa\AppData\Local\Temp\g5k5e-9w.dll
C:\Users\Acasa\AppData\Local\Temp\gifzql-z.dll
C:\Users\Acasa\AppData\Local\Temp\guvtbhzz.dll
C:\Users\Acasa\AppData\Local\Temp\h1s96sv9.dll
C:\Users\Acasa\AppData\Local\Temp\h56jhdsb.dll
C:\Users\Acasa\AppData\Local\Temp\htmlayout.dll
C:\Users\Acasa\AppData\Local\Temp\hy7d3vmm.dll
C:\Users\Acasa\AppData\Local\Temp\ihnoifiw.dll
C:\Users\Acasa\AppData\Local\Temp\ijq7lgcl.dll
C:\Users\Acasa\AppData\Local\Temp\kcpgvhf9.dll
C:\Users\Acasa\AppData\Local\Temp\kijxmrfs.dll
C:\Users\Acasa\AppData\Local\Temp\kjuwex64.dll
C:\Users\Acasa\AppData\Local\Temp\kuuum4p4.dll
C:\Users\Acasa\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Acasa\AppData\Local\Temp\lxbfc1sw.dll
C:\Users\Acasa\AppData\Local\Temp\lzpwtun_.dll
C:\Users\Acasa\AppData\Local\Temp\msvcp90.dll
C:\Users\Acasa\AppData\Local\Temp\msvcr90.dll
C:\Users\Acasa\AppData\Local\Temp\mugrluiw.dll
C:\Users\Acasa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Acasa\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Acasa\AppData\Local\Temp\nvStInst.exe
C:\Users\Acasa\AppData\Local\Temp\nyotebyv.dll
C:\Users\Acasa\AppData\Local\Temp\nzptpdv4.dll
C:\Users\Acasa\AppData\Local\Temp\obdmzp54.dll
C:\Users\Acasa\AppData\Local\Temp\our5nsy8.dll
C:\Users\Acasa\AppData\Local\Temp\oxeuw1au.dll
C:\Users\Acasa\AppData\Local\Temp\pljtpyvs.dll
C:\Users\Acasa\AppData\Local\Temp\qa8wejyn.dll
C:\Users\Acasa\AppData\Local\Temp\raptr_stub.exe
C:\Users\Acasa\AppData\Local\Temp\reet4ysj.dll
C:\Users\Acasa\AppData\Local\Temp\rryhrric.dll
C:\Users\Acasa\AppData\Local\Temp\rzupj0bq.dll
C:\Users\Acasa\AppData\Local\Temp\s77feft1.dll
C:\Users\Acasa\AppData\Local\Temp\siinst.exe
C:\Users\Acasa\AppData\Local\Temp\sonarinst.exe
C:\Users\Acasa\AppData\Local\Temp\strings.dll
C:\Users\Acasa\AppData\Local\Temp\SymCCIS.dll
C:\Users\Acasa\AppData\Local\Temp\td5nzebh.dll
C:\Users\Acasa\AppData\Local\Temp\tmp737A.exe
C:\Users\Acasa\AppData\Local\Temp\tng_gn8s.dll
C:\Users\Acasa\AppData\Local\Temp\Tsu8C6AB709.dll
C:\Users\Acasa\AppData\Local\Temp\u1kudcys.dll
C:\Users\Acasa\AppData\Local\Temp\u2v7j9lv.dll
C:\Users\Acasa\AppData\Local\Temp\udngha5k.dll
C:\Users\Acasa\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Acasa\AppData\Local\Temp\winsvc.exe
C:\Users\Acasa\AppData\Local\Temp\wltcdkwj.dll
C:\Users\Acasa\AppData\Local\Temp\wulbtira.dll
C:\Users\Acasa\AppData\Local\Temp\x2blapi.dll
C:\Users\Acasa\AppData\Local\Temp\xbxgr7rb.dll
C:\Users\Acasa\AppData\Local\Temp\xhtjaoyh.dll
C:\Users\Acasa\AppData\Local\Temp\y2ab_htc.dll
C:\Users\Acasa\AppData\Local\Temp\yl-163nx.dll
C:\Users\Acasa\AppData\Local\Temp\yupo2wq1.dll
C:\Users\Acasa\AppData\Local\Temp\zozrn7_o.dll
C:\Users\Acasa\AppData\Local\Temp\zy0b8qdm.dll

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM Group Policy restriction on software: %appdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION => restored successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AF949550-9094-4807-95EC-D1C317803333}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
HKU\S-1-5-21-1758092551-1004065782-3080703647-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
C:\Users\Acasa\AppData\Roaming\Mozilla\Firefox\Profiles\t70glfz8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => moved successfully
C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Acasa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
AODDriver4.2.0 => service removed successfully
cpuz130 => service removed successfully
massfilter => service removed successfully
NVHDA => service removed successfully
nvlddmkm => service removed successfully
nvvad_WaveExtensible => service removed successfully
USBPNPA => service removed successfully
VGPU => service removed successfully
ZTEusbmdm6k => service removed successfully
ZTEusbnmea => service removed successfully
ZTEusbser6k => service removed successfully
"HKU\S-1-5-21-1758092551-1004065782-3080703647-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => key removed successfully
C:\Windows\MEMORY.DMP => moved successfully
C:\Users\HELP_DECRYPT.HTML => moved successfully
C:\Users\HELP_DECRYPT.TXT => moved successfully
C:\Users\HELP_DECRYPT.URL => moved successfully
C:\Users\Acasa\AppData\Local\Temp\0lazgdfj.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\0qdzvclp.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\1-61knae.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\1v_bdp8i.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\4jgvkba2.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\6ysdv9yt.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\6zsearjq.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\7hopbjhm.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\8pyxwnq7.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\8rjpl1d5.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\8x7xkgac.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\9rv7zqkb.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\adr0mxge.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\afwwcazs.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\ahq4vwg1.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\aiaaoxtf.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\amd-catalyst-15.7-without-dotnet45-win7-64bit.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\app.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\ARS.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\AutoDetectUtilApp.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\b_3j9lf6.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\can_goew.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\cc-updater1xtv.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\clwnnggx.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\csfwxkrn.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\cuj-c8xe.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\drafput4.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\eigy-1lw.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\Execute2App.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\f1solit5.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\fnasjlp5.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\fpnj4drq.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\ft8rsqer.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\ftsx3ezk.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\g0w9eoxg.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\g5k5e-9w.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\gifzql-z.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\guvtbhzz.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\h1s96sv9.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\h56jhdsb.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\htmlayout.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\hy7d3vmm.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\ihnoifiw.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\ijq7lgcl.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\kcpgvhf9.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\kijxmrfs.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\kjuwex64.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\kuuum4p4.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\LMkRstPt.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\lxbfc1sw.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\lzpwtun_.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\msvcp90.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\msvcr90.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\mugrluiw.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\nyotebyv.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\nzptpdv4.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\obdmzp54.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\our5nsy8.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\oxeuw1au.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\pljtpyvs.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\qa8wejyn.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\raptr_stub.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\reet4ysj.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\rryhrric.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\rzupj0bq.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\s77feft1.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\siinst.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\sonarinst.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\strings.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\SymCCIS.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\td5nzebh.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\tmp737A.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\tng_gn8s.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\Tsu8C6AB709.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\u1kudcys.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\u2v7j9lv.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\udngha5k.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\vlc-2.1.5-win32.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\winsvc.exe => moved successfully
C:\Users\Acasa\AppData\Local\Temp\wltcdkwj.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\wulbtira.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\x2blapi.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\xbxgr7rb.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\xhtjaoyh.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\y2ab_htc.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\yl-163nx.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\yupo2wq1.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\zozrn7_o.dll => moved successfully
C:\Users\Acasa\AppData\Local\Temp\zy0b8qdm.dll => moved successfully
EmptyTemp: => 10.6 GB temporary data Removed.

 

 

 

The problem with my files is still in action. I cannot open jpeg, avi, doc, etc files from my hard disk.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:40 PM

Posted 20 September 2015 - 07:01 AM

Quoted from my first post.

Other than paying the ransom if it's not too late there is nothing we can do to restore your files.
I know one thing I would not trust them, your call.


Unless you have a good backup of the files there is nothing we can do to restore them.

#9 mihaipiratu

mihaipiratu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 21 September 2015 - 12:45 PM

It there something to do? Or im loosing all my files?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:40 PM

Posted 22 September 2015 - 06:14 AM

Nothing can be done.

#11 mihaipiratu

mihaipiratu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 23 September 2015 - 07:42 AM

im thinking of paying the ransom, I can get unloked my files?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:40 PM

Posted 23 September 2015 - 01:03 PM

Your call but it may be too late.

On the other hand do you trust them?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:40 PM

Posted 29 September 2015 - 07:25 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users