Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

all files on external drive encryted and some on pc before stopped


  • This topic is locked This topic is locked
20 replies to this topic

#1 xboxman

xboxman

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 29 May 2016 - 07:24 AM

 case SHA1: 00aab1cb1b6a35cccbf943dd6bbea565517b2ba3

above is the case number i was given and i have been asked to come here and run farbar something or someone got nearly all my files encryted the other day when i was surfing the net and left loads of ransome notes on my external drive and this computer my anti virus did not detect anything it was i heard my external hard drive going when i was not using it so i turned everything off and here i am thanks for any help and time

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-05-2016
Ran by HOME USER (administrator) on PRIVATE-6B96FB2 (29-05-2016 12:36:04)
Running from C:\Documents and Settings\HOME USER\My Documents\Downloads
Loaded Profiles: HOME USER & UpdatusUser &  (Available Profiles: HOME USER & UpdatusUser & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Digital Wave Ltd.) C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\WINDOWS\StartupMonitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(MiTeC) C:\Program Files\MiTeC\Mail Checker\MAILCHECKER.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Run StartupMonitor] => C:\windows\StartupMonitor.exe [86016 2000-05-20] ()
HKLM\...\Run: [RTHDCPL] => C:\windows\RTHDCPL.EXE [16861184 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\windows\SOUNDMAN.EXE [577536 2007-04-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\windows\ALCWZRD.EXE [2808832 2010-01-12] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\windows\ALCMTR.EXE [69632 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [814608 2016-05-28] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236392 2015-10-23] (Eastman Kodak Company)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236392 2015-10-23] (Eastman Kodak Company)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-07-23] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-07-23] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 18 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-07-23] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D1316850-15AB-4400-A6F4-390EEF84AD0A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1275210071-1801674531-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1275210071-1801674531-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1275210071-1801674531-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
URLSearchHook: [S-1-5-21-1275210071-1801674531-682003330-1005] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-1275210071-1801674531-682003330-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1275210071-1801674531-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1275210071-1801674531-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1275210071-1801674531-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=GB&ver=20&locale=en_GB&gct=sb&qsrc=2869
SearchScopes: HKU\S-1-5-21-1275210071-1801674531-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=GB&ver=20&locale=en_GB&gct=sb&qsrc=2869
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
BHO: Freemake.YoutubeButton -> {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -> C:\windows\system32\mscoree.dll [2010-03-18] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1275210071-1801674531-682003330-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1275210071-1801674531-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} hxxp://homebase.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0065-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\HOME USER\Application Data\comter\landpa.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default
FF Homepage: www.google.co.uk
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-17] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1275210071-1801674531-682003330-1003: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-1275210071-1801674531-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC)
FF Plugin HKU\S-1-5-21-1275210071-1801674531-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\Guest\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [No File]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-26]
FF Extension: VKontakte.ru Видео Качалка - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\ffvkontaktevideo@chupakabr.ru.xpi [2016-05-26]
FF Extension: Karma Blocker - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\kabl@trac.arantius.com.xpi [2016-05-26]
FF Extension: KillJasmin - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\killjasmin@pierros14.com.xpi [2016-05-26]
FF Extension: Vkontakte Download - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\support@videoadd.ru.xpi [2016-05-26]
FF Extension: VKontakte.ru Downloader - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\vk@sergeykolosov.mp.xpi [2016-05-26]
FF Extension: PirateBay Search - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{259dbfcf-5f8a-4bbc-bfb0-5b4811b9c585}.xpi [2016-05-26]
FF Extension: tpblinksproxyconvertor - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{5a0daf82-060a-413e-999e-05329b59100b}.xpi [2016-05-26]
FF Extension: Flash Block - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2016-05-26]
FF Extension: Ant Video Downloader - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\anttoolbar@ant.com [2016-05-26]
FF Extension: FlashGot - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-05-26]
FF Extension: VK+OK Ads Block - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\Extensions\@vkokadsblock.xpi [2016-05-26]
FF Extension: Adblock Plus - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-01] [not signed]
FF HKU\S-1-5-21-1275210071-1801674531-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin => not found

Chrome:
=======
CHR HomePage: Default -> hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nxtad_16_11&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCzyyB0AyDtDyDyEzy0C0DyB0AtN0D0Tzu0StCyDtAyEtN1L2XzutAtFtCzytFtAtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0AyEyBtAtByDzztGyCyCyCyEtG0DtAtD0EtGyD0CyEtDtGyCyD0DzzyB0CzytBtBtAtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0A0CtCyE0E0DtGyByEyBtCtGyEzz0EtAtGzytA0E0DtG0D0A0ByEtAyEtA0F0F0C0D0F2QtN0A0LzutB%26cr%3D1107961814%26a%3Dwncy_nxtad_16_11%26os_ver%3D5.1%26os%3DWindows%2BXP
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nxtad_16_11&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCzyyB0AyDtDyDyEzy0C0DyB0AtN0D0Tzu0StCyDtAyEtN1L2XzutAtFtCzytFtAtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0AyEyBtAtByDzztGyCyCyCyEtG0DtAtD0EtGyD0CyEtDtGyCyD0DzzyB0CzytBtBtAtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0A0CtCyE0E0DtGyByEyBtCtGyEzz0EtAtGzytA0E0DtG0D0A0ByEtAyEtA0F0F0C0D0F2QtN0A0LzutB%26cr%3D1107961814%26a%3Dwncy_nxtad_16_11%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Freemake Video Downloader) - C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-09-25]
CHR Extension: (Freemake Youtube Download Button) - C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-10-24]
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-10-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [955712 2016-05-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [467016 2016-05-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [467016 2016-05-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1238968 2016-05-28] (Avira Operations GmbH & Co. KG)
R2 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-29] (Digital Wave Ltd.)
S4 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-12-12] (Ellora Assets Corp.) [File not signed]
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395240 2015-10-23] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-12-11] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9728 2009-06-15] (www.shadowexplorer.com) [File not signed]
R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [801888 2013-10-30] (Seagate)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [784256 2016-05-25] (Enigma Software Group USA, LLC.)
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\windows\System32\DRIVERS\AegisP.sys [21361 2013-10-14] (Cisco Systems, Inc.) [File not signed]
R1 AmdPPM; C:\windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 AnyDVD; C:\windows\System32\Drivers\AnyDVD.sys [120616 2013-11-26] (SlySoft, Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [109016 2016-05-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [137240 2016-05-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2016-05-28] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-05-25] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [19984 2016-05-25] ()
R2 fssfltr; C:\windows\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S3 HPZid412; C:\windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP)
S3 HPZipr12; C:\windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP)
S3 HPZius12; C:\windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP)
R3 IntcAzAudAddService; C:\windows\System32\drivers\RtkHDAud.sys [4707328 2010-01-12] (Realtek Semiconductor Corp.) [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-29] (Malwarebytes)
S3 motandroidusb; C:\windows\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)
S3 MotDev; C:\windows\System32\DRIVERS\motodrv.sys [42752 2013-03-19] (Motorola Inc)
S3 NdisIP; C:\windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 npf; C:\windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 NVENETFD; C:\windows\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 nvnetbus; C:\windows\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [10320 2013-09-30] ()
R1 SbFw; C:\windows\System32\drivers\SbFw.sys [337184 2012-09-20] (GFI Software)
S3 SBFWIMCL; C:\windows\System32\DRIVERS\sbfwim.sys [95488 2012-09-12] (GFI Software)
R3 SBFWIMCLMP; C:\windows\System32\DRIVERS\SBFWIM.sys [95488 2012-09-12] (GFI Software)
S3 sbhips; C:\windows\System32\drivers\sbhips.sys [94496 2012-09-20] (GFI Software)
R1 sbtis; C:\windows\System32\drivers\sbtis.sys [222368 2012-09-20] (GFI Software)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [31848 2016-05-28] (Avira Operations GmbH & Co. KG)
S3 tdrpman; C:\windows\System32\DRIVERS\tdrpman.sys [888640 2014-05-23] (Acronis International GmbH)
R0 tib; C:\windows\System32\DRIVERS\tib.sys [736192 2014-05-23] (Acronis International GmbH)
R0 tib_mounter; C:\windows\System32\DRIVERS\tib_mounter.sys [130488 2014-05-23] (Acronis)
R0 vididr; C:\windows\System32\DRIVERS\vididr.sys [116000 2014-05-23] (Acronis International GmbH)
R0 vidsflt; C:\windows\System32\DRIVERS\vidsflt.sys [85280 2014-05-23] (Acronis International GmbH)
S3 WNA3100M; C:\windows\System32\DRIVERS\WNA3100M.sys [1284712 2011-11-28] (NETGEAR Corporation                           )
U1 XTVFSRec; C:\windows\System32\drivers\XTVFSRec.sys [6144 2009-03-23] (PCBBC) [File not signed]
S3 catchme; \??\C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [X]
U5 ScsiPort; C:\windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 Trufos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 12:35 - 2016-05-29 12:36 - 00000000 ____D C:\FRST
2016-05-28 17:50 - 2016-05-28 17:50 - 00001828 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-05-28 16:54 - 2016-05-29 10:35 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-28 16:53 - 2016-05-28 16:53 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-28 16:53 - 2016-05-28 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-28 16:53 - 2016-05-28 16:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-05-28 16:53 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-05-28 16:53 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-05-28 14:50 - 2016-05-28 14:50 - 00090112 _____ C:\windows\Minidump\Mini052816-01.dmp
2016-05-28 11:34 - 2016-05-28 11:40 - 00002546 _____ C:\RannohDecryptor.1.9.1.1_28.05.2016_11.34.53_log.txt
2016-05-28 11:31 - 2016-05-28 11:34 - 00002614 _____ C:\RakhniDecryptor.1.15.10.0_28.05.2016_11.31.41_log.txt
2016-05-28 11:24 - 2016-05-28 11:26 - 00002342 _____ C:\RannohDecryptor.1.9.1.1_28.05.2016_11.24.53_log.txt
2016-05-28 11:23 - 2016-05-28 11:24 - 00002614 _____ C:\RakhniDecryptor.1.15.10.0_28.05.2016_11.23.57_log.txt
2016-05-28 10:43 - 2016-05-28 10:52 - 12109682 _____ C:\RectorDecryptor.2.7.0.0_28.05.2016_10.43.37_log.txt
2016-05-28 10:42 - 2016-05-28 10:43 - 00002614 _____ C:\RakhniDecryptor.1.15.10.0_28.05.2016_10.42.45_log.txt
2016-05-28 10:17 - 2016-05-28 10:17 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2016-05-28 10:01 - 2016-05-28 10:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2016-05-28 10:01 - 2016-05-28 10:01 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-28 09:50 - 2016-05-28 10:01 - 49543228 _____ C:\XoristDecryptor.2.4.0.0_28.05.2016_09.50.34_log.txt
2016-05-28 09:47 - 2016-05-28 09:48 - 00002342 _____ C:\RannohDecryptor.1.9.1.1_28.05.2016_09.47.07_log.txt
2016-05-28 09:46 - 2016-05-28 09:46 - 00003352 _____ C:\RakhniDecryptor.1.15.10.0_28.05.2016_09.46.04_log.txt
2016-05-28 09:44 - 2016-05-28 09:44 - 00000000 ____D C:\Documents and Settings\HOME USER\Local Settings\Application Data\www.shadowexplorer.com
2016-05-28 09:38 - 2016-05-28 09:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ShadowExplorer
2016-05-28 09:38 - 2016-05-28 09:38 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\www.shadowexplorer.com
2016-05-28 09:37 - 2016-05-28 20:05 - 00000000 ____D C:\Program Files\ShadowExplorer
2016-05-28 09:36 - 2016-05-28 09:37 - 00002356 _____ C:\RakhniDecryptor.1.15.10.0_28.05.2016_09.36.13_log.txt
2016-05-28 09:19 - 2016-05-28 09:35 - 00003460 _____ C:\RannohDecryptor.1.9.1.1_28.05.2016_09.19.02_log.txt
2016-05-27 18:00 - 2016-05-28 11:18 - 00137240 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2016-05-27 18:00 - 2016-05-28 08:58 - 00109016 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2016-05-27 18:00 - 2016-05-28 08:58 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2016-05-27 18:00 - 2016-05-28 08:58 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\ssmdrv.sys
2016-05-27 18:00 - 2016-05-27 18:00 - 00000000 ____D C:\Program Files\Avira
2016-05-27 14:20 - 2016-05-27 14:24 - 00000000 ____D C:\Documents and Settings\HOME USER\Local Settings\Application Data\UmmyVideoDownloader
2016-05-27 14:20 - 2016-05-27 14:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\UmmyVideoDownloader
2016-05-26 14:24 - 2016-05-26 14:24 - 00000000 ____D C:\Program Files\HD Youtube Downloader Free
2016-05-26 14:22 - 2016-05-26 14:22 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\HD Youtube Downloader Free
2016-05-26 12:44 - 2016-05-26 13:54 - 00000000 ____D C:\AdwCleaner
2016-05-26 11:05 - 2016-05-26 11:05 - 00002528 _____ C:\Documents and Settings\HOME USER\Application Data\$_hpcst$.hpc
2016-05-25 18:02 - 2016-05-25 18:02 - 00148400 _____ C:\windows\system32\FNTCACHE.DAT
2016-05-25 16:13 - 2016-05-25 16:13 - 00025408 _____ C:\Documents and Settings\HOME USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-05-25 16:03 - 2016-05-29 11:31 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\uTorrent
2016-05-25 13:30 - 2016-05-25 13:30 - 00000000 ____D C:\Program Files\ESET
2016-05-25 11:48 - 2016-05-25 11:48 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Enigma Software Group
2016-05-25 11:48 - 2016-05-25 11:48 - 00000000 _____ C:\autoexec.bat
2016-05-25 11:47 - 2016-05-25 11:47 - 00019984 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-05-25 11:47 - 2016-05-25 11:47 - 00000000 ____D C:\sh4ldr
2016-05-25 11:47 - 2016-05-25 11:47 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-25 11:47 - 2016-05-25 11:47 - 00000000 ____D C:\Documents and Settings\HOME USER\Start Menu\Programs\SpyHunter
2016-05-25 10:29 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\HOME USER\Read me now !.txt
2016-05-25 10:29 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\HOME USER\Application Data\Read me now !.txt
2016-05-25 10:29 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Guest\Start Menu\Read me now !.txt
2016-05-25 10:29 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Guest\My Documents\Read me now !.txt
2016-05-25 10:25 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Guest\Read me now !.txt
2016-05-25 10:25 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Guest\Local Settings\Read me now !.txt
2016-05-25 10:25 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Guest\Local Settings\Application Data\Read me now !.txt
2016-05-25 10:25 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Guest\Desktop\Read me now !.txt
2016-05-25 10:25 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Guest\Application Data\Read me now !.txt
2016-05-25 10:25 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Default User\Start Menu\Read me now !.txt
2016-05-25 10:25 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Default User\My Documents\Read me now !.txt
2016-05-25 10:24 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Default User\Read me now !.txt
2016-05-25 10:24 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Default User\Local Settings\Read me now !.txt
2016-05-25 10:24 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Default User\Local Settings\Application Data\Read me now !.txt
2016-05-25 10:24 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Default User\Desktop\Read me now !.txt
2016-05-25 10:24 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Default User\Application Data\Read me now !.txt
2016-05-25 10:24 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\All Users\Start Menu\Read me now !.txt
2016-05-25 10:19 - 2016-05-25 10:19 - 00000822 _____ C:\Read me now !.txt
2016-05-25 10:19 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Read me now !.txt
2016-05-25 10:19 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\All Users\Read me now !.txt
2016-05-25 10:19 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\All Users\Application Data\Read me now !.txt
2016-05-25 10:19 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Administrator\Read me now !.txt
2016-05-25 10:19 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Administrator\Local Settings\Read me now !.txt
2016-05-25 10:19 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\Read me now !.txt
2016-05-25 10:19 - 2016-05-25 10:19 - 00000822 _____ C:\Documents and Settings\Administrator\Application Data\Read me now !.txt
2016-05-06 09:58 - 2016-05-06 11:39 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 12:36 - 2012-11-06 16:07 - 00000000 ____D C:\Documents and Settings\HOME USER\Local Settings\Temp
2016-05-29 12:14 - 2014-02-14 18:47 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-29 12:07 - 2006-02-28 13:00 - 00000467 _____ C:\windows\system.ini
2016-05-29 11:15 - 2014-01-27 12:22 - 00067072 __SHC C:\windows\system32\dllcache\Thumbs.db
2016-05-29 10:38 - 2014-01-27 12:22 - 00005120 ___SH C:\windows\system32\Thumbs.db
2016-05-29 10:22 - 2014-04-06 18:24 - 00000000 ____D C:\windows\system32\NtmsData
2016-05-29 09:14 - 2014-02-14 18:47 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-29 08:44 - 2014-06-28 16:20 - 00000000 ____D C:\Temp
2016-05-29 08:44 - 2006-02-28 13:00 - 00013646 _____ C:\windows\system32\wpa.dbl
2016-05-29 08:43 - 2015-10-08 11:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kodak
2016-05-29 08:43 - 2012-11-06 16:07 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-28 22:15 - 2012-11-06 16:07 - 00032594 _____ C:\windows\SchedLgU.Txt
2016-05-28 22:14 - 2012-11-06 16:07 - 00000178 ___SH C:\Documents and Settings\HOME USER\ntuser.ini
2016-05-28 22:14 - 2012-11-06 16:07 - 00000000 ____D C:\Documents and Settings\HOME USER
2016-05-28 17:35 - 2012-11-06 17:28 - 00000000 ____D C:\windows\ShellNew
2016-05-28 15:57 - 2014-01-26 13:26 - 00013312 __SHC C:\windows\Thumbs.db
2016-05-28 14:50 - 2013-12-28 13:22 - 00000000 ____D C:\windows\Minidump
2016-05-28 11:22 - 2015-10-29 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2016-05-28 10:46 - 2014-02-26 16:54 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Skype
2016-05-28 10:45 - 2013-12-01 17:33 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\MailWasherPro
2016-05-28 10:45 - 2013-11-29 16:05 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\HpUpdate
2016-05-28 10:44 - 2013-11-10 14:17 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Azureus
2016-05-28 10:43 - 2014-12-24 21:17 - 00000000 ____D C:\ComboFix
2016-05-28 10:43 - 2012-11-06 17:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-05-28 09:13 - 2015-01-14 12:07 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Avira
2016-05-28 08:58 - 2015-01-14 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2016-05-27 21:04 - 2013-11-30 13:27 - 00653318 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-1801674531-682003330-1003-0.dat
2016-05-27 21:04 - 2013-11-30 13:26 - 00162438 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-05-27 18:25 - 2012-11-06 16:01 - 00000000 ____D C:\windows\Registration
2016-05-27 17:10 - 2015-01-27 19:49 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\Avira
2016-05-27 13:07 - 2013-09-06 17:00 - 00000000 ____D C:\Documents and Settings\HOME USER\My Documents\My Videos
2016-05-26 15:50 - 2014-04-02 20:10 - 00068608 __SHC C:\Documents and Settings\HOME USER\Desktop\Thumbs.db
2016-05-26 14:06 - 2006-02-28 13:00 - 00000507 _____ C:\windows\win.ini
2016-05-26 12:49 - 2016-04-14 11:32 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2016-05-26 12:49 - 2016-04-14 11:32 - 00000000 ____D C:\Documents and Settings\UpdatusUser
2016-05-26 11:39 - 2013-11-25 15:34 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\MPC-HC
2016-05-26 10:54 - 2015-01-05 13:45 - 00000000 ____D C:\Program Files\BRC2
2016-05-25 20:02 - 2016-03-14 11:27 - 00000000 ____D C:\Program Files\Repair Video Master
2016-05-25 19:58 - 2016-03-14 13:46 - 00000000 ____D C:\Documents and Settings\HOME USER\Local Settings\Application Data\{79AE4FF2-5D06-234A-309E-06A214F6FA3A}
2016-05-25 19:58 - 2016-03-14 13:46 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\comter
2016-05-25 18:00 - 2014-01-06 13:59 - 00262144 _____ C:\windows\system32\config\CaptureL.evt
2016-05-25 17:18 - 2016-04-14 11:32 - 00001608 _____ C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Remote Assistance.lnk
2016-05-25 16:37 - 2012-11-06 16:04 - 00001608 ____C C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2016-05-25 16:05 - 2013-11-25 16:36 - 00002661 _____ C:\Documents and Settings\HOME USER\Start Menu\µTorrent.lnk
2016-05-25 15:42 - 2013-11-25 16:35 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\uTor
2016-05-25 15:29 - 2012-11-08 15:22 - 00000000 ____D C:\Documents and Settings\HOME USER\UserData
2016-05-25 15:24 - 2015-10-19 11:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\tools
2016-05-25 14:49 - 2012-11-06 16:07 - 00000000 ____D C:\Documents and Settings\HOME USER\My Documents
2016-05-25 14:46 - 2014-01-06 22:21 - 27431402 ___SH C:\Documents and Settings\HOME USER\My Documents\Thumbs.db
2016-05-25 13:26 - 2015-01-05 13:38 - 00000000 ____D C:\Program Files\ChairGun4
2016-05-25 11:48 - 2012-11-06 15:41 - 00000000 ____D C:\windows\inf
2016-05-25 11:47 - 2014-01-27 12:23 - 00285747 _____ C:\shldr
2016-05-25 11:06 - 2014-05-06 14:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2016-05-25 10:32 - 2016-03-14 13:54 - 00000078 _____ C:\Documents and Settings\HOME USER\Application Data\Selection Tools.installation.log.id-778215456_
2016-05-25 10:32 - 2016-03-14 13:53 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Store
2016-05-25 10:32 - 2015-10-08 11:37 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Temp
2016-05-25 10:32 - 2015-08-27 14:56 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\One Click Root
2016-05-25 10:32 - 2015-07-03 11:00 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\TomTom
2016-05-25 10:32 - 2014-11-21 10:33 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\NCH Software
2016-05-25 10:32 - 2014-08-24 14:05 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Oracle
2016-05-25 10:32 - 2014-05-23 10:22 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Seagate
2016-05-25 10:32 - 2014-05-06 15:59 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Samsung
2016-05-25 10:32 - 2014-05-06 14:45 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Sony
2016-05-25 10:32 - 2013-11-29 22:15 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\pH-Mb
2016-05-25 10:32 - 2013-11-29 20:38 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Sun
2016-05-25 10:32 - 2013-11-27 16:52 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\OpenOffice
2016-05-25 10:32 - 2013-04-26 16:20 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\My Games
2016-05-25 10:32 - 2012-11-06 17:48 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\TuneUp Software
2016-05-25 10:31 - 2014-12-31 17:48 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Mozilla
2016-05-25 10:31 - 2014-10-22 18:10 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\MiTeC
2016-05-25 10:31 - 2014-06-28 16:20 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Motorola Mobility
2016-05-25 10:31 - 2014-06-28 16:13 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Motorola
2016-05-25 10:31 - 2012-11-06 17:27 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Microsoft Web Folders
2016-05-25 10:30 - 2015-10-06 19:02 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\MAGIX
2016-05-25 10:30 - 2015-08-31 11:10 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\FreeHideIP
2016-05-25 10:30 - 2014-05-01 20:12 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\GRETECH
2016-05-25 10:30 - 2013-12-01 20:34 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\HandBrake
2016-05-25 10:30 - 2013-11-28 16:09 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\HP
2016-05-25 10:30 - 2013-07-16 14:31 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Macromedia
2016-05-25 10:30 - 2013-04-26 14:49 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\fltk.org
2016-05-25 10:30 - 2013-04-26 14:48 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\flightgear.org
2016-05-25 10:29 - 2015-11-21 15:48 - 00000000 ____D C:\Documents and Settings\Guest\My Documents\RocketLifeNetwork
2016-05-25 10:29 - 2015-10-06 17:57 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\BANDISOFT
2016-05-25 10:29 - 2015-09-07 14:52 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\EasyDuplicateFinder
2016-05-25 10:29 - 2015-07-30 17:18 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\AdbDriverInstaller
2016-05-25 10:29 - 2014-12-30 16:55 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\ElevatedDiagnostics
2016-05-25 10:29 - 2014-12-24 23:31 - 00005120 ____C C:\Documents and Settings\Guest\My Documents\Thumbs.db.id-778215456_
2016-05-25 10:29 - 2014-12-11 22:46 - 00000000 ____D C:\Documents and Settings\Guest\My Documents\My Webs
2016-05-25 10:29 - 2014-11-21 10:22 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\BBCiPlayerDownloads
2016-05-25 10:29 - 2014-09-15 10:36 - 00002528 ____C C:\Documents and Settings\HOME USER\Application Data\$_hpcst$.hpc.id-778215456_
2016-05-25 10:29 - 2014-06-27 11:47 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Boilsoft
2016-05-25 10:29 - 2014-01-25 11:41 - 00032924 ____C C:\Documents and Settings\HOME USER\Application Data\Bubble Dock.installation.log.id-778215456_
2016-05-25 10:29 - 2014-01-25 11:41 - 00003787 ____C C:\Documents and Settings\HOME USER\Application Data\Bubble Dock.boostrap.log.id-778215456_
2016-05-25 10:29 - 2014-01-25 11:04 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Digiarty
2016-05-25 10:29 - 2014-01-25 10:46 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\dvdcss
2016-05-25 10:29 - 2013-12-05 17:43 - 00000000 ____D C:\Documents and Settings\Guest\My Documents\curt hwk
2016-05-25 10:29 - 2013-12-02 12:55 - 00000000 ____D C:\Documents and Settings\Guest\PrivacIE
2016-05-25 10:29 - 2013-12-02 12:53 - 00000076 _____ C:\Documents and Settings\Guest\My Documents\desktop.ini.id-778215456_
2016-05-25 10:29 - 2013-12-02 12:53 - 00000062 _____ C:\Documents and Settings\Guest\Start Menu\desktop.ini.id-778215456_
2016-05-25 10:29 - 2013-12-02 12:53 - 00000000 ____D C:\Documents and Settings\Guest\My Documents\My Pictures
2016-05-25 10:29 - 2013-12-02 12:53 - 00000000 ____D C:\Documents and Settings\Guest\My Documents\My Music
2016-05-25 10:29 - 2013-12-02 12:53 - 00000000 ____D C:\Documents and Settings\Guest\My Documents
2016-05-25 10:29 - 2013-12-02 12:53 - 00000000 ____D C:\Documents and Settings\Guest
2016-05-25 10:29 - 2013-12-01 17:53 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\DVDVideoSoft
2016-05-25 10:29 - 2013-12-01 17:46 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Firetrust
2016-05-25 10:29 - 2013-10-14 13:32 - 00000000 ____D C:\Documents and Settings\HOME USER\Application Data\Adobe
2016-05-25 10:29 - 2012-11-06 16:07 - 00000062 _____ C:\Documents and Settings\HOME USER\Application Data\desktop.ini.id-778215456_
2016-05-25 10:27 - 2016-02-03 23:21 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla
2016-05-25 10:27 - 2013-12-02 13:01 - 04317212 ____C C:\Documents and Settings\Guest\Local Settings\Application Data\IconCache.db.id-778215456_
2016-05-25 10:27 - 2013-12-02 12:53 - 00000062 ____C C:\Documents and Settings\Guest\Local Settings\desktop.ini.id-778215456_
2016-05-25 10:27 - 2013-12-02 12:53 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Temp
2016-05-25 10:25 - 2016-02-03 23:21 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\WinRAR
2016-05-25 10:25 - 2016-02-03 23:21 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\Mozilla
2016-05-25 10:25 - 2016-01-10 22:58 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\DVDVideoSoft
2016-05-25 10:25 - 2015-11-21 15:46 - 29760376 _____ C:\Documents and Settings\Guest\Desktop\PrintProjects.exe.id-778215456_
2016-05-25 10:25 - 2015-11-21 15:46 - 00001960 _____ C:\Documents and Settings\Guest\Desktop\PrintProjects.lnk.id-778215456_
2016-05-25 10:25 - 2015-11-21 15:46 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\Visan
2016-05-25 10:25 - 2015-11-21 15:46 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\PrintProjects
2016-05-25 10:25 - 2015-11-21 15:14 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\Eastman_Kodak_Company
2016-05-25 10:25 - 2015-11-13 11:06 - 00002546 _____ C:\Documents and Settings\Default User\Local Settings\Application Data\installer.log.id-778215456_
2016-05-25 10:25 - 2015-11-13 11:05 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Application Data\Eastman_Kodak_Company
2016-05-25 10:25 - 2015-10-18 12:58 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\Eastman Kodak Company
2016-05-25 10:25 - 2015-10-18 12:08 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\CalendarTool
2016-05-25 10:25 - 2014-10-27 12:09 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\OpenOffice
2016-05-25 10:25 - 2014-09-01 13:41 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\Motorola Mobility
2016-05-25 10:25 - 2014-06-13 10:56 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\Adobe
2016-05-25 10:25 - 2014-06-10 15:46 - 00000000 ____D C:\Documents and Settings\Guest\IECompatCache
2016-05-25 10:25 - 2013-12-18 16:35 - 00001822 ____C C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk.id-778215456_
2016-05-25 10:25 - 2013-12-18 16:35 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2016-05-25 10:25 - 2013-12-02 12:58 - 00025408 ____C C:\Documents and Settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT.id-778215456_
2016-05-25 10:25 - 2013-12-02 12:58 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\Deployment
2016-05-25 10:25 - 2013-12-02 12:55 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\Macromedia
2016-05-25 10:25 - 2013-12-02 12:55 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\Adobe
2016-05-25 10:25 - 2013-12-02 12:53 - 00000062 ____C C:\Documents and Settings\Guest\Application Data\desktop.ini.id-778215456_
2016-05-25 10:25 - 2013-12-02 12:53 - 00000000 ____D C:\Documents and Settings\Guest\IETldCache
2016-05-25 10:25 - 2013-12-02 12:53 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\TuneUp Software
2016-05-25 10:25 - 2012-11-06 15:47 - 00000062 ____C C:\Documents and Settings\Default User\Local Settings\desktop.ini.id-778215456_
2016-05-25 10:25 - 2012-11-06 15:47 - 00000062 _____ C:\Documents and Settings\Default User\Start Menu\desktop.ini.id-778215456_
2016-05-25 10:25 - 2012-11-06 15:47 - 00000000 ____D C:\Documents and Settings\Default User\My Documents
2016-05-25 10:25 - 2012-11-06 15:47 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Temp
2016-05-25 10:24 - 2015-11-13 10:49 - 00800824 _____ C:\Documents and Settings\Default User\Application Data\DPInst.exe.id-778215456_
2016-05-25 10:24 - 2015-11-13 10:49 - 00106496 _____ C:\Documents and Settings\Default User\Application Data\gacutil.exe.id-778215456_
2016-05-25 10:24 - 2015-11-13 10:49 - 00036352 _____ C:\Documents and Settings\Default User\Application Data\PnPutil.exe.id-778215456_
2016-05-25 10:24 - 2015-11-13 10:49 - 00000181 _____ C:\Documents and Settings\Default User\Application Data\gacutil.exe.config.id-778215456_
2016-05-25 10:24 - 2015-11-13 10:49 - 00000000 ____D C:\Documents and Settings\Default User\Application Data\Temp
2016-05-25 10:24 - 2015-11-13 10:49 - 00000000 ____D C:\Documents and Settings\Default User\Application Data\KODAK AiO Home Center1712211210
2016-05-25 10:24 - 2015-10-08 11:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Visan
2016-05-25 10:24 - 2015-10-08 11:40 - 00000000 ____D C:\Documents and Settings\All Users\Kodak
2016-05-25 10:24 - 2015-10-05 14:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-05-25 10:24 - 2015-07-03 11:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TomTom
2016-05-25 10:24 - 2014-11-20 19:02 - 00000000 ____D C:\Documents and Settings\All Users\get_iplayer
2016-05-25 10:24 - 2013-11-29 20:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sun
2016-05-25 10:24 - 2013-11-28 15:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WEBREG
2016-05-25 10:24 - 2013-01-30 15:24 - 00000000 ____D C:\Documents and Settings\Default User\Application Data\TuneUp Software
2016-05-25 10:24 - 2012-11-06 17:29 - 00002002 _____ C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk.id-778215456_
2016-05-25 10:24 - 2012-11-06 17:29 - 00001992 _____ C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk.id-778215456_
2016-05-25 10:24 - 2012-11-06 16:04 - 00001572 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk.id-778215456_
2016-05-25 10:24 - 2012-11-06 16:03 - 00000000 ____D C:\Documents and Settings\All Users\DRM
2016-05-25 10:24 - 2012-11-06 15:47 - 00000272 _____ C:\Documents and Settings\All Users\Start Menu\desktop.ini.id-778215456_
2016-05-25 10:24 - 2012-11-06 15:47 - 00000062 _____ C:\Documents and Settings\Default User\Application Data\desktop.ini.id-778215456_
2016-05-25 10:24 - 2012-11-06 15:47 - 00000000 ____D C:\Documents and Settings\Default User
2016-05-25 10:23 - 2014-05-06 14:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sony Corporation
2016-05-25 10:23 - 2014-05-06 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sony Mobile
2016-05-25 10:23 - 2014-05-06 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sony
2016-05-25 10:23 - 2014-02-26 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-05-25 10:23 - 2014-01-25 11:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SlySoft
2016-05-25 10:22 - 2016-04-14 11:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2016-05-25 10:22 - 2015-10-08 11:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PrintProjects
2016-05-25 10:22 - 2015-10-06 19:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MAGIX
2016-05-25 10:22 - 2015-08-31 11:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FreeHideIP
2016-05-25 10:22 - 2015-02-02 16:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2016-05-25 10:22 - 2014-12-31 17:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2016-05-25 10:22 - 2014-11-21 10:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NCH Software
2016-05-25 10:22 - 2014-08-24 14:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA
2016-05-25 10:22 - 2014-06-28 16:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Motorola
2016-05-25 10:22 - 2014-05-23 09:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Seagate
2016-05-25 10:22 - 2014-05-06 15:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2016-05-25 10:22 - 2014-05-01 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\GRETECH
2016-05-25 10:22 - 2014-01-30 12:59 - 00015499 ____C C:\Documents and Settings\All Users\Application Data\hpzinstall.log.id-778215456_
2016-05-25 10:22 - 2014-01-06 13:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Freemake
2016-05-25 10:22 - 2013-11-29 20:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2016-05-25 10:22 - 2013-11-28 15:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2016-05-25 10:22 - 2013-11-28 15:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2016-05-25 10:22 - 2013-10-14 12:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2016-05-25 10:22 - 2013-10-14 12:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NortonInstaller
2016-05-25 10:22 - 2013-04-26 14:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\fltk.org
2016-05-25 10:22 - 2013-04-26 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\flightgear.org
2016-05-25 10:21 - 2015-09-07 14:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Easy Duplicate Finder
2016-05-25 10:21 - 2014-10-15 17:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BullGuard
2016-05-25 10:21 - 2014-01-25 11:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DVD Shrink
2016-05-25 10:21 - 2013-12-01 17:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Firetrust
2016-05-25 10:21 - 2012-11-06 17:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CyberLink
2016-05-25 10:19 - 2016-01-12 00:07 - 00001610 _____ C:\app_updater.log.id-778215456_
2016-05-25 10:19 - 2014-12-24 20:02 - 00000000 ____D C:\Documents and Settings\Administrator\IETldCache
2016-05-25 10:19 - 2014-12-24 20:00 - 00000000 ____D C:\Documents and Settings\Administrator
2016-05-25 10:19 - 2014-05-23 09:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Acronis
2016-05-25 10:19 - 2013-11-28 19:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2016-05-25 10:19 - 2013-07-16 14:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avanquest Software
2016-05-25 10:19 - 2012-11-06 15:47 - 00000000 ____D C:\Documents and Settings\All Users
2016-05-25 10:19 - 2012-11-06 15:47 - 00000000 ____D C:\Documents and Settings
2016-05-17 14:37 - 2013-12-01 17:29 - 00000000 ____D C:\Program Files\Unlocker
2016-05-17 10:03 - 2014-11-04 22:31 - 00000000 ____D C:\Documents and Settings\HOME USER\My Documents\MY PHOTOS
2016-05-17 07:48 - 2013-10-14 13:32 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-05-17 07:48 - 2013-10-14 13:32 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-05-17 07:48 - 2013-10-14 13:32 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-05-11 09:44 - 2013-09-06 16:37 - 00000000 ____D C:\windows\system32\MRT
2016-05-11 09:08 - 2012-11-08 16:00 - 136686448 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-05-07 09:57 - 2016-04-05 12:26 - 00000664 _____ C:\windows\system32\d3d9caps.dat
2016-05-07 07:57 - 2014-12-31 17:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2012-11-06 17:31 - 2012-11-06 17:29 - 0002022 _____ () C:\Program Files\Microsoft Word.lnk
2016-05-26 11:05 - 2016-05-26 11:05 - 0002528 _____ () C:\Documents and Settings\HOME USER\Application Data\$_hpcst$.hpc
2014-09-15 10:36 - 2016-05-25 10:29 - 0002528 ____C () C:\Documents and Settings\HOME USER\Application Data\$_hpcst$.hpc.id-778215456_
2014-01-25 11:41 - 2016-05-25 10:29 - 0003787 ____C () C:\Documents and Settings\HOME USER\Application Data\Bubble Dock.boostrap.log.id-778215456_
2014-01-25 11:41 - 2016-05-25 10:29 - 0032924 ____C () C:\Documents and Settings\HOME USER\Application Data\Bubble Dock.installation.log.id-778215456_
2016-05-25 10:29 - 2016-05-25 10:19 - 0000822 _____ () C:\Documents and Settings\HOME USER\Application Data\Read me now !.txt
2016-03-14 13:54 - 2016-05-25 10:32 - 0000078 _____ () C:\Documents and Settings\HOME USER\Application Data\Selection Tools.installation.log.id-778215456_
2014-03-13 12:22 - 2014-03-14 12:21 - 0000088 ____C () C:\Documents and Settings\HOME USER\Application Data\WB.CFG
2016-05-25 10:30 - 2016-05-25 10:19 - 0000822 _____ () C:\Documents and Settings\HOME USER\Application Data\Microsoft\Read me now !.txt
2013-10-26 19:14 - 2013-10-26 19:14 - 0006144 ____C () C:\Documents and Settings\HOME USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-24 17:36 - 2014-12-24 17:36 - 0000036 ____C () C:\Documents and Settings\HOME USER\Local Settings\Application Data\housecall.guid.cache
2015-11-13 11:07 - 2015-11-13 11:07 - 0003178 _____ () C:\Documents and Settings\HOME USER\Local Settings\Application Data\installer.log
2015-10-08 11:46 - 2015-10-08 11:46 - 0000230 _____ () C:\Documents and Settings\HOME USER\Local Settings\Application Data\LaunchHomeCenter.log
2016-05-25 10:19 - 2016-05-25 10:19 - 0000822 _____ () C:\Documents and Settings\All Users\Read me now !.txt
2014-01-30 12:59 - 2016-05-25 10:22 - 0015499 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log.id-778215456_
2016-05-25 10:19 - 2016-05-25 10:19 - 0000822 _____ () C:\Documents and Settings\All Users\Application Data\Read me now !.txt

Some files in TEMP:
====================
C:\Documents and Settings\Guest\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\HOME USER\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\HOME USER\Local Settings\Temp\i4jdel0.exe
C:\Documents and Settings\HOME USER\Local Settings\Temp\libeay32.dll
C:\Documents and Settings\HOME USER\Local Settings\Temp\msvcr120.dll
C:\Documents and Settings\HOME USER\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:37 AM

Posted 29 May 2016 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You may be in luck. Download and run this Kaspersky tool.
Kaspersky RannohDecryptor.
http://www.majorgeeks.com/mg/get/kaspersky_rannohdecryptor,1.htmli

Follow the instructions on the page.
===

Clean your logs.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-1275210071-1801674531-682003330-1005] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-1275210071-1801674531-682003330-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
Toolbar: HKU\S-1-5-21-1275210071-1801674531-682003330-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1275210071-1801674531-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0065-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\HOME USER\Application Data\comter\landpa.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin HKU\S-1-5-21-1275210071-1801674531-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\Guest\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [No File]
FF Extension: PirateBay Search - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{259dbfcf-5f8a-4bbc-bfb0-5b4811b9c585}.xpi [2016-05-26]
FF Extension: tpblinksproxyconvertor - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{5a0daf82-060a-413e-999e-05329b59100b}.xpi [2016-05-26]
FF HKU\S-1-5-21-1275210071-1801674531-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin => not found
CHR Extension: (Freemake Video Downloader) - C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-09-25]
CHR Extension: (Freemake Youtube Download Button) - C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-10-24]
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-10-24]
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S3 catchme; \??\C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [X]
S3 Trufos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys [X]
CustomCLSID: HKU\S-1-5-21-1275210071-1801674531-682003330-1003_Classes\CLSID\{3050f406-98b5-11cf-bb82-00aa00bdce0b}\InprocServer32 -> C:\Documents and Settings\HOME USER\Application Data\comter\landpa.dll => No File <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:753C01E7 [140]
C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{259dbfcf-5f8a-4bbc-bfb0-5b4811b9c585}.xpi
C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{5a0daf82-060a-413e-999e-05329b59100b}.xp
C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

On a side note.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java™ SE Development Kit 6 Update 23 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160230}) (Version: 1.6.0.230 - Oracle)

Please let me know what problem persists with this computer.

#3 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 30 May 2016 - 03:25 AM

ok thank you just got your message will now go and try what you recommeded and let you know how it went and upload results thanks for your time and help



#4 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 30 May 2016 - 03:41 AM

 

 

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You may be in luck. Download and run this Kaspersky tool.
Kaspersky RannohDecryptor.
http://www.majorgeeks.com/mg/get/kaspersky_rannohdecryptor,1.htmli

Follow the instructions on the page.
===

Clean your logs.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-1275210071-1801674531-682003330-1005] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-1275210071-1801674531-682003330-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
Toolbar: HKU\S-1-5-21-1275210071-1801674531-682003330-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1275210071-1801674531-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0065-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_65-windows-i586.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\HOME USER\Application Data\comter\landpa.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin HKU\S-1-5-21-1275210071-1801674531-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Documents and Settings\Guest\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [No File]
FF Extension: PirateBay Search - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{259dbfcf-5f8a-4bbc-bfb0-5b4811b9c585}.xpi [2016-05-26]
FF Extension: tpblinksproxyconvertor - C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{5a0daf82-060a-413e-999e-05329b59100b}.xpi [2016-05-26]
FF HKU\S-1-5-21-1275210071-1801674531-682003330-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin => not found
CHR Extension: (Freemake Video Downloader) - C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2014-09-25]
CHR Extension: (Freemake Youtube Download Button) - C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2014-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-11]
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-10-24]
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-10-24]
S2 Avira.ServiceHost; "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" [X]
S3 catchme; \??\C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [X]
S3 Trufos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys [X]
CustomCLSID: HKU\S-1-5-21-1275210071-1801674531-682003330-1003_Classes\CLSID\{3050f406-98b5-11cf-bb82-00aa00bdce0b}\InprocServer32 -> C:\Documents and Settings\HOME USER\Application Data\comter\landpa.dll => No File <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:753C01E7 [140]
C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{259dbfcf-5f8a-4bbc-bfb0-5b4811b9c585}.xpi
C:\Documents and Settings\HOME USER\Application Data\Mozilla\Firefox\Profiles\8kpyljce.default\extensions\{5a0daf82-060a-413e-999e-05329b59100b}.xp
C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
C:\Documents and Settings\HOME USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

On a side note.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java™ SE Development Kit 6 Update 23 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160230}) (Version: 1.6.0.230 - Oracle)

Please let me know what problem persists with this computer.

 

ok  thankyou


Edited by xboxman, 30 May 2016 - 04:32 AM.


#5 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 30 May 2016 - 04:33 AM

 

ok here is the fixlog thankyou ps i tried RannohDecryptor it opens up and asks for the path to the encryted file i go to where they are and pick one then click open then another box opens and says original copy of the specified file is required for successful decryption you need to specify the path to this origanal copy after pressing the button continue so i do this another box opens i select the origanal file click open and nothing happens just wants to start over again

duration 00.00.15

processed 0 objects nothing in details

found 0

decrypted 0

is it because i have a old computer running xp thanks for all your time and help

Attached Files


Edited by xboxman, 30 May 2016 - 04:54 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:37 AM

Posted 30 May 2016 - 08:20 AM

The instructions are to
You simply need to select the drives you want to scan, and Kaspersky RannohDecryptor will start analyzing and cleaning them Read more at: https://tr.im/RFSOv

All you need is to select the drive(s).

I found this tutorial it may help you.
http://www.precisesecurity.com/tools-resources/threat-removal-procedure/rannohdecryptor#

Keep me posted.

#7 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 30 May 2016 - 12:38 PM

 

 

The instructions are to
You simply need to select the drives you want to scan, and Kaspersky RannohDecryptor will start analyzing and cleaning them Read more at: https://tr.im/RFSOv

All you need is to select the drive(s).

I found this tutorial it may help you.
http://www.precisesecurity.com/tools-resources/threat-removal-procedure/rannohdecryptor#

Keep me posted.

ok thankyou i will try that and update you once again thanks for your time and help



#8 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 30 May 2016 - 12:49 PM

The instructions are to
You simply need to select the drives you want to scan, and Kaspersky RannohDecryptor will start analyzing and cleaning them Read more at: https://tr.im/RFSOv

All you need is to select the drive(s).

I found this tutorial it may help you.
http://www.precisesecurity.com/tools-resources/threat-removal-procedure/rannohdecryptor#

Keep me posted.

tried that still does the same nothing i must not have origanal file but i thought it was



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:37 AM

Posted 31 May 2016 - 07:21 AM

Too bad.

How is the computer running?

#10 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 31 May 2016 - 08:00 AM

 

 

Too bad.

How is the computer running?

fine i think anti virus is not saying anything it just encrypted a few files on here put did all my external drive files thanks for you help


Edited by xboxman, 31 May 2016 - 08:02 AM.


#11 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 31 May 2016 - 08:06 AM

 

 

Too bad.

How is the computer running?

i was wondering if there is a program that might find what it did or if it left a keyfile password something to unencrypt the file or a clue thanks for your time and help



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:37 AM

Posted 31 May 2016 - 08:41 AM

Not that I know.

If you can keep your compromised files in a flash driver.
May be in the future someone will find a solution.

#13 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 01 June 2016 - 05:36 AM

 

update email reply from the ransom bandits

 

To: provectus@protonmail.com
Re: encrypted files

Hello! The cost of the decoder for you is 1000 (€) euro in bitcoins, for

a guarantee of existence the recovery program at us you can send

the test file for decoding, after decoding of the test file we will send you

requisites for payment of the decoder, and after payment the instruction

on decoding and the decoder.

 

Test file in attach, send details for payment?

and the same reply and file from

To: support@juicylemon.biz
Re: encrypted files

Hello! The cost of the decoder for you is 1000 (€) euro in bitcoins, for
a guarantee of existence  the recovery program at us you can send the
test file for decoding, after decoding of the test file we will send you
requisites for payment of the decoder, and after payment the instruction
on decoding and the decoder.

Test file in attach, send details for payment?

i have included all files in zip if this helps someone to help me thanks for your time and help
 

 

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,233 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:37 AM

Posted 01 June 2016 - 09:03 AM

I cannot do anything with this information.

#15 xboxman

xboxman
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 01 June 2016 - 09:14 AM

 

 

I cannot do anything with this information.

ok thankyou for all your help how was the fixlog.txt i sent up after running the fixlist.txt did it reveal anything thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users