clementine21
Members-
Posts
8 -
Joined
-
Last visited
Reputation
0 Neutral-
Infected with Ransomware
clementine21 replied to clementine21's topic in Resolved Malware Removal Logs
Sweet. Thanks for the tips. -
Infected with Ransomware
clementine21 replied to clementine21's topic in Resolved Malware Removal Logs
Thank you very much for helping me I have a quick question. I use Avira for protection but I should delete it because I also have Microsoft Security Essentials. I see on your suggestion page that I would need a firewall and anti-malware too. Is my windows firewall good enough or should I download one? So if I have Microsoft Security Essentials, my laptop firewall, and download the anti-malware... I should be better protected. -
Infected with Ransomware
clementine21 replied to clementine21's topic in Resolved Malware Removal Logs
And the security check Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 35 Java 7 Update 17 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader XI Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` -
Infected with Ransomware
clementine21 replied to clementine21's topic in Resolved Malware Removal Logs
Here's the Adware log. AdwCleanerS1.txt -
Infected with Ransomware
clementine21 replied to clementine21's topic in Resolved Malware Removal Logs
Here is the log. I have looked over the files and there's nothing I want to keep, but I do recognize the conduit folders. Sometimes my internet will open with this as a search bar. I have tried to delete in the past because I have no idea how it got on my laptop. AdwCleanerR1.txt -
Infected with Ransomware
clementine21 replied to clementine21's topic in Resolved Malware Removal Logs
I ran the scan twice and it didn't find any threats. Here are the logs. mbar-log-2013-06-10 (10-45-51).txt system-log.txt Fixlog.txt -
Infected with Ransomware
clementine21 replied to clementine21's topic in Resolved Malware Removal Logs
Thank you very much for helping me. Here is my FRST.text Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-06-2013 Ran by SYSTEM on 09-06-2013 23:04:50 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-23] (Realtek Semiconductor) HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-23] (Realtek Semiconductor Corp.) HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [79872 2009-08-26] (Sony Electronics Corporation) HKLM-x32\...\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup [1596096 2009-08-05] (Leader Technologies Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKU\Andrea\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-02] (Google Inc.) HKU\Andrea\...\Run: [Epson Stylus NX430(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU "C:\Users\Andrea\AppData\Local\Temp\E_S6FC2.tmp" /EF "HKCU" [x] HKU\Andrea\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [916480 2013-02-16] (Ares Development Group) HKU\Andrea\...\Run: [Amazon Cloud Drive] C:\Users\Andrea\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe [646528 2012-11-12] () HKU\Andrea\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Andrea\AppData\Local\Temp\moniragi.exe [45056 2013-06-09] (Adobe Systems Incorporated) HKU\Andrea\...\Command Processor: "C:\Users\Andrea\AppData\Local\Temp\moniragi.exe" Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor) S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2008-09-29] (Intel Corporation) S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation) S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation) S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation) S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x] ==================== Drivers (Whitelisted) ==================== S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-09 23:04 - 2013-06-09 23:04 - 00000000 ____D C:\FRST 2013-06-09 16:44 - 2013-06-09 16:44 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Malwarebytes 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-09 16:44 - 2013-04-04 10:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-06-09 16:23 - 2013-06-09 16:23 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Andrea\Desktop\mbam-setup-1.75.0.1300.com 2013-06-06 09:07 - 2013-06-06 09:15 - 00000000 ____D C:\Users\Andrea\Downloads\DS & 3DS 2013-06-06 08:58 - 2013-06-06 09:00 - 00000000 ____D C:\Users\Andrea\Downloads\Old School 2013-06-03 07:10 - 2013-06-08 08:59 - 00000000 ____D C:\Users\Andrea\Downloads\Roms 2013-06-02 20:32 - 2012-10-11 02:34 - 00014871 ____A C:\Users\Andrea\Downloads\Readme.txt 2013-06-02 16:19 - 2013-06-06 20:06 - 00000000 ____D C:\Users\Andrea\Downloads\Games 2013-06-02 12:29 - 2013-06-03 07:09 - 00000000 ____D C:\Users\Andrea\Downloads\Hack Wii 2013-06-02 11:31 - 2013-06-02 11:31 - 07815799 ____A C:\Users\Andrea\Downloads\WiiBackupManager Build78.zip 2013-06-01 15:23 - 2013-06-02 07:09 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Nico Mak Computing 2013-06-01 15:23 - 2013-02-13 07:07 - 00019840 ____A (WinZip Computing, S.L.(WinZip Computing)) C:\Windows\System32\roboot64.exe 2013-06-01 15:21 - 2013-06-03 08:26 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\uTorrent 2013-06-01 14:58 - 2013-06-01 14:58 - 00000000 ____D C:\Users\Andrea\AppData\Local\WBFSManager 2013-06-01 14:56 - 2013-06-01 16:38 - 00000000 ____D C:\Users\Andrea\Downloads\WBFS Manager Covers 2013-06-01 14:56 - 2013-06-01 14:56 - 00000954 ____A C:\Users\Andrea\Desktop\WBFS Manager 3.0.lnk 2013-06-01 14:56 - 2013-06-01 14:56 - 00000000 ____D C:\Program Files\WBFS 2013-06-01 14:55 - 2013-06-01 14:55 - 02845640 ____A C:\Users\Andrea\Downloads\WBFSManager3.0-RTW-x64.zip 2013-06-01 14:51 - 2013-06-01 14:51 - 02623374 ____A C:\Users\Andrea\Downloads\WBFSManager3.0.1-RTW-x86.zip 2013-06-01 11:52 - 2013-06-01 11:52 - 00000181 ____A C:\Windows\WININIT.INI 2013-06-01 11:49 - 2013-06-01 11:49 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Roxio Log Files 2013-06-01 11:35 - 2013-06-01 11:35 - 00495096 ____A C:\Users\Andrea\Downloads\Desktunes_RocketFuelInstaller.exe 2013-05-21 08:17 - 2013-05-21 08:17 - 02162344 ____A (Catalina Marketing Corp) C:\Users\Andrea\AppData\Local\BcsKtYcHW.dll 2013-05-21 08:17 - 2013-05-21 08:17 - 00926010 ____A C:\Users\Andrea\AppData\Local\a.zip 2013-05-15 23:06 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 23:06 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 23:06 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-15 23:06 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-15 23:02 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-15 23:02 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 23:02 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 23:02 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 23:02 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-15 23:02 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-15 23:02 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 23:02 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-15 23:02 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 23:02 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-15 23:02 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 23:02 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 23:02 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-15 23:02 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 23:02 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-15 23:02 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 23:02 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-15 23:02 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-15 23:02 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-15 23:02 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-15 23:02 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-15 23:02 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-15 23:02 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-15 23:02 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-15 23:02 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-15 23:02 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-15 23:02 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-15 23:02 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-15 21:12 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 21:12 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 21:12 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 21:12 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 21:12 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 21:12 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 21:12 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 21:12 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 21:12 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 21:12 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-15 21:12 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-15 21:11 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 21:11 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 21:11 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-12 17:58 - 2013-05-13 09:12 - 00000955 ____A C:\Users\Public\Desktop\Ares.lnk ==================== One Month Modified Files and Folders ======= 2013-06-09 23:04 - 2013-06-09 23:04 - 00000000 ____D C:\FRST 2013-06-09 17:25 - 2009-08-18 15:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-09 17:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system 2013-06-09 17:17 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-09 17:17 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-09 17:13 - 2013-04-29 19:47 - 00000000 ____D C:\Users\Andrea\AppData\Local\Deployment 2013-06-09 17:09 - 2009-09-02 22:08 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-09 17:08 - 2012-07-25 19:18 - 00008962 ____A C:\Windows\setupact.log 2013-06-09 17:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-09 16:44 - 2013-06-09 16:44 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Malwarebytes 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-06-09 16:44 - 2013-06-09 16:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-09 16:23 - 2013-06-09 16:23 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Andrea\Desktop\mbam-setup-1.75.0.1300.com 2013-06-09 13:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-09 13:35 - 2012-10-10 06:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-09 13:30 - 2009-09-02 22:08 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-09 08:30 - 2009-09-26 00:49 - 01423445 ____A C:\Windows\WindowsUpdate.log 2013-06-08 20:46 - 2011-05-26 14:08 - 00000000 ____D C:\Users\Andrea\Documents\Surveys 2013-06-08 08:59 - 2013-06-03 07:10 - 00000000 ____D C:\Users\Andrea\Downloads\Roms 2013-06-06 20:06 - 2013-06-02 16:19 - 00000000 ____D C:\Users\Andrea\Downloads\Games 2013-06-06 09:15 - 2013-06-06 09:07 - 00000000 ____D C:\Users\Andrea\Downloads\DS & 3DS 2013-06-06 09:00 - 2013-06-06 08:58 - 00000000 ____D C:\Users\Andrea\Downloads\Old School 2013-06-06 06:00 - 2009-09-02 22:09 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-06-05 19:16 - 2009-09-02 23:07 - 00455806 ____A C:\Windows\PFRO.log 2013-06-03 21:24 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-03 08:26 - 2013-06-01 15:21 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\uTorrent 2013-06-03 07:09 - 2013-06-02 12:29 - 00000000 ____D C:\Users\Andrea\Downloads\Hack Wii 2013-06-02 22:08 - 2012-07-25 20:51 - 00000000 ____D C:\Users\Andrea\AppData\Local\Conduit 2013-06-02 11:31 - 2013-06-02 11:31 - 07815799 ____A C:\Users\Andrea\Downloads\WiiBackupManager Build78.zip 2013-06-02 07:09 - 2013-06-01 15:23 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Nico Mak Computing 2013-06-01 16:38 - 2013-06-01 14:56 - 00000000 ____D C:\Users\Andrea\Downloads\WBFS Manager Covers 2013-06-01 15:25 - 2012-07-25 20:51 - 00000000 ____D C:\Users\Andrea\AppData\Local\CRE 2013-06-01 14:58 - 2013-06-01 14:58 - 00000000 ____D C:\Users\Andrea\AppData\Local\WBFSManager 2013-06-01 14:56 - 2013-06-01 14:56 - 00000954 ____A C:\Users\Andrea\Desktop\WBFS Manager 3.0.lnk 2013-06-01 14:56 - 2013-06-01 14:56 - 00000000 ____D C:\Program Files\WBFS 2013-06-01 14:55 - 2013-06-01 14:55 - 02845640 ____A C:\Users\Andrea\Downloads\WBFSManager3.0-RTW-x64.zip 2013-06-01 14:51 - 2013-06-01 14:51 - 02623374 ____A C:\Users\Andrea\Downloads\WBFSManager3.0.1-RTW-x86.zip 2013-06-01 11:58 - 2010-06-20 20:10 - 00000000 ____D C:\Program Files\WinRAR 2013-06-01 11:52 - 2013-06-01 11:52 - 00000181 ____A C:\Windows\WININIT.INI 2013-06-01 11:49 - 2013-06-01 11:49 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Roxio Log Files 2013-06-01 11:35 - 2013-06-01 11:35 - 00495096 ____A C:\Users\Andrea\Downloads\Desktunes_RocketFuelInstaller.exe 2013-05-27 15:41 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-05-27 10:08 - 2009-12-30 20:16 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Tutor 2013-05-27 10:07 - 2009-12-06 14:57 - 00000000 ____D C:\Users\Andrea\AppData\Local\VirtualStore 2013-05-27 09:59 - 2011-01-02 20:55 - 00000000 ____D C:\Users\Public\Documents\AAB 2013-05-27 09:58 - 2011-01-02 20:55 - 00000000 ____D C:\Users\Public\Documents\ASCP 2013-05-21 08:17 - 2013-05-21 08:17 - 02162344 ____A (Catalina Marketing Corp) C:\Users\Andrea\AppData\Local\BcsKtYcHW.dll 2013-05-21 08:17 - 2013-05-21 08:17 - 00926010 ____A C:\Users\Andrea\AppData\Local\a.zip 2013-05-16 06:35 - 2012-10-10 06:48 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-16 06:35 - 2012-10-10 06:48 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-16 05:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-15 23:42 - 2009-07-13 20:45 - 00451408 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 23:21 - 2009-09-02 22:16 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-15 23:12 - 2010-01-16 12:24 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-13 09:12 - 2013-05-12 17:58 - 00000955 ____A C:\Users\Public\Desktop\Ares.lnk 2013-05-13 08:51 - 2012-07-21 20:59 - 00000000 ____D C:\Users\Andrea\Desktop\My Shared Folder 2013-05-12 17:58 - 2013-04-27 16:28 - 00000000 ____D C:\Program Files (x86)\Ares 2013-05-12 13:43 - 2012-04-15 11:57 - 00000000 ____D C:\Users\Andrea\AppData\Roaming\Epson 2013-05-12 13:43 - 2012-04-14 13:51 - 00000000 ____D C:\ProgramData\EPSON ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-26 05:55:13 Restore point made on: 2013-05-27 11:22:38 Restore point made on: 2013-05-27 12:12:57 Restore point made on: 2013-05-29 07:05:55 Restore point made on: 2013-06-02 07:22:17 Restore point made on: 2013-06-02 15:51:21 Restore point made on: 2013-06-02 16:02:34 Restore point made on: 2013-06-05 19:28:45 Restore point made on: 2013-06-09 08:28:59 Restore point made on: 2013-06-09 13:49:10 Restore point made on: 2013-06-09 13:51:42 Restore point made on: 2013-06-09 14:02:13 Restore point made on: 2013-06-09 17:14:28 Restore point made on: 2013-06-09 17:16:21 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3935.02 MB Available physical RAM: 3313.34 MB Total Pagefile: 3933.17 MB Available Pagefile: 3299.4 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:290.37 GB) (Free:133.77 GB) NTFS (Disk=0 Partition=3) Drive e: (Recovery) (Fixed) (Total:7.62 GB) (Free:0.83 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 85EFE600) Partition 1: (Not Active) - (Size=8 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 48183E69) Partition 1: (Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-06-03 22:09 ==================== End Of Log ============================ -
Hello, My laptop has ransomware on it. I've tried to follow the steps in the Removal Guides and Self Help Guides forum, but it didn't work. I need help. -Clem