Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"police" lockdown, aka. ransomware [Closed]

Started by CrazyShadowDami , May 25 2013 08:26 PM

  • This topic is locked This topic is locked

#1
CrazyShadowDami
Posted 25 May 2013 - 08:26 PM

CrazyShadowDami

    Member

  • Member
  • PipPip
  • 23 posts
hello, I'm writting this on my android phone. My pc got hijacked by ransomware. It's in Croatian, but it generaly tells that my pc was locked down and I have to pay a fine. Take note: i can only launch my pc in safe mode with cmd, if I use the other safe modes, the pc restarts after a few seconds. Please help, I need it very very fast!!!

Edited by CrazyShadowDami, 25 May 2013 - 08:27 PM.

  • 0

Advertisements

#2
gringo_pr
Posted 25 May 2013 - 11:59 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello CrazyShadowDami

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe or e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
  • 0

#3
CrazyShadowDami
Posted 26 May 2013 - 08:22 AM

CrazyShadowDami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It's e:\frst64.exe not first64.exe. Just saying for future reference ;)

frst64.txt


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-05-2013 01
Ran by SYSTEM on 26-05-2013 15:56:53
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PLFSetL] C:\Windows\\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
HKU\Damjan\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671904 2012-08-28] (DT Soft Ltd)
HKU\Damjan\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18679400 2013-05-09] (Skype Technologies S.A.)
HKU\Damjan\...\Run: [mapdisk] "C:\Users\Damjan\Documents\ArmAWork\mapdisk.bat" [49 2012-11-24] ()
HKU\Damjan\...\Run: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe [147312 2012-09-23] (Probit Software)
HKU\Damjan\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-05-24] (Electronic Arts)
HKU\Damjan\...\Run: [Yontoo Desktop] "C:\Users\Damjan\AppData\Roaming\Yontoo\YontooDesktop.exe" [42784 2013-04-16] (Yontoo LLC)
HKU\Damjan\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKU\Damjan\...\Winlogon: [Shell] explorer.exe,C:\Users\Damjan\AppData\Roaming\skype.dat [83456 2011-11-16] () <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-28] (Advanced Micro Devices, Inc.)
S2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-28] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH)
S2 Yontoo Desktop Updater; C:\Users\Damjan\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-04-16] (Yontoo LLC)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-04] (DT Soft Ltd)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\1.3\temp\FairplayKD.sys [x]
S3 PCTBD; System32\Drivers\PCTBD64.sys [x]
S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-26 15:56 - 2013-05-26 15:56 - 00000000 ____D C:\FRST
2013-05-25 17:46 - 2013-05-26 02:24 - 00000004 ____A C:\Users\Damjan\AppData\Roaming\skype.ini
2013-05-25 15:10 - 2013-05-25 15:17 - 379473796 ____A C:\Users\Damjan\Downloads\ksp-win-0-20-0.zip
2013-05-25 14:19 - 2013-05-25 14:19 - 00000000 ___SD C:\Users\Damjan\Documents\Passwords Database
2013-05-25 08:12 - 2013-05-25 08:15 - 00000000 ____D C:\Empire Earth
2013-05-25 06:43 - 2013-05-25 06:43 - 00000349 ____A C:\Users\Damjan\Downloads\dbstartingresources.zip
2013-05-25 03:29 - 2013-05-25 03:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-25 03:25 - 2013-05-25 03:25 - 00002026 ____A C:\Users\Damjan\Desktop\Customize Fences.lnk
2013-05-25 03:25 - 2013-05-25 03:25 - 00000000 __HDC C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2013-05-25 03:25 - 2013-05-25 03:25 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\Stardock
2013-05-25 03:25 - 2013-05-25 03:25 - 00000000 ____D C:\Users\Damjan\AppData\Local\PackageAware
2013-05-25 03:25 - 2013-05-25 03:25 - 00000000 ____D C:\Program Files (x86)\Stardock
2013-05-25 03:24 - 2013-05-25 03:25 - 09056752 ____A (Stardock Corporation ) C:\Users\Damjan\Downloads\fences_public.exe
2013-05-24 11:49 - 2013-05-24 11:49 - 00001883 ____A C:\Users\Damjan\Downloads\13200_world_pop_mod.zip
2013-05-24 11:41 - 2013-05-24 11:48 - 00000000 ____D C:\Program Files (x86)\Empire Earth
2013-05-24 11:40 - 2013-05-24 16:13 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\TeamViewer
2013-05-24 11:37 - 2013-05-24 11:37 - 04906744 ____A (TeamViewer GmbH) C:\Users\Damjan\Downloads\TeamViewer_Setup_hr-ckq (1).exe
2013-05-24 11:31 - 2013-05-24 11:31 - 00002466 ____A C:\Users\Damjan\Downloads\Version error fix (2.10.6885 to 2.10.0000).reg
2013-05-24 10:57 - 2013-05-24 10:58 - 04840271 ____A C:\Users\Damjan\Downloads\EEv2 Basic v2.4_0001.zip
2013-05-24 10:44 - 2013-05-24 10:54 - 141738278 ____A C:\Users\Damjan\Downloads\textures7.zip
2013-05-24 10:43 - 2013-05-24 10:52 - 70850145 ____A C:\Users\Damjan\Downloads\textures2.zip
2013-05-24 10:43 - 2013-05-24 10:52 - 102016395 ____A C:\Users\Damjan\Downloads\textures4.zip
2013-05-24 10:43 - 2013-05-24 10:51 - 60694048 ____A C:\Users\Damjan\Downloads\textures6.zip
2013-05-24 10:43 - 2013-05-24 10:50 - 55437546 ____A C:\Users\Damjan\Downloads\textures5.zip
2013-05-24 10:43 - 2013-05-24 10:50 - 49610027 ____A C:\Users\Damjan\Downloads\textures3.zip
2013-05-24 10:43 - 2013-05-24 10:49 - 124584926 ____A C:\Users\Damjan\Downloads\sounds.zip
2013-05-24 10:42 - 2013-05-24 10:43 - 17547176 ____A C:\Users\Damjan\Downloads\textures1.zip
2013-05-24 10:42 - 2013-05-24 10:42 - 00000000 ____D C:\Users\Damjan\AppData\Local\DM
2013-05-24 10:41 - 2013-05-24 10:41 - 00342550 ____A C:\Users\Damjan\Downloads\sounds.zip.exe
2013-05-20 05:24 - 2013-05-20 05:24 - 00131858 ____A C:\Users\Damjan\Downloads\glagoljica.zip
2013-05-19 03:46 - 2013-05-19 03:46 - 19073462 ____A (Royal Champions ) C:\Users\Damjan\Downloads\RC Patch 2.1.exe
2013-05-18 17:43 - 2013-05-18 17:43 - 00000000 ____D C:\Users\Damjan\Documents\Klei
2013-05-18 17:43 - 2013-05-18 17:43 - 00000000 ____D C:\ProgramData\Steam
2013-05-18 17:36 - 2013-04-20 10:32 - 00000000 ____D C:\Program Files (x86)\dont_starve
2013-05-18 17:33 - 2013-05-18 17:35 - 86647726 ____A C:\Users\Damjan\Downloads\Dont_Starve_Beta_20Apr_2013_ZuSE.7z
2013-05-18 16:11 - 2013-05-18 16:11 - 00021851 ____A C:\Users\Damjan\Downloads\uploads_2013_04_HyperEdit_v1.2.1.zip
2013-05-18 13:21 - 2013-05-18 13:21 - 03820336 ____A C:\Users\Damjan\Downloads\battlelog-web-plugins_2.1.3_109.exe
2013-05-17 05:11 - 2013-05-17 05:11 - 00001190 ____A C:\Users\Damjan\Downloads\Up_6to9_aumentar6a9_by-Husar_Darko.zip
2013-05-17 05:05 - 2013-05-17 05:05 - 00001024 ____A C:\Users\Damjan\Downloads\12Cits_MiningAdvance_MineríaAvanzada-by_Husar_Darko.zip
2013-05-17 04:13 - 2013-05-17 04:13 - 00004079 ____A C:\Users\Damjan\Downloads\5000_world_pop.zip
2013-05-17 02:52 - 2013-05-17 02:52 - 00000000 ____D C:\Users\Damjan\AppData\Local\Kingsoft
2013-05-16 23:56 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 23:56 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 23:56 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 23:56 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 23:56 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 23:56 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 23:56 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 23:56 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 23:56 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 23:56 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 23:56 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 23:56 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 23:56 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 23:56 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 23:56 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 23:56 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 23:56 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-16 23:56 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 23:56 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-16 23:56 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-16 23:56 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-16 03:11 - 2013-05-16 03:11 - 00291568 ____A (StarApp) C:\Users\Damjan\Downloads\ZoomPlayer.exe
2013-05-16 01:21 - 2013-05-16 01:21 - 00000000 ____D C:\Windows\Sun
2013-05-15 14:10 - 2013-05-15 14:10 - 01327455 ____A C:\Users\Damjan\Downloads\MechJeb2_2.0.7.zip
2013-05-15 09:53 - 2013-05-15 09:59 - 424353552 ____A (Microsoft Corporation) C:\Users\Damjan\Downloads\office2007sp3-kb2526086-fullfile-hr-hr.exe
2013-05-15 09:12 - 2013-05-15 09:17 - 304293008 ____A (Microsoft Corporation) C:\Users\Damjan\Desktop\office2007sp2-kb953195-fullfile-en-us.exe
2013-05-15 09:09 - 2013-05-15 09:09 - 00393072 ____A (Softonic ) C:\Users\Damjan\Downloads\SoftonicDownloader_for_microsoft-office-2007-service-pack-2.exe
2013-05-15 03:47 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 03:47 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 03:47 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 03:47 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 03:47 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 03:47 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 03:47 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 03:47 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 03:47 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 03:47 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 03:47 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 03:47 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 03:47 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 03:47 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-13 12:47 - 2013-05-13 12:48 - 00000000 ____D C:\Users\Damjan\Desktop\New folder (2)
2013-05-13 12:47 - 2013-05-13 12:47 - 00000000 ____D C:\Users\Damjan\Desktop\New folder
2013-05-12 03:40 - 2013-05-12 04:00 - 350441291 ____A C:\Users\Damjan\Downloads\(PC GAMES) Empire Earth (Full Game).zip
2013-05-11 14:17 - 2013-05-11 14:17 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Damjan\Downloads\Shockwave_Installer_Slim (3).exe
2013-05-11 14:13 - 2013-05-11 14:13 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Damjan\Downloads\Shockwave_Installer_Slim (2).exe
2013-05-11 14:11 - 2013-05-11 14:12 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Damjan\Downloads\Shockwave_Installer_Slim (1).exe
2013-05-11 14:11 - 2013-05-11 14:11 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-05-11 14:10 - 2013-05-11 14:11 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Damjan\Downloads\Shockwave_Installer_Slim.exe
2013-05-11 13:07 - 2013-05-11 13:07 - 00024084 ____A C:\Program Files (x86)\THQ.rar.torrent
2013-05-11 12:09 - 2013-05-11 13:01 - 1093953042 ____A C:\Program Files (x86)\THQ.rar
2013-05-11 07:19 - 2013-05-26 02:23 - 00000394 ____A C:\Windows\Tasks\Sing Along Update.job
2013-05-11 07:19 - 2013-05-11 07:19 - 00000000 ____D C:\Program Files (x86)\SingAlong
2013-05-10 12:30 - 2013-05-10 12:30 - 00622592 ____A (Snotje [NL]) C:\Users\Damjan\Downloads\BF1942 Origin MultiHack.exe
2013-05-09 11:31 - 2013-05-09 11:31 - 00000000 ____D C:\Users\Damjan\AppData\Local\ArmA 2 Free
2013-05-09 10:45 - 2013-05-09 11:15 - 1006315632 ____A C:\Users\Damjan\Downloads\ARMA2Free_setup.zip
2013-05-07 09:34 - 2013-05-07 09:35 - 11095659 ____A C:\Users\Damjan\Downloads\nmo_flowingdisaster_b2.zip
2013-05-07 08:24 - 2007-11-27 21:34 - 00000000 ____D C:\Program Files (x86)\Stronghold Crusader
2013-05-07 08:08 - 2013-05-07 08:16 - 443822383 ____A C:\Users\Damjan\Downloads\Stronghold Crusader.rar
2013-05-07 07:58 - 2013-05-07 08:02 - 00000019 ____A C:\Windows\D.ini
2013-05-07 07:58 - 2013-05-07 07:58 - 00000000 ____D C:\Users\Damjan\Stronghold Crused
2013-05-07 07:48 - 2013-05-07 07:51 - 00000000 ____D C:\Users\Damjan\Downloads\Stronghold Crusader [COTTA]
2013-05-07 07:14 - 2013-05-07 07:14 - 01272061 ____A C:\Users\Damjan\Downloads\TerraHax-0.9.1.rar
2013-05-07 04:37 - 2013-05-07 04:37 - 00001103 ____A C:\Users\Damjan\Desktop\ParetoLogic PC Health Advisor.lnk
2013-05-06 14:27 - 2013-05-06 14:27 - 00780288 ____A (Chapley) C:\Users\Damjan\Downloads\TerrariForm.exe
2013-05-06 14:27 - 2013-05-06 14:27 - 00003716 ____A C:\Users\Damjan\Downloads\enbseries.ini
2013-05-06 07:17 - 2013-05-06 07:17 - 00016620 ____A C:\Users\Damjan\Downloads\163857-game.of.thrones.s03e06.hdtv.x2642hd.zip
2013-05-05 17:34 - 2013-05-05 17:36 - 20977178 ____A (Wrye Bash development team) C:\Users\Damjan\Downloads\Wrye Bash 303 - Installer-1840-303.exe
2013-05-05 16:22 - 2013-05-05 16:22 - 00009855 ____A C:\Users\Damjan\Downloads\ItemariaPlus.zip
2013-05-05 12:51 - 2013-05-05 12:51 - 00000000 ____D C:\ProgramData\OUTLAWS
2013-05-05 12:50 - 2013-05-05 12:50 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-05-05 12:48 - 2013-05-05 12:48 - 07054336 ____A C:\Users\Damjan\Downloads\xnafx40_redist.msi
2013-05-05 12:45 - 2013-05-05 12:45 - 00000790 ____A C:\Users\Damjan\Desktop\Terraria.lnk
2013-05-05 12:44 - 2013-05-09 09:57 - 00000000 ____D C:\Program Files (x86)\Terraria
2013-05-05 12:42 - 2013-05-05 12:43 - 38231644 ____A C:\Users\Damjan\Downloads\Terraria.zip
2013-05-04 09:07 - 2013-05-04 09:07 - 00001162 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-05-04 09:07 - 2013-05-04 09:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-05-04 09:05 - 2013-05-04 09:06 - 04906744 ____A (TeamViewer GmbH) C:\Users\Damjan\Downloads\TeamViewer_Setup_hr-ckq.exe
2013-05-03 02:57 - 2013-05-03 03:01 - 222370072 ____A (Kaspersky Lab ZAO) C:\Users\Damjan\Downloads\pure13.0.2.558aEN_4384.exe
2013-05-01 06:32 - 2013-05-01 06:33 - 21658078 ____A C:\Users\Damjan\Downloads\mp_operation_husky.zip
2013-05-01 05:41 - 2013-05-01 07:13 - 00000000 ____D C:\Program Files (x86)\Heroes & Generals
2013-05-01 05:40 - 2013-05-01 05:40 - 01084728 ____A C:\Users\Damjan\Downloads\HeroesAndGenerals-setup-65879.exe
2013-05-01 04:24 - 2013-05-01 04:25 - 28668179 ____A C:\Users\Damjan\Downloads\Hershels_Farm_v2.7z
2013-05-01 03:48 - 2013-05-01 03:48 - 00000000 ____D C:\Users\Damjan\AppData\Local\Desura
2013-05-01 03:44 - 2013-05-01 03:44 - 00000000 ____D C:\ProgramData\Desura
2013-05-01 03:43 - 2013-05-02 05:29 - 00000000 ____D C:\Program Files (x86)\Desura
2013-05-01 03:43 - 2013-05-01 03:43 - 01252424 ____A C:\Users\Damjan\Downloads\DesuraInstaller.exe
2013-04-30 10:51 - 2013-04-30 10:51 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\.mono
2013-04-30 10:50 - 2013-05-22 14:55 - 00000000 ____D C:\Program Files (x86)\KSP
2013-04-30 10:40 - 2013-04-30 10:49 - 437297577 ____A C:\Users\Damjan\Downloads\ksp-win-0-19-1.zip
2013-04-28 07:37 - 2013-04-28 07:38 - 03470976 ____A C:\Users\Damjan\Downloads\beach_assaultnew.rar
2013-04-28 05:26 - 2013-04-28 05:26 - 08173315 ____A C:\Users\Damjan\Downloads\Omaha_Beach.rar
2013-04-27 08:01 - 2013-04-27 08:01 - 00000000 ____D C:\Program Files (x86)\dumps
2013-04-27 07:59 - 2013-05-26 02:23 - 00000000 ____D C:\Program Files (x86)\Steam
2013-04-27 07:57 - 2013-04-27 07:57 - 01669632 ____A C:\Users\Damjan\Downloads\SteamInstall.msi
2013-04-27 07:30 - 2013-04-27 07:30 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\Complitly
2013-04-27 07:30 - 2013-04-27 07:30 - 00000000 ____D C:\Program Files (x86)\Complitly
2013-04-27 07:30 - 2013-04-27 07:30 - 00000000 ____D C:\Program Files (x86)\AppFiles
2013-04-27 07:29 - 2013-05-26 02:23 - 00000360 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-04-27 07:29 - 2013-05-26 02:23 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\Yontoo
2013-04-27 07:29 - 2013-05-11 07:19 - 00000000 ____D C:\Program Files (x86)\LyricsTube
2013-04-27 07:29 - 2013-04-27 11:07 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-04-27 07:29 - 2013-04-27 07:29 - 00000000 ____D C:\Users\Damjan\AppData\Local\SwvUpdater
2013-04-27 07:29 - 2013-04-27 07:29 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-04-27 07:29 - 2013-04-27 07:29 - 00000000 ____A C:\END
2013-04-27 07:28 - 2013-04-27 07:28 - 00000000 ____D C:\Program Files (x86)\mixidj
2013-04-27 07:28 - 2013-04-27 07:28 - 00000000 ____A C:\Users\Damjan\Downloads\0
2013-04-27 07:26 - 2013-04-27 07:26 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\Babylon
2013-04-27 07:26 - 2013-04-27 07:26 - 00000000 ____D C:\ProgramData\Babylon
2013-04-27 07:24 - 2013-04-27 07:24 - 00086299 ____A C:\Users\Damjan\Downloads\StarForge-0-3-5.exe

==================== One Month Modified Files and Folders =======

2013-05-26 15:56 - 2013-05-26 15:56 - 00000000 ____D C:\FRST
2013-05-26 02:24 - 2013-05-25 17:46 - 00000004 ____A C:\Users\Damjan\AppData\Roaming\skype.ini
2013-05-26 02:23 - 2013-05-11 07:19 - 00000394 ____A C:\Windows\Tasks\Sing Along Update.job
2013-05-26 02:23 - 2013-04-27 07:59 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-26 02:23 - 2013-04-27 07:29 - 00000360 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-05-26 02:23 - 2013-04-27 07:29 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\Yontoo
2013-05-26 02:23 - 2012-12-24 11:54 - 00000000 ____D C:\Users\Damjan\AppData\Local\LogMeIn Hamachi
2013-05-26 02:23 - 2012-11-05 06:22 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-26 02:22 - 2013-04-01 09:09 - 00003889 ____A C:\Windows\setupact.log
2013-05-26 02:22 - 2012-12-01 09:43 - 00000000 ____D C:\Program Files (x86)\Origin
2013-05-26 02:22 - 2012-11-04 11:12 - 00000496 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-05-26 02:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 02:15 - 2012-11-04 11:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-26 02:15 - 2009-07-13 20:45 - 00017360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-26 02:15 - 2009-07-13 20:45 - 00017360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-26 02:13 - 2012-11-13 04:28 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\Skype
2013-05-26 02:13 - 2012-11-05 06:22 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-25 17:55 - 2013-04-01 09:09 - 00020836 ____A C:\Windows\PFRO.log
2013-05-25 17:47 - 2012-11-04 08:26 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\uTorrent
2013-05-25 17:00 - 2012-11-02 05:19 - 01816301 ____A C:\Windows\WindowsUpdate.log
2013-05-25 16:54 - 2013-01-18 02:25 - 00000376 ____A C:\Windows\Tasks\WpsUpdateTask_Damjan.job
2013-05-25 15:17 - 2013-05-25 15:10 - 379473796 ____A C:\Users\Damjan\Downloads\ksp-win-0-20-0.zip
2013-05-25 14:19 - 2013-05-25 14:19 - 00000000 ___SD C:\Users\Damjan\Documents\Passwords Database
2013-05-25 14:19 - 2013-03-21 08:23 - 00000000 ____D C:\users\Riccardo
2013-05-25 14:19 - 2012-11-25 04:50 - 00000000 ____D C:\users\sgr
2013-05-25 14:17 - 2012-11-24 12:12 - 00000000 ____D C:\Users\Damjan\Documents\ArmAWork
2013-05-25 08:15 - 2013-05-25 08:12 - 00000000 ____D C:\Empire Earth
2013-05-25 08:00 - 2012-11-04 11:13 - 00000470 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-05-25 06:43 - 2013-05-25 06:43 - 00000349 ____A C:\Users\Damjan\Downloads\dbstartingresources.zip
2013-05-25 06:34 - 2012-11-13 04:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-25 06:34 - 2012-11-13 04:27 - 00000000 ____D C:\ProgramData\Skype
2013-05-25 03:29 - 2013-05-25 03:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-05-25 03:25 - 2013-05-25 03:25 - 00002026 ____A C:\Users\Damjan\Desktop\Customize Fences.lnk
2013-05-25 03:25 - 2013-05-25 03:25 - 00000000 __HDC C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2013-05-25 03:25 - 2013-05-25 03:25 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\Stardock
2013-05-25 03:25 - 2013-05-25 03:25 - 00000000 ____D C:\Users\Damjan\AppData\Local\PackageAware
2013-05-25 03:25 - 2013-05-25 03:25 - 00000000 ____D C:\Program Files (x86)\Stardock
2013-05-25 03:25 - 2013-05-25 03:24 - 09056752 ____A (Stardock Corporation ) C:\Users\Damjan\Downloads\fences_public.exe
2013-05-24 16:13 - 2013-05-24 11:40 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\TeamViewer
2013-05-24 11:49 - 2013-05-24 11:49 - 00001883 ____A C:\Users\Damjan\Downloads\13200_world_pop_mod.zip
2013-05-24 11:48 - 2013-05-24 11:41 - 00000000 ____D C:\Program Files (x86)\Empire Earth
2013-05-24 11:37 - 2013-05-24 11:37 - 04906744 ____A (TeamViewer GmbH) C:\Users\Damjan\Downloads\TeamViewer_Setup_hr-ckq (1).exe
2013-05-24 11:31 - 2013-05-24 11:31 - 00002466 ____A C:\Users\Damjan\Downloads\Version error fix (2.10.6885 to 2.10.0000).reg
2013-05-24 11:24 - 2012-11-02 05:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-24 10:58 - 2013-05-24 10:57 - 04840271 ____A C:\Users\Damjan\Downloads\EEv2 Basic v2.4_0001.zip
2013-05-24 10:54 - 2013-05-24 10:44 - 141738278 ____A C:\Users\Damjan\Downloads\textures7.zip
2013-05-24 10:52 - 2013-05-24 10:43 - 70850145 ____A C:\Users\Damjan\Downloads\textures2.zip
2013-05-24 10:52 - 2013-05-24 10:43 - 102016395 ____A C:\Users\Damjan\Downloads\textures4.zip
2013-05-24 10:51 - 2013-05-24 10:43 - 60694048 ____A C:\Users\Damjan\Downloads\textures6.zip
2013-05-24 10:50 - 2013-05-24 10:43 - 55437546 ____A C:\Users\Damjan\Downloads\textures5.zip
2013-05-24 10:50 - 2013-05-24 10:43 - 49610027 ____A C:\Users\Damjan\Downloads\textures3.zip
2013-05-24 10:49 - 2013-05-24 10:43 - 124584926 ____A C:\Users\Damjan\Downloads\sounds.zip
2013-05-24 10:43 - 2013-05-24 10:42 - 17547176 ____A C:\Users\Damjan\Downloads\textures1.zip
2013-05-24 10:42 - 2013-05-24 10:42 - 00000000 ____D C:\Users\Damjan\AppData\Local\DM
2013-05-24 10:41 - 2013-05-24 10:41 - 00342550 ____A C:\Users\Damjan\Downloads\sounds.zip.exe
2013-05-24 10:31 - 2013-03-19 11:07 - 00000000 ____D C:\Program Files (x86)\War Thunder
2013-05-24 00:12 - 2012-11-04 11:12 - 00000402 ____A C:\Windows\Tasks\PC Health Advisor Defrag.job
2013-05-22 18:01 - 2013-01-19 04:54 - 00000000 ____D C:\Users\Damjan\AppData\Local\Skyrim
2013-05-22 18:01 - 2013-01-19 04:51 - 00000000 ____D C:\Users\Damjan\Documents\Nexus Mod Manager
2013-05-22 18:01 - 2013-01-19 04:36 - 00000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2013-05-22 14:55 - 2013-04-30 10:50 - 00000000 ____D C:\Program Files (x86)\KSP
2013-05-22 10:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-21 18:33 - 2012-11-04 11:12 - 00000384 ____A C:\Windows\Tasks\PC Health Advisor.job
2013-05-21 04:59 - 2012-11-04 11:12 - 00000444 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-05-20 05:24 - 2013-05-20 05:24 - 00131858 ____A C:\Users\Damjan\Downloads\glagoljica.zip
2013-05-19 03:46 - 2013-05-19 03:46 - 19073462 ____A (Royal Champions ) C:\Users\Damjan\Downloads\RC Patch 2.1.exe
2013-05-18 17:43 - 2013-05-18 17:43 - 00000000 ____D C:\Users\Damjan\Documents\Klei
2013-05-18 17:43 - 2013-05-18 17:43 - 00000000 ____D C:\ProgramData\Steam
2013-05-18 17:35 - 2013-05-18 17:33 - 86647726 ____A C:\Users\Damjan\Downloads\Dont_Starve_Beta_20Apr_2013_ZuSE.7z
2013-05-18 16:11 - 2013-05-18 16:11 - 00021851 ____A C:\Users\Damjan\Downloads\uploads_2013_04_HyperEdit_v1.2.1.zip
2013-05-18 13:22 - 2012-12-25 07:03 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-05-18 13:21 - 2013-05-18 13:21 - 03820336 ____A C:\Users\Damjan\Downloads\battlelog-web-plugins_2.1.3_109.exe
2013-05-17 18:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-05-17 05:11 - 2013-05-17 05:11 - 00001190 ____A C:\Users\Damjan\Downloads\Up_6to9_aumentar6a9_by-Husar_Darko.zip
2013-05-17 05:05 - 2013-05-17 05:05 - 00001024 ____A C:\Users\Damjan\Downloads\12Cits_MiningAdvance_MineríaAvanzada-by_Husar_Darko.zip
2013-05-17 04:13 - 2013-05-17 04:13 - 00004079 ____A C:\Users\Damjan\Downloads\5000_world_pop.zip
2013-05-17 02:52 - 2013-05-17 02:52 - 00000000 ____D C:\Users\Damjan\AppData\Local\Kingsoft
2013-05-17 02:52 - 2013-01-18 02:25 - 00001398 ____A C:\Users\Public\Desktop\Kingsoft Writer.lnk
2013-05-17 02:39 - 2012-12-04 11:42 - 00000000 ____D C:\Users\Damjan\.gimp-2.8
2013-05-17 02:28 - 2009-07-13 20:45 - 00342376 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 00:02 - 2012-11-02 10:36 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-17 00:00 - 2009-07-13 21:13 - 00799300 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-16 15:51 - 2013-01-19 04:51 - 00000890 ____A C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2013-05-16 15:51 - 2013-01-19 04:51 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2013-05-16 03:11 - 2013-05-16 03:11 - 00291568 ____A (StarApp) C:\Users\Damjan\Downloads\ZoomPlayer.exe
2013-05-16 01:21 - 2013-05-16 01:21 - 00000000 ____D C:\Windows\Sun
2013-05-15 14:10 - 2013-05-15 14:10 - 01327455 ____A C:\Users\Damjan\Downloads\MechJeb2_2.0.7.zip
2013-05-15 11:26 - 2012-11-02 11:04 - 00085296 ____A C:\Users\Damjan\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-15 09:59 - 2013-05-15 09:53 - 424353552 ____A (Microsoft Corporation) C:\Users\Damjan\Downloads\office2007sp3-kb2526086-fullfile-hr-hr.exe
2013-05-15 09:58 - 2012-11-05 06:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 09:54 - 2009-07-13 23:46 - 00000000 ____D C:\Windows\ShellNew
2013-05-15 09:52 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-15 09:17 - 2013-05-15 09:12 - 304293008 ____A (Microsoft Corporation) C:\Users\Damjan\Desktop\office2007sp2-kb953195-fullfile-en-us.exe
2013-05-15 09:09 - 2013-05-15 09:09 - 00393072 ____A (Softonic ) C:\Users\Damjan\Downloads\SoftonicDownloader_for_microsoft-office-2007-service-pack-2.exe
2013-05-15 05:15 - 2012-11-03 15:35 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 05:15 - 2012-11-03 15:35 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 04:20 - 2012-12-01 09:45 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\Origin
2013-05-15 04:20 - 2012-12-01 09:44 - 00000000 ____D C:\ProgramData\Origin
2013-05-13 12:48 - 2013-05-13 12:47 - 00000000 ____D C:\Users\Damjan\Desktop\New folder (2)
2013-05-13 12:47 - 2013-05-13 12:47 - 00000000 ____D C:\Users\Damjan\Desktop\New folder
2013-05-12 05:52 - 2012-12-01 09:45 - 00000000 ____D C:\Users\Damjan\AppData\Local\Origin
2013-05-12 04:00 - 2013-05-12 03:40 - 350441291 ____A C:\Users\Damjan\Downloads\(PC GAMES) Empire Earth (Full Game).zip
2013-05-11 14:17 - 2013-05-11 14:17 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Damjan\Downloads\Shockwave_Installer_Slim (3).exe
2013-05-11 14:13 - 2013-05-11 14:13 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Damjan\Downloads\Shockwave_Installer_Slim (2).exe
2013-05-11 14:12 - 2013-05-11 14:11 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Damjan\Downloads\Shockwave_Installer_Slim (1).exe
2013-05-11 14:11 - 2013-05-11 14:11 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-05-11 14:11 - 2013-05-11 14:10 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Damjan\Downloads\Shockwave_Installer_Slim.exe
2013-05-11 13:07 - 2013-05-11 13:07 - 00024084 ____A C:\Program Files (x86)\THQ.rar.torrent
2013-05-11 13:01 - 2013-05-11 12:09 - 1093953042 ____A C:\Program Files (x86)\THQ.rar
2013-05-11 11:48 - 2013-04-05 11:33 - 00001175 ____A C:\Users\Damjan\Desktop\Eastern Front Launcher.lnk
2013-05-11 07:19 - 2013-05-11 07:19 - 00000000 ____D C:\Program Files (x86)\SingAlong
2013-05-11 07:19 - 2013-04-27 07:29 - 00000000 ____D C:\Program Files (x86)\LyricsTube
2013-05-10 12:30 - 2013-05-10 12:30 - 00622592 ____A (Snotje [NL]) C:\Users\Damjan\Downloads\BF1942 Origin MultiHack.exe
2013-05-09 11:31 - 2013-05-09 11:31 - 00000000 ____D C:\Users\Damjan\AppData\Local\ArmA 2 Free
2013-05-09 11:31 - 2012-11-24 06:00 - 00000000 ____D C:\Users\Damjan\Documents\ArmA 2
2013-05-09 11:26 - 2012-11-24 12:10 - 00000000 ____D C:\Program Files (x86)\Bohemia Interactive
2013-05-09 11:15 - 2013-05-09 10:45 - 1006315632 ____A C:\Users\Damjan\Downloads\ARMA2Free_setup.zip
2013-05-09 09:57 - 2013-05-05 12:44 - 00000000 ____D C:\Program Files (x86)\Terraria
2013-05-07 09:35 - 2013-05-07 09:34 - 11095659 ____A C:\Users\Damjan\Downloads\nmo_flowingdisaster_b2.zip
2013-05-07 08:16 - 2013-05-07 08:08 - 443822383 ____A C:\Users\Damjan\Downloads\Stronghold Crusader.rar
2013-05-07 08:02 - 2013-05-07 07:58 - 00000019 ____A C:\Windows\D.ini
2013-05-07 07:59 - 2013-03-23 04:18 - 00053760 __ASH C:\Users\Damjan\Thumbs.db
2013-05-07 07:58 - 2013-05-07 07:58 - 00000000 ____D C:\Users\Damjan\Stronghold Crused
2013-05-07 07:58 - 2012-11-02 05:29 - 00000000 ____D C:\users\Damjan
2013-05-07 07:51 - 2013-05-07 07:48 - 00000000 ____D C:\Users\Damjan\Downloads\Stronghold Crusader [COTTA]
2013-05-07 07:14 - 2013-05-07 07:14 - 01272061 ____A C:\Users\Damjan\Downloads\TerraHax-0.9.1.rar
2013-05-07 04:37 - 2013-05-07 04:37 - 00001103 ____A C:\Users\Damjan\Desktop\ParetoLogic PC Health Advisor.lnk
2013-05-07 04:37 - 2012-11-04 11:11 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2013-05-06 14:27 - 2013-05-06 14:27 - 00780288 ____A (Chapley) C:\Users\Damjan\Downloads\TerrariForm.exe
2013-05-06 14:27 - 2013-05-06 14:27 - 00003716 ____A C:\Users\Damjan\Downloads\enbseries.ini
2013-05-06 07:18 - 2012-11-04 20:45 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\vlc
2013-05-06 07:17 - 2013-05-06 07:17 - 00016620 ____A C:\Users\Damjan\Downloads\163857-game.of.thrones.s03e06.hdtv.x2642hd.zip
2013-05-05 17:36 - 2013-05-05 17:34 - 20977178 ____A (Wrye Bash development team) C:\Users\Damjan\Downloads\Wrye Bash 303 - Installer-1840-303.exe
2013-05-05 16:22 - 2013-05-05 16:22 - 00009855 ____A C:\Users\Damjan\Downloads\ItemariaPlus.zip
2013-05-05 12:51 - 2013-05-05 12:51 - 00000000 ____D C:\ProgramData\OUTLAWS
2013-05-05 12:51 - 2012-11-28 07:57 - 00000000 ____D C:\Users\Damjan\Documents\My Games
2013-05-05 12:50 - 2013-05-05 12:50 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-05-05 12:48 - 2013-05-05 12:48 - 07054336 ____A C:\Users\Damjan\Downloads\xnafx40_redist.msi
2013-05-05 12:45 - 2013-05-05 12:45 - 00000790 ____A C:\Users\Damjan\Desktop\Terraria.lnk
2013-05-05 12:43 - 2013-05-05 12:42 - 38231644 ____A C:\Users\Damjan\Downloads\Terraria.zip
2013-05-04 09:07 - 2013-05-04 09:07 - 00001162 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-05-04 09:07 - 2013-05-04 09:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-05-04 09:06 - 2013-05-04 09:05 - 04906744 ____A (TeamViewer GmbH) C:\Users\Damjan\Downloads\TeamViewer_Setup_hr-ckq.exe
2013-05-03 03:42 - 2013-02-15 01:50 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2013-05-03 03:01 - 2013-05-03 02:57 - 222370072 ____A (Kaspersky Lab ZAO) C:\Users\Damjan\Downloads\pure13.0.2.558aEN_4384.exe
2013-05-03 01:39 - 2013-04-01 07:38 - 00000000 ____D C:\ProgramData\MFAData
2013-05-02 05:29 - 2013-05-01 03:43 - 00000000 ____D C:\Program Files (x86)\Desura
2013-05-01 16:06 - 2012-11-02 10:21 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 12:07 - 2013-01-01 13:07 - 00000211 ____A C:\ProgramData\acer.zip
2013-05-01 07:13 - 2013-05-01 05:41 - 00000000 ____D C:\Program Files (x86)\Heroes & Generals
2013-05-01 06:33 - 2013-05-01 06:32 - 21658078 ____A C:\Users\Damjan\Downloads\mp_operation_husky.zip
2013-05-01 05:40 - 2013-05-01 05:40 - 01084728 ____A C:\Users\Damjan\Downloads\HeroesAndGenerals-setup-65879.exe
2013-05-01 04:25 - 2013-05-01 04:24 - 28668179 ____A C:\Users\Damjan\Downloads\Hershels_Farm_v2.7z
2013-05-01 03:48 - 2013-05-01 03:48 - 00000000 ____D C:\Users\Damjan\AppData\Local\Desura
2013-05-01 03:44 - 2013-05-01 03:44 - 00000000 ____D C:\ProgramData\Desura
2013-05-01 03:43 - 2013-05-01 03:43 - 01252424 ____A C:\Users\Damjan\Downloads\DesuraInstaller.exe
2013-04-30 10:51 - 2013-04-30 10:51 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\.mono
2013-04-30 10:49 - 2013-04-30 10:40 - 437297577 ____A C:\Users\Damjan\Downloads\ksp-win-0-19-1.zip
2013-04-30 10:12 - 2012-11-24 04:50 - 00000000 ____D C:\ArmA 2
2013-04-30 10:06 - 2012-11-06 13:16 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive
2013-04-30 10:02 - 2012-12-02 09:47 - 00000000 ____D C:\Games
2013-04-28 07:38 - 2013-04-28 07:37 - 03470976 ____A C:\Users\Damjan\Downloads\beach_assaultnew.rar
2013-04-28 05:26 - 2013-04-28 05:26 - 08173315 ____A C:\Users\Damjan\Downloads\Omaha_Beach.rar
2013-04-27 11:07 - 2013-04-27 07:29 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-04-27 09:58 - 2012-11-24 05:38 - 00779146 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-04-27 08:01 - 2013-04-27 08:01 - 00000000 ____D C:\Program Files (x86)\dumps
2013-04-27 07:57 - 2013-04-27 07:57 - 01669632 ____A C:\Users\Damjan\Downloads\SteamInstall.msi
2013-04-27 07:30 - 2013-04-27 07:30 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\Complitly
2013-04-27 07:30 - 2013-04-27 07:30 - 00000000 ____D C:\Program Files (x86)\Complitly
2013-04-27 07:30 - 2013-04-27 07:30 - 00000000 ____D C:\Program Files (x86)\AppFiles
2013-04-27 07:29 - 2013-04-27 07:29 - 00000000 ____D C:\Users\Damjan\AppData\Local\SwvUpdater
2013-04-27 07:29 - 2013-04-27 07:29 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-04-27 07:29 - 2013-04-27 07:29 - 00000000 ____A C:\END
2013-04-27 07:28 - 2013-04-27 07:28 - 00000000 ____D C:\Program Files (x86)\mixidj
2013-04-27 07:28 - 2013-04-27 07:28 - 00000000 ____A C:\Users\Damjan\Downloads\0
2013-04-27 07:26 - 2013-04-27 07:26 - 00000000 ____D C:\Users\Damjan\AppData\Roaming\Babylon
2013-04-27 07:26 - 2013-04-27 07:26 - 00000000 ____D C:\ProgramData\Babylon
2013-04-27 07:24 - 2013-04-27 07:24 - 00086299 ____A C:\Users\Damjan\Downloads\StarForge-0-3-5.exe

Other Malware:
===========
C:\Users\Damjan\mod_sa_bartekdvd.v4.3.1.X.SA-MP.v0.3x.v7.exe
C:\Users\Damjan\RelicCOH.exe
C:\Users\Damjan\AppData\Roaming\skype.dat
C:\Users\Damjan\AppData\Roaming\skype.ini
C:\ProgramData\ntuser.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-21 05:10:16
Restore point made on: 2013-05-24 05:52:10
Restore point made on: 2013-05-24 11:03:30
Restore point made on: 2013-05-24 11:20:45
Restore point made on: 2013-05-24 11:24:42
Restore point made on: 2013-05-25 14:17:00

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3838.23 MB
Available physical RAM: 3201.39 MB
Total Pagefile: 3836.38 MB
Available Pagefile: 3193.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.13 GB) (Free:55.29 GB) NTFS (Disk=0 Partition=2)
Drive e: () (Fixed) (Total:488.28 GB) (Free:488.16 GB) NTFS (Disk=0 Partition=3)
Drive g: () (Removable) (Total:1.86 GB) (Free:1.32 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BB53CD35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


Last Boot: 2013-05-25 04:37

==================== End Of Log ============================



services.txt



Farbar Recovery Scan Tool (x64) Version: 26-05-2013 01
Ran by SYSTEM at 2013-05-26 16:03:27
Running from G:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-12-08 05:16] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======







P.S. I got the virus becouse I haven't noticed that my trial antivirus has expired. I was at internet explorer at the time, and it is obviously floating in viruses. Gonna use google chrome from now on...

Edited by CrazyShadowDami, 26 May 2013 - 08:28 AM.

  • 0

#4
gringo_pr
Posted 26 May 2013 - 12:08 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello CrazyShadowDami



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt 

HKU\Damjan\...\Winlogon: [Shell] explorer.exe,C:\Users\Damjan\AppData\Roaming\skype.dat [83456 2011-11-16] () <==== ATTENTION
C:\Users\Damjan\AppData\Roaming\skype.ini
C:\Users\Damjan\mod_sa_bartekdvd.v4.3.1.X.SA-MP.v0.3x.v7.exe
C:\Users\Damjan\RelicCOH.exe
C:\Users\Damjan\AppData\Roaming\skype.dat
C:\Users\Damjan\AppData\Roaming\skype.ini
C:\ProgramData\ntuser.dat


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
  • 0

#5
CrazyShadowDami
Posted 26 May 2013 - 12:17 PM

CrazyShadowDami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I fix :D


thx, this is the third virus screw-up you've helped me with ^^
  • 0

#6
gringo_pr
Posted 26 May 2013 - 01:24 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello CrazyShadowDami

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.





-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#7
gringo_pr
Posted 30 May 2013 - 11:12 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#8
gringo_pr
Posted 04 June 2013 - 07:35 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP