Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, Help Documents and settings LOCKED, almost all folders are locked


  • This topic is locked This topic is locked
3 replies to this topic

#1 sweetmisslatin

sweetmisslatin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Guatemala
  • Local time:07:51 PM

Posted 01 August 2016 - 03:25 PM

Dear Forum BleepingComputer:

 

My computer has starter acting weird and I am not able to open some files or folder on my windows 8 computer.  I am now on safe mode, but unable to proceed as what to do.

Now I cannot access basic folders like:

c:/documents and settings
c:/users / owner / *.* almost all folders here are locked

All of the above folders have changed their icon to show that they are now shortcuts and I have tried to change permissions as the admin, but it still locks me out somehow?

I have a log Farbar Recovery Scan Tool....Can anyone out there help?

 

Maria Ram

Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Administrador (administrator) on MARIGLOBAL (01-08-2016 14:01:25)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrador (Available Profiles: Maria Ramirez & Administrador)
Platform: Windows 8 Single Language (X64) Language: Español (España, internacional)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Trend Micro Inc.) C:\Users\Administrator\Desktop\HijackThis.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13219984 2012-11-06] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-26] (Bitcasa, Inc)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-12-09] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {F0FA07C1-F4A4-406A-A06F-74750D71638F} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2012-08-05] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-08-05] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {F0FA07C1-F4A4-406A-A06F-74750D71638F} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2012-08-05] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-08-05] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.230.147.90 216.230.128.3
Tcpip\..\Interfaces\{11CE6D27-442F-4053-AF73-E3A6C0095439}: [DhcpNameServer] 216.230.147.90 216.230.128.3
Tcpip\..\Interfaces\{648A5217-091B-4FA4-BA2F-1999131B3032}: [DhcpNameServer] 216.230.147.90 216.230.128.3

Internet Explorer:
==================
HKU\S-1-5-21-3199544227-3484403888-1543173916-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKU\S-1-5-21-3199544227-3484403888-1543173916-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-29] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-10-31] (Qualcomm Atheros Commnucations)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-29] (Microsoft Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-29] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2015-12-14] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2015-12-14] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xntytt24.default
FF Homepage: hxxps://www.google.com.gt/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-18] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3199544227-3484403888-1543173916-500: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-07-13] (Intel)
FF Extension: Gmail™ Notifier Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xntytt24.default\Extensions\jid1-sqmEAwSoa3FZPc@jetpack.xpi [2016-07-30]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\xntytt24.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-05] (Adobe Systems Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) [File not signed]
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950848 2016-07-04] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.) [File not signed]
S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2762880 2016-04-21] (AnchorFree Inc.)
S4 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-04-21] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S4 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-11-12] (Anchorfree Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-01 14:01 - 2016-08-01 14:02 - 00014868 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-08-01 14:00 - 2016-08-01 14:01 - 00000000 ____D C:\FRST
2016-08-01 13:58 - 2016-08-01 13:58 - 02394112 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-08-01 13:42 - 2016-08-01 13:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.scr
2016-08-01 13:42 - 2016-08-01 13:42 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.com
2016-08-01 12:48 - 2016-08-01 12:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\LockHunter
2016-08-01 12:48 - 2016-08-01 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2016-08-01 12:48 - 2016-08-01 12:48 - 00000000 ____D C:\Program Files\LockHunter
2016-08-01 12:46 - 2016-08-01 12:46 - 03029032 _____ (Crystal Rich Ltd ) C:\Users\Administrator\Desktop\lockhuntersetup_3-1-1.exe
2016-08-01 12:16 - 2016-08-01 12:16 - 00017721 _____ C:\Users\Administrator\Desktop\attach.txt
2016-08-01 12:16 - 2016-08-01 12:15 - 00016065 _____ C:\Users\Administrator\Desktop\dds.txt
2016-08-01 12:12 - 2016-08-01 12:12 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2016-08-01 12:06 - 2016-08-01 12:06 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
2016-08-01 11:09 - 2016-08-01 11:09 - 00023342 _____ C:\Users\Administrator\Desktop\hijackthis.log 2.txt
2016-07-31 18:10 - 2016-07-31 18:10 - 03712064 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2016-07-31 18:09 - 2016-07-31 18:09 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2016-07-31 18:07 - 2016-07-31 18:07 - 05659746 _____ (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2016-07-31 08:26 - 2016-07-31 08:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe
2016-07-31 08:19 - 2016-07-31 08:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Desktop\HijackThis.exe
2016-07-31 08:17 - 2016-06-03 08:04 - 18329000 _____ (Trend Micro Inc.) C:\Users\Administrator\Desktop\TeslacryptDecryptor 1.0.1569 MUI.exe
2016-07-31 08:16 - 2016-07-31 08:16 - 18163566 _____ C:\Users\Administrator\Downloads\TeslacryptDecryptor 1.0.1569 MUI.zip
2016-07-31 08:15 - 2016-07-31 08:15 - 10395510 _____ C:\Users\Administrator\Downloads\RansomwareFileDecryptor 1.0.1622 MUI.zip
2016-07-31 08:15 - 2016-07-31 08:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2016-07-31 08:15 - 2016-07-29 07:47 - 10554016 _____ (Trend Micro Inc.) C:\Users\Administrator\Desktop\RansomwareFileDecryptor 1.0.1622 MUI.exe
2016-07-31 08:03 - 2016-07-31 08:03 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe
2016-07-30 19:58 - 2016-07-30 19:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-07-30 19:58 - 2016-07-30 19:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2016-07-30 19:36 - 2016-07-30 19:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2016-07-30 19:36 - 2016-07-30 19:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2016-07-30 19:27 - 2016-07-30 19:27 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3199544227-3484403888-1543173916-500
2016-07-30 19:26 - 2016-07-30 19:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics
2016-07-30 15:29 - 2016-07-30 15:29 - 00000891 _____ C:\Users\Public\Desktop\Winaero Tweaker.lnk
2016-07-30 15:29 - 2016-07-30 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winaero Tweaker
2016-07-30 15:29 - 2016-07-30 15:29 - 00000000 ____D C:\Program Files\Winaero Tweaker
2016-07-29 08:44 - 2016-07-29 08:44 - 00000000 ____D C:\Program Files\iTunes
2016-07-29 08:44 - 2016-07-29 08:44 - 00000000 ____D C:\Program Files\iPod
2016-07-29 08:44 - 2016-07-29 08:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-07-23 07:53 - 2016-07-29 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-07-17 10:38 - 2016-07-17 10:38 - 00001766 _____ C:\Users\Maria Ramirez\Documents\reseting TPMS ford explorer.txt
2016-07-05 15:35 - 2016-07-05 15:35 - 00000979 _____ C:\Users\Public\Desktop\WinRAR.lnk
2016-07-05 15:35 - 2016-07-05 15:35 - 00000000 ____D C:\Users\Maria Ramirez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-05 15:35 - 2016-07-05 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-05 10:15 - 2016-07-05 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-05 10:15 - 2016-07-05 10:15 - 00000000 ____D C:\Program Files\7-Zip
2016-07-04 06:46 - 2016-07-04 06:46 - 00009574 _____ C:\Users\Maria Ramirez\Documents\terapias para el cancer con zanahoria.txt
2016-07-03 16:47 - 2016-07-03 16:47 - 00001021 _____ C:\Users\Maria Ramirez\Documents\VERSICULOS  PARA LOS TESTIGOS DE JEHOVA.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-01 13:59 - 2016-03-13 12:40 - 00000838 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-08-01 12:58 - 2016-06-08 07:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-01 12:06 - 2012-12-16 20:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2016-08-01 12:06 - 2012-08-05 15:10 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-07-30 19:39 - 2012-08-05 15:10 - 00000000 ____D C:\Users\Administrator
2016-07-30 19:27 - 2012-12-16 20:04 - 00000000 ____D C:\ProgramData\WinClon
2016-07-30 19:26 - 2012-07-25 23:37 - 00000000 ____D C:\windows\Inf
2016-07-30 19:25 - 2016-03-03 14:03 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-07-30 19:25 - 2012-08-05 15:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-07-30 19:24 - 2012-07-26 01:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-30 19:23 - 2016-03-03 15:55 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-30 19:21 - 2016-03-09 12:37 - 00768796 _____ C:\windows\ntbtlog.txt
2016-07-30 17:50 - 2016-02-08 14:36 - 00000000 ___RD C:\Users\Maria Ramirez\iCloudDrive
2016-07-30 15:52 - 2012-07-25 23:26 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-30 15:29 - 2013-12-21 18:30 - 00000000 ____D C:\Users\Maria Ramirez\bittorrent downloads
2016-07-29 18:35 - 2016-03-03 16:06 - 00000000 ____D C:\Users\Maria Ramirez\AppData\Local\CrashDumps
2016-07-29 10:43 - 2016-05-08 07:09 - 00000000 ____D C:\Users\Maria Ramirez\AppData\Local\ElevatedDiagnostics
2016-07-29 08:45 - 2012-07-26 02:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-29 08:44 - 2016-03-12 13:24 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-07-29 08:42 - 2012-12-16 20:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-29 08:38 - 2016-03-03 13:23 - 00000000 ____D C:\Users\Maria Ramirez
2016-07-28 06:20 - 2016-03-12 13:45 - 00003440 _____ C:\windows\System32\Tasks\Apple Diagnostics
2016-07-27 16:10 - 2016-05-07 14:29 - 00504488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-07-23 07:45 - 2016-03-09 10:23 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-07-18 17:42 - 2016-03-13 12:40 - 00003726 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-07-18 17:41 - 2012-07-26 02:12 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-07-18 17:41 - 2012-07-26 02:12 - 00000000 ____D C:\windows\system32\Macromed
2016-07-11 08:41 - 2016-03-07 12:34 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3199544227-3484403888-1543173916-1001
2016-07-11 08:17 - 2016-05-17 05:54 - 00520136 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-05 15:34 - 2016-03-04 17:29 - 00000000 ____D C:\Program Files\WinRAR

==================== Files in the root of some directories =======

2016-03-03 13:24 - 2016-03-03 13:24 - 0004282 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2012-12-16 19:57 - 2012-08-07 22:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-12-16 19:57 - 2012-08-07 04:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-30 10:28

==================== End of FRST.txt ============================

Attached Files

Attached Files



BC AdBot (Login to Remove)

 


#2 sweetmisslatin

sweetmisslatin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Guatemala
  • Local time:07:51 PM

Posted 02 August 2016 - 10:35 AM

Please help I am desperate, thanks to anyone out there!



#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 AM

Posted 04 August 2016 - 04:49 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello sweetmisslatin,

My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

While I look over your logs, please do the following..



  • Point your mouse at the top or bottom right corner of your screen.
  • A sidebar will appear.  Select Settings and then click on Control Panel.
  • Type folder in the search box.
  • Click on Folder Options and open the View tab.
  • Select the following option:

     

    • Don't show hidden files, folders, or drives

     

  • Click on OK to save the changes.
  • Do you still see the folders with the arrows?

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#4 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 AM

Posted 08 August 2016 - 05:02 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users