blend
2015-01-30, 20:02
It appears to be called Crypto Wall 3.0. Please help! I tried running malware bytes and ccleaner to no avail. Thanks in advance!
FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Owner (administrator) on OWNER-PC on 30-01-2015 12:50:03
Running from K:\
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digidesign, A Division of Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\ns.exe
(PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\ns.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Gemalto N.V.) C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [643592 2009-10-02] (Avid Technology, Inc.)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-05-28] (Google Inc.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [ChromeUpdate] => C:\Users\Owner\AppData\Roaming\FrameworkUpdate\ChromeUpdate.exe
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.tostotor.com/kfzNo0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2405337125-3894891454-2728286072-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2405337125-3894891454-2728286072-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @ilok.com/iLokHelper,version=3.1.0.7 -> C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2405337125-3894891454-2728286072-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2405337125-3894891454-2728286072-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-10-23]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn [2015-01-29]
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-12]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2014-12-19]
CHR HKLM\...\Chrome\Extension: [hchpodijgngncfjhhnhfahlggabgaghl] - No Path
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
StartMenuInternet: Google Chrome - chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation)
R2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-09-08] (PACE Anti-Piracy, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WSWNDA3100; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [278528 2009-06-04] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1092160 2011-04-19] (Broadcom Corporation)
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20141107.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation)
R2 DigiNet; C:\Windows\System32\DRIVERS\diginet.sys [16400 2009-08-15] (Digidesign, A Division of Avid Technology, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-10-12] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20141108.001\IDSvix86.sys [476888 2014-10-10] (Symantec Corporation)
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [22736 2013-04-11] ()
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [158344 2009-10-02] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141111.002\NAVENG.SYS [95704 2014-10-12] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141111.002\NAVEX15.SYS [1636696 2014-10-12] (Symantec Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [34064 2007-11-07] (CACE Technologies)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2014-10-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NS\1601000.009\SYMNETS.SYS [420056 2014-09-09] (Symantec Corporation)
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [94416 2013-04-11] (PACE Anti-Piracy, Inc.)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [449536 2008-09-30] (Atheros Communications, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: PGPsdkDriver -> No Registry Path.
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 12:49 - 2015-01-30 12:50 - 00000000 ____D () C:\FRST
2015-01-28 22:39 - 2015-01-28 23:00 - 00000000 ____D () C:\AdwCleaner
2015-01-27 23:26 - 2015-01-27 23:26 - 00144624 _____ () C:\Windows\Minidump\012715-41043-01.dmp
2015-01-27 02:08 - 2015-01-27 02:08 - 00008528 _____ () C:\Users\Owner\Desktop\HELP_DECRYPT.HTML
2015-01-27 02:08 - 2015-01-27 02:08 - 00000272 _____ () C:\Users\Owner\Desktop\HELP_DECRYPT.URL
2015-01-27 02:07 - 2015-01-27 02:07 - 00008528 _____ () C:\Users\Owner\HELP_DECRYPT.HTML
2015-01-27 02:07 - 2015-01-27 02:07 - 00004204 _____ () C:\Users\Owner\HELP_DECRYPT.TXT
2015-01-27 02:07 - 2015-01-27 02:07 - 00004204 _____ () C:\Users\Owner\Desktop\HELP_DECRYPT.TXT
2015-01-27 02:07 - 2015-01-27 02:07 - 00000272 _____ () C:\Users\Owner\HELP_DECRYPT.URL
2015-01-26 23:32 - 2015-01-26 23:32 - 00008528 _____ () C:\Users\Owner\Downloads\HELP_DECRYPT.HTML
2015-01-26 23:32 - 2015-01-26 23:32 - 00004204 _____ () C:\Users\Owner\Downloads\HELP_DECRYPT.TXT
2015-01-26 23:32 - 2015-01-26 23:32 - 00000272 _____ () C:\Users\Owner\Downloads\HELP_DECRYPT.URL
2015-01-26 23:18 - 2015-01-26 23:18 - 00008528 _____ () C:\Users\Owner\Documents\HELP_DECRYPT.HTML
2015-01-26 23:18 - 2015-01-26 23:18 - 00004204 _____ () C:\Users\Owner\Documents\HELP_DECRYPT.TXT
2015-01-26 23:18 - 2015-01-26 23:18 - 00000272 _____ () C:\Users\Owner\Documents\HELP_DECRYPT.URL
2015-01-26 21:20 - 2015-01-26 21:20 - 01051393 _____ () C:\Users\Owner\Desktop\08 adlids.wma
2015-01-26 21:19 - 2015-01-26 21:20 - 01051393 _____ () C:\Users\Owner\Desktop\07 double.wma
2015-01-26 21:19 - 2015-01-26 21:19 - 04158941 _____ () C:\Users\Owner\Desktop\05 mic titans(ruff 2.0).wma
2015-01-26 21:19 - 2015-01-26 21:19 - 01051389 _____ () C:\Users\Owner\Desktop\06 lead.wma
2015-01-26 20:16 - 2015-01-26 20:16 - 00008528 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-26 20:16 - 2015-01-26 20:16 - 00008528 _____ () C:\Users\Owner\AppData\HELP_DECRYPT.HTML
2015-01-26 20:16 - 2015-01-26 20:16 - 00004204 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-26 20:16 - 2015-01-26 20:16 - 00004204 _____ () C:\Users\Owner\AppData\HELP_DECRYPT.TXT
2015-01-26 20:16 - 2015-01-26 20:16 - 00000272 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL
2015-01-26 20:16 - 2015-01-26 20:16 - 00000272 _____ () C:\Users\Owner\AppData\HELP_DECRYPT.URL
2015-01-26 20:15 - 2015-01-26 20:15 - 00008528 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML
2015-01-26 20:15 - 2015-01-26 20:15 - 00004204 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT
2015-01-26 20:15 - 2015-01-26 20:15 - 00000272 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL
2015-01-26 16:32 - 2015-01-26 16:32 - 03919893 _____ () C:\Users\Owner\Desktop\01 foundation(ruff).wma
2015-01-26 16:32 - 2015-01-26 16:32 - 01039441 _____ () C:\Users\Owner\Desktop\04 adlibs.wma
2015-01-26 16:32 - 2015-01-26 16:32 - 01039441 _____ () C:\Users\Owner\Desktop\03 double.wma
2015-01-26 16:32 - 2015-01-26 16:32 - 01039437 _____ () C:\Users\Owner\Desktop\02 lead.wma
2015-01-26 15:59 - 2015-01-26 20:49 - 00000000 ____D () C:\Users\Owner\Desktop\Beast From the East
2015-01-26 15:56 - 2015-01-26 22:12 - 00000000 ____D () C:\Users\Owner\Desktop\EastPack
2015-01-26 12:21 - 2015-01-26 12:21 - 69984432 _____ () C:\Users\Owner\Desktop\Fuck Everybody - BLeNd & BLuE.wav
2015-01-25 13:08 - 2015-01-25 13:08 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-25 13:08 - 2015-01-25 13:08 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-25 13:08 - 2015-01-25 13:08 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-25 12:58 - 2015-01-25 12:58 - 00000416 ____H () C:\ProgramData\@system3.att
2015-01-25 12:57 - 2015-01-27 23:27 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FrameworkUpdate
2015-01-25 12:57 - 2015-01-25 12:57 - 00000680 _____ () C:\ProgramData\@system.temp
2015-01-25 12:57 - 2015-01-25 12:57 - 00000480 ____H () C:\Users\Owner\AppData\Roaming\麽鎒駓覜
2015-01-25 12:56 - 2015-01-29 20:18 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-01-18 20:54 - 2015-01-18 20:54 - 04362175 _____ () C:\Users\Owner\Desktop\03 deticated vs.wma
2015-01-18 20:54 - 2015-01-18 20:54 - 04344253 _____ () C:\Users\Owner\Desktop\04 deticated track.wma
2015-01-18 20:54 - 2015-01-18 20:54 - 04308391 _____ () C:\Users\Owner\Desktop\01 wop track vs.wma
2015-01-18 20:54 - 2015-01-18 20:54 - 04290457 _____ () C:\Users\Owner\Desktop\02 wop track.wma
2015-01-18 19:11 - 2015-01-18 19:11 - 04158975 _____ () C:\Users\Owner\Desktop\08 libs.wma
2015-01-18 19:10 - 2015-01-18 19:10 - 04158985 _____ () C:\Users\Owner\Downloads\05 mic..ruff.wma
2015-01-16 12:13 - 2015-01-16 12:13 - 08284750 _____ () C:\Users\Owner\Downloads\10 Track 10.m4a
2015-01-16 12:13 - 2015-01-16 12:13 - 08284750 _____ () C:\Users\Owner\Desktop\10 Track 10.m4a
2015-01-16 12:13 - 2015-01-16 12:12 - 08710643 _____ () C:\Users\Owner\Desktop\08 Track 08.m4a
2015-01-16 12:13 - 2015-01-16 12:12 - 08654135 _____ () C:\Users\Owner\Desktop\06 Track 06.m4a
2015-01-16 12:13 - 2015-01-16 12:12 - 08463095 _____ () C:\Users\Owner\Desktop\07 Track 07.m4a
2015-01-16 12:13 - 2015-01-16 12:12 - 08064379 _____ () C:\Users\Owner\Desktop\09 Track 09.m4a
2015-01-16 12:13 - 2015-01-16 12:11 - 08644945 _____ () C:\Users\Owner\Desktop\04 Track 04.m4a
2015-01-16 12:13 - 2015-01-16 12:09 - 06653981 _____ () C:\Users\Owner\Desktop\02 Track 02.m4a
2015-01-16 12:12 - 2015-01-16 12:12 - 08710643 _____ () C:\Users\Owner\Downloads\08 Track 08.m4a
2015-01-16 12:12 - 2015-01-16 12:12 - 08654135 _____ () C:\Users\Owner\Downloads\06 Track 06.m4a
2015-01-16 12:12 - 2015-01-16 12:12 - 08463095 _____ () C:\Users\Owner\Downloads\07 Track 07.m4a
2015-01-16 12:12 - 2015-01-16 12:12 - 08064379 _____ () C:\Users\Owner\Downloads\09 Track 09.m4a
2015-01-16 12:11 - 2015-01-16 12:11 - 08644945 _____ () C:\Users\Owner\Downloads\04 Track 04.m4a
2015-01-16 12:09 - 2015-01-16 12:09 - 06653981 _____ () C:\Users\Owner\Downloads\02 Track 02.m4a
2015-01-16 12:08 - 2015-01-16 12:08 - 04601149 _____ () C:\Users\Owner\Desktop\05 ill keys ft. blend.wma
2015-01-16 12:08 - 2015-01-16 12:08 - 04272469 _____ () C:\Users\Owner\Desktop\01 off da hook ft d.original.wma
2015-01-16 12:08 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 12:08 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 12:08 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-16 12:08 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 12:08 - 2014-12-11 12:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 12:08 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 13:24 - 2015-01-15 13:22 - 35675456 _____ () C:\Users\Owner\Desktop\08 Gangsta Rap.wav
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 12:23 - 2010-05-28 13:22 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2405337125-3894891454-2728286072-1000UA.job
2015-01-30 12:05 - 2013-02-24 12:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 11:52 - 2011-10-09 23:00 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 11:51 - 2010-05-28 12:16 - 02096154 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 10:52 - 2011-10-09 23:00 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 02:23 - 2010-05-28 13:22 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2405337125-3894891454-2728286072-1000Core.job
2015-01-29 19:32 - 2009-07-13 23:34 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 19:32 - 2009-07-13 23:34 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 19:27 - 2014-09-29 21:37 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 19:26 - 2014-10-12 14:19 - 00010975 _____ () C:\Windows\setupact.log
2015-01-29 19:26 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 19:11 - 2010-05-28 12:22 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 22:56 - 2014-09-04 13:48 - 00001433 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-28 22:55 - 2014-10-12 23:33 - 00019276 _____ () C:\Windows\PFRO.log
2015-01-27 23:26 - 2014-11-07 16:58 - 258957678 _____ () C:\Windows\MEMORY.DMP
2015-01-27 23:26 - 2013-03-17 11:53 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-27 23:26 - 2010-06-02 21:55 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 15:05 - 2013-02-24 12:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-27 15:05 - 2013-02-24 12:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-27 12:42 - 2012-02-16 16:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2015-01-27 10:56 - 2010-05-29 13:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer
2015-01-27 02:07 - 2010-05-28 12:18 - 00000000 ____D () C:\Users\Owner
2015-01-26 23:47 - 2014-09-29 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 23:47 - 2014-09-29 21:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-26 23:47 - 2014-03-14 16:45 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 23:45 - 2010-05-29 12:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Digidesign
2015-01-26 23:38 - 2014-10-09 17:39 - 00000000 ___RD () C:\Users\Owner\Dropbox
2015-01-26 23:32 - 2012-02-14 15:17 - 00000000 ____D () C:\Users\Owner\Downloads\Windows 7 Ultimate (32 Bit)
2015-01-26 23:32 - 2011-01-19 14:08 - 00000000 ____D () C:\Users\Owner\Downloads\W138SS
2015-01-26 23:32 - 2011-01-19 14:08 - 00000000 ____D () C:\Users\Owner\Downloads\__MACOSX
2015-01-26 23:20 - 2012-02-21 20:34 - 00000000 ____D () C:\Users\Owner\Downloads\Auto-Tune_EFX2_RTAS_PC_v2.0.1d
2015-01-26 23:18 - 2013-09-01 10:19 - 00000000 ____D () C:\Users\Owner\Desktop\Wav Discovering the Medium Within
2015-01-26 23:09 - 2013-01-27 13:24 - 00000000 ____D () C:\Users\Owner\Desktop\Videos and Songs
2015-01-26 22:59 - 2014-03-13 17:40 - 00000000 ____D () C:\Users\Owner\Desktop\The Foundation
2015-01-26 22:49 - 2014-10-11 15:23 - 00000000 ____D () C:\Users\Owner\Desktop\Pics
2015-01-26 22:19 - 2013-09-01 09:17 - 00000000 ____D () C:\Users\Owner\Desktop\Mp3 Discovering the Medium Within
2015-01-26 22:05 - 2014-10-09 17:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-01-26 22:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Users\Owner\Desktop\Lil Bibby- Free Crack 2
2015-01-26 21:59 - 2014-08-27 17:25 - 00000000 ____D () C:\Users\Owner\Desktop\Leezee
2015-01-26 21:58 - 2014-07-12 14:28 - 00000000 ____D () C:\Users\Owner\Desktop\JULY 11th Utica NY
2015-01-26 21:50 - 2010-08-04 17:37 - 00000000 ____D () C:\Users\Owner\Desktop\Instrumentals
2015-01-26 21:23 - 2014-03-13 17:37 - 00000000 ____D () C:\Users\Owner\Desktop\Ding Do 2014
2015-01-26 21:03 - 2013-05-16 10:05 - 00000000 ____D () C:\Users\Owner\Desktop\Blue Shit 2013
2015-01-26 20:55 - 2014-03-13 17:44 - 00000000 ____D () C:\Users\Owner\Desktop\BLeNd 2014
2015-01-26 20:46 - 2013-01-27 11:23 - 00000000 ____D () C:\Users\Owner\Desktop\ALBUMS
2015-01-26 20:16 - 2013-09-16 23:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SanDisk
2015-01-26 20:16 - 2013-01-24 19:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Product_RM
2015-01-26 20:16 - 2011-02-28 17:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2015-01-26 20:16 - 2011-02-20 18:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Sony
2015-01-26 20:16 - 2010-05-29 12:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\PACE Anti-Piracy
2015-01-26 20:16 - 2010-05-29 12:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Structure
2015-01-26 20:15 - 2013-03-24 19:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogiShrd
2015-01-26 20:15 - 2012-08-18 20:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\HP
2015-01-26 20:15 - 2010-05-29 14:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2015-01-26 20:15 - 2010-05-29 13:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2015-01-26 20:15 - 2010-05-28 13:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-01-26 20:15 - 2010-05-02 21:26 - 00000000 ___HD () C:\Users\Owner\AppData\Local\UTl9VOMd
2015-01-26 20:14 - 2011-11-09 21:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\Akamai
2015-01-26 20:14 - 2011-01-19 14:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-01-26 20:14 - 2010-05-29 11:48 - 00000000 ____D () C:\The C.O Dot
2015-01-26 20:14 - 2009-01-19 17:35 - 00000000 ___HD () C:\Users\Owner\AppData\Local\9SziSh01Q0A
2015-01-25 13:08 - 2014-07-12 13:30 - 00000000 ____D () C:\ProgramData\Wondershare Video Converter Pro
2015-01-25 13:08 - 2010-05-29 12:36 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2015-01-25 13:07 - 2013-03-24 19:10 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-01-25 13:07 - 2012-02-03 16:59 - 00000000 ____D () C:\ProgramData\Norton
2015-01-25 13:07 - 2010-05-29 13:16 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-25 13:06 - 2014-03-13 02:20 - 00000000 ____D () C:\ProgramData\82AC
2015-01-25 13:06 - 2010-07-28 12:45 - 00000000 ____D () C:\PFiles
2015-01-25 12:58 - 2014-11-09 19:28 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-16 17:23 - 2013-07-12 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 17:15 - 2010-05-28 12:44 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2015-01-26 20:16 - 2015-01-26 20:16 - 0008528 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-26 20:16 - 2015-01-26 20:16 - 0045558 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-26 20:16 - 2015-01-26 20:16 - 0004204 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-26 20:16 - 2015-01-26 20:16 - 0000272 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 12:57 - 2015-01-25 12:57 - 0000480 ____H () C:\Users\Owner\AppData\Roaming\麽鎒駓覜
2015-01-26 20:15 - 2015-01-26 20:15 - 0008528 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML
2015-01-26 20:15 - 2015-01-26 20:15 - 0045558 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.PNG
2015-01-26 20:15 - 2015-01-26 20:15 - 0004204 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT
2015-01-26 20:15 - 2015-01-26 20:15 - 0000272 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL
2015-01-25 12:57 - 2015-01-25 12:57 - 0000680 _____ () C:\ProgramData\@system.temp
2015-01-25 12:58 - 2015-01-25 12:58 - 0000416 ____H () C:\ProgramData\@system3.att
2015-01-25 13:08 - 2015-01-25 13:08 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-25 13:08 - 2015-01-25 13:08 - 0045651 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-25 13:08 - 2015-01-25 13:08 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-25 13:08 - 2015-01-25 13:08 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcsefm_.dll
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-26 09:31
==================== End Of Log ============================
aswMBR log
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-30 12:52:56
-----------------------------
12:52:56.055 OS Version: Windows 6.1.7601 Service Pack 1
12:52:56.055 Number of processors: 2 586 0x602
12:52:56.070 ComputerName: OWNER-PC UserName: Owner
12:53:01.468 Initialize success
12:53:01.484 VM: initialized successfully
12:53:01.484 VM: Amd CPU supported
12:53:05.699 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006a
12:53:05.699 Disk 0 Vendor: SAMSUNG_ ZM10 Size: 152587MB BusType: 3
12:53:05.699 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006c
12:53:05.715 Disk 1 Vendor: ST375052 CC44 Size: 715404MB BusType: 3
12:53:05.808 Disk 1 MBR read successfully
12:53:05.808 Disk 1 MBR scan
12:53:05.808 Disk 1 Windows 7 default MBR code
12:53:05.824 Disk 1 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
12:53:05.840 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
12:53:05.840 Disk 1 default boot code
12:53:05.840 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 703014 MB offset 25372672
12:53:05.855 Disk 1 scanning sectors +1465145344
12:53:06.167 Disk 1 scanning C:\Windows\system32\drivers
12:53:15.480 Service scanning
12:53:32.032 Modules scanning
12:53:32.032 Disk 1 trace - called modules:
12:53:32.063 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
12:53:32.079 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86b5f7b8]
12:53:32.079 3 CLASSPNP.SYS[8c5a459e] -> nt!IofCallDriver -> [0x86a89660]
12:53:32.094 5 ACPI.sys[837733d4] -> nt!IofCallDriver -> \Device\0000006c[0x85b74b10]
12:53:32.094 Disk 1 statistics 75331/0/0 @ 4.81 MB/s
12:53:32.110 Scan finished successfully
12:53:54.839 Disk 1 MBR has been saved successfully to "K:\MBR.dat"
12:53:54.855 The log file has been saved successfully to "K:\aswMBR.txt"
FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Owner (administrator) on OWNER-PC on 30-01-2015 12:50:03
Running from K:\
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digidesign, A Division of Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\ns.exe
(PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.1.0.9\ns.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Gemalto N.V.) C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [643592 2009-10-02] (Avid Technology, Inc.)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-14] (Gemalto N.V.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-05-28] (Google Inc.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Run: [ChromeUpdate] => C:\Users\Owner\AppData\Roaming\FrameworkUpdate\ChromeUpdate.exe
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.tostotor.com/kfzNo0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2405337125-3894891454-2728286072-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2405337125-3894891454-2728286072-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2405337125-3894891454-2728286072-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll (Symantec Corporation)
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @ilok.com/iLokHelper,version=3.1.0.7 -> C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2405337125-3894891454-2728286072-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2405337125-3894891454-2728286072-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-10-23]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.0.110\coFFPlgn [2015-01-29]
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-12]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2014-12-19]
CHR HKLM\...\Chrome\Extension: [hchpodijgngncfjhhnhfahlggabgaghl] - No Path
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
StartMenuInternet: Google Chrome - chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation)
R2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2932224 2011-09-08] (PACE Anti-Piracy, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WSWNDA3100; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [278528 2009-06-04] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1092160 2011-04-19] (Broadcom Corporation)
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\BASHDefs\20141107.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation)
R2 DigiNet; C:\Windows\System32\DRIVERS\diginet.sys [16400 2009-08-15] (Digidesign, A Division of Avid Technology, Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-10-12] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\IPSDefs\20141108.001\IDSvix86.sys [476888 2014-10-10] (Symantec Corporation)
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [22736 2013-04-11] ()
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [158344 2009-10-02] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141111.002\NAVENG.SYS [95704 2014-10-12] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.0.0.110\Definitions\VirusDefs\20141111.002\NAVEX15.SYS [1636696 2014-10-12] (Symantec Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [34064 2007-11-07] (CACE Technologies)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2014-10-12] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NS\1601000.009\SYMNETS.SYS [420056 2014-09-09] (Symantec Corporation)
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [94416 2013-04-11] (PACE Anti-Piracy, Inc.)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2v.sys [449536 2008-09-30] (Atheros Communications, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: PGPsdkDriver -> No Registry Path.
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 12:49 - 2015-01-30 12:50 - 00000000 ____D () C:\FRST
2015-01-28 22:39 - 2015-01-28 23:00 - 00000000 ____D () C:\AdwCleaner
2015-01-27 23:26 - 2015-01-27 23:26 - 00144624 _____ () C:\Windows\Minidump\012715-41043-01.dmp
2015-01-27 02:08 - 2015-01-27 02:08 - 00008528 _____ () C:\Users\Owner\Desktop\HELP_DECRYPT.HTML
2015-01-27 02:08 - 2015-01-27 02:08 - 00000272 _____ () C:\Users\Owner\Desktop\HELP_DECRYPT.URL
2015-01-27 02:07 - 2015-01-27 02:07 - 00008528 _____ () C:\Users\Owner\HELP_DECRYPT.HTML
2015-01-27 02:07 - 2015-01-27 02:07 - 00004204 _____ () C:\Users\Owner\HELP_DECRYPT.TXT
2015-01-27 02:07 - 2015-01-27 02:07 - 00004204 _____ () C:\Users\Owner\Desktop\HELP_DECRYPT.TXT
2015-01-27 02:07 - 2015-01-27 02:07 - 00000272 _____ () C:\Users\Owner\HELP_DECRYPT.URL
2015-01-26 23:32 - 2015-01-26 23:32 - 00008528 _____ () C:\Users\Owner\Downloads\HELP_DECRYPT.HTML
2015-01-26 23:32 - 2015-01-26 23:32 - 00004204 _____ () C:\Users\Owner\Downloads\HELP_DECRYPT.TXT
2015-01-26 23:32 - 2015-01-26 23:32 - 00000272 _____ () C:\Users\Owner\Downloads\HELP_DECRYPT.URL
2015-01-26 23:18 - 2015-01-26 23:18 - 00008528 _____ () C:\Users\Owner\Documents\HELP_DECRYPT.HTML
2015-01-26 23:18 - 2015-01-26 23:18 - 00004204 _____ () C:\Users\Owner\Documents\HELP_DECRYPT.TXT
2015-01-26 23:18 - 2015-01-26 23:18 - 00000272 _____ () C:\Users\Owner\Documents\HELP_DECRYPT.URL
2015-01-26 21:20 - 2015-01-26 21:20 - 01051393 _____ () C:\Users\Owner\Desktop\08 adlids.wma
2015-01-26 21:19 - 2015-01-26 21:20 - 01051393 _____ () C:\Users\Owner\Desktop\07 double.wma
2015-01-26 21:19 - 2015-01-26 21:19 - 04158941 _____ () C:\Users\Owner\Desktop\05 mic titans(ruff 2.0).wma
2015-01-26 21:19 - 2015-01-26 21:19 - 01051389 _____ () C:\Users\Owner\Desktop\06 lead.wma
2015-01-26 20:16 - 2015-01-26 20:16 - 00008528 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-26 20:16 - 2015-01-26 20:16 - 00008528 _____ () C:\Users\Owner\AppData\HELP_DECRYPT.HTML
2015-01-26 20:16 - 2015-01-26 20:16 - 00004204 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-26 20:16 - 2015-01-26 20:16 - 00004204 _____ () C:\Users\Owner\AppData\HELP_DECRYPT.TXT
2015-01-26 20:16 - 2015-01-26 20:16 - 00000272 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL
2015-01-26 20:16 - 2015-01-26 20:16 - 00000272 _____ () C:\Users\Owner\AppData\HELP_DECRYPT.URL
2015-01-26 20:15 - 2015-01-26 20:15 - 00008528 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML
2015-01-26 20:15 - 2015-01-26 20:15 - 00004204 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT
2015-01-26 20:15 - 2015-01-26 20:15 - 00000272 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL
2015-01-26 16:32 - 2015-01-26 16:32 - 03919893 _____ () C:\Users\Owner\Desktop\01 foundation(ruff).wma
2015-01-26 16:32 - 2015-01-26 16:32 - 01039441 _____ () C:\Users\Owner\Desktop\04 adlibs.wma
2015-01-26 16:32 - 2015-01-26 16:32 - 01039441 _____ () C:\Users\Owner\Desktop\03 double.wma
2015-01-26 16:32 - 2015-01-26 16:32 - 01039437 _____ () C:\Users\Owner\Desktop\02 lead.wma
2015-01-26 15:59 - 2015-01-26 20:49 - 00000000 ____D () C:\Users\Owner\Desktop\Beast From the East
2015-01-26 15:56 - 2015-01-26 22:12 - 00000000 ____D () C:\Users\Owner\Desktop\EastPack
2015-01-26 12:21 - 2015-01-26 12:21 - 69984432 _____ () C:\Users\Owner\Desktop\Fuck Everybody - BLeNd & BLuE.wav
2015-01-25 13:08 - 2015-01-25 13:08 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-25 13:08 - 2015-01-25 13:08 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-25 13:08 - 2015-01-25 13:08 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-25 12:58 - 2015-01-25 12:58 - 00000416 ____H () C:\ProgramData\@system3.att
2015-01-25 12:57 - 2015-01-27 23:27 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\FrameworkUpdate
2015-01-25 12:57 - 2015-01-25 12:57 - 00000680 _____ () C:\ProgramData\@system.temp
2015-01-25 12:57 - 2015-01-25 12:57 - 00000480 ____H () C:\Users\Owner\AppData\Roaming\麽鎒駓覜
2015-01-25 12:56 - 2015-01-29 20:18 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-01-18 20:54 - 2015-01-18 20:54 - 04362175 _____ () C:\Users\Owner\Desktop\03 deticated vs.wma
2015-01-18 20:54 - 2015-01-18 20:54 - 04344253 _____ () C:\Users\Owner\Desktop\04 deticated track.wma
2015-01-18 20:54 - 2015-01-18 20:54 - 04308391 _____ () C:\Users\Owner\Desktop\01 wop track vs.wma
2015-01-18 20:54 - 2015-01-18 20:54 - 04290457 _____ () C:\Users\Owner\Desktop\02 wop track.wma
2015-01-18 19:11 - 2015-01-18 19:11 - 04158975 _____ () C:\Users\Owner\Desktop\08 libs.wma
2015-01-18 19:10 - 2015-01-18 19:10 - 04158985 _____ () C:\Users\Owner\Downloads\05 mic..ruff.wma
2015-01-16 12:13 - 2015-01-16 12:13 - 08284750 _____ () C:\Users\Owner\Downloads\10 Track 10.m4a
2015-01-16 12:13 - 2015-01-16 12:13 - 08284750 _____ () C:\Users\Owner\Desktop\10 Track 10.m4a
2015-01-16 12:13 - 2015-01-16 12:12 - 08710643 _____ () C:\Users\Owner\Desktop\08 Track 08.m4a
2015-01-16 12:13 - 2015-01-16 12:12 - 08654135 _____ () C:\Users\Owner\Desktop\06 Track 06.m4a
2015-01-16 12:13 - 2015-01-16 12:12 - 08463095 _____ () C:\Users\Owner\Desktop\07 Track 07.m4a
2015-01-16 12:13 - 2015-01-16 12:12 - 08064379 _____ () C:\Users\Owner\Desktop\09 Track 09.m4a
2015-01-16 12:13 - 2015-01-16 12:11 - 08644945 _____ () C:\Users\Owner\Desktop\04 Track 04.m4a
2015-01-16 12:13 - 2015-01-16 12:09 - 06653981 _____ () C:\Users\Owner\Desktop\02 Track 02.m4a
2015-01-16 12:12 - 2015-01-16 12:12 - 08710643 _____ () C:\Users\Owner\Downloads\08 Track 08.m4a
2015-01-16 12:12 - 2015-01-16 12:12 - 08654135 _____ () C:\Users\Owner\Downloads\06 Track 06.m4a
2015-01-16 12:12 - 2015-01-16 12:12 - 08463095 _____ () C:\Users\Owner\Downloads\07 Track 07.m4a
2015-01-16 12:12 - 2015-01-16 12:12 - 08064379 _____ () C:\Users\Owner\Downloads\09 Track 09.m4a
2015-01-16 12:11 - 2015-01-16 12:11 - 08644945 _____ () C:\Users\Owner\Downloads\04 Track 04.m4a
2015-01-16 12:09 - 2015-01-16 12:09 - 06653981 _____ () C:\Users\Owner\Downloads\02 Track 02.m4a
2015-01-16 12:08 - 2015-01-16 12:08 - 04601149 _____ () C:\Users\Owner\Desktop\05 ill keys ft. blend.wma
2015-01-16 12:08 - 2015-01-16 12:08 - 04272469 _____ () C:\Users\Owner\Desktop\01 off da hook ft d.original.wma
2015-01-16 12:08 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 12:08 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 12:08 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-16 12:08 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 12:08 - 2014-12-11 12:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 12:08 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 13:24 - 2015-01-15 13:22 - 35675456 _____ () C:\Users\Owner\Desktop\08 Gangsta Rap.wav
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 12:23 - 2010-05-28 13:22 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2405337125-3894891454-2728286072-1000UA.job
2015-01-30 12:05 - 2013-02-24 12:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 11:52 - 2011-10-09 23:00 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 11:51 - 2010-05-28 12:16 - 02096154 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 10:52 - 2011-10-09 23:00 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 02:23 - 2010-05-28 13:22 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2405337125-3894891454-2728286072-1000Core.job
2015-01-29 19:32 - 2009-07-13 23:34 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 19:32 - 2009-07-13 23:34 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 19:27 - 2014-09-29 21:37 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 19:26 - 2014-10-12 14:19 - 00010975 _____ () C:\Windows\setupact.log
2015-01-29 19:26 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 19:11 - 2010-05-28 12:22 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 22:56 - 2014-09-04 13:48 - 00001433 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-01-28 22:55 - 2014-10-12 23:33 - 00019276 _____ () C:\Windows\PFRO.log
2015-01-27 23:26 - 2014-11-07 16:58 - 258957678 _____ () C:\Windows\MEMORY.DMP
2015-01-27 23:26 - 2013-03-17 11:53 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-27 23:26 - 2010-06-02 21:55 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 15:05 - 2013-02-24 12:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-27 15:05 - 2013-02-24 12:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-27 12:42 - 2012-02-16 16:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2015-01-27 10:56 - 2010-05-29 13:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer
2015-01-27 02:07 - 2010-05-28 12:18 - 00000000 ____D () C:\Users\Owner
2015-01-26 23:47 - 2014-09-29 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 23:47 - 2014-09-29 21:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-26 23:47 - 2014-03-14 16:45 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-26 23:45 - 2010-05-29 12:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Digidesign
2015-01-26 23:38 - 2014-10-09 17:39 - 00000000 ___RD () C:\Users\Owner\Dropbox
2015-01-26 23:32 - 2012-02-14 15:17 - 00000000 ____D () C:\Users\Owner\Downloads\Windows 7 Ultimate (32 Bit)
2015-01-26 23:32 - 2011-01-19 14:08 - 00000000 ____D () C:\Users\Owner\Downloads\W138SS
2015-01-26 23:32 - 2011-01-19 14:08 - 00000000 ____D () C:\Users\Owner\Downloads\__MACOSX
2015-01-26 23:20 - 2012-02-21 20:34 - 00000000 ____D () C:\Users\Owner\Downloads\Auto-Tune_EFX2_RTAS_PC_v2.0.1d
2015-01-26 23:18 - 2013-09-01 10:19 - 00000000 ____D () C:\Users\Owner\Desktop\Wav Discovering the Medium Within
2015-01-26 23:09 - 2013-01-27 13:24 - 00000000 ____D () C:\Users\Owner\Desktop\Videos and Songs
2015-01-26 22:59 - 2014-03-13 17:40 - 00000000 ____D () C:\Users\Owner\Desktop\The Foundation
2015-01-26 22:49 - 2014-10-11 15:23 - 00000000 ____D () C:\Users\Owner\Desktop\Pics
2015-01-26 22:19 - 2013-09-01 09:17 - 00000000 ____D () C:\Users\Owner\Desktop\Mp3 Discovering the Medium Within
2015-01-26 22:05 - 2014-10-09 17:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-01-26 22:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Users\Owner\Desktop\Lil Bibby- Free Crack 2
2015-01-26 21:59 - 2014-08-27 17:25 - 00000000 ____D () C:\Users\Owner\Desktop\Leezee
2015-01-26 21:58 - 2014-07-12 14:28 - 00000000 ____D () C:\Users\Owner\Desktop\JULY 11th Utica NY
2015-01-26 21:50 - 2010-08-04 17:37 - 00000000 ____D () C:\Users\Owner\Desktop\Instrumentals
2015-01-26 21:23 - 2014-03-13 17:37 - 00000000 ____D () C:\Users\Owner\Desktop\Ding Do 2014
2015-01-26 21:03 - 2013-05-16 10:05 - 00000000 ____D () C:\Users\Owner\Desktop\Blue Shit 2013
2015-01-26 20:55 - 2014-03-13 17:44 - 00000000 ____D () C:\Users\Owner\Desktop\BLeNd 2014
2015-01-26 20:46 - 2013-01-27 11:23 - 00000000 ____D () C:\Users\Owner\Desktop\ALBUMS
2015-01-26 20:16 - 2013-09-16 23:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SanDisk
2015-01-26 20:16 - 2013-01-24 19:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Product_RM
2015-01-26 20:16 - 2011-02-28 17:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2015-01-26 20:16 - 2011-02-20 18:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Sony
2015-01-26 20:16 - 2010-05-29 12:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\PACE Anti-Piracy
2015-01-26 20:16 - 2010-05-29 12:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Structure
2015-01-26 20:15 - 2013-03-24 19:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogiShrd
2015-01-26 20:15 - 2012-08-18 20:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\HP
2015-01-26 20:15 - 2010-05-29 14:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2015-01-26 20:15 - 2010-05-29 13:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2015-01-26 20:15 - 2010-05-28 13:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-01-26 20:15 - 2010-05-02 21:26 - 00000000 ___HD () C:\Users\Owner\AppData\Local\UTl9VOMd
2015-01-26 20:14 - 2011-11-09 21:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\Akamai
2015-01-26 20:14 - 2011-01-19 14:12 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-01-26 20:14 - 2010-05-29 11:48 - 00000000 ____D () C:\The C.O Dot
2015-01-26 20:14 - 2009-01-19 17:35 - 00000000 ___HD () C:\Users\Owner\AppData\Local\9SziSh01Q0A
2015-01-25 13:08 - 2014-07-12 13:30 - 00000000 ____D () C:\ProgramData\Wondershare Video Converter Pro
2015-01-25 13:08 - 2010-05-29 12:36 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2015-01-25 13:07 - 2013-03-24 19:10 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-01-25 13:07 - 2012-02-03 16:59 - 00000000 ____D () C:\ProgramData\Norton
2015-01-25 13:07 - 2010-05-29 13:16 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-25 13:06 - 2014-03-13 02:20 - 00000000 ____D () C:\ProgramData\82AC
2015-01-25 13:06 - 2010-07-28 12:45 - 00000000 ____D () C:\PFiles
2015-01-25 12:58 - 2014-11-09 19:28 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-16 17:23 - 2013-07-12 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 17:15 - 2010-05-28 12:44 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2015-01-26 20:16 - 2015-01-26 20:16 - 0008528 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-26 20:16 - 2015-01-26 20:16 - 0045558 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-26 20:16 - 2015-01-26 20:16 - 0004204 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-26 20:16 - 2015-01-26 20:16 - 0000272 _____ () C:\Users\Owner\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 12:57 - 2015-01-25 12:57 - 0000480 ____H () C:\Users\Owner\AppData\Roaming\麽鎒駓覜
2015-01-26 20:15 - 2015-01-26 20:15 - 0008528 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.HTML
2015-01-26 20:15 - 2015-01-26 20:15 - 0045558 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.PNG
2015-01-26 20:15 - 2015-01-26 20:15 - 0004204 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.TXT
2015-01-26 20:15 - 2015-01-26 20:15 - 0000272 _____ () C:\Users\Owner\AppData\Local\HELP_DECRYPT.URL
2015-01-25 12:57 - 2015-01-25 12:57 - 0000680 _____ () C:\ProgramData\@system.temp
2015-01-25 12:58 - 2015-01-25 12:58 - 0000416 ____H () C:\ProgramData\@system3.att
2015-01-25 13:08 - 2015-01-25 13:08 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-25 13:08 - 2015-01-25 13:08 - 0045651 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-25 13:08 - 2015-01-25 13:08 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-25 13:08 - 2015-01-25 13:08 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcsefm_.dll
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-26 09:31
==================== End Of Log ============================
aswMBR log
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-30 12:52:56
-----------------------------
12:52:56.055 OS Version: Windows 6.1.7601 Service Pack 1
12:52:56.055 Number of processors: 2 586 0x602
12:52:56.070 ComputerName: OWNER-PC UserName: Owner
12:53:01.468 Initialize success
12:53:01.484 VM: initialized successfully
12:53:01.484 VM: Amd CPU supported
12:53:05.699 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006a
12:53:05.699 Disk 0 Vendor: SAMSUNG_ ZM10 Size: 152587MB BusType: 3
12:53:05.699 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006c
12:53:05.715 Disk 1 Vendor: ST375052 CC44 Size: 715404MB BusType: 3
12:53:05.808 Disk 1 MBR read successfully
12:53:05.808 Disk 1 MBR scan
12:53:05.808 Disk 1 Windows 7 default MBR code
12:53:05.824 Disk 1 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
12:53:05.840 Disk 1 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
12:53:05.840 Disk 1 default boot code
12:53:05.840 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 703014 MB offset 25372672
12:53:05.855 Disk 1 scanning sectors +1465145344
12:53:06.167 Disk 1 scanning C:\Windows\system32\drivers
12:53:15.480 Service scanning
12:53:32.032 Modules scanning
12:53:32.032 Disk 1 trace - called modules:
12:53:32.063 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
12:53:32.079 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86b5f7b8]
12:53:32.079 3 CLASSPNP.SYS[8c5a459e] -> nt!IofCallDriver -> [0x86a89660]
12:53:32.094 5 ACPI.sys[837733d4] -> nt!IofCallDriver -> \Device\0000006c[0x85b74b10]
12:53:32.094 Disk 1 statistics 75331/0/0 @ 4.81 MB/s
12:53:32.110 Scan finished successfully
12:53:54.839 Disk 1 MBR has been saved successfully to "K:\MBR.dat"
12:53:54.855 The log file has been saved successfully to "K:\aswMBR.txt"