Jump to content

Search the Community

Showing results for tags 'cryptowall'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. OK this might sound stupid but I downloaded a sample of CryptoWall the fourth version or variant of it for analyzing purpose as I am a student of software engineering university and a passionate of reverse engineering and studying it in a way. I have a small virus zoo in my hard drive containing samples of over 1300 famous and infamous computer viruses all RARed and locked tight and whenever I hunt a sample from the web I work very carefully with it and mostly in a virtual machine but this time I was directly on my PC I downloaded the sample from this page http://www.malware-traffic-analysis.net/ And when I extracted the RAR file to some\path\on\my\desktop I noticed that there are some files getting created on my desktop especially on the folder that had the sample in it, random files with .tmp and .enc extensions and my external hard drive light started to blink so I unplugged my external hard drive immediately and as I don't have anything important on that PC so I reinstalled Windows and formatted my hard drives. Now the problem is when I plugged my external hard drive to my other PC which is running Windows OS too things got a little suspicious, my AV (avast Free antivirus) got disabled unexpectedly, MBAM stopped responding and I got a message saying that I'm running out of RAM even tho I have 8gigs of RAM and no extra programs installed except a browser, an AV and MBAM and some programming tools. I re-enabled my AV and MBAM and scanned my whole system but the results were clean. I tried Kaspersky's rescue disk and so on BitDefender's rescue disk but it keeps saying my PC is clean. I downloaded some virus scanners like Hitman Pro and etc and scanned my PC they also had a clean result. But I believe something is wrong with my PC, I'm still having .tmp and .enc files getting created in my desktop. Now I'm asking you, was that the RAR file (which had the samples) that had an embedded payload to it or what? I haven't opened any file when I was extracting the sample.. Does the RAR file had the payload? And what should I do now to get the situation fixed? FYI: None of my files are encrypted yet but I'm seeing strange shits crawling in my PC
  2. Hello, your server and some machines are infected with a virus CryptoWall, which transforms the extension files in .mp3 I will you help me remove this virus on our system and advice on your part to improve our security, please.
  3. - Yesterday my PC started to run slowly. These pop ups started to appear: http://m.imgur.com/8OB4vfn,BBTDNmb http://m.imgur.com/dkdit0K - I was unable to turn off the PC through the start menu or do other functions shcuh as starting the task manager. - I started in safemode with networking, ran malwarebytes and was able to remove various trojans and other threats that referred to 'cryptowall'. - However, now when i start my PC this pop up appears again, http://m.imgur.com/dkdit0K, accept it says it has failed to load rather than succeeded, does this mean that the malware is still partially present? if so how would I go about solving this. Thank you.
  4. I'm looking for a tool to identify which files have been encrypted, by scanning a possibly contaminated hard drive installed in a newly formatted computer which was not the one originally infected. I think I managed to catch Cryptowall before it encrypted my whole computer, luckily I have several terabytes of storage. Also all my primary drives (C:, scratch drive, etc) are SSD's which I think saturated my serial controller and prevented Cryptowall from getting to my storage drives I don't care about them I'll just nuke them with Dban or parted magic. I currently have my storage drives removed and installed in a clean computer I'm looking for a way to find which files are encrypted. I'm already running Malwarebytes trying to find any remnants of Cryptowall 3.0 To give you the backstory, I installed a windows update yesterday evening. When I turned my computer back on I was prompted with the Cryptowall 3.0 ransom message, I quickly disable my internet connection and powered down the system. I don't know how the virus got onto my system, prior to installing the windows update I was streaming internet radio from 8tracks, but I did not check any emails, or download any files so I'm unsure of how the virus was acquired or activated.
  5. Hi, everyone. About 2 weeks ago, my half sister messaged me saying that when she was trying to watch a movie on her PC, it kept making beeping noises or similar. I checked it out the next day and she was infected with Cryptowall 3.0. She more than likely got it from uTorrent/BitTorrent(where she downloads movies from). She had Malwarebytes installed, but every time we tried to launch it, it would be extremely slow and then crash. I tried many times and it didn't work at all. I booted the PC into Safemode with Networking and cleared out as many files the ransomware copied(in EVERY single folder on the PC) then tried Malwarebytes again- same result. I downloaded Hitman Pro, and after a while it detected everything then removed it all. A restart showed that it was fully gone, but my half sister still wanted to use her torrent. My dad showed her *ahem* alternative sites *cough* but I'm pretty sure she is still using the torrent. If you think this is an advertisement, it really isn't. I just want to let you all know that Mbam didn't work when I tried to scan the system AND it worked before I restarted the machine. I would've taken some samples if you are all still trying to solve Cryptowall, but I really don't want my external hard drive encrypted. Although.. the log may be there somewhere, if thats any use.
  6. - Yesterday my PC started to run slowly. These pop ups started to appear: http://www.imgur.com/8OB4vfn,BBTDNmb http://www.imgur.com/dkdit0K - I was unable to turn off the PC through the start menu or do other functions shcuh as starting the task manager. - I started in safemode with networking, ran malwarebytes and was able to remove various trojans and other threats that referred to 'cryptowall'. http://www.imgur.com/cGdTNBS,bBiAt7X,LmaJPTi,u9gHdZV,9aWmeHO(image of scan results). - However, now when i start my PC this pop up appears again, http://m.imgur.com/dkdit0K, accept it says it has failed to load rather than succeeded, does this mean that the malware is still partially present? if so how would I go about solving this. - An entire secondary user account, all of program data, and a lot of appdata/local has been encrypted, would getting what i need on to an external harddrive and then doing a clean re-install be a viable option. -Thank you for your help.
  7. I have a customer that was hit by both Cryptowall 3 and TeslaCrypt Ransomware on 2 separate pc's while running Malwarebytes premium and Malwarebytes Anti Exploit premium on all the pc's on the network. Neither of these strains are new so how was the infection possible. My concern is that I have a large number of customers running this combination ( Malwarebytes Premium & Anti Exploit Premium) that I have regarded as safe from this type of infection. These customers also run various paid for anti-virus programs. Is there something I'm missing or should they be safe? Thanks all, I look forward to your thoughts.
  8. Some how I got infected with the cryptowall 3.0 virus. I think it was through java but not sure how. Most of the files are not encrypted as of yet and I would like to remove the virus and clean what files I can before I reformat my C drive and do a clean install. I am hoping, (since I don't see any evidence of encryption), that my 3 TB storage drive is clean. However I would like to make sure everything is clean on the other drive before proceeding with a new install on C. Is there anyone that can help me through this process? After running a Malwarebytes scan and fixing any problems, I have run FRST64.exe and attached you will find the contents from the two log files. The instructions in the pinned post say to paste the results, however it says my post is too long so I have attached them. I hope that is OK. Let me know if you need me to do something else. Thanks so much. FRST.txt Addition.txt
  9. Hello! I'm new in the forum, Yesterday evening I had found in my PC (win 7 original) the four of the trojan Cryptowall. All my images are corroupted (I'm a photographer) and also the backup file are too. Now i'm trying to delate this malware: I start win in safe mode, i've lookin the process whit "msconfig" and delate it in the directory. Then I've serch the name of that file (e380af) in the registry (regedit) and delate all file that i found (ecxept some key that contain this "e380af" in a midle of a long string). Before I've use Malwarebytes, Avast and Spybot (no one have found nothing). But now I'm not sure that this virus are all delate from my PC. How can I do? Thanks a lot and sorry for my bad italian-english!
  10. I have files that are encrypted and state they are being encrypted by Cryptowall 3.0. I've ran Malwarebytes scan, Malwarebytes rootkit scan, I ran Hitman. Nothing is finding anything related to the cryptowall. Could the source of the malware be on another computer connected to a network but not present on the computer with the encrypted files?
  11. Has anyone dealt with the Cryptowall ransomware? This system got infected, and now we can't open any files at all. They are all encrypted. Almost every folder has 4 additional files in them named HELP_DECRYPT (different types of files, html, etc.). And every time the computer is restarted, an HTML page comes up with "instructions on how to fix it" and the links are different each time. (the fix, as you probably know, is to pay a ransom fee) Please Help Me! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015Ran by Usuario (administrator) on USUARIO1 on 11-07-2015 10:53:21Running from C:\Users\Usuario\DownloadsLoaded Profiles: Usuario (Available Profiles: Usuario)Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Español (España, internacional)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442467 2008-06-27] (IDT, Inc.)HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Run: [CrashPlanTray] => C:\Users\Usuario\AppData\Local\Programs\CrashPlan\CrashPlanTray.exeHKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\MountPoints2: {929a61d3-4316-11e2-b070-001e68db139c} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\drivers\setup.exeHKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe, [25088 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-03-24] (Autodesk, Inc.)BootExecute: autocheck autochk /p \??\F:autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?ocid=iehpHKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01URLSearchHook: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 - (No Name) - {9c905b42-976e-43c1-bc30-fc5937017909} - No FileSearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {3BA54AB1-02D9-4D05-B788-1AF5CBECCCC8} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-08-20] (Sun Microsystems, Inc.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-20] (Sun Microsystems, Inc.)Toolbar: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileDPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.137.1 192.168.1.1Tcpip\..\Interfaces\{3E7582BF-93E5-4F84-B0D5-902ED3137A2D}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{3E7582BF-93E5-4F84-B0D5-902ED3137A2D}: [DhcpNameServer] 192.168.137.1 192.168.1.1 FireFox:========FF Plugin: @java.com/DTPlugin,version=1.6.0_34 -> C:\Windows\system32\npdeployJava1.dll [2012-08-20] (Sun Microsystems, Inc.)FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-08-20] (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No FileFF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileFF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileFF Plugin HKU\S-1-5-21-3091019311-2293192049-2105965127-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)FF Plugin HKU\S-1-5-21-3091019311-2293192049-2105965127-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-09-28]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-16]FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: =======CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-03]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-01]CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]StartMenuInternet: Google Chrome - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [77824 2008-06-27] (Andrea Electronics Corporation)S4 Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-09] (Symantec Corporation)R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-21] (Macrovision Corporation) [File not signed]S4 LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-09-05] (Symantec Corporation)S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]S4 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2010-03-08] ()S4 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2010-03-08] ()S4 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe [221273 2008-06-27] (IDT, Inc.)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [170000 2008-04-14] (AMD Technologies Inc.)R0 Amddfltr; C:\Windows\System32\DRIVERS\Amddfltr.sys [15416 2008-01-07] (Advanced Micro Devices)S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-07-03] (Disc Soft Ltd)S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)S3 ma-config_x86; C:\Users\Usuario\Downloads\MaConfig_7_1_7_0\Ma-Config\Drivers\ma-config_x86.sys [16160 2014-02-24] (CybelSoft)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)R3 MxlW2k; C:\Windows\system32\Drivers\MxlW2k.sys [28352 2011-02-19] (MusicMatch, Inc.) [File not signed]S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.) [File not signed]R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files\HP\QuickPlay\000.fcl [87536 2010-03-08] (CyberLink Corp.)S2 adfs; No ImagePathS3 cpuz138; \??\C:\Users\Usuario\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 10:53 - 2015-07-11 10:53 - 00014263 _____ C:\Users\Usuario\Downloads\FRST.txt2015-07-11 10:53 - 2015-07-11 10:53 - 00000000 ____D C:\Users\Usuario\Downloads\FRST-OlderVersion2015-07-11 10:26 - 2015-07-11 10:26 - 00248714 _____ C:\Users\Usuario\Downloads\OCF_20131025.zip2015-07-11 10:26 - 2015-07-11 10:26 - 00000000 ____D C:\Users\Usuario\Downloads\OCF_201310252015-07-08 05:35 - 2015-07-08 05:35 - 00000000 ____D C:\Program Files\IDT2015-07-08 05:35 - 2008-06-27 20:53 - 00376832 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestecap.dll2015-07-08 05:35 - 2008-06-27 20:53 - 00133632 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestacap.dll2015-07-08 05:35 - 2008-06-27 20:53 - 00073728 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCom.dll2015-07-08 05:35 - 2008-06-27 20:53 - 00053248 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestaren.dll2015-07-08 05:35 - 2008-06-27 20:42 - 00442467 _____ (IDT, Inc.) C:\Windows\sttray.exe2015-07-08 05:35 - 2008-06-27 20:41 - 02473984 _____ (IDT, Inc.) C:\Windows\system32\stlang.dll2015-07-08 05:35 - 2008-06-27 20:40 - 05615715 _____ (IDT, Inc.) C:\Windows\system32\idtcpl.cpl2015-07-08 05:35 - 2008-06-27 20:40 - 00516096 _____ (IDT, Inc.) C:\Windows\system32\idtmini1.exe2015-07-08 01:42 - 2015-07-08 01:56 - 00000000 ____D C:\Users\Usuario\AppData\Local\CrashDumps2015-07-08 01:41 - 2015-07-08 01:41 - 05631619 _____ C:\Users\Usuario\Downloads\MaConfig_7_1_7_0.zip2015-07-08 01:41 - 2015-07-08 01:41 - 00000000 ____D C:\Users\Usuario\Downloads\MaConfig_7_1_7_02015-07-08 00:52 - 2015-07-08 00:52 - 00137072 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT2015-07-08 00:52 - 2015-07-08 00:52 - 00000000 ____D C:\Users\Usuario\AppData\Local\VirtualStore2015-07-08 00:44 - 2015-07-08 00:46 - 00009216 _____ C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2015-07-07 23:35 - 2015-07-07 23:35 - 00008342 _____ C:\Windows\DPINST.LOG2015-07-07 19:45 - 2008-05-15 03:28 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwf.sys2015-07-07 19:30 - 2015-07-07 19:30 - 00018944 ___SH C:\Users\Public\Thumbs.db2015-07-06 20:54 - 2015-07-06 20:54 - 00000000 ____D C:\Users\Usuario\AppData\Local\Skype2015-07-04 21:02 - 2015-07-08 02:12 - 00000000 ____D C:\ProgramData\HitmanPro2015-07-04 20:55 - 2015-07-04 20:55 - 00000211 ____H C:\Users\Usuario\Downloads\DECRYPTED-file.dwl22015-07-04 20:55 - 2015-07-04 20:55 - 00000060 ____H C:\Users\Usuario\Downloads\DECRYPTED-file.dwl2015-07-04 20:05 - 2015-07-07 20:25 - 00000000 ____D C:\Users\Usuario\Desktop\Nueva carpeta2015-07-03 22:11 - 2015-07-03 22:11 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys2015-07-03 22:10 - 2015-07-04 00:49 - 00000000 ____D C:\ProgramData\RogueKiller2015-07-03 21:46 - 2015-07-03 21:47 - 17853688 _____ C:\Users\Usuario\Downloads\RogueKiller.exe2015-07-03 21:42 - 2015-07-11 10:53 - 00000000 ____D C:\FRST2015-07-03 21:41 - 2015-07-11 10:53 - 01634816 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe2015-07-03 20:36 - 2015-07-03 20:41 - 10113976 _____ (SurfRight B.V.) C:\Users\Usuario\Downloads\HitmanPro.exe2015-07-03 18:47 - 2015-07-03 18:47 - 00000000 ____D C:\Program Files\Disc Soft2015-07-03 18:45 - 2015-07-03 18:48 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite2015-07-03 18:45 - 2015-07-03 18:45 - 00025016 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys2015-07-03 18:45 - 2015-07-03 18:45 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite2015-07-03 18:29 - 2015-07-08 14:44 - 00008198 _____ C:\Windows\PFRO.log2015-07-03 18:07 - 2015-07-03 18:07 - 00000802 _____ C:\Windows\setupact.log2015-07-03 18:07 - 2015-07-03 18:07 - 00000000 _____ C:\Windows\setuperr.log2015-07-03 14:51 - 2015-07-03 14:51 - 00000000 ____D C:\Users\Usuario\Downloads\Argente Utilities2015-07-03 13:39 - 2015-07-04 20:21 - 00000000 ____D C:\Users\Usuario\Desktop\Varios2015-07-03 12:47 - 2009-08-04 05:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll2015-07-03 12:10 - 2015-01-28 22:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2015-07-03 12:09 - 2015-01-28 22:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-07-03 12:03 - 2015-03-08 22:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2015-07-03 12:03 - 2014-08-26 21:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2015-07-03 12:03 - 2014-06-13 15:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2015-07-03 12:03 - 2014-06-13 15:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2015-07-03 12:02 - 2014-06-15 19:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2015-07-03 11:53 - 2014-10-09 22:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2015-07-03 11:53 - 2014-10-09 22:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-07-03 11:53 - 2014-10-09 20:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-07-03 11:52 - 2014-12-18 21:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-07-03 11:51 - 2014-11-03 21:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2015-07-03 11:50 - 2015-04-30 13:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-07-03 11:50 - 2015-03-04 23:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2015-07-03 11:50 - 2015-01-15 01:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-07-03 11:50 - 2014-10-09 22:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-07-03 11:46 - 2015-04-24 12:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2015-07-03 11:41 - 2014-10-23 22:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-07-03 11:40 - 2015-03-04 23:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys2015-07-03 11:40 - 2015-03-04 23:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll2015-07-03 11:39 - 2015-03-13 23:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-07-03 11:39 - 2015-03-12 22:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2015-07-03 11:39 - 2015-03-12 22:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-07-03 11:39 - 2015-01-08 23:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-07-03 11:39 - 2015-01-08 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-07-03 11:39 - 2014-10-23 22:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2015-07-03 11:30 - 2015-04-19 18:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2015-07-03 11:30 - 2015-04-19 18:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2015-07-03 11:30 - 2015-04-19 18:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2015-07-03 11:30 - 2015-04-19 18:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2015-07-03 11:30 - 2015-04-19 17:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2015-07-03 11:30 - 2015-04-19 17:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2015-07-03 11:30 - 2015-04-19 17:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2015-07-03 11:30 - 2015-04-19 17:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-07-03 11:30 - 2015-04-19 17:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-07-03 11:29 - 2014-11-25 23:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2015-07-03 11:27 - 2015-02-19 23:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-07-03 11:27 - 2015-02-19 21:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-07-03 11:26 - 2015-04-30 10:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-07-03 11:20 - 2015-01-20 23:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll2015-07-03 11:20 - 2014-08-11 23:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2015-07-03 11:18 - 2015-05-21 11:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-07-03 11:17 - 2014-10-12 22:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2015-07-03 11:10 - 2015-07-03 11:10 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk2015-07-03 11:10 - 2015-07-03 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-07-03 11:10 - 2015-07-03 11:10 - 00000000 ____D C:\Program Files\Common Files\Skype2015-07-03 11:08 - 2014-12-06 00:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-07-03 11:08 - 2014-12-06 00:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll2015-07-03 11:08 - 2014-12-06 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll2015-07-03 11:08 - 2014-10-02 22:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2015-07-03 11:08 - 2014-10-02 22:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2015-07-03 11:08 - 2014-10-02 22:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-07-03 11:08 - 2014-10-02 22:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2015-07-03 11:07 - 2015-02-17 23:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2015-07-03 10:50 - 2015-04-10 20:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe2015-07-03 10:46 - 2015-05-08 20:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-07-03 10:39 - 2014-12-07 22:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2015-07-03 10:37 - 2012-07-26 00:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe2015-07-03 10:37 - 2012-07-26 00:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll2015-07-03 10:37 - 2012-07-26 00:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll2015-07-03 10:37 - 2012-07-26 00:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll2015-07-03 10:37 - 2012-07-26 00:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll2015-07-03 10:37 - 2012-07-25 23:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys2015-07-03 10:37 - 2012-07-25 23:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys2015-07-03 10:37 - 2012-06-02 11:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf2015-07-03 10:37 - 2009-07-14 09:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll2015-07-03 10:36 - 2015-05-04 19:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2015-07-03 10:36 - 2015-05-04 19:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2015-07-03 10:36 - 2015-05-04 19:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2015-07-03 10:36 - 2015-05-04 19:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2015-07-03 10:36 - 2015-05-04 18:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2015-07-03 10:24 - 2014-12-06 00:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-07-03 10:20 - 2011-06-15 13:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll2015-07-03 10:20 - 2011-02-22 11:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll2015-07-03 10:15 - 2011-03-12 18:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll2015-07-03 10:15 - 2011-03-03 12:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll2015-07-03 10:15 - 2011-03-03 10:35 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll2015-07-03 10:14 - 2012-11-22 00:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll2015-07-03 10:08 - 2015-05-30 21:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-07-03 10:08 - 2015-05-30 20:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-07-03 10:08 - 2015-05-30 20:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-07-03 10:08 - 2015-05-30 20:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-07-03 10:08 - 2015-05-30 20:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-07-03 10:08 - 2015-05-30 20:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-07-03 10:08 - 2015-05-30 20:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-07-03 10:08 - 2015-05-30 20:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-07-03 10:08 - 2015-05-30 20:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-07-03 10:08 - 2015-05-30 20:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-07-03 10:08 - 2015-05-30 20:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2015-07-03 10:08 - 2015-05-30 20:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-07-03 10:08 - 2015-05-30 20:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-07-03 10:08 - 2015-05-30 20:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-07-03 10:08 - 2015-05-30 20:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2015-07-03 10:08 - 2015-05-30 20:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2015-07-03 10:03 - 2013-04-17 09:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll2015-07-03 00:31 - 2015-07-03 00:31 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk2015-07-03 00:24 - 2015-07-03 00:31 - 00000000 ____D C:\Program Files\Microsoft Security Client2015-07-02 23:14 - 2015-07-02 23:14 - 00000045 _____ C:\Windows\system32\initdebug.nfo2015-07-02 19:49 - 2015-07-02 19:49 - 00000000 ____D C:\Program Files\AVG2015-07-02 19:40 - 2015-07-02 19:50 - 00000000 ____D C:\ProgramData\AVG2015-07-02 19:12 - 2015-07-02 19:12 - 00004250 _____ C:\ProgramData\HELP_DECRYPT.TXT2015-07-02 19:12 - 2015-07-02 19:12 - 00000284 _____ C:\ProgramData\HELP_DECRYPT.URL2015-07-02 18:59 - 2015-07-02 19:07 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7CC85FE5.sys2015-07-02 16:30 - 2015-07-02 19:51 - 00000000 ___HD C:\eda44d632015-07-01 12:11 - 2015-07-01 12:11 - 00000207 _____ C:\Windows\tweaking.com-regbackup-USUARIO1-Windows-Vista--Home-Premium-(32-bit).dat2015-07-01 12:10 - 2015-07-08 00:49 - 00000000 ____D C:\RegBackup2015-07-01 11:33 - 2015-07-01 11:34 - 00177762 _____ C:\Users\Usuario\Downloads\CEMENTERIO.html2015-06-24 04:15 - 2015-07-07 23:30 - 02383432 _____ C:\Windows\system32\FNTCACHE.DAT2015-06-23 21:19 - 2015-07-02 18:57 - 00000000 ___HD C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 10:43 - 2014-08-18 23:25 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-07-11 10:32 - 2010-09-09 23:44 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091019311-2293192049-2105965127-1000UA.job2015-07-11 10:31 - 2011-03-05 00:11 - 00000000 ____D C:\Musica2015-07-11 10:24 - 2006-11-02 09:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02015-07-11 10:24 - 2006-11-02 09:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02015-07-11 08:24 - 2014-10-29 23:08 - 01838147 _____ C:\Windows\WindowsUpdate.log2015-07-10 16:32 - 2010-09-09 23:44 - 00001002 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091019311-2293192049-2105965127-1000Core.job2015-07-10 15:45 - 2006-11-02 07:33 - 01631650 _____ C:\Windows\system32\PerfStringBackup.INI2015-07-10 15:39 - 2006-11-02 10:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-07-10 12:53 - 2006-11-02 10:01 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-07-08 05:35 - 2010-03-02 11:38 - 00000000 ____D C:\Users\Usuario2015-07-08 05:35 - 2008-05-24 21:05 - 00000000 ____D C:\Program Files\Microsoft Office2015-07-08 02:09 - 2013-10-17 09:07 - 00000000 ____D C:\Users\Usuario\Desktop\Ariel Rubattino2015-07-08 01:12 - 2010-09-09 23:46 - 00000000 ____D C:\Program Files\Google2015-07-08 01:10 - 2010-03-21 15:38 - 00000000 ____D C:\Users\Usuario\AppData\Local\Adobe2015-07-08 01:10 - 2008-05-24 21:22 - 00000000 ____D C:\ProgramData\Adobe2015-07-08 01:10 - 2008-05-24 21:22 - 00000000 ____D C:\Program Files\Common Files\Adobe2015-07-08 01:10 - 2008-05-24 21:22 - 00000000 ____D C:\Program Files\Adobe2015-07-08 01:07 - 2008-05-24 21:04 - 00000000 ____D C:\Windows\system32\Macromed2015-07-08 00:50 - 2008-05-25 05:35 - 00000000 ___HD C:\HP2015-07-08 00:46 - 1999-03-30 15:17 - 00000000 ___HD C:\System.sav2015-07-08 00:44 - 2010-09-13 21:18 - 00000000 ____D C:\Users\Usuario\Tracing2015-07-08 00:37 - 2010-09-09 18:01 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Outlook2015-07-08 00:33 - 2011-02-11 00:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Skype2015-07-08 00:25 - 2010-09-09 23:44 - 00000000 ____D C:\Users\Usuario\AppData\Local\Google2015-07-08 00:22 - 2006-11-02 09:37 - 00000000 ___RD C:\Users\Public\Recorded TV2015-07-08 00:22 - 2006-11-02 08:18 - 00000000 ___RD C:\Users\Public2015-07-08 00:11 - 2008-05-24 20:07 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2015-07-08 00:02 - 2011-06-11 17:25 - 00000000 ____D C:\Program Files\Common Files\Research In Motion2015-07-08 00:01 - 2008-05-24 20:25 - 00000000 ____D C:\Program Files\HP2015-07-07 23:50 - 2008-05-24 20:02 - 00000000 ____D C:\Program Files\Hewlett-Packard2015-07-07 23:46 - 2010-09-12 19:49 - 00009508 _____ C:\ProgramData\hpzinstall.log2015-07-07 23:39 - 2010-03-03 11:33 - 00000000 ____D C:\Program Files\Foxit Software2015-07-07 23:34 - 2006-11-02 09:37 - 00000000 ____D C:\Windows\twain_322015-07-07 23:12 - 2011-02-19 01:16 - 00000000 ____D C:\Program Files\Musicmatch2015-07-07 23:08 - 2010-09-08 16:55 - 00000000 ____D C:\ProgramData\Corel2015-07-07 22:57 - 2010-09-09 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk2015-07-07 22:57 - 2010-09-09 18:28 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared2015-07-07 22:56 - 2010-03-02 11:38 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite2015-07-07 22:56 - 2008-05-24 21:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite2015-07-07 22:56 - 2008-05-24 21:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite2015-07-07 22:56 - 2008-05-24 21:22 - 00000000 ____D C:\Program Files\CyberLink2015-07-07 22:56 - 2008-05-24 20:07 - 00000000 ____D C:\Program Files\Common Files\InstallShield2015-07-07 22:55 - 2010-09-08 17:09 - 00000000 ____D C:\ProgramData\Apple2015-07-07 22:55 - 2010-09-08 17:09 - 00000000 ____D C:\Program Files\Common Files\Apple2015-07-07 22:53 - 2010-09-13 21:04 - 00000000 ____D C:\Program Files\Windows Live2015-07-07 22:53 - 2010-09-13 20:35 - 00000000 ____D C:\Program Files\Common Files\Windows Live2015-07-07 22:53 - 2006-11-02 08:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2015-07-07 22:50 - 2012-02-05 18:02 - 00000000 ____D C:\ProgramData\Apple Computer2015-07-07 22:49 - 2013-01-08 09:13 - 00000000 ____D C:\Program Files\Common Files\XCPCSync.OEM2015-07-07 22:45 - 2010-09-09 21:52 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine2015-07-07 22:44 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\Microsoft.NET2015-07-07 22:43 - 2014-10-22 22:30 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB2015-07-07 22:35 - 2008-05-24 21:04 - 00000000 ____D C:\Program Files\Microsoft Works2015-07-07 22:27 - 2008-05-24 20:48 - 00000000 ____D C:\ProgramData\WildTangent2015-07-07 22:27 - 2006-11-02 09:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2015-07-07 22:26 - 2010-09-09 18:36 - 00000000 ____D C:\ProgramData\Autodesk2015-07-07 22:26 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\Help2015-07-07 22:23 - 2010-09-27 23:32 - 00000000 ____D C:\Program Files\AutoCAD 20102015-07-07 21:30 - 2010-03-02 11:41 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Adobe2015-07-07 21:12 - 2010-09-09 23:31 - 00000000 ____D C:\ProgramData\FLEXnet2015-07-07 19:45 - 2010-03-02 11:07 - 00000000 ____D C:\ProgramData\Atheros2015-07-06 23:03 - 2011-09-28 17:17 - 00000000 ____D C:\Users\Usuario\Documents\YouCam2015-07-06 21:08 - 2011-02-11 00:52 - 00000000 ___RD C:\Program Files\Skype2015-07-06 21:08 - 2011-02-11 00:52 - 00000000 ____D C:\ProgramData\Skype2015-07-05 07:11 - 2010-08-20 06:07 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2015-07-03 20:42 - 2012-03-03 12:46 - 00000000 ____D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2015-07-03 20:40 - 2011-05-20 07:58 - 00000000 ____D C:\ProgramData\Skype Extras2015-07-03 20:40 - 2008-05-24 20:09 - 00000000 ____D C:\ProgramData\Symantec2015-07-03 20:38 - 2010-08-20 19:35 - 00000000 ____D C:\ProgramData\HP2015-07-03 20:38 - 2008-05-24 20:48 - 00000000 ____D C:\ProgramData\Hewlett-Packard2015-07-03 20:36 - 2012-11-03 13:30 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12015-07-03 19:02 - 2011-04-02 12:33 - 00000000 ____D C:\Users\Usuario\Desktop\My Shared Folder2015-07-03 17:27 - 2014-11-30 16:26 - 00000000 ____D C:\Users\Usuario\Desktop\PAULINA2015-07-03 16:25 - 2010-09-08 02:58 - 00000000 ____D C:\ProgramData\Temp2015-07-03 15:39 - 2011-02-24 16:45 - 00000000 ____D C:\Windows\pss2015-07-03 15:39 - 2010-09-09 18:00 - 00000000 ____D C:\Users\Usuario\AppData\Local\Outlook2015-07-03 15:39 - 2008-05-25 05:45 - 00000000 ____D C:\Windows\panther2015-07-03 15:39 - 2008-04-10 07:26 - 00000000 ____D C:\Windows\SMINST2015-07-03 15:39 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\system32\Msdtc2015-07-03 15:39 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\system32\catroot2.bak2015-07-03 13:41 - 2013-04-07 21:26 - 00000000 ____D C:\Users\Usuario\Desktop\CANCUN2015-07-03 13:40 - 2011-09-09 19:19 - 00000000 ____D C:\Users\Usuario\Desktop\imprimir2015-07-03 12:49 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\rescache2015-07-03 12:11 - 2006-11-02 09:37 - 00000000 ____D C:\Windows\system32\XPSViewer2015-07-03 12:05 - 2008-05-24 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help2015-07-02 21:37 - 2012-02-25 13:52 - 00000000 ____D C:\ProgramData\AVAST Software2015-07-02 18:41 - 2014-08-18 23:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2015-07-02 16:34 - 2014-08-18 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-07-02 16:34 - 2013-10-02 22:24 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-07-02 14:28 - 2010-08-20 04:37 - 00000304 _____ C:\ProgramData\hpqp.txt2015-06-18 08:41 - 2014-08-18 23:24 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-18 08:41 - 2014-08-18 23:24 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-18 08:41 - 2013-10-02 22:24 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Files in the root of some directories ======= 2015-07-08 00:44 - 2015-07-08 00:46 - 0009216 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2010-08-20 04:37 - 2010-09-08 22:18 - 2989660 _____ (Macromedia, Inc.) C:\ProgramData\DVD.exe2010-08-20 04:37 - 2010-08-20 04:37 - 2231606 _____ (Macromedia, Inc.) C:\ProgramData\Games.exe2015-07-02 19:12 - 2015-07-02 19:12 - 0045476 _____ () C:\ProgramData\HELP_DECRYPT.PNG2015-07-02 19:12 - 2015-07-02 19:12 - 0004250 _____ () C:\ProgramData\HELP_DECRYPT.TXT2015-07-02 19:12 - 2015-07-02 19:12 - 0000284 _____ () C:\ProgramData\HELP_DECRYPT.URL2010-08-20 04:30 - 2011-02-24 16:24 - 0000269 _____ () C:\ProgramData\hpqp.ini2010-08-20 04:37 - 2015-07-02 14:28 - 0000304 _____ () C:\ProgramData\hpqp.txt2010-09-12 19:49 - 2015-07-07 23:46 - 0009508 _____ () C:\ProgramData\hpzinstall.log2010-08-20 04:37 - 2010-08-20 04:37 - 2331174 _____ (Macromedia, Inc.) C:\ProgramData\Karaoke.exe2010-08-20 04:37 - 2012-04-30 02:31 - 3063561 _____ (Macromedia, Inc.) C:\ProgramData\MobileTV.exe2010-08-20 04:37 - 2012-02-05 15:25 - 2864396 _____ (Macromedia, Inc.) C:\ProgramData\MPV.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-11 03:46 ==================== End of log ============================Addition.txt Roguekiller1.txt
  12. Has anyone dealt with the Cryptowall ransomware? This system got infected, and now we can't open any files at all. They are all encrypted. Almost every folder has 4 additional files in them named HELP_DECRYPT (different types of files, html, etc.). And every time the computer is restarted, an HTML page comes up with "instructions on how to fix it" and the links are different each time. (the fix, as you probably know, is to pay a ransom fee) I scanned it with MalwareBytes and removed 688 threats and attached the log. AVAST only found three, which I also removed. Those are the only two scans that I've done so far. Any ideas on how to decrypt the files or is there no hope? What else should I do to clean the system? What is the best anti-virus to protect against this from happening again? It was not running AVAST when this happened. It was running McAfee. Thanks. Malwarebytes Scan 6.19.15 5pm.txt
  13. Hello everyone, 24 hours ago I was hit by Cryptowall on my windows 8 laptop. I only put it into safemode after the your computer has been encrypted messaged appeared. There were a total of 6 new files on my desktop named Help_Decypt.html, and JPG images saves from the .html files as 1,2,3,4 and 5. Since then I had tried: 1. Spybot and SuperAntispyware ( my first instinct to check with and they came back negative) 2. Malwarebytes - This detected Help_Decypt.html and removed it. The JPG files still detected as any threat and I removed them manually. 3. Symatec help self-extractor did not show any thing. Norton power eraser - removed two frequently used programs that it found suspicious. 4. Listcwall - showed registry not corrupted, Anti-cryptorbitV2 - did a test run with a bunch of files that did not open and the app came back as not encrypted. 5. Decryptcryptolocker.com - tested it with a bunch of files that woudent open and the site said the file is not encrypted. 6. Shadowexplorer - shows nothing 7. Roguekiller - deleted a bunch of files in the registry and some apps too. but the laptop still faces the same problems. 8. When switched to normal mode - I get IE2.dll failed to load, CMD prompt opens and closes - not sure why this happens because it only appears for a split second, Windows is slower and the mouse freezes. Windows shows that there is a restore point to one month back, but im not sure if that restore has also been effected. What else can I do? Please help Zatspeed
  14. Hi there- I took my husbands computer to try to help determine why it was running increasingly slow. He mentioned "some antivirus warning" kept flashing on the screen- so I went to work trying to isolate WHAT that was (it was Security Defender). As I am working my way through getting rid of that, I realized some help files I'd not seen before, (help_decrypt), showed up in a folder. Hence, CryptoWall is working it's way through. Please, please, please help me get this thing stopped in it's tracks- I understand you can't resurrect the files it's affected, but help stopping it from doing more damage would be deeply appreciated. 2 quick questions- (1) I was kind of surprised that it was "alive" or appearing to spread, despite me working in safemode- I was hoping safemode would keep the bad stuff at bay. (2) Can I try to copy files that haven't been affected yet to a flash drive while in safemode? Thank you in advance, SO much!
  15. Hi, a computer in our house got infected with cryptowall 3.0, Is there any chance that it can copy itself to another computer in our network? Thanks, Tal.
  16. My office was hit by the CryptoWall 3.0 Trojan yesterday. I was able to find the workstation that the infection came through after some of the files on our ReadyNAS server were encrypted. My colleagues scanned their computers with MBAM and no additional instances of the CW executable (listed as aaaaaaaa.exe and attached) or its associated registry keys were detected. I quarantined and removed the executables and registry keys from the host computer and plan to re-format and re-image it entirely, since there are still startup scripts running that launch the ransomware messages. This brings me to the case of the ReadyNAS. Our IT consultant and I pulled it from our server tower and hooked it into an old computer that's been my playground for Windows 10 previewing of late. We're scanning it with MBAM, but the process is going exceedingly slowly (and there's about 3 TB of data on the ReadyNAS). The server takes nightly snapshots, so I'm hoping to be able to restore from one of them (fingers crossed) before this nightmare happened. I've been scanning each drive of the ReadyNAS for the aaaaaaaa.exe file, and for any other EXE files that look suspicious or have a date stamp within the last few days, and have found nothing of the sort. There are plenty of the HELP_DECRYPT files scattered all over the place, so I know affected files are there. Does the CW Trojan make also copies of the executable file to the network directories it is targeting in order to continue its commands, or are all commands issued from the executable file that were on my colleague's computer's user folder? By removing that executable file and the registry keys, did I stop the virus from spreading/sending commands to any further network locations? (Please note, I also unplugged my colleague's ethernet cable upon discovering his computer.)
  17. Hi Guys I am infected with CryptoWall 3.0 all pictures are locked I have ran tons of spyware removal programs Is there any help with decrypting the files has anyone had any success with this ?
  18. here we go again... my customer has gotten infected with Cryptowall 2.0 She (or her kids) has lost the USB backup that I made for her. I know that the file encryption cannot be broken, after removing the virus I plan to try to recover them using shadow volume copies and I would appreciate any other suggestions. ------------------------------------------------------------------------------------ all folders contain the DECRYPT_INSTRUCTION files and MSE returned the following: Detected items Ransom:Win32/Crowti.A Severe Succeeded Category: Trojan Description: This program is dangerous and executes commands from an attacker. Recommended action: Remove this software immediately. Items: containerfile:C:\ProgramData\Windows Genuine Advantage\{05F9AE83-6259-4A45-949D-32FA4AAABC88}\msiexec.exefile:C:\ProgramData\Windows Genuine Advantage\{05F9AE83-6259-4A45-949D-32FA4AAABC88}\msiexec.exe->[DynDrop]->(VFS:2CAA.tmp)file:C:\ProgramData\Windows Genuine Advantage\{757BFC44-C1B9-4106-9106-19A52FFEFB7D}\msiexec.exe->[DynDrop]->(VFS:2CAA.tmp\ ---------------------------------------------------------------------------------------------------------- I am attaching the diagnostic logs as described in the following post (and many others).https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/https://forums.malwarebytes.org/index.php?/topic/146024-diagnostic-logs/ I look forward to getting help and thanks in advance. I have no P2P software and I know that this takes time.I will not be back at the keyboard until later this afternoon. FRST.txt Addition.txt CheckResults.txt
  19. Hi, I think I just got the CryptoWall 3.0 virus on March 15. I really would like to know if there is anyone that could help me save my files and get the other ones back?
  20. Hello, A few days ago my PC started running extremely slow, so I scanned it and it found something which it removed. PC started running fine again, and I didn't think much of it. Now a few days later I started finding all those HELP_DECYPT files in various folders and that is how I learned about CryptoWall and that is what my PC had been infected with. Now, my question is, besides from searching folders for HELP_DECRYPT files, is there any other way to find out which files have been encrypted? You see, after I successfully removed the infection itself from my PC, but before I learned about CryptoWall, I am worried I might have moved encrypted files (without knowing they were encrypted as I didn't attempt to open them) to external harddrives or other folders not affected by the virus. So, I might have encrypted files in folders now which don't contact the HELP_DECRYPT files. Sorry if this sounds confusing. Does anyone know what I'm trying to say? Let me know if there is a way to know for sure if a file is affected, without having to try to open each file individually as I can't remember what all I might have moved.
  21. hello, my computer has been infected with the virus Cryptowall this week. I need your help please because after you remove the virus all the computer now I can not open any document or image. I've run ComboFix, Malwarebytes, SUPERAntiSpyware, KASPERSKY ONLINE SCAN and malwarebytes anti-rootkits. My computer no longer catch any virus in the last checks. I will send here then the reports of Farbar Recovery Scan Tool software to see if I can recover the files. thank you very much HELP FRST.txt Addition.txt Shortcut.txt
  22. My laptop is infected with cryptowall 3.0 and I don't know where to start to get rid of it. I've run malwarebytes and avg and it's still there. I think I attached the correct file to get started. threatscan.txt
  23. I recently made a post on here that was ruined by an unauthorized user posting an answer. However, being as that post does not include new information I just found out, it is no longer needed. On January 26th, my computer started running very slowly. After that, it started freezing after only being up for roughly 5 minutes, so I system restored back to an earlier date. However, upon it booting from the system restore, it told me it was unsuccessful, so I tried another restore. This one had the same result, however it made the computer actually work. It wasn't until I clicked to go to my manuscript for my novel that I realized it said it was corrupted. After searching through files and libraries, I found the HELP_DECRYPT files and realized I had a CryptoWall 3.0 virus. At that time, it had encrypted a few photos, old emails and every document on my computer. However, now I'm seeing that more files are becoming encrypted as time goes on. I had run Avast! anti-virus scans and Malwarebytes anti-malware scans and it found a bunch of %Temp% files that were malicious and it deleted them, but the files are still being encrypted. I don't have $500 or $1000 to give to the scammers, so I guess I'll just have to deal with every file on my computer being encrypted slowly over time. I'm very poor, very sick, live in an abusive household, and my computer is virtually my only portal to the outside world. I need help from a Registered User or whatever it is that can help me personally, and I need it soon. Please, someone help me before it encrypts any more of my files. I'm worried sick and I'm very scared. I'm not overly tech savvy, so please don't give me any EXTREMELY complicated answers as the unauthorized answerer on my other post gave me. I've read plenty of posts on here where someone has helped out even the "dumbest" of computer users, so I know it can't be impossible. not everything has to include a bunch of technological jargon and impossible suggestions. Thanks so much.
  24. Hello! I've tried for the past three days (to no avail) to remove the Cryptowall 3.0 ransomware virus from my computer. I've run Malwarebytes, Kaspersky Anti Virus, SpyHunter (never again) and countless other anti virus software applications and nothing will get rid of it! Any help would be greatly appreciated. I've attached my FRST log files for reference. FRST.txt Addition.txt
  25. I have a Windows 7 PC that is infected with CryptoWall 3.0. I have done a bit of research and see that this is a nasty son of a gun. If anyone is willing or able to point me in the right direction to see if I can do anything to save my PC or files I would appreciate it.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.