Jump to content

Search the Community

Showing results for tags 'decrypt'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 8 results

  1. All my files have been renamed to .arena Is there a way to restore files to the original state? sent a sample test file 1396-09-03 08-45-45.rar
  2. DON'T PAY RUSSIAN CRYAKL RANSOM - YOU WON'T GET YOUR FILES BACK If you pay the typically demanded 3 btc (US$12,000) then they'll say "Pay full price 5 btc", US$20,000 and even if you pay that you still won't get your files back. CL 1.3.1.0.id-@@@@@7491-11C2.randomname Above is the latest version from Russian criminals which changes your file names and starts with the email to contact them. Typically the email is from aol.com (eg email-magna_bellator@aol.com) or india.com (eg zaloha@india.com). They will ask for 3 bitcoin today and 5 tomorrow. What do you think happens when you pay 5 bitcoins ..... the price goes up again. I encourage you to contact the FBI to track them down and your state Senator in the US and put pressure on AOL to stop assisting these criminals.
  3. I installed Malwarebytes Anti-Ransomware Beta after I was attacked by a ransomware. It changed all my saved files to some type of encryption with .bb37. I was hoping Malwarebytes Anti-Ransomware Beta would be able to not only protect from ransomware, but decrypt the files with this .bb37. Do you know what I can do to recover these file?
  4. Hello all! I kind of have a special question here. Hope this is the right place to put it. Our servers got attacked by ransomware and all of our files are encrypted by the Indian based Okean-1995 virus. We have backups but they are almost a year old. Production has stopped completely. And we are now pressed up against the corner. I am not proud to admit that we payed the criminals to have our files back. And they may or may not give them back. Now here is the thing: They want to connect to our server with RDP to do the decryption for us. This tells me that they have a decryptor that works for every single infected machine of this particular ransomware. Is there any way we can get a hold of this decryptor undetected by these criminals? Like packet sniffing on the RDP protocol for the executable code and the private key itself? I'd really love to help out the people who also are infected by this one. Problem is: I don't know how I can go about this undetected and risking all our companies files. If you think you can do it: Get in touch with me, and I'll invite you in on the quest to recover the decryptor.
  5. Hello all, first post here. I have been asked to help a friend with their system which has become infected with the Crypt0l0cker virus. This has taken hold today and changed all user files to "encrypted" - and I have found no way to get the files back or get rid of the virus. There is a suspicious startup entry that keeps coming back, c:\programdata\updater\updater.exe and also c:\programdata\icilizhp.exe (but no such exe file exists) If I stop "Updater.exe" in task manager, it instantly restarts, making me think it is a service, but looking in SERVICES.MSC, I can't locate it at all. I have two questions - how do I be sure that the Crypt0l0cker virus is no longer on my system, and also is there any way to decrypt my files? Or is my only hope to use the Shadow Explorer software to get files back from the VSS? Any urgent response would be much appreciated, as I am not experienced with RansomWare. Thanks
  6. Has anyone dealt with the Cryptowall ransomware? This system got infected, and now we can't open any files at all. They are all encrypted. Almost every folder has 4 additional files in them named HELP_DECRYPT (different types of files, html, etc.). And every time the computer is restarted, an HTML page comes up with "instructions on how to fix it" and the links are different each time. (the fix, as you probably know, is to pay a ransom fee) Please Help Me! Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015Ran by Usuario (administrator) on USUARIO1 on 11-07-2015 10:53:21Running from C:\Users\Usuario\DownloadsLoaded Profiles: Usuario (Available Profiles: Usuario)Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Español (España, internacional)Internet Explorer Version 9 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [442467 2008-06-27] (IDT, Inc.)HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Run: [CrashPlanTray] => C:\Users\Usuario\AppData\Local\Programs\CrashPlan\CrashPlanTray.exeHKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\MountPoints2: {929a61d3-4316-11e2-b070-001e68db139c} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\drivers\setup.exeHKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe, [25088 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2009-03-24] (Autodesk, Inc.)BootExecute: autocheck autochk /p \??\F:autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01HKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?ocid=iehpHKU\S-1-5-21-3091019311-2293192049-2105965127-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01URLSearchHook: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 - (No Name) - {9c905b42-976e-43c1-bc30-fc5937017909} - No FileSearchScopes: HKLM -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {3BA54AB1-02D9-4D05-B788-1AF5CBECCCC8} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-08-20] (Sun Microsystems, Inc.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-20] (Sun Microsystems, Inc.)Toolbar: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKU\S-1-5-21-3091019311-2293192049-2105965127-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileDPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.137.1 192.168.1.1Tcpip\..\Interfaces\{3E7582BF-93E5-4F84-B0D5-902ED3137A2D}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{3E7582BF-93E5-4F84-B0D5-902ED3137A2D}: [DhcpNameServer] 192.168.137.1 192.168.1.1 FireFox:========FF Plugin: @java.com/DTPlugin,version=1.6.0_34 -> C:\Windows\system32\npdeployJava1.dll [2012-08-20] (Sun Microsystems, Inc.)FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-08-20] (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No FileFF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileFF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileFF Plugin HKU\S-1-5-21-3091019311-2293192049-2105965127-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)FF Plugin HKU\S-1-5-21-3091019311-2293192049-2105965127-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-09-28]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-16]FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: =======CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-03]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-01]CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]StartMenuInternet: Google Chrome - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [77824 2008-06-27] (Andrea Electronics Corporation)S4 Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-09] (Symantec Corporation)R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-21] (Macrovision Corporation) [File not signed]S4 LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-09-05] (Symantec Corporation)S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]S4 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2010-03-08] ()S4 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2010-03-08] ()S4 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe [221273 2008-06-27] (IDT, Inc.)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [170000 2008-04-14] (AMD Technologies Inc.)R0 Amddfltr; C:\Windows\System32\DRIVERS\Amddfltr.sys [15416 2008-01-07] (Advanced Micro Devices)S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-07-03] (Disc Soft Ltd)S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)S3 ma-config_x86; C:\Users\Usuario\Downloads\MaConfig_7_1_7_0\Ma-Config\Drivers\ma-config_x86.sys [16160 2014-02-24] (CybelSoft)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)R3 MxlW2k; C:\Windows\system32\Drivers\MxlW2k.sys [28352 2011-02-19] (MusicMatch, Inc.) [File not signed]S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.) [File not signed]R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263}; C:\Program Files\HP\QuickPlay\000.fcl [87536 2010-03-08] (CyberLink Corp.)S2 adfs; No ImagePathS3 cpuz138; \??\C:\Users\Usuario\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 10:53 - 2015-07-11 10:53 - 00014263 _____ C:\Users\Usuario\Downloads\FRST.txt2015-07-11 10:53 - 2015-07-11 10:53 - 00000000 ____D C:\Users\Usuario\Downloads\FRST-OlderVersion2015-07-11 10:26 - 2015-07-11 10:26 - 00248714 _____ C:\Users\Usuario\Downloads\OCF_20131025.zip2015-07-11 10:26 - 2015-07-11 10:26 - 00000000 ____D C:\Users\Usuario\Downloads\OCF_201310252015-07-08 05:35 - 2015-07-08 05:35 - 00000000 ____D C:\Program Files\IDT2015-07-08 05:35 - 2008-06-27 20:53 - 00376832 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestecap.dll2015-07-08 05:35 - 2008-06-27 20:53 - 00133632 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestacap.dll2015-07-08 05:35 - 2008-06-27 20:53 - 00073728 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCom.dll2015-07-08 05:35 - 2008-06-27 20:53 - 00053248 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestaren.dll2015-07-08 05:35 - 2008-06-27 20:42 - 00442467 _____ (IDT, Inc.) C:\Windows\sttray.exe2015-07-08 05:35 - 2008-06-27 20:41 - 02473984 _____ (IDT, Inc.) C:\Windows\system32\stlang.dll2015-07-08 05:35 - 2008-06-27 20:40 - 05615715 _____ (IDT, Inc.) C:\Windows\system32\idtcpl.cpl2015-07-08 05:35 - 2008-06-27 20:40 - 00516096 _____ (IDT, Inc.) C:\Windows\system32\idtmini1.exe2015-07-08 01:42 - 2015-07-08 01:56 - 00000000 ____D C:\Users\Usuario\AppData\Local\CrashDumps2015-07-08 01:41 - 2015-07-08 01:41 - 05631619 _____ C:\Users\Usuario\Downloads\MaConfig_7_1_7_0.zip2015-07-08 01:41 - 2015-07-08 01:41 - 00000000 ____D C:\Users\Usuario\Downloads\MaConfig_7_1_7_02015-07-08 00:52 - 2015-07-08 00:52 - 00137072 _____ C:\Users\Usuario\AppData\Local\GDIPFONTCACHEV1.DAT2015-07-08 00:52 - 2015-07-08 00:52 - 00000000 ____D C:\Users\Usuario\AppData\Local\VirtualStore2015-07-08 00:44 - 2015-07-08 00:46 - 00009216 _____ C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2015-07-07 23:35 - 2015-07-07 23:35 - 00008342 _____ C:\Windows\DPINST.LOG2015-07-07 19:45 - 2008-05-15 03:28 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwf.sys2015-07-07 19:30 - 2015-07-07 19:30 - 00018944 ___SH C:\Users\Public\Thumbs.db2015-07-06 20:54 - 2015-07-06 20:54 - 00000000 ____D C:\Users\Usuario\AppData\Local\Skype2015-07-04 21:02 - 2015-07-08 02:12 - 00000000 ____D C:\ProgramData\HitmanPro2015-07-04 20:55 - 2015-07-04 20:55 - 00000211 ____H C:\Users\Usuario\Downloads\DECRYPTED-file.dwl22015-07-04 20:55 - 2015-07-04 20:55 - 00000060 ____H C:\Users\Usuario\Downloads\DECRYPTED-file.dwl2015-07-04 20:05 - 2015-07-07 20:25 - 00000000 ____D C:\Users\Usuario\Desktop\Nueva carpeta2015-07-03 22:11 - 2015-07-03 22:11 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys2015-07-03 22:10 - 2015-07-04 00:49 - 00000000 ____D C:\ProgramData\RogueKiller2015-07-03 21:46 - 2015-07-03 21:47 - 17853688 _____ C:\Users\Usuario\Downloads\RogueKiller.exe2015-07-03 21:42 - 2015-07-11 10:53 - 00000000 ____D C:\FRST2015-07-03 21:41 - 2015-07-11 10:53 - 01634816 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe2015-07-03 20:36 - 2015-07-03 20:41 - 10113976 _____ (SurfRight B.V.) C:\Users\Usuario\Downloads\HitmanPro.exe2015-07-03 18:47 - 2015-07-03 18:47 - 00000000 ____D C:\Program Files\Disc Soft2015-07-03 18:45 - 2015-07-03 18:48 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite2015-07-03 18:45 - 2015-07-03 18:45 - 00025016 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys2015-07-03 18:45 - 2015-07-03 18:45 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite2015-07-03 18:29 - 2015-07-08 14:44 - 00008198 _____ C:\Windows\PFRO.log2015-07-03 18:07 - 2015-07-03 18:07 - 00000802 _____ C:\Windows\setupact.log2015-07-03 18:07 - 2015-07-03 18:07 - 00000000 _____ C:\Windows\setuperr.log2015-07-03 14:51 - 2015-07-03 14:51 - 00000000 ____D C:\Users\Usuario\Downloads\Argente Utilities2015-07-03 13:39 - 2015-07-04 20:21 - 00000000 ____D C:\Users\Usuario\Desktop\Varios2015-07-03 12:47 - 2009-08-04 05:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll2015-07-03 12:10 - 2015-01-28 22:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2015-07-03 12:09 - 2015-01-28 22:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-07-03 12:03 - 2015-03-08 22:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2015-07-03 12:03 - 2014-08-26 21:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2015-07-03 12:03 - 2014-06-13 15:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2015-07-03 12:03 - 2014-06-13 15:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2015-07-03 12:02 - 2014-06-15 19:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2015-07-03 11:53 - 2014-10-09 22:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2015-07-03 11:53 - 2014-10-09 22:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-07-03 11:53 - 2014-10-09 20:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-07-03 11:52 - 2014-12-18 21:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-07-03 11:51 - 2014-11-03 21:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2015-07-03 11:50 - 2015-04-30 13:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-07-03 11:50 - 2015-03-04 23:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2015-07-03 11:50 - 2015-01-15 01:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-07-03 11:50 - 2014-10-09 22:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-07-03 11:46 - 2015-04-24 12:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2015-07-03 11:41 - 2014-10-23 22:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-07-03 11:40 - 2015-03-04 23:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys2015-07-03 11:40 - 2015-03-04 23:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll2015-07-03 11:39 - 2015-03-13 23:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-07-03 11:39 - 2015-03-12 22:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe2015-07-03 11:39 - 2015-03-12 22:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-07-03 11:39 - 2015-01-08 23:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-07-03 11:39 - 2015-01-08 21:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-07-03 11:39 - 2014-10-23 22:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2015-07-03 11:30 - 2015-04-19 18:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2015-07-03 11:30 - 2015-04-19 18:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2015-07-03 11:30 - 2015-04-19 18:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2015-07-03 11:30 - 2015-04-19 18:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2015-07-03 11:30 - 2015-04-19 17:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2015-07-03 11:30 - 2015-04-19 17:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2015-07-03 11:30 - 2015-04-19 17:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2015-07-03 11:30 - 2015-04-19 17:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-07-03 11:30 - 2015-04-19 17:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-07-03 11:29 - 2014-11-25 23:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2015-07-03 11:27 - 2015-02-19 23:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-07-03 11:27 - 2015-02-19 21:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-07-03 11:26 - 2015-04-30 10:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-07-03 11:20 - 2015-01-20 23:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll2015-07-03 11:20 - 2014-08-11 23:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2015-07-03 11:18 - 2015-05-21 11:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-07-03 11:17 - 2014-10-12 22:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2015-07-03 11:10 - 2015-07-03 11:10 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk2015-07-03 11:10 - 2015-07-03 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-07-03 11:10 - 2015-07-03 11:10 - 00000000 ____D C:\Program Files\Common Files\Skype2015-07-03 11:08 - 2014-12-06 00:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-07-03 11:08 - 2014-12-06 00:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll2015-07-03 11:08 - 2014-12-06 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll2015-07-03 11:08 - 2014-10-02 22:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2015-07-03 11:08 - 2014-10-02 22:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2015-07-03 11:08 - 2014-10-02 22:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-07-03 11:08 - 2014-10-02 22:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2015-07-03 11:07 - 2015-02-17 23:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2015-07-03 10:50 - 2015-04-10 20:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe2015-07-03 10:46 - 2015-05-08 20:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-07-03 10:39 - 2014-12-07 22:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2015-07-03 10:37 - 2012-07-26 00:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe2015-07-03 10:37 - 2012-07-26 00:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll2015-07-03 10:37 - 2012-07-26 00:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll2015-07-03 10:37 - 2012-07-26 00:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll2015-07-03 10:37 - 2012-07-26 00:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll2015-07-03 10:37 - 2012-07-25 23:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys2015-07-03 10:37 - 2012-07-25 23:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys2015-07-03 10:37 - 2012-06-02 11:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf2015-07-03 10:37 - 2009-07-14 09:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll2015-07-03 10:36 - 2015-05-04 19:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2015-07-03 10:36 - 2015-05-04 19:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2015-07-03 10:36 - 2015-05-04 19:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2015-07-03 10:36 - 2015-05-04 19:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2015-07-03 10:36 - 2015-05-04 18:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2015-07-03 10:24 - 2014-12-06 00:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-07-03 10:20 - 2011-06-15 13:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll2015-07-03 10:20 - 2011-02-22 11:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll2015-07-03 10:15 - 2011-03-12 18:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll2015-07-03 10:15 - 2011-03-03 12:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll2015-07-03 10:15 - 2011-03-03 10:35 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll2015-07-03 10:14 - 2012-11-22 00:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll2015-07-03 10:08 - 2015-05-30 21:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-07-03 10:08 - 2015-05-30 20:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-07-03 10:08 - 2015-05-30 20:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-07-03 10:08 - 2015-05-30 20:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-07-03 10:08 - 2015-05-30 20:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-07-03 10:08 - 2015-05-30 20:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-07-03 10:08 - 2015-05-30 20:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-07-03 10:08 - 2015-05-30 20:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-07-03 10:08 - 2015-05-30 20:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-07-03 10:08 - 2015-05-30 20:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-07-03 10:08 - 2015-05-30 20:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-07-03 10:08 - 2015-05-30 20:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2015-07-03 10:08 - 2015-05-30 20:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-07-03 10:08 - 2015-05-30 20:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-07-03 10:08 - 2015-05-30 20:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-07-03 10:08 - 2015-05-30 20:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2015-07-03 10:08 - 2015-05-30 20:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2015-07-03 10:03 - 2013-04-17 09:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll2015-07-03 00:31 - 2015-07-03 00:31 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk2015-07-03 00:24 - 2015-07-03 00:31 - 00000000 ____D C:\Program Files\Microsoft Security Client2015-07-02 23:14 - 2015-07-02 23:14 - 00000045 _____ C:\Windows\system32\initdebug.nfo2015-07-02 19:49 - 2015-07-02 19:49 - 00000000 ____D C:\Program Files\AVG2015-07-02 19:40 - 2015-07-02 19:50 - 00000000 ____D C:\ProgramData\AVG2015-07-02 19:12 - 2015-07-02 19:12 - 00004250 _____ C:\ProgramData\HELP_DECRYPT.TXT2015-07-02 19:12 - 2015-07-02 19:12 - 00000284 _____ C:\ProgramData\HELP_DECRYPT.URL2015-07-02 18:59 - 2015-07-02 19:07 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7CC85FE5.sys2015-07-02 16:30 - 2015-07-02 19:51 - 00000000 ___HD C:\eda44d632015-07-01 12:11 - 2015-07-01 12:11 - 00000207 _____ C:\Windows\tweaking.com-regbackup-USUARIO1-Windows-Vista--Home-Premium-(32-bit).dat2015-07-01 12:10 - 2015-07-08 00:49 - 00000000 ____D C:\RegBackup2015-07-01 11:33 - 2015-07-01 11:34 - 00177762 _____ C:\Users\Usuario\Downloads\CEMENTERIO.html2015-06-24 04:15 - 2015-07-07 23:30 - 02383432 _____ C:\Windows\system32\FNTCACHE.DAT2015-06-23 21:19 - 2015-07-02 18:57 - 00000000 ___HD C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-11 10:43 - 2014-08-18 23:25 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-07-11 10:32 - 2010-09-09 23:44 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091019311-2293192049-2105965127-1000UA.job2015-07-11 10:31 - 2011-03-05 00:11 - 00000000 ____D C:\Musica2015-07-11 10:24 - 2006-11-02 09:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02015-07-11 10:24 - 2006-11-02 09:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02015-07-11 08:24 - 2014-10-29 23:08 - 01838147 _____ C:\Windows\WindowsUpdate.log2015-07-10 16:32 - 2010-09-09 23:44 - 00001002 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3091019311-2293192049-2105965127-1000Core.job2015-07-10 15:45 - 2006-11-02 07:33 - 01631650 _____ C:\Windows\system32\PerfStringBackup.INI2015-07-10 15:39 - 2006-11-02 10:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-07-10 12:53 - 2006-11-02 10:01 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-07-08 05:35 - 2010-03-02 11:38 - 00000000 ____D C:\Users\Usuario2015-07-08 05:35 - 2008-05-24 21:05 - 00000000 ____D C:\Program Files\Microsoft Office2015-07-08 02:09 - 2013-10-17 09:07 - 00000000 ____D C:\Users\Usuario\Desktop\Ariel Rubattino2015-07-08 01:12 - 2010-09-09 23:46 - 00000000 ____D C:\Program Files\Google2015-07-08 01:10 - 2010-03-21 15:38 - 00000000 ____D C:\Users\Usuario\AppData\Local\Adobe2015-07-08 01:10 - 2008-05-24 21:22 - 00000000 ____D C:\ProgramData\Adobe2015-07-08 01:10 - 2008-05-24 21:22 - 00000000 ____D C:\Program Files\Common Files\Adobe2015-07-08 01:10 - 2008-05-24 21:22 - 00000000 ____D C:\Program Files\Adobe2015-07-08 01:07 - 2008-05-24 21:04 - 00000000 ____D C:\Windows\system32\Macromed2015-07-08 00:50 - 2008-05-25 05:35 - 00000000 ___HD C:\HP2015-07-08 00:46 - 1999-03-30 15:17 - 00000000 ___HD C:\System.sav2015-07-08 00:44 - 2010-09-13 21:18 - 00000000 ____D C:\Users\Usuario\Tracing2015-07-08 00:37 - 2010-09-09 18:01 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Outlook2015-07-08 00:33 - 2011-02-11 00:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Skype2015-07-08 00:25 - 2010-09-09 23:44 - 00000000 ____D C:\Users\Usuario\AppData\Local\Google2015-07-08 00:22 - 2006-11-02 09:37 - 00000000 ___RD C:\Users\Public\Recorded TV2015-07-08 00:22 - 2006-11-02 08:18 - 00000000 ___RD C:\Users\Public2015-07-08 00:11 - 2008-05-24 20:07 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2015-07-08 00:02 - 2011-06-11 17:25 - 00000000 ____D C:\Program Files\Common Files\Research In Motion2015-07-08 00:01 - 2008-05-24 20:25 - 00000000 ____D C:\Program Files\HP2015-07-07 23:50 - 2008-05-24 20:02 - 00000000 ____D C:\Program Files\Hewlett-Packard2015-07-07 23:46 - 2010-09-12 19:49 - 00009508 _____ C:\ProgramData\hpzinstall.log2015-07-07 23:39 - 2010-03-03 11:33 - 00000000 ____D C:\Program Files\Foxit Software2015-07-07 23:34 - 2006-11-02 09:37 - 00000000 ____D C:\Windows\twain_322015-07-07 23:12 - 2011-02-19 01:16 - 00000000 ____D C:\Program Files\Musicmatch2015-07-07 23:08 - 2010-09-08 16:55 - 00000000 ____D C:\ProgramData\Corel2015-07-07 22:57 - 2010-09-09 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk2015-07-07 22:57 - 2010-09-09 18:28 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared2015-07-07 22:56 - 2010-03-02 11:38 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite2015-07-07 22:56 - 2008-05-24 21:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite2015-07-07 22:56 - 2008-05-24 21:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite2015-07-07 22:56 - 2008-05-24 21:22 - 00000000 ____D C:\Program Files\CyberLink2015-07-07 22:56 - 2008-05-24 20:07 - 00000000 ____D C:\Program Files\Common Files\InstallShield2015-07-07 22:55 - 2010-09-08 17:09 - 00000000 ____D C:\ProgramData\Apple2015-07-07 22:55 - 2010-09-08 17:09 - 00000000 ____D C:\Program Files\Common Files\Apple2015-07-07 22:53 - 2010-09-13 21:04 - 00000000 ____D C:\Program Files\Windows Live2015-07-07 22:53 - 2010-09-13 20:35 - 00000000 ____D C:\Program Files\Common Files\Windows Live2015-07-07 22:53 - 2006-11-02 08:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2015-07-07 22:50 - 2012-02-05 18:02 - 00000000 ____D C:\ProgramData\Apple Computer2015-07-07 22:49 - 2013-01-08 09:13 - 00000000 ____D C:\Program Files\Common Files\XCPCSync.OEM2015-07-07 22:45 - 2010-09-09 21:52 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine2015-07-07 22:44 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\Microsoft.NET2015-07-07 22:43 - 2014-10-22 22:30 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB2015-07-07 22:35 - 2008-05-24 21:04 - 00000000 ____D C:\Program Files\Microsoft Works2015-07-07 22:27 - 2008-05-24 20:48 - 00000000 ____D C:\ProgramData\WildTangent2015-07-07 22:27 - 2006-11-02 09:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2015-07-07 22:26 - 2010-09-09 18:36 - 00000000 ____D C:\ProgramData\Autodesk2015-07-07 22:26 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\Help2015-07-07 22:23 - 2010-09-27 23:32 - 00000000 ____D C:\Program Files\AutoCAD 20102015-07-07 21:30 - 2010-03-02 11:41 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Adobe2015-07-07 21:12 - 2010-09-09 23:31 - 00000000 ____D C:\ProgramData\FLEXnet2015-07-07 19:45 - 2010-03-02 11:07 - 00000000 ____D C:\ProgramData\Atheros2015-07-06 23:03 - 2011-09-28 17:17 - 00000000 ____D C:\Users\Usuario\Documents\YouCam2015-07-06 21:08 - 2011-02-11 00:52 - 00000000 ___RD C:\Program Files\Skype2015-07-06 21:08 - 2011-02-11 00:52 - 00000000 ____D C:\ProgramData\Skype2015-07-05 07:11 - 2010-08-20 06:07 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2015-07-03 20:42 - 2012-03-03 12:46 - 00000000 ____D C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2015-07-03 20:40 - 2011-05-20 07:58 - 00000000 ____D C:\ProgramData\Skype Extras2015-07-03 20:40 - 2008-05-24 20:09 - 00000000 ____D C:\ProgramData\Symantec2015-07-03 20:38 - 2010-08-20 19:35 - 00000000 ____D C:\ProgramData\HP2015-07-03 20:38 - 2008-05-24 20:48 - 00000000 ____D C:\ProgramData\Hewlett-Packard2015-07-03 20:36 - 2012-11-03 13:30 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12015-07-03 19:02 - 2011-04-02 12:33 - 00000000 ____D C:\Users\Usuario\Desktop\My Shared Folder2015-07-03 17:27 - 2014-11-30 16:26 - 00000000 ____D C:\Users\Usuario\Desktop\PAULINA2015-07-03 16:25 - 2010-09-08 02:58 - 00000000 ____D C:\ProgramData\Temp2015-07-03 15:39 - 2011-02-24 16:45 - 00000000 ____D C:\Windows\pss2015-07-03 15:39 - 2010-09-09 18:00 - 00000000 ____D C:\Users\Usuario\AppData\Local\Outlook2015-07-03 15:39 - 2008-05-25 05:45 - 00000000 ____D C:\Windows\panther2015-07-03 15:39 - 2008-04-10 07:26 - 00000000 ____D C:\Windows\SMINST2015-07-03 15:39 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\system32\Msdtc2015-07-03 15:39 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\system32\catroot2.bak2015-07-03 13:41 - 2013-04-07 21:26 - 00000000 ____D C:\Users\Usuario\Desktop\CANCUN2015-07-03 13:40 - 2011-09-09 19:19 - 00000000 ____D C:\Users\Usuario\Desktop\imprimir2015-07-03 12:49 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\rescache2015-07-03 12:11 - 2006-11-02 09:37 - 00000000 ____D C:\Windows\system32\XPSViewer2015-07-03 12:05 - 2008-05-24 21:17 - 00000000 ____D C:\ProgramData\Microsoft Help2015-07-02 21:37 - 2012-02-25 13:52 - 00000000 ____D C:\ProgramData\AVAST Software2015-07-02 18:41 - 2014-08-18 23:24 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2015-07-02 16:34 - 2014-08-18 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-07-02 16:34 - 2013-10-02 22:24 - 00000859 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-07-02 14:28 - 2010-08-20 04:37 - 00000304 _____ C:\ProgramData\hpqp.txt2015-06-18 08:41 - 2014-08-18 23:24 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-18 08:41 - 2014-08-18 23:24 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-18 08:41 - 2013-10-02 22:24 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Files in the root of some directories ======= 2015-07-08 00:44 - 2015-07-08 00:46 - 0009216 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2010-08-20 04:37 - 2010-09-08 22:18 - 2989660 _____ (Macromedia, Inc.) C:\ProgramData\DVD.exe2010-08-20 04:37 - 2010-08-20 04:37 - 2231606 _____ (Macromedia, Inc.) C:\ProgramData\Games.exe2015-07-02 19:12 - 2015-07-02 19:12 - 0045476 _____ () C:\ProgramData\HELP_DECRYPT.PNG2015-07-02 19:12 - 2015-07-02 19:12 - 0004250 _____ () C:\ProgramData\HELP_DECRYPT.TXT2015-07-02 19:12 - 2015-07-02 19:12 - 0000284 _____ () C:\ProgramData\HELP_DECRYPT.URL2010-08-20 04:30 - 2011-02-24 16:24 - 0000269 _____ () C:\ProgramData\hpqp.ini2010-08-20 04:37 - 2015-07-02 14:28 - 0000304 _____ () C:\ProgramData\hpqp.txt2010-09-12 19:49 - 2015-07-07 23:46 - 0009508 _____ () C:\ProgramData\hpzinstall.log2010-08-20 04:37 - 2010-08-20 04:37 - 2331174 _____ (Macromedia, Inc.) C:\ProgramData\Karaoke.exe2010-08-20 04:37 - 2012-04-30 02:31 - 3063561 _____ (Macromedia, Inc.) C:\ProgramData\MobileTV.exe2010-08-20 04:37 - 2012-02-05 15:25 - 2864396 _____ (Macromedia, Inc.) C:\ProgramData\MPV.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-11 03:46 ==================== End of log ============================Addition.txt Roguekiller1.txt
  7. Has anyone dealt with the Cryptowall ransomware? This system got infected, and now we can't open any files at all. They are all encrypted. Almost every folder has 4 additional files in them named HELP_DECRYPT (different types of files, html, etc.). And every time the computer is restarted, an HTML page comes up with "instructions on how to fix it" and the links are different each time. (the fix, as you probably know, is to pay a ransom fee) I scanned it with MalwareBytes and removed 688 threats and attached the log. AVAST only found three, which I also removed. Those are the only two scans that I've done so far. Any ideas on how to decrypt the files or is there no hope? What else should I do to clean the system? What is the best anti-virus to protect against this from happening again? It was not running AVAST when this happened. It was running McAfee. Thanks. Malwarebytes Scan 6.19.15 5pm.txt
  8. Hello, Almost all my files got decrypt by malwarebytes and it requires me to pay 1 BTC in order to decrpyt all the files in my PC. But my problem is i do not know how to use buy or use BTC. can i pay using paypal instead of using BTC? here's the problem that i am getting: http://screencast.com/t/H2Kstwvilbz Please help because i want this to FIX ASAP!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.